last executing test programs: 42.439712729s ago: executing program 3 (id=118): r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x4d0101, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000002fc0)=""/4108, 0x100c) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000400)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0, 0x41}], 0x2, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x4, 0x0, r2, 0x8, '\x00', 0x0, r0, 0x1, 0x0, 0x5}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000200)={'batadv0\x00', 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000007c0)={0x6, &(0x7f0000000480)=[{0x5, 0x7, 0xb7, 0x8000}, {0x8, 0x2, 0x3}, {0x7ff, 0x7e, 0x8, 0x8}, {0xaef, 0x6, 0xf2, 0x2}, {0xa05, 0x0, 0x9, 0x3}, {0x8, 0x10, 0xd, 0x1}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x1f, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xf}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_idx_val={0x18, 0xd, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10000}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x6}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @exit, @call={0x85, 0x0, 0x0, 0x5e}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000180)='syzkaller\x00', 0x1, 0xf8, &(0x7f0000000600)=""/248, 0x41000, 0x0, '\x00', r5, 0x0, r0, 0x8, &(0x7f0000000380)={0x0, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x10, 0x9, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000440)=[r0], 0x0, 0x10, 0x2}, 0x94) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000800)=@getqdisc={0x38, 0x26, 0x203, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xd, 0x3}, {0xc, 0xffe0}, {0x3, 0x1}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}, 0x1, 0xfffc, 0x0, 0x24008040}, 0x4000800) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000003080)=@delchain={0x24, 0x66, 0xf31, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0x0, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) openat2(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x20a80, 0x104, 0x20}, 0x18) setsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f00000000c0)=0x6, 0x4) 42.048548697s ago: executing program 3 (id=125): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100039042cbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2101000000000200000000000000010065727370616e00000c0002800600020030000000f4f5dbf72b8dbd25dde57a74cbae0cc5"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) fsetxattr$security_selinux(r1, &(0x7f0000000200), &(0x7f0000000240)='system_u:object_r:unconfined_execmem_exec_t:s0\x00', 0x2f, 0x2) prctl$PR_SET_NAME(0x53564d41, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x64, 0x2, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x74}]}]}, 0x64}}, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x4146) 41.949633949s ago: executing program 3 (id=127): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) close_range(r0, r0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "c46d5c7648c5a9afdf6e9ae0ae6d1012c4952cca2ee1ff882655130f5fdf98834b2f89dd756498fb5668d0e2ef805759b5cec58998a36c78ad50519a8f0ba11157c6c80ac7c639841f3c744639ac0c3c6b3abcc01a77de6b9f831b654651bafc1df8ec8a215fb2305099a7bd5169c1c0d45e1c49b415ad16ccb514c7a9b3aa6bf39ef0cfa8e07d4986e66f0e1b751250c3e2ed4d67df801d5b0dd5f084aa2aec9628e914ef6ca1d7b932030bb665383d2cefdd14eb551944f36344b50d3e558601239a90e6fbc50ead6f7b31ea41d81f9420d975fc9e9099ca79618f28a03e4be52b275eacc27a026d4b35cc46f930b83afc2bb0a97929d09095b22a309a464e"}, @TCA_RED_PARMS={0x14, 0x1, {0x4, 0xfa23, 0x9, 0xb, 0x7, 0x1c}}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4}, 0x4) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x8, 0xf}}, [@TCA_RATE={0x0, 0x5, {0x1}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003900)=ANY=[@ANYBLOB="240000001600246e0000000000000000030000000000000058a0a69e1b343d4a795a785d"], 0x24}}, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x3000000, 0x10, 0xffffffffffffffff, 0x8000000) r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x304e, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}, 0x0, {0x0, r11}}) syz_io_uring_submit(r7, 0x0, &(0x7f0000000180)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x10, 0x4004, @fd_index=0x8, 0x7, 0x0, 0x0, 0x4, 0x0, {0x1, r11}}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010026bd7000000000003b0300000000000000040000ffffffffffff08021100000037e6fc966e047000004c5d00010001000800cd0001000000c324b771512a2796597f68cf4ab7bea6d46c699ccbc411cef9cefac942c3e1a281ebcb88a484ee39e6f91fe13ab6787f8424ec3910e25965d6e81de182aaea2f156869ec975715cd33e3b972ad4a670eb1b6d1d3ec0fe0cb2e150ff96c556d8c891c06f9cf1decb8deab25cbd690220115a37f07d3cb2fe37a925cd9c2c1e9382180455a9b1cc4db90bc6cb9cdeda9b94e9fcee96f32deb6d02ea0c56f111173fc91d7450f9ba67f09c524af332ae10acd01ce4abfa8aa072c7d425c7d15f3af98da7deeca"], 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$NL80211_CMD_ADD_TX_TS(r5, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)={0x28, r14, 0x1, 0x70bd23, 0x25dedbfd, {{}, {@void, @val={0xc, 0x99, {0x2, 0x1a}}}}, [@NL80211_ATTR_TSID={0x5}]}, 0x28}}, 0x8f4) 41.779675153s ago: executing program 3 (id=132): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$9p_virtio(&(0x7f00000003c0), &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x2000040, 0x0) chdir(&(0x7f0000000100)='./file0\x00') madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x4, r0, &(0x7f0000001040), 0x282d) r1 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x44) fcntl$setlease(r1, 0x400, 0x0) 41.58930373s ago: executing program 3 (id=135): r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xfff, 0xffffffff, 0x12}, 0x48) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000300)={0x2, @pix_mp={0x800, 0x0, 0x20363159, 0x4, 0xa, [{0x2, 0x4}, {0x651, 0x1}, {0x100, 0x2d}, {0xfffffffe}, {0x6, 0x82}, {0x2, 0xf19}, {0x8, 0x4}, {0x5, 0x6}], 0x7, 0x3, 0x4}}) 41.18930987s ago: executing program 3 (id=141): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000140)=[@acquire_done={0x40106309, 0x1}, @clear_death={0x400c630f, 0x3}, @request_death={0x400c630e, 0x1}, @request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) r1 = socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = dup3(r1, r2, 0x0) setsockopt$inet_tcp_buf(r3, 0x6, 0x21, 0x0, 0x0) 41.056380116s ago: executing program 32 (id=141): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000140)=[@acquire_done={0x40106309, 0x1}, @clear_death={0x400c630f, 0x3}, @request_death={0x400c630e, 0x1}, @request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) r1 = socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = dup3(r1, r2, 0x0) setsockopt$inet_tcp_buf(r3, 0x6, 0x21, 0x0, 0x0) 17.810595719s ago: executing program 1 (id=442): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x2000, 0x25dfdbfc, {0xa, 0x20, 0x14, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3001a}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e23, 0x4e27}}, @FRA_SRC={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x3}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x4c}}, 0x40000) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x339e68f63b70890, 0x4}}}]}, 0x3c}}, 0x4000010) (async) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@mpls_delroute={0x0, 0x19, 0x100, 0x70bd2b, 0x25dfdbfd, {0x1c, 0xa0, 0x14, 0x2, 0xfc, 0x0, 0xfd, 0x3, 0x2000}, [@RTA_VIA={0x0, 0x12, {0x23, "475acbc35cca6278d82a7f4a4507"}}, @RTA_NEWDST={0x0, 0x13, [{0x401, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0xffffd}, {0xffff9}, {0x50000}, {0xff, 0x0, 0x1}, {0x6}, {0x40000}, {0x2}, {0x3}, {0x8}, {0x61}, {0x4, 0x0, 0x1}, {0x401}, {0x411a}, {0x9870}, {0x7f}, {0x1}, {0xe}, {0x2}, {0x8, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x1}, {0x4, 0x0, 0x1}, {0xbee9, 0x0, 0x1}, {0x9, 0x0, 0x1}, {0xff, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x15f8, 0x0, 0x1}, {0x5}, {0x8}]}, @RTA_NEWDST={0x0, 0x13, [{0xff}, {0xffffe}, {0x3ff, 0x0, 0x1}, {0x40, 0x0, 0x1}, {}, {0x7ff, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x1ff}, {0x1, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x7ff, 0x0, 0x1}, {0xffffd}, {0xffff6}, {0x7, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x1000, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x1ff, 0x0, 0x1}, {0x4}, {0x8, 0x0, 0x1}, {0x2661}, {0x1}, {0x7f, 0x0, 0x1}, {0x3}, {0x55}, {0x6}, {0x91}, {0xffffe, 0x0, 0x1}, {0xff596, 0x0, 0x1}, {0x81}, {0x3}]}, @RTA_MULTIPATH={0x0, 0x9, {0x1a, 0x1, 0x7}}, @RTA_MULTIPATH={0x0, 0x9, {0x5, 0x0, 0x9, r2}}, @RTA_VIA={0x0, 0x12, {0x8, "130acc65b659f53d3a426284e635"}}, @RTA_NEWDST={0x0, 0x13, [{0x0, 0x0, 0x1}, {0x8}, {0x9, 0x0, 0x1}, {0x3}, {0xffe01, 0x0, 0x1}, {0x75, 0x0, 0x1}, {0x5}, {0x8001}, {0x8, 0x0, 0x1}, {0x2}, {0x3ff}, {0x6}, {0xa51, 0x0, 0x1}, {0xfffff}, {0x4, 0x0, 0x1}, {0x3}, {0x3}, {0x0, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x5}, {0x1}, {0xffeff}, {0x401}, {0x3da}, {0x1000, 0x0, 0x1}, {0x7}, {0xdc, 0x0, 0x1}, {0x1ff, 0x0, 0x1}, {0x5}, {0x100, 0x0, 0x1}, {}, {0xffff8, 0x0, 0x1}]}]}, 0xfffffffffffffd99}}, 0x0) 17.809897077s ago: executing program 1 (id=443): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x800001, 0x0) r1 = socket(0x15, 0x80005, 0x0) getsockopt(r1, 0x200000000114, 0x2718, 0x0, &(0x7f00000000c0)) r2 = creat(&(0x7f0000000580)='./file0\x00', 0x0) r3 = memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xff\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xff\x7f\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r4, &(0x7f00000004c0)='./file0\x00', 0x2) rename(&(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='./file0\x00') r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x602, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x3c, r7, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x3c}}, 0x0) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r9 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000200)={'fscrypt:', @desc4}, &(0x7f0000000240)={0x0, "6f0357412fda1b5ba5cb01c534ceb55b9baab72297ea47f8165836de88cb56357f22542552fe3867600e445ca98d371ef08feaf17c920e356efc5b1d81446628", 0x15}, 0x48, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r8, 0x13) r10 = add_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="c1", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r10, r2, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r10, r8, 0xffffffffffffffff) r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f00000001c0)=@other={0x20000002fffffffc, 0x0}) r13 = socket$nl_route(0x10, 0x3, 0x0) r14 = socket(0x200000000000011, 0x2, 0xd) ioctl$KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM(r12, 0x4068aea3, &(0x7f0000000340)={0xce, 0x0, r2}) ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r13, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRES32=r15, @ANYBLOB="331900000300000014001680100001800c0009000180000000000000050021"], 0x3c}}, 0x4000000) 17.570536022s ago: executing program 1 (id=444): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x498, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1}) io_uring_enter(r1, 0x3516, 0x0, 0x44, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async) bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) (async) syz_io_uring_setup(0x498, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340), &(0x7f0000000140)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1}) (async) io_uring_enter(r1, 0x3516, 0x0, 0x44, 0x0, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, 0x0) (async) 17.387271729s ago: executing program 1 (id=445): socket(0x1e, 0x3, 0x3a) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@random="00008000", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x18, 0x3a, 0x0, @loopback, @loopback, {[], @mld={0x82, 0x0, 0x0, 0x9, 0xc036, @remote}}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x90) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$SNDCTL_DSP_GETTRIGGER(r1, 0x80045010, &(0x7f0000000000)) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e616e792c63616368653d667363616368652c"]) chroot(&(0x7f0000000300)='./file0\x00') fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) creat(&(0x7f0000000100)='./file0\x00', 0x104) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/timer_list\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0xfffffffc, 0x0) inotify_add_watch(r3, &(0x7f0000000200)='./file0\x00', 0x200) r4 = socket(0x10, 0x3, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r5, 0x0) accept4$rose(r5, 0x0, 0x0, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x12, 0xa01, 0x0, 0x0, {0x7}}, 0x14}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc}) r6 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r6, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'ip6gre0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r6, 0x4008b100, &(0x7f00000000c0)={0x18, 0x0, {0x1, @broadcast, 'ip6gre0\x00'}}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48) 17.220575464s ago: executing program 1 (id=446): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0, 0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000000000000000020004008500000097000000b7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230070", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) 16.816113097s ago: executing program 1 (id=453): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00'}) madvise(&(0x7f00004ba000/0x2000)=nil, 0x2000, 0xc) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = syz_open_procfs(0x0, &(0x7f0000000180)='timerslack_ns\x00') lseek(r7, 0x8, 0x1) setsockopt$TIPC_SRC_DROPPABLE(r6, 0x10f, 0x80, &(0x7f0000000080)=0x99c7, 0x4) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x648900, 0x0) ioctl$SNDCTL_DSP_SPEED(r8, 0xc0045002, &(0x7f00000000c0)=0x7) r9 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x181001, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x30, 0x24, 0x800, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r10, {}, {0xffff}, {0x2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_STAB={0x4}]}, 0x30}}, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r12, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000380)=ANY=[@ANYBLOB="fb4700f5ff00cb66e1bc05d2ef21b0385f9f827eade44feee3368c44a9ea5e45e46353a2f104a4bb39e93c1cbbb5671862294cd7ad2223ac043351efbb9365adf3b996fa1df34b681353ffa2f3d9e67637d1c4bb40a47bf69f2b564b684fb0fb9b0341c48cba40c18e60e9a6094bed6aa56dcd4e7bdb411a9a3a2b85de9e627f6cdcb2fd5032f845343928e859b488e39554768295dce66ff708813727522c7a12e22400d8d9a5b18683861de8d88c6e7fc1dd4d3503804f3d26b5a435b29e6e46fa57aad4cd54", @ANYRES16=r13, @ANYBLOB="010026bd7000fbdbdf250b0000000c0005800700010069620000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$COMEDI_INSN(r9, 0x8028640c, &(0x7f0000000080)={0xc000003, 0xf, &(0x7f0000000580)=[0x1388, 0x8004, 0x1, 0xffff, 0x9, 0x1ed, 0x2, 0x2, 0xbb, 0xc58f, 0x2060, 0xfec, 0xfffffffa, 0x1ac, 0xfffffff8], 0x0, 0x4}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e06ed0d08020400"], 0x9) r14 = syz_open_dev$usbfs(&(0x7f0000000040), 0x201, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x20010, r14, 0x202000) sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x2c, 0x2c, 0x0, 0x30bd2a, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0xc, 0xc}, {0x5, 0xe}, {0x5, 0xa}}, [@TCA_CHAIN={0x8, 0xb, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x20000000) 16.700952538s ago: executing program 33 (id=453): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00'}) madvise(&(0x7f00004ba000/0x2000)=nil, 0x2000, 0xc) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = syz_open_procfs(0x0, &(0x7f0000000180)='timerslack_ns\x00') lseek(r7, 0x8, 0x1) setsockopt$TIPC_SRC_DROPPABLE(r6, 0x10f, 0x80, &(0x7f0000000080)=0x99c7, 0x4) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x648900, 0x0) ioctl$SNDCTL_DSP_SPEED(r8, 0xc0045002, &(0x7f00000000c0)=0x7) r9 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x181001, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x30, 0x24, 0x800, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r10, {}, {0xffff}, {0x2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_STAB={0x4}]}, 0x30}}, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r12, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000380)=ANY=[@ANYBLOB="fb4700f5ff00cb66e1bc05d2ef21b0385f9f827eade44feee3368c44a9ea5e45e46353a2f104a4bb39e93c1cbbb5671862294cd7ad2223ac043351efbb9365adf3b996fa1df34b681353ffa2f3d9e67637d1c4bb40a47bf69f2b564b684fb0fb9b0341c48cba40c18e60e9a6094bed6aa56dcd4e7bdb411a9a3a2b85de9e627f6cdcb2fd5032f845343928e859b488e39554768295dce66ff708813727522c7a12e22400d8d9a5b18683861de8d88c6e7fc1dd4d3503804f3d26b5a435b29e6e46fa57aad4cd54", @ANYRES16=r13, @ANYBLOB="010026bd7000fbdbdf250b0000000c0005800700010069620000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$COMEDI_INSN(r9, 0x8028640c, &(0x7f0000000080)={0xc000003, 0xf, &(0x7f0000000580)=[0x1388, 0x8004, 0x1, 0xffff, 0x9, 0x1ed, 0x2, 0x2, 0xbb, 0xc58f, 0x2060, 0xfec, 0xfffffffa, 0x1ac, 0xfffffff8], 0x0, 0x4}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e06ed0d08020400"], 0x9) r14 = syz_open_dev$usbfs(&(0x7f0000000040), 0x201, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x20010, r14, 0x202000) sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x2c, 0x2c, 0x0, 0x30bd2a, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0xc, 0xc}, {0x5, 0xe}, {0x5, 0xa}}, [@TCA_CHAIN={0x8, 0xb, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x20000000) 3.499104622s ago: executing program 5 (id=638): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000001940)="008e131deb050100000000000000c7f344cc06da42516be8b2ed78b4455b5f03f29e4fb493379b098af0e8f2a9ae953589deea907ce140c65509df98f48c6bef6c2c52b7a223a546cd49f7f82021a17c1871f172eeea191702c0953184b0d65ba1875555a47946e730c0af87b2a0e6e6473f6e3133e8fd7c59b9e10ce1015edec58d277c0f04e63e1a3e4d67062ce6d434a1bd2f9d7764838c7c13865b731f78d25afdd610f5f9b906ecb3e1e9956128e87d643c00f8a4e0d00d116ddaa1ec17ca24143b99fa758d29a78afc32027ab8fd1901566cf9e29f8512684232633d1f31d2093f0e6d6e000000000000", 0xed, 0x8045, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) write$FUSE_WRITE(r1, &(0x7f00000000c0)={0x18}, 0x18) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000300)={0x0, &(0x7f0000001640)=[@enable_nested={0x12c, 0x18}, @nested_vmresume={0x130, 0x18, 0x1}, @enable_nested={0x12c, 0x18}, @nested_load_code={0x12e, 0x5a, {0x1, "66ba2000ed0f471e0f20d835080000000f22d83e0f01c566bad00466b899fe66efc4e17a2c5a75c4226d939478b6010000f040f7958f19e9410f01c2f2470f017880"}}, @wrmsr={0x65, 0x20, {0x2f3, 0x11e1c1f6}}], 0xc2}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0432"], 0xf) r7 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r7, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839", 0x5}], 0x1}, 0x0) recvmsg(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x53}], 0x1}, 0x40fd) ioctl$KVM_SET_GUEST_DEBUG_x86(r6, 0x4048ae9b, &(0x7f0000001740)={0x100002, 0x0, {[0x3e638049, 0x3, 0x3, 0x14c, 0x4, 0x4f, 0x6, 0x80000001]}}) ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f00000000c0)=0xffff) r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x10}, 0xc) r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000017c0)=ANY=[@ANYBLOB="9feb6fcb84e5bf1eddd4ed010018000000000000000f010000050000000800000007000006040000000b000000030000000e00000003000000050000008100000001000000090000000e000000090000000c0000000100000003000000050000000d0000000a000006040000000b0000000900000002000000c10100000a000000f0ffffff0700000007000000040000000400000004000000050000000e000000040000000100000001000000050000000600000005000000050000000e0000000000001004000000010000000700000f030000000300000067f3ffff0200000004000000fffbff41cdf33bff05000000030000000a000000070000000400000008000000070000000500000004000000030000000100000006000000050000000300000000010000120d000082117900005f422e005c81636cc5e37b70b94479dc0ab88e313017b4"], &(0x7f0000000640)=""/4096, 0x12d, 0x1000, 0x1, 0x81, 0x10000, @value=r1}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x15, &(0x7f0000000080)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}], &(0x7f0000000000)='GPL\x00', 0x2, 0x78, &(0x7f00000001c0)=""/120, 0x40f00, 0xbcd6baa01ee6cab8, '\x00', 0x0, 0x25, r11, 0x8, &(0x7f0000000140)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x6, 0x3, 0x5cb}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[r10], &(0x7f0000000440)=[{0x2, 0x1, 0x10, 0xc}], 0x10, 0x231}, 0x94) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r13, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r13, 0x4008ae6a, &(0x7f0000000140)={0x1, 0x0, [{0x43, 0x1, 0x1, 0x0, @msi={0x7b8, 0x9b9, 0x9, 0x7f}}]}) ioctl$KVM_SET_TSC_KHZ_vm(r13, 0xaea2, 0x8) 3.269712997s ago: executing program 5 (id=643): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, [0x5, 0xffffffff], 0x9}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000)=0x9, 0x4) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) recvmmsg(r0, &(0x7f000000b7c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x10000, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x1a3c82) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000080)=0xffffc2e2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) (async) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, [0x5, 0xffffffff], 0x9}, 0x10) (async) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000)=0x9, 0x4) (async) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) ioctl$TCFLSH(r1, 0x400455c8, 0x0) (async) recvmmsg(r0, &(0x7f000000b7c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x10000, 0x0) (async) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x1a3c82) (async) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000080)=0xffffc2e2) (async) 1.69869355s ago: executing program 2 (id=676): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_settings={0x8, 0x4, @sync=&(0x7f00000000c0)={0xfffffe00, 0xe38, 0x4}}}) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) (async) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000240)={@hyper}) (async) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000000)={{@my=0x1}, @my=0x1, 0x0, 0x0, 0x421}) (async) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000080)={{@hyper, 0x2}, @any, 0x0, 0x0, 0x2, 0x6, 0x9a6, 0x10001, 0x8}) (async) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r3, 0x7a9, &(0x7f00000003c0)={{@my=0x1}, 0xfff, 0xffffffffffffffff, 0x0, 0x0, 0x80000, 0x2, 0x1000000000ff6, 0x58df}) (async) ioctl$int_in(r2, 0x40000000af01, 0x0) (async) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/51, 0x0}) (async) r4 = socket$packet(0x11, 0x3, 0x300) (async) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340)) r5 = dup(r4) (async) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) ioctl$TUNSETLINK(r5, 0x400454cd, 0x201) (async) ioctl$TUNSETCARRIER(r6, 0x400454e2, &(0x7f0000000000)=0x1) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r5}) (async) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000240)={0x2}) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f00000001c0)) (async) ioctl$RTC_PLL_SET(r5, 0x40207012, &(0x7f0000000100)={0x9ba6, 0x5, 0x8, 0x81, 0x8001, 0x10000, 0x800000000}) (async) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv6_newaddrlabel={0x38, 0x48, 0x1, 0x70bd2d, 0x25dfdbff, {0xa, 0x0, 0x0, 0x0, 0x0, 0x9}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x2a}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) (async) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) (async) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r4, 0x8008f512, &(0x7f0000000140)) openat$comedi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/comedi2\x00', 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r5, 0x404c534a, &(0x7f0000000280)={0x6, 0xfffffffc, 0x6}) (async) pwrite64(r0, &(0x7f0000000040)="2eb6f746caf692c87f4fec5d37047e2a35ff5c506ba25742ac8ec85d5b23047aa3ebef3e840f98a0a8c375f737dfc2afce8f82370744bdcf76520c44eb08f8ebe3734fd747b0cb0a6e6863ae", 0x4c, 0x7) 1.520466117s ago: executing program 2 (id=677): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x2, 0x0, [{0x2e0, 0x0, 0x80000000}, {0xc0011038, 0x0, 0x3}]}) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.39063289s ago: executing program 2 (id=678): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0x8}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x8000) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) (async) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r3, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0xfff, 0x18, 0x5a, 0x5}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x0) (async) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r2, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 1.329074886s ago: executing program 2 (id=679): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000700)=@in={0x2, 0x4e21, @private=0xa010102}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000500)="57786b31425209497c6b4a6529c454cce94bb022091cdb85b6f4e81db64802944626c20e7bd04d1438547ed95c179875428df5091b4fd1f2b651f061ed3ae2722a3e6289738acde06a075297e4e5f5f1904528f76590bf5d25aaaefd97e38296b02ad8a87c5e9c3dd035eff0594d2da08888caf51f24d848fcb3196264012645745174baf93239ec3fedfc7883a8c6ef443a3b84d236f7693a4f7f80de27e4e5cd719b2ba294b32fefe574dac1e7556eda8055aa9ee9f77bce7db579502bd4e8fbeba136882313c28700917d4dcb027d018fb833e5169b0b8af6fbdc1ff35724395971ccfd42", 0xe6}, {&(0x7f0000000c00)="19d2659de4b15d10148b05e3750a374bd9b8e5e2895a91860b0e68779b2f66aa06a5fed7e8436887278399a8c7cd9b45595657fb6b26350a46eb2a04c4d069f0ebd81e9e8ef475d0e481d2243bdff5b0c094eb51833817e29c10c5b566e58d9786a12de2d4ea5525d6bcd46e7d51cdb34a26b82d99e526157ba95ddf7bd26d78f5fbad7586a95e31cf6226be11f764be9fbe67b8f2318bff16c4eeb825e64d943503bf62030ea4d94b05d3ef9a20590aaf5547ec9fb762fa0bed1293641535676321896b8f5b2b13fc84a0d53a37861229e4b3db52092e81fa1e2a9d8cb42b9cd57791fb6ff3216639942d358468e47df058b12c6d64340ff2d595279eb10fda6b45dda7c3163096f191e4a805ae79a0f0a91826dde75ca308d4f918b433f4650e7222e36162eb515770acd6c6640638e8f1bf49411449ccaef1d060042aa51476f7940b5c9859d39b520c0ee7433d4da1b8040de3f9d862fe45b2310b2fd581017e860968e0e36b44428f7e3613b959908d07dfe0bb42cd9008ff2777c7cd39fdaf4f7d8266ce72c69db279bb0088616112b1f6781bf084f4ddddf70c252fb93d781b7e50687318f41fe03d89179c9f8596f0f9457539e23cd4795dbc7b8a615c473a2de29047a7230353a252c23bdf1561b96ced250c56eba400fe717807bc02193e0008f291b74bef3d4f75d4b1deb637dc9322b56873dbf48e5f6e71a7d17968dc59f35ca96f4b76a8cc1f08ec5e59ec24058ca9e3a2311c33785c349e5e15cb6a007b4cc1ddf9b372e30f2f02711a87c34eb8495dd6f28ef9d0ea88eb06c9653f8a4bbe15d984e1d7e6fc0fb59c105217876380d2b24567504fefedfd57200756e9be4109eced0328283c437aae39e7611064f966ee79acba2bae9cbec0fe8e64ef23484269512ab0c7f4130d268f54abbaa3b871155ef0a2764925f1743a7fb03febedecd506c60219d601d5ef4d29ca9eb7684a1029b9d4472217ae2341b278c5e49a9b109f1143f7ae8a2ed5871475d41209a6c25080e2ce75bf3b30dac3d63f164b57dbb8126311f6d637a77a6ad2313194f1a87b39a86235c369e6e27599e0a1c68fb379aee4297fc87b5727c1557b115557b55d5d090de1546f4f80e357b461b7bce026d1f26eafe347c743c8a7bd09aacdbbfb2451ff973bcbd8e8ac833341dab0976b1fc37d39ce05dc5f7a91acef80ce07af1a0975970bea20e2eefada9d9417c344291055fd698eee00382d34d01be512c1e71cdc5c30a888215ccac2724f4abe5e2683808fb5d4a6b1bdd8a5036d14f05b218bb5f19a27831e24600752fd8b0c676aff8ab98773922c3e8c9438c34fea1ab9f70e48ac82d76dd432327f9ad38e53b9380a5adc703fb04892598026672b189e38bbbe7cc42c84d691f73be07c6c6003f99ecefe219c428cb94e5b06d04bb996096f372590742095e82399a5ade6c75c77327ad263ef7cd36fde55dba9cb88f20ba1a50a29d79f61ee380c58fc7ab8b0ff5ccf1c3485b0395044d96d0da78426d064e6b79f4ae182c9b0af9b6119ab3973c7d44819820fc53fa6e9a94d8b8cf97f31eee1a07f453bd4840899f0197e57e6297d846a440c06f38783813648e077a26c8a9cc8a3ba6b38a98192f8dfc634ca2c0c5ea1c310e4aa820cd0253d4c57f66d097bbb9d0bf0482464184699d2320787c5a63638d635acc48824b0d074b8b9ef77b7de939a83284bd642b03ded43e13451c25bbcbecee4962ce6894d3a0de4e7a7189c6fcd1437b6a1c290b855c8652dcecba354812f9035afacf6da5d037a43c4bf725c1bf3cba53c47dbd711bcafe0700d14dd9eea34a08be3b6d7a09ba39a4928f5a4a1f5985378f0ec48dccbe9b92cd4dfb0ec14350042b21a4dfa9a7e751c0a4d0e48877966903149c6b9e738c73a1e5f1ab4b4b3fb45a143dd53539ca98a3e2efbf7a9a5e16c785dc73a7023fffa6a38c8419ab7e5da5f4e4d768865c87eedd4ea2764ba543e3f615d1ad2e65250d1640c6c612942544f4ef40318336267d837896f9417ec5dbc68915c0fd5303c0f581a189d9c38a53220f5b4dca89f93afc61827d11049589fe8f4fa850db75805a6dfcbc8b7f966bb54712509203d64fa4b7c18899057e677a4e774be8d749c7bbe4d2ca6ba3a23b6b2ecd9e17d56c7f64fc178e137e3323bb95d455d8d34ca37529f9ba88704688c31f69009caf78cf3e482b1d01db33b5e720990d8a6fe76ba67a5ec344e1879e01c04e71586a836f00064877e0c70e1be1f7b50f3394c733ea7909b02d6d46d617c035cc2566fecca937fb09dd74da1f2870b3aca86167bed2dabcf6688fbbc1544e5b94511c8092342d8292fd3c33dd6d906fd76e534e5b272852477a894c24ce6e683eb36cc0aef1c468e3611d8deb668f92d77df08aa815a464eae3a0096aa48f48bdc41c411dc8e9d56ed22a5d1954b9e4d9b052624fdf3d31f1b5893ca8fe8c86b9df2985420a9604b0372388b5e9b1ba5ef352c9c05bd5c60c30c9c280bb4f13f6b2b97f05819ca3d75cb1f536950851fe16842fdfe2f25f724a5bf08e20c2e16ff4c05eca9caed22c3f35e4618c91f3a723d1bbae7afa35096674a99c4acad1675c04e16122935ba23eaf0db0a9972cd4c425573d944819418b3bb1dd8987d7eca37fd0ce69ac38366a7131c49398ebf0ba2c77c01a83169e43d623157ca27a7de64cf3f7091cfa167ba01eba95e20b1a3ff3d9ce9d42fed5f3015765824d4a17beb013f32c1bb0c9ede39c60c12a0cebcb271eb6909d0fa4231567a2293bb4dca206a46d97d52f0f48fa779f3728265aedb3b2e4aa4d0370ed3fc051fe3c227b3638314f8e81a37da6f97d32cec039a51ef4269b82c15c17446c687d9539e33d9519d04d38f2df078b06959909d1101149b67a648723267daad7051735f0461c780fcf2c31756f7076efe5ef0d606b424b7a40b928995b5dabc59199b8aee295aafa1160664c82de1ee4dc13eac206ba4ea5dcad56056dc755e0ea78ef672534ba30a4bc39bbc63cbfce6f6d736ddda0bff01345f85356b0b6a109f4d40ca978a032fba61835a01879878c1a3605a004edcdb8aa6167e03f08034e108ae4536374b352e9c4e5badf9d012d396d374c8dac85f3fe7c25cbee3724b9b420f6f62252b9f3c7ee8b96dd18fd349022dcd85d3e09b5774854cb878ef4cbcbdd92bc87777e55f7122ceff0bd211d3df25e0380ce74936877d0d92e06f32e3b91270eed11ef93285feba4cd34d247cf0d3811612e1fc1e5f1adedc2b794614a28528ee43d8ac4435e5c91f8a807e069d12ad9f67eea4fae59736714f9b398d47b942a3a6bc0bc5b4f2d499271348b8b4b62fde5f874ca7d462c58c3a7e1759762feb8b963bdab5e39f9ecba794b278f7131554bb8ea0087ae893e1098b04c803054cdd2711ebabfe4ca7f85f69b128686d7a3cd5a6be176a05d4f169d1323c6e5077d0c19cf2edb3dcd1a2eee15b3e7a7a7b92788dbf0f721ee27461b4eeea6c13523fffd8d545daaa46c366f68f94d5d0cf7b05eca7a0e4af529eaa34c12a1329d4abeaa31f0ce94326b3737adbf61bde8acec7b513ce33a00f2e30204969f7b3c65c240e277cf7428aab701a353ef659e02ca1420a633b56f8fd7d29c74610ab204b367c28d59bb10bd26cd2f33a8624ead7c97e07f6e9051dd7f386859ee95f3a6003eb029de2ffcf11e1e66e657a4a539493e926c3f1cab449dfed9b220c53e90830fc8b1f3601533d3ca3d7a8f788310027fee222271607797818e626d8fc75ddd4b780641fd1e09b4f07eaf59f09b97094cb1c7d35940281b5b9834cb25796d4ec77bcc47b3332b6e0b79370e98ebc1cba1e66c74e09b84600fc88ea35edcdc73583d882aa2f81ae7047abc5204aee5e3f010d34ca0f16512e7696ddd49f68597e35a709243fb1d93623f5648b6d2a2287c52dc62268471733a75be3a46014c219fde3b01d8f4d08ff43f4df3d6c7ba124834e0e3f54016e1dbbb6784d65bc0557407f884bf5c3ca8d5072c973de31f42cd2d49c5ae76a83c1b98fb014b2ed614eaede7818b80528a9045965c4ca9746484d21891aef91af8013ca2878ea3925b38d1babc1ac178796046a8bf58d69fcea2c1bea3a15de7fb783b87a2d1f7674d8d3431708f13591f9f71e8338859cdccc79b165fc56432f36889531aee2ad602c9f90d170092e2994fe723702e236f55c381e902740bf6c35f7110aa0d41a535794d34966ecd460dbb37480fd4b418955d68c536b3e108a397410aeca6d27156f2aac0c81720875bbdf9ffe4a4fdc3dff3d4c110ef9301bab686064b5033eebbe7ab3e1a3f40a35f88fe6d65d20f28d4fd80c55ceff03aebded2e60f38fac7a79f9c928b985176764ad508b491de0c2f2ffe163389d936efe4e7b86f3488a1c974bdebee0819bddfe9cafaa8e9e81b416617d121828e63649f26e51188a26bc5470c919cca59a01cab652c0825816da67bdf05702baa994b15e4a7a3716d8a0791202b69b45e74b51aabe3e9f18f73ff2e0c92c1c25c828177f9508e273e6a0c7ce169465cb672415a4ed0f7b027641495262829c24530d172f207e8beceb66f2e75855927a7efc100c9f0892d1d442513ab7fb606d654d78c1d94c7d73281641d63aac254bd95f92236aafb884ddbbe18ca7e1a083f4bd2f3e2b5156e124c9b4bb01c74541b010d23fd949f3721ff80a254101eb5b3b0b3281791bc42be82810285bb78450ad73f669b24eaae1edeb7c872e9437cfd746ddfa8a252bb1765ff7990806a3e977ca91f4b306f41e6b12e1c51201262798cf845a7f540aa3619bb1fa129aa16630e6793dd2abbd942c4a3fa37f086ecd13b8bd802ea0263e5e6e1be6453b4cc58436e52428be58690a04724daf5d9e05c9a904e05bd2f18c7945eed158e2e4224e722d71e459d27ab92fede8583184f77ae838e0cd65fab52729ce65fe242eb3abea1281bb160bf5e9d5930dd2926a71f9357fc887cc280945ad159451bfec96ff5e45974412d2194ff590f33b3602687a0fe72755189166e4095b725e17ebceac89bca1762e348cd68002d34c280804aee508e349791d0dc5778cdd6fa8eec0bb16bea602776606b43dfe9d7cc6f595dae7e806187dbbd2f65d152893af07404592257cf9d47408ef759c43ab17ffd3042332f2586909320a298c95a7b5f5305d915e6a30dd74fd30b074be50e19aa515eed3a79ec53b6a0fa64409cb388d853478660d0c77bd0701516dfd4a7dd9e033838561aa1c06e285a250500c8fde39e3c745b48be970724090a76ce3710acb5897659bc2fde4f8360ea0b60224d61ff9449e8ba04fbe10908ee6bebc00ded7485d495cfcf22ce49562e896c46ed752bc4be03d0726e41f49388ddfc16ee4b5bf16deda9f2785b9b916c4a787a1016a8d90b4d537d11a08a72e5cbef4fb3c3fdcc4b9dc1f011b1ff3c9685a28dfa38600bef2a7ecdc4af24f16b143d9cf16530d34d898f37fea8f1cf5143949a111cff46d0b52b6d002998ed8e9bd0a3433fbfe74d051ce50b598d1a3319e0bf158afe4d7620c3b4bdb292a144ece969211313c8f12d886f5085c2541d9cf75d43148190b5786f649a629568b2d739d020864cc1272f03337293367f8eb7603ed6751abc57738679e3b71f46767625232b777086821c508958dd10df28bba0685d73bb1d1d537478092114376b11fbe70f2e9d7b6c5cc2bc78e1d7fab752cfa09c6620e2e81711a555b36e908b098f36274a0fbc02c3b0ff8b25e653709e5c1a5903328", 0x1000}, {&(0x7f0000000600)="3472a23fe8a6ff1cd80c987c52c670813b3186413275935ae222aee829ee4674f22bf604f586d63aec92509dbc8086797414e6909f65ab0203c56515b252cb1daac5983a84ade950704b0a8cdedc95616b4837e7a3e94a48d5f603df84ba15468003dd8c19d3767ec713f50694ecbbac855959a0a0b7f2bd778452cd47fa361450ecfbbd9a23de55956b6a0c2f01127004b21b9d866bb4c122a4434df7f28f6cc5a74018a9033c978d02c16c74deb8d0a271d0459b81fc0e184763140867d252a37d", 0xc2}], 0x3, 0x0, 0x0, 0x40005}, 0x881) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]}) ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000240)={0x1fe, 0x1, 0x4000, 0x2000, &(0x7f0000fe5000/0x2000)=nil, 0xfffffffffffffffe}) ioctl$KVM_RUN(r4, 0xae80, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0xa, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r7) getsockname$packet(r7, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r5, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$packet(r5, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, r8, 0x1, 0x0, 0x6, @broadcast}, 0x14) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r1, r8, 0x25, 0x8, @val=@netfilter={0x2, 0x0, 0x0, 0x1}}, 0x20) r9 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_GETQUOTA(r9, 0xffffffff80000702, 0x0, &(0x7f0000000480)) socket$nl_generic(0x10, 0x3, 0x10) socket$igmp(0x2, 0x3, 0x2) r10 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r10, 0xc008561c, &(0x7f0000000040)={0xf0f018, 0x1}) socket$nl_route(0x10, 0x3, 0x0) 1.181488718s ago: executing program 5 (id=680): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCCONS(r0, 0x541d) syz_emit_ethernet(0x105, &(0x7f0000000400)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0xcf, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xfffe}, {"644816284a80e6e70000c74b0850c01a8e1045c7eb29839d8685c1ba11d1fdb16f9d754203e74e09614482e2034689c4881491e52e3d429c4ceede19fe7128b2d07d16e9d994ed66b59f2fcddca7f7ff42efb95593a39b71ddd4081de7af43317428402884945f5b12f472a97e2317391428f1ab11f4cc62b27abfd495cbe4c185ce8a95485bca2223a61e6a6ae572bf9c13394a5eec3ad96761dad027a27a4aff530e53be423d07911159c5f341759dabaf588337498faac46cc6"}}}}}}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000180)="50df", 0x2, 0x60000800, &(0x7f0000000040)={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00', 0x8}, 0x1c) listen(r1, 0x100101) r2 = accept4(r1, 0x0, 0x0, 0x80800) sendto$inet6(r2, &(0x7f0000000740)="122eff", 0x3, 0xc001, &(0x7f00000007c0)={0xa, 0x4e22, 0x4, @loopback, 0x80000001}, 0x1c) setsockopt$packet_int(r2, 0x107, 0x8, &(0x7f0000000000)=0x9ac, 0x4) 1.166822614s ago: executing program 2 (id=681): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x0, 0x168, 0x9, 0x0, 0xb, 0x250, 0x250, 0x250, 0x250, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x108, 0x150, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'dvmrp0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c200a0000000d0085a168d0bf46d32345653600648d0a00050002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x34, 0x0, &(0x7f0000000140)=[@decrefs={0x40046307, 0x3}, @clear_death={0x400c630f, 0x3}, @request_death={0x400c630e, 0x1}, @dead_binder_done], 0x0, 0x0, 0x0}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0x6) getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000380), &(0x7f00000003c0)=0x4) 1.059576818s ago: executing program 2 (id=682): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000240)={&(0x7f0000000980)={{@host=0x10, 0x80}, {@host=0x10, 0x100008}, 0x400, "d49e0b1f09a3e05cb898141464441748655937bb34d22f02362479246bb6372d891a3b5dafa58a6abc5a678d6874fc8fb5f8a529c6e30103484f2667c174fb6cda19ea0a9301bc3238eb816e9c3882f243bcd4bd7115b26dacf5923f060498d471cb4f789562fcda119739dd1a5b0e4e1a4a64dbd7b398bd4e7a247d81f968f2e945f293fc3860bf11f0424193fce743067d27f0ac187b44b128a4999547f73d8c35d3c2bd8b51bbc9a31123f773be89e109cc71b8ec29a539083c0cba15b0899c7181ba154c28b3c4e2ebe360ac44f942a703b9a3a37fbbefe9ae0de04a32336a6eba07b2fb6ad426d56e17291bb1a9d1fcdaa939378bab6dd2eac37b369ef163c9e0fc8039352c24d8147fcc2e2559b47066abd21a3a5f83f239a2227f17d4ca90f60ed9acc243ed38818e3883a985106b54dc157b67022525a74e8f9cb99852760359278d5d22294a70433ba4cec5147fbb09b1d0008ba76257f1c5af6b8d6bf3bcfd5a468a566a4e98fe5f264f2663b72cb421c90d8b7883ddfb5749b27a3e146f9d8538706fea61b07c6e064446337439b9d5a5dc82f6c63c57d6ba0e709b7c1b15fa8367f8e6df2cf59b0b30740ef47c5cccffce5911569591ce4ab62275964cd147e87a30cc6e71f7e40e161997cdbadcfbfb6c54e0289ac137508b7b5339414e4ab7afcc420148e37d49b664cc07c8178a3b50f566c5bdd3aa9217ef909805972bd63ee1d729b282cd866c183744b20da3227f9d438432e08d0699ebd30e0820362664ab323b15d3ae9896c6120aae6ef9085f53a2b39cc31238b031476c86e6b16d7703fcbacc7269ce209ec4ac912db924bb76bc35ddf8d0e7a3aff0d08a48c07be47303b59653d9409f14dc59ac33cae5e010466f54d86772e43e3680863bb9bf10c971f16a731e601d7fcdbb91d7146e7834d89059ad522d70398c2bacf113ed791e32f933dfa23f5d6d11bfc9d9e0f04a34b0eddd99d16cd9712485e0a5c9aaf1ebf3f14d00005f8960b6145cbb7d4522692ebe1f9491f87a29ed67c5fb60f5e69bde2a758742999fc986a2dbf6199977e9b446691b9ef95d0abd84557c77ea13356c977d0f098ab9fec85acbd6447f2e6893e2fa6a0a7b272dab66e69b7def48f8b3583a53a0941fb3e4367fa8d56e05ee3b265f17ca0439fcdcea276f7f0a9bf4c2a324d7143658007cf4019e8da69ba1b7dff4383714cbcb71dfe6f1b1ac5d5e99394cb2c360ddb1889d92cd36f8fc72ac865f1c6445957b2a57c1af59ef8d2e9fe328ec2bde763d65c4dea965042f540515bf2f879d1b26309ebc1d7f76c569fa88fbe61845e96e93d3b6025b6285777e59495943596c1208000000000000008bf99f57d7e5dc77f65cf650902b5b6d5af9359334759843365bf0dfb244817a40e8cc913000"}, 0x418}) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, &(0x7f0000000140)={0x0, 0xffffffffffffff60, 0x6}) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fcntl$notify(r1, 0x402, 0x2b) syz_emit_ethernet(0x6e, 0x0, 0x0) r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000080)={0x2c, &(0x7f00000012c0)={0x0, 0x22, 0x5, {0x5, 0xc, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f00000001c0)={0x0, 0x24, 0x1, 0x0}) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 370.137766ms ago: executing program 0 (id=696): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x0, 0x0, 0x0, 0x0, 0x11, 0x8, 0x0, 0x0}}, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0xc37, 0xb, 0x2}}}}]}, 0x40}}, 0x4000010) 309.576992ms ago: executing program 4 (id=697): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x26, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002500010125bd7000fdffffff520000000800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x4048957}, 0x28040) 309.409337ms ago: executing program 5 (id=698): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x43044) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, 0x2, 0x3, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20010) 309.261464ms ago: executing program 0 (id=699): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}]}]}], {0x14}}, 0x84}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[], 0xcc}}, 0x0) 309.14567ms ago: executing program 4 (id=700): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000400)="5c00000013006bcc9e3be05c6e17aa31076b876c1d0000007ea60864160af36514001ac0080003002c26d330196e87c0568cff3407000c0004007c2ed239122dbd94c9affe1801c00364bc24eab556a705251e618294ff0051f60a84", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 250.086926ms ago: executing program 5 (id=701): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_DELRULE={0x38, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x60}, 0x1, 0x0, 0x0, 0x40090}, 0x0) 249.912802ms ago: executing program 0 (id=702): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000100001000000000000000000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a3100000000200004800600000076657468315f6d616376746170080000080001400000000514000000110001"], 0xe8}}, 0x0) 249.771793ms ago: executing program 4 (id=703): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) close(0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c0001800600010058c6000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 170.03272ms ago: executing program 5 (id=704): sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2040000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f00000003c0)="0f326635004000000f300f00d636808a0d0001ba4300b80b00eb66b88c5000000f23d02a3ff866352000000e0f23f80f01c30f789deb32660f3a21cf220f2bb00058660f1bde", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000080)={0xbc, 0x0, 0x1}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 169.938236ms ago: executing program 0 (id=705): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x100, 0x5, 0x2, 0x1}, 'syz1\x00', 0x3f}) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000200)={{0x77359400}, 0x11, 0xae, 0x7fffffff}, 0x10) 110.567359ms ago: executing program 4 (id=706): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\a\x00'}) 47.583458ms ago: executing program 0 (id=707): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x800}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@mark={0xc, 0x15, {0x0, 0xffff}}]}, 0xc4}}, 0x0) 47.442153ms ago: executing program 0 (id=708): socket$packet(0x11, 0x2, 0x300) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000001c0), 0xc8c00, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x4, "abacd211119c871663376126aab5ab0006278ee042000000e4ffffffffffffff"}) close(0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, 0x0, 0x40810) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f00000000c0)=0x5) 247.818µs ago: executing program 4 (id=709): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000001c0), 0xc8c00, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, 0x0) 0s ago: executing program 4 (id=710): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000480)={0x0, &(0x7f0000000180)=[@cpuid={0x64, 0x18, {0x3, 0x8}}], 0x18}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000740)={0x2c, 0x0, [{0x6, 0x3, 0x1, 0xef70, 0x401, 0x6, 0x4}, {0x0, 0x100, 0x5, 0xff, 0x200, 0x5, 0x7fff}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): alue: 3 [ 82.300808][ T6041] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 82.305581][ T6041] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.314492][ T6041] usb 5-1: config 0 descriptor?? [ 82.360825][ T6488] netlink: 24 bytes leftover after parsing attributes in process `syz.3.118'. [ 82.435614][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.122'. [ 82.439851][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.1.122'. [ 82.443977][ T6492] netlink: 'syz.1.122': attribute type 6 has an invalid length. [ 82.460620][ T40] audit: type=1400 audit(1767261055.358:303): avc: denied { read write } for pid=6491 comm="syz.1.122" name="event1" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 82.472315][ T6494] sctp: [Deprecated]: syz.2.123 (pid 6494) Use of int in maxseg socket option. [ 82.472315][ T6494] Use struct sctp_assoc_value instead [ 82.474227][ T40] audit: type=1400 audit(1767261055.368:304): avc: denied { open } for pid=6491 comm="syz.1.122" path="/dev/input/event1" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 82.479134][ T6492] netlink: 16 bytes leftover after parsing attributes in process `syz.1.122'. [ 82.533870][ T6497] syzkaller1: entered promiscuous mode [ 82.538737][ T6497] syzkaller1: entered allmulticast mode [ 82.548936][ T40] audit: type=1400 audit(1767261055.438:305): avc: denied { write } for pid=6496 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.626641][ T6499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.125'. [ 82.633025][ T6499] SELinux: Context system_u:object_r:unconfined_execmem_exec_t:s0 is not valid (left unmapped). [ 82.640449][ T40] audit: type=1400 audit(1767261055.528:306): avc: denied { relabelto } for pid=6498 comm="syz.3.125" name="cpu.stat" dev="tmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:unconfined_execmem_exec_t:s0" [ 82.659757][ T6501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.126'. [ 82.691762][ T6501] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 82.696078][ T6501] team0: Device ipvlan2 is already an upper device of the team interface [ 82.725665][ T6041] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 82.728836][ T6041] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 82.733270][ T6041] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 82.736627][ T6041] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 82.739699][ T6041] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 82.748681][ T6041] input: HID 0955:7214 Haptics as /devices/virtual/input/input7 [ 82.779366][ T6041] shield 0003:0955:7214.0003: Registered Thunderstrike controller [ 82.784740][ T6041] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 82.806923][ T6512] netlink: 96 bytes leftover after parsing attributes in process `syz.3.127'. [ 82.816633][ T6506] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=6506 comm=syz.3.127 [ 82.843030][ T6515] netlink: 'syz.1.130': attribute type 39 has an invalid length. [ 82.869511][ T6515] veth0_macvtap: left promiscuous mode [ 82.910609][ T6517] pim6reg1: entered promiscuous mode [ 82.913372][ T6517] pim6reg1: entered allmulticast mode [ 82.926256][ T6455] netlink: 504 bytes leftover after parsing attributes in process `syz.0.110'. [ 82.930733][ T6517] netlink: 'syz.2.131': attribute type 1 has an invalid length. [ 82.939172][ T3329] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 82.939219][ T6520] ======================================================= [ 82.939219][ T6520] WARNING: The mand mount option has been deprecated and [ 82.939219][ T6520] and is ignored by this kernel. Remove the mand [ 82.939219][ T6520] option from the mount to silence this warning. [ 82.939219][ T6520] ======================================================= [ 82.941847][ T6013] usb 5-1: USB disconnect, device number 3 [ 82.945967][ T3329] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 82.969348][ T3329] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 82.975386][ T3329] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 82.997713][ T6517] 8021q: adding VLAN 0 to HW filter on device bond1 [ 83.057136][ T6522] bond1: (slave veth3): Enslaving as an active interface with a down link [ 83.078638][ T6517] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 83.081510][ T6517] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 83.319792][ T6539] veth0_to_team: entered promiscuous mode [ 83.323357][ T6539] veth0_to_team: left promiscuous mode [ 83.565652][ T46] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.665298][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.670140][ T46] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.685043][ T6547] netlink: 156 bytes leftover after parsing attributes in process `syz.0.143'. [ 83.690873][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.692385][ T6544] openvswitch: netlink: Key type 51 is out of range max 32 [ 83.694293][ T6547] netlink: 156 bytes leftover after parsing attributes in process `syz.0.143'. [ 83.694433][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.709274][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.712960][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.716730][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.720689][ T6547] netlink: 'syz.0.143': attribute type 21 has an invalid length. [ 83.745043][ T5947] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.749666][ T5947] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.754342][ T5947] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.758656][ T5947] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.762932][ T5947] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.764042][ T46] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.799536][ T6556] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link [ 83.898706][ T46] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.908706][ T6565] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 83.918348][ T6562] overlayfs: failed to resolve './file2': -2 [ 84.125437][ T6553] chnl_net:caif_netlink_parms(): no params data found [ 84.210042][ T6579] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 84.212624][ T6579] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 84.216787][ T46] bridge_slave_1: left allmulticast mode [ 84.217541][ T6579] vhci_hcd vhci_hcd.0: Device attached [ 84.219444][ T46] bridge_slave_1: left promiscuous mode [ 84.222915][ T6580] vhci_hcd: connection closed [ 84.225274][ T4634] vhci_hcd vhci_hcd.2: stop threads [ 84.225306][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.227363][ T4634] vhci_hcd vhci_hcd.2: release socket [ 84.227377][ T4634] vhci_hcd vhci_hcd.2: disconnect device [ 84.240087][ T46] bridge_slave_0: left allmulticast mode [ 84.242641][ T46] bridge_slave_0: left promiscuous mode [ 84.246312][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.465198][ T46] dvmrp6 (unregistering): left allmulticast mode [ 84.636074][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.644403][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.657986][ T46] bond0 (unregistering): Released all slaves [ 84.683030][ T6584] 8021q: VLANs not supported on ipvlan0 [ 84.748998][ T6587] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 84.775410][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.779921][ T6553] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.783210][ T6553] bridge_slave_0: entered allmulticast mode [ 84.787866][ T6553] bridge_slave_0: entered promiscuous mode [ 84.794166][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.798806][ T6553] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.802243][ T6553] bridge_slave_1: entered allmulticast mode [ 84.806560][ T6553] bridge_slave_1: entered promiscuous mode [ 84.852191][ T6553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.861488][ T6553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.911811][ T6553] team0: Port device team_slave_0 added [ 84.919438][ T6553] team0: Port device team_slave_1 added [ 84.955295][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.957764][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.968813][ T6553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.975185][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.978223][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.989771][ T6553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.032359][ T6553] hsr_slave_0: entered promiscuous mode [ 85.035731][ T6553] hsr_slave_1: entered promiscuous mode [ 85.036805][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.038824][ T6553] debugfs: 'hsr0' already exists in 'hsr' [ 85.044340][ T6553] Cannot create hsr debugfs directory [ 85.064308][ T46] hsr_slave_0: left promiscuous mode [ 85.067174][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.075040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.082134][ T46] hsr_slave_1: left promiscuous mode [ 85.086302][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.089574][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.093740][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.097304][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.116589][ T46] veth1_macvtap: left promiscuous mode [ 85.119399][ T46] veth0_macvtap: left promiscuous mode [ 85.122038][ T46] veth1_vlan: left promiscuous mode [ 85.124915][ T46] veth0_vlan: left promiscuous mode [ 85.355677][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.485148][ T46] team0 (unregistering): Port device team_slave_1 removed [ 85.506043][ T46] team0 (unregistering): Port device team_slave_0 removed [ 85.616548][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.625017][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 85.765282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.770026][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.780764][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.847089][ T64] Bluetooth: hci2: command tx timeout [ 85.913123][ T6625] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 85.922152][ T6625] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 85.927219][ T6625] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 85.930744][ T6625] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 86.091972][ T6553] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 86.101840][ T6553] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 86.109213][ T6553] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 86.117569][ T6553] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 86.150042][ T6638] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 86.153249][ T6638] overlayfs: failed to set xattr on upper [ 86.155806][ T6638] overlayfs: ...falling back to redirect_dir=nofollow. [ 86.158804][ T6638] overlayfs: ...falling back to index=off. [ 86.161352][ T6638] overlayfs: ...falling back to uuid=null. [ 86.194699][ T6553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.212550][ T6553] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.227167][ T218] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.230536][ T218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.259946][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.263269][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.321476][ T24] IPVS: starting estimator thread 0... [ 86.415164][ T6659] IPVS: using max 26 ests per chain, 62400 per kthread [ 86.454723][ T6553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.495885][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 86.505989][ T56] cfg80211: failed to load regulatory.db [ 86.654922][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 86.661761][ T24] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 86.674921][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 86.679303][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 86.683474][ T6691] binder: 6690:6691 ioctl 5387 200000000200 returned -22 [ 86.694659][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 86.702459][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 86.708276][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 86.712241][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.793947][ T6553] veth0_vlan: entered promiscuous mode [ 86.802604][ T6553] veth1_vlan: entered promiscuous mode [ 86.837596][ T6553] veth0_macvtap: entered promiscuous mode [ 86.846773][ T6553] veth1_macvtap: entered promiscuous mode [ 86.865868][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.872639][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.893140][ T4634] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.906504][ T4634] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.910466][ T4634] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.918196][ T4634] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.924002][ T24] usb 5-1: GET_CAPABILITIES returned 0 [ 86.930609][ T24] usbtmc 5-1:16.0: can't read capabilities [ 87.082575][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.094891][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.125962][ T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.129503][ T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.180989][ T6722] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 87.184223][ T6722] ALSA: mixer_oss: invalid index 1374389 [ 87.200499][ T6722] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 87.203519][ T6722] ALSA: mixer_oss: invalid index 1374389 [ 87.462680][ T40] kauditd_printk_skb: 49 callbacks suppressed [ 87.462695][ T40] audit: type=1400 audit(1767261060.358:356): avc: denied { create } for pid=6740 comm="syz.2.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 87.559369][ T6745] Sensor A: ================= START STATUS ================= [ 87.562896][ T6745] Sensor A: Test Pattern: 75% Colorbar [ 87.566427][ T6745] Sensor A: Show Information: All [ 87.568793][ T6745] Sensor A: Vertical Flip: false [ 87.571140][ T6745] Sensor A: Horizontal Flip: false [ 87.573462][ T6745] Sensor A: Brightness: 128 [ 87.575656][ T6745] Sensor A: Contrast: 128 [ 87.577647][ T6745] Sensor A: Hue: 0 [ 87.579431][ T6745] Sensor A: Saturation: 128 [ 87.581696][ T6745] Sensor A: ================== END STATUS ================== [ 87.721512][ T6750] validate_nla: 26 callbacks suppressed [ 87.721529][ T6750] netlink: 'syz.4.182': attribute type 39 has an invalid length. [ 87.792204][ T40] audit: type=1400 audit(1767261060.688:357): avc: denied { mount } for pid=6751 comm="syz.2.184" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 87.802848][ T40] audit: type=1400 audit(1767261060.698:358): avc: denied { remount } for pid=6751 comm="syz.2.184" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 87.827592][ T40] audit: type=1400 audit(1767261060.728:359): avc: denied { mounton } for pid=6751 comm="syz.2.184" path="/59/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 87.872286][ T40] audit: type=1400 audit(1767261060.768:360): avc: denied { create } for pid=6753 comm="syz.1.183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 87.901618][ T40] audit: type=1400 audit(1767261060.798:361): avc: denied { connect } for pid=6753 comm="syz.1.183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 87.935188][ T64] Bluetooth: hci2: command tx timeout [ 88.451971][ T40] audit: type=1400 audit(1767261061.348:362): avc: denied { unmount } for pid=5943 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 88.482938][ T6758] 8021q: adding VLAN 0 to HW filter on device bond2 [ 88.508095][ T40] audit: type=1400 audit(1767261061.408:363): avc: denied { read write } for pid=6761 comm="syz.2.185" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 88.517917][ T6762] random: crng reseeded on system resumption [ 88.532314][ T40] audit: type=1400 audit(1767261061.428:364): avc: denied { ioctl open } for pid=6761 comm="syz.2.185" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 88.731935][ T6767] __nla_validate_parse: 34 callbacks suppressed [ 88.731953][ T6767] netlink: 16 bytes leftover after parsing attributes in process `syz.2.187'. [ 88.806299][ T6770] netlink: 'syz.2.188': attribute type 1 has an invalid length. [ 88.857760][ T6764] xt_CT: No such helper "pptp" [ 89.043816][ T6784] netlink: 'syz.2.193': attribute type 21 has an invalid length. [ 89.045042][ T6785] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 89.048421][ T6784] netlink: 156 bytes leftover after parsing attributes in process `syz.2.193'. [ 89.050369][ C1] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 89.066446][ T40] audit: type=1400 audit(1767261061.968:365): avc: denied { write } for pid=6782 comm="syz.1.191" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 89.075921][ T6784] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 89.079165][ C2] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 89.160554][ T6794] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed. [ 89.273347][ T24] usb 5-1: USB disconnect, device number 4 [ 89.306978][ T6804] netlink: 3696 bytes leftover after parsing attributes in process `syz.1.197'. [ 89.315698][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.195'. [ 89.321447][ T6803] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 89.329949][ T6795] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'. [ 89.331880][ T6807] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.335545][ T6795] netlink: 'syz.2.195': attribute type 11 has an invalid length. [ 89.341962][ T6795] netlink: 'syz.2.195': attribute type 7 has an invalid length. [ 89.345039][ T6804] netlink: 3696 bytes leftover after parsing attributes in process `syz.1.197'. [ 89.346111][ T6808] misc userio: No port type given on /dev/userio [ 89.401530][ T6811] netlink: 'syz.4.200': attribute type 1 has an invalid length. [ 89.406476][ T6811] netlink: 4 bytes leftover after parsing attributes in process `syz.4.200'. [ 89.467733][ T6812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.200'. [ 89.823302][ T6826] netlink: 'syz.2.205': attribute type 11 has an invalid length. [ 89.932901][ T6830] netlink: 48 bytes leftover after parsing attributes in process `syz.2.206'. [ 90.005213][ T64] Bluetooth: hci2: command tx timeout [ 90.875225][ T6683] syz.1.172 (6683) used greatest stack depth: 18400 bytes left [ 91.475891][ T6714] syz.1.172 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 91.480439][ T6714] CPU: 2 UID: 0 PID: 6714 Comm: syz.1.172 Tainted: G L syzkaller #0 PREEMPT(full) [ 91.480463][ T6714] Tainted: [L]=SOFTLOCKUP [ 91.480468][ T6714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.480478][ T6714] Call Trace: [ 91.480484][ T6714] [ 91.480490][ T6714] dump_stack_lvl+0x16c/0x1f0 [ 91.480515][ T6714] dump_header+0x101/0x960 [ 91.480543][ T6714] oom_kill_process+0x176/0x910 [ 91.480570][ T6714] out_of_memory+0x350/0x1700 [ 91.480592][ T6714] ? __lock_acquire+0x436/0x2890 [ 91.480612][ T6714] ? __pfx_out_of_memory+0x10/0x10 [ 91.480640][ T6714] mem_cgroup_out_of_memory+0x118/0x130 [ 91.480656][ T6714] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 91.480678][ T6714] ? do_raw_spin_unlock+0x172/0x230 [ 91.480703][ T6714] try_charge_memcg+0x695/0xd30 [ 91.480730][ T6714] ? __pfx_try_charge_memcg+0x10/0x10 [ 91.480750][ T6714] ? __print_lock_name+0x81/0xe0 [ 91.480774][ T6714] ? rcu_read_unlock+0x17/0x60 [ 91.480803][ T6714] charge_memcg+0x8a/0x230 [ 91.480824][ T6714] __mem_cgroup_charge+0x2b/0x1e0 [ 91.480849][ T6714] shmem_alloc_and_add_folio+0x50c/0xc20 [ 91.480878][ T6714] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 91.480905][ T6714] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 91.480935][ T6714] shmem_get_folio_gfp+0x67f/0x1610 [ 91.480963][ T6714] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 91.480990][ T6714] ? __pfx_timestamp_truncate+0x10/0x10 [ 91.481017][ T6714] shmem_write_begin+0x1a4/0x3b0 [ 91.481033][ T6714] ? __pfx_shmem_write_begin+0x10/0x10 [ 91.481049][ T6714] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 91.481072][ T6714] generic_perform_write+0x3c4/0x900 [ 91.481100][ T6714] ? __pfx_generic_perform_write+0x10/0x10 [ 91.481123][ T6714] ? generic_update_time+0xcf/0xf0 [ 91.481157][ T6714] ? mnt_put_write_access_file+0x45/0xf0 [ 91.481181][ T6714] ? file_update_time_flags+0x35c/0x520 [ 91.481204][ T6714] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 91.481220][ T6714] shmem_file_write_iter+0x10e/0x140 [ 91.481239][ T6714] __kernel_write_iter+0x31a/0xb10 [ 91.481261][ T6714] ? __pfx___kernel_write_iter+0x10/0x10 [ 91.481280][ T6714] ? __up_read+0x2d1/0x700 [ 91.481303][ T6714] ? dump_user_range+0x756/0xb70 [ 91.481330][ T6714] dump_user_range+0x413/0xb70 [ 91.481358][ T6714] ? __pfx_dump_user_range+0x10/0x10 [ 91.481383][ T6714] ? elf_coredump_extra_notes_write+0xbd/0x500 [ 91.481406][ T6714] ? __pfx_writenote+0x10/0x10 [ 91.481427][ T6714] elf_core_dump+0x29c3/0x3c10 [ 91.481454][ T6714] ? __pfx_elf_core_dump+0x10/0x10 [ 91.481467][ T6714] ? kasan_save_stack+0x33/0x60 [ 91.481483][ T6714] ? kasan_save_track+0x14/0x30 [ 91.481499][ T6714] ? __kasan_kmalloc+0xaa/0xb0 [ 91.481515][ T6714] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 91.481532][ T6714] ? vfs_coredump+0x1dd9/0x55e0 [ 91.481554][ T6714] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 91.481573][ T6714] ? irqentry_exit+0x38a/0x8c0 [ 91.481592][ T6714] ? asm_exc_page_fault+0x26/0x30 [ 91.481612][ T6714] ? 0xffffffffff600000 [ 91.481663][ T6714] ? vfs_coredump+0x2b85/0x55e0 [ 91.481685][ T6714] vfs_coredump+0x2b85/0x55e0 [ 91.481717][ T6714] ? __pfx_vfs_coredump+0x10/0x10 [ 91.481740][ T6714] ? __lock_acquire+0x436/0x2890 [ 91.481763][ T6714] ? __lock_acquire+0x436/0x2890 [ 91.481784][ T6714] ? lock_acquire+0x179/0x330 [ 91.481808][ T6714] ? lock_acquire+0x179/0x330 [ 91.481840][ T6714] ? arch_stack_walk+0xa6/0x100 [ 91.481869][ T6714] ? stack_trace_save+0x8e/0xc0 [ 91.481887][ T6714] ? __pfx_stack_trace_save+0x10/0x10 [ 91.481905][ T6714] ? stack_depot_save_flags+0x29/0x9b0 [ 91.481930][ T6714] ? __lock_acquire+0x436/0x2890 [ 91.481951][ T6714] ? kasan_save_stack+0x42/0x60 [ 91.482009][ T6714] ? proc_coredump_connector+0x2d1/0x4f0 [ 91.482030][ T6714] ? __pfx_proc_coredump_connector+0x10/0x10 [ 91.482056][ T6714] ? rcu_is_watching+0x12/0xc0 [ 91.482075][ T6714] get_signal+0x22e1/0x26d0 [ 91.482106][ T6714] ? __pfx_get_signal+0x10/0x10 [ 91.482135][ T6714] arch_do_signal_or_restart+0x8f/0x7e0 [ 91.482158][ T6714] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 91.482217][ T6714] ? do_user_addr_fault+0x926/0x1370 [ 91.482243][ T6714] irqentry_exit+0x38a/0x8c0 [ 91.482267][ T6714] asm_exc_page_fault+0x26/0x30 [ 91.482283][ T6714] RIP: 0033:0xff [ 91.482301][ T6714] Code: Unable to access opcode bytes at 0xd5. [ 91.482308][ T6714] RSP: 002b:00002000000003c8 EFLAGS: 00010217 [ 91.482322][ T6714] RAX: 0000000000000000 RBX: 00007ff7f49e5fa0 RCX: 00007ff7f478f7c9 [ 91.482332][ T6714] RDX: 0000200000000400 RSI: 00002000000003c0 RDI: 0000000000000000 [ 91.482342][ T6714] RBP: 00007ff7f4813f91 R08: 0000200000000480 R09: 0000200000000480 [ 91.482352][ T6714] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000 [ 91.482361][ T6714] R13: 00007ff7f49e6038 R14: 00007ff7f49e5fa0 R15: 00007ffe77c4bd38 [ 91.482385][ T6714] [ 91.482441][ T6714] memory: usage 307200kB, limit 307200kB, failcnt 26575 [ 91.700100][ T6714] memory+swap: usage 431972kB, limit 9007199254740988kB, failcnt 0 [ 91.702596][ T6714] kmem: usage 5732kB, limit 9007199254740988kB, failcnt 0 [ 91.705681][ T6714] Memory cgroup stats for /syz1: [ 91.705891][ T6714] cache 308649984 [ 91.708986][ T6714] rss 32768 [ 91.710125][ T6714] rss_huge 0 [ 91.711238][ T6714] shmem 308633600 [ 91.712461][ T6714] mapped_file 0 [ 91.713915][ T6714] dirty 0 [ 91.715229][ T6714] writeback 0 [ 91.716408][ T6714] workingset_refault_anon 31 [ 91.717974][ T6714] workingset_refault_file 654 [ 91.719776][ T6714] swap 127766528 [ 91.721271][ T6714] swapcached 24576 [ 91.722735][ T6714] pgpgin 129458 [ 91.724279][ T6714] pgpgout 54091 [ 91.725946][ T6714] pgfault 15895 [ 91.727558][ T6714] pgmajfault 80 [ 91.729116][ T6714] inactive_anon 245665792 [ 91.731038][ T6714] active_anon 63021056 [ 91.732809][ T6714] inactive_file 16384 [ 91.734540][ T6714] active_file 0 [ 91.736156][ T6714] unevictable 0 [ 91.737669][ T6714] hierarchical_memory_limit 314572800 [ 91.740037][ T6714] hierarchical_memsw_limit 9223372036854771712 [ 91.742743][ T6714] total_cache 308649984 [ 91.744577][ T6714] total_rss 32768 [ 91.746331][ T6714] total_rss_huge 0 [ 91.748005][ T6714] total_shmem 308633600 [ 91.749882][ T6714] total_mapped_file 0 [ 91.751661][ T6714] total_dirty 0 [ 91.753223][ T6714] total_writeback 0 [ 91.755009][ T6714] total_workingset_refault_anon 31 [ 91.756871][ T6714] total_workingset_refault_file 654 [ 91.758638][ T6714] total_swap 127766528 [ 91.760375][ T6714] total_swapcached 24576 [ 91.762137][ T6714] total_pgpgin 129458 [ 91.763827][ T6714] total_pgpgout 54091 [ 91.765849][ T6714] total_pgfault 15895 [ 91.767544][ T6714] total_pgmajfault 80 [ 91.769160][ T6714] total_inactive_anon 245665792 [ 91.771207][ T6714] total_active_anon 63021056 [ 91.773111][ T6714] total_inactive_file 16384 [ 91.774868][ T6714] total_active_file 0 [ 91.776379][ T6714] total_unevictable 0 [ 91.778048][ T6714] anon_cost 0 [ 91.779278][ T6714] file_cost 0 [ 91.780440][ T6714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.172,pid=6728,uid=0 [ 91.786941][ T6714] Memory cgroup out of memory: Killed process 6728 (syz.1.172) total-vm:98456kB, anon-rss:1168kB, file-rss:53632kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000 [ 91.844912][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 91.845573][ T6821] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 92.019552][ T6684] syz.1.172 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 92.023741][ T6684] CPU: 0 UID: 0 PID: 6684 Comm: syz.1.172 Tainted: G L syzkaller #0 PREEMPT(full) [ 92.023766][ T6684] Tainted: [L]=SOFTLOCKUP [ 92.023772][ T6684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.023781][ T6684] Call Trace: [ 92.023787][ T6684] [ 92.023794][ T6684] dump_stack_lvl+0x16c/0x1f0 [ 92.023819][ T6684] dump_header+0x101/0x960 [ 92.023849][ T6684] oom_kill_process+0x176/0x910 [ 92.023879][ T6684] out_of_memory+0x350/0x1700 [ 92.023904][ T6684] ? __lock_acquire+0x436/0x2890 [ 92.023928][ T6684] ? __pfx_out_of_memory+0x10/0x10 [ 92.023960][ T6684] mem_cgroup_out_of_memory+0x118/0x130 [ 92.023977][ T6684] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 92.024000][ T6684] ? do_raw_spin_unlock+0x172/0x230 [ 92.024028][ T6684] try_charge_memcg+0x695/0xd30 [ 92.024055][ T6684] ? __pfx_try_charge_memcg+0x10/0x10 [ 92.024078][ T6684] ? __print_lock_name+0x81/0xe0 [ 92.024104][ T6684] ? rcu_read_unlock+0x17/0x60 [ 92.024134][ T6684] charge_memcg+0x8a/0x230 [ 92.024157][ T6684] __mem_cgroup_charge+0x2b/0x1e0 [ 92.024183][ T6684] shmem_alloc_and_add_folio+0x50c/0xc20 [ 92.024220][ T6684] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 92.024248][ T6684] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 92.024281][ T6684] shmem_get_folio_gfp+0x67f/0x1610 [ 92.024313][ T6684] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 92.024340][ T6684] ? __pfx_timestamp_truncate+0x10/0x10 [ 92.024369][ T6684] shmem_write_begin+0x1a4/0x3b0 [ 92.024388][ T6684] ? __pfx_shmem_write_begin+0x10/0x10 [ 92.024406][ T6684] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 92.024432][ T6684] generic_perform_write+0x3c4/0x900 [ 92.024464][ T6684] ? __pfx_generic_perform_write+0x10/0x10 [ 92.024488][ T6684] ? generic_update_time+0xcf/0xf0 [ 92.024503][ T6684] ? mnt_put_write_access_file+0x45/0xf0 [ 92.024527][ T6684] ? file_update_time_flags+0x35c/0x520 [ 92.024547][ T6684] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 92.024564][ T6684] shmem_file_write_iter+0x10e/0x140 [ 92.024585][ T6684] __kernel_write_iter+0x31a/0xb10 [ 92.024609][ T6684] ? __pfx___kernel_write_iter+0x10/0x10 [ 92.024629][ T6684] ? __up_read+0x2d1/0x700 [ 92.024654][ T6684] ? dump_user_range+0x756/0xb70 [ 92.024685][ T6684] dump_user_range+0x413/0xb70 [ 92.024716][ T6684] ? __pfx_dump_user_range+0x10/0x10 [ 92.024743][ T6684] ? elf_coredump_extra_notes_write+0xbd/0x500 [ 92.024768][ T6684] ? __pfx_writenote+0x10/0x10 [ 92.024807][ T6684] elf_core_dump+0x29c3/0x3c10 [ 92.024837][ T6684] ? __pfx_elf_core_dump+0x10/0x10 [ 92.024852][ T6684] ? kasan_save_stack+0x33/0x60 [ 92.024870][ T6684] ? kasan_save_track+0x14/0x30 [ 92.024886][ T6684] ? __kasan_kmalloc+0xaa/0xb0 [ 92.024903][ T6684] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 92.024921][ T6684] ? vfs_coredump+0x1dd9/0x55e0 [ 92.024944][ T6684] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 92.024966][ T6684] ? irqentry_exit+0x38a/0x8c0 [ 92.024985][ T6684] ? asm_exc_page_fault+0x26/0x30 [ 92.025007][ T6684] ? 0xffffffffff600000 [ 92.025064][ T6684] ? vfs_coredump+0x2b85/0x55e0 [ 92.025088][ T6684] vfs_coredump+0x2b85/0x55e0 [ 92.025122][ T6684] ? __pfx_vfs_coredump+0x10/0x10 [ 92.025145][ T6684] ? __lock_acquire+0x436/0x2890 [ 92.025170][ T6684] ? __lock_acquire+0x436/0x2890 [ 92.025192][ T6684] ? lock_acquire+0x179/0x330 [ 92.025221][ T6684] ? lock_acquire+0x179/0x330 [ 92.025257][ T6684] ? arch_stack_walk+0xa6/0x100 [ 92.025288][ T6684] ? stack_trace_save+0x8e/0xc0 [ 92.025306][ T6684] ? __pfx_stack_trace_save+0x10/0x10 [ 92.025325][ T6684] ? stack_depot_save_flags+0x29/0x9b0 [ 92.025351][ T6684] ? __lock_acquire+0x436/0x2890 [ 92.025372][ T6684] ? kasan_save_stack+0x42/0x60 [ 92.025434][ T6684] ? proc_coredump_connector+0x2d1/0x4f0 [ 92.025455][ T6684] ? __pfx_proc_coredump_connector+0x10/0x10 [ 92.025482][ T6684] ? rcu_is_watching+0x12/0xc0 [ 92.025502][ T6684] get_signal+0x22e1/0x26d0 [ 92.025536][ T6684] ? __pfx_get_signal+0x10/0x10 [ 92.025567][ T6684] arch_do_signal_or_restart+0x8f/0x7e0 [ 92.025592][ T6684] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 92.025618][ T6684] ? do_user_addr_fault+0x926/0x1370 [ 92.025643][ T6684] irqentry_exit+0x38a/0x8c0 [ 92.025667][ T6684] asm_exc_page_fault+0x26/0x30 [ 92.025682][ T6684] RIP: 0033:0xff [ 92.025701][ T6684] Code: Unable to access opcode bytes at 0xd5. [ 92.025708][ T6684] RSP: 002b:00002000000003c8 EFLAGS: 00010217 [ 92.025721][ T6684] RAX: 0000000000000000 RBX: 00007ff7f49e5fa0 RCX: 00007ff7f478f7c9 [ 92.025731][ T6684] RDX: 0000200000000400 RSI: 00002000000003c0 RDI: 0000000000000000 [ 92.025741][ T6684] RBP: 00007ff7f4813f91 R08: 0000200000000480 R09: 0000200000000480 [ 92.025751][ T6684] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000 [ 92.025760][ T6684] R13: 00007ff7f49e6038 R14: 00007ff7f49e5fa0 R15: 00007ffe77c4bd38 [ 92.025785][ T6684] [ 92.209322][ T64] Bluetooth: hci2: command tx timeout [ 92.367203][ T6684] memory: usage 307024kB, limit 307200kB, failcnt 28871 [ 92.369822][ T6684] memory+swap: usage 431380kB, limit 9007199254740988kB, failcnt 0 [ 92.372104][ T6684] kmem: usage 5612kB, limit 9007199254740988kB, failcnt 0 [ 92.374203][ T6684] Memory cgroup stats for /syz1: [ 92.374289][ T6684] cache 307634176 [ 92.376979][ T6684] rss 122880 [ 92.378032][ T6684] rss_huge 0 [ 92.379269][ T6684] shmem 306839552 [ 92.380557][ T6684] mapped_file 200704 [ 92.381893][ T6684] dirty 0 [ 92.382993][ T6684] writeback 0 [ 92.384209][ T6684] workingset_refault_anon 45 [ 92.403916][ T6684] workingset_refault_file 1956 [ 92.406382][ T6684] swap 127504384 [ 92.407685][ T6684] swapcached 69632 [ 92.408974][ T6684] pgpgin 132660 [ 92.410249][ T6684] pgpgout 57516 [ 92.411463][ T6684] pgfault 16103 [ 92.412669][ T6684] pgmajfault 131 [ 92.413996][ T6684] inactive_anon 205406208 [ 92.415671][ T6684] active_anon 101470208 [ 92.417084][ T6684] inactive_file 196608 [ 92.418494][ T6684] active_file 499712 [ 92.419869][ T6684] unevictable 0 [ 92.421063][ T6684] hierarchical_memory_limit 314572800 [ 92.422956][ T6684] hierarchical_memsw_limit 9223372036854771712 [ 92.426775][ T6684] total_cache 307634176 [ 92.428568][ T6684] total_rss 122880 [ 92.429920][ T6684] total_rss_huge 0 [ 92.431269][ T6684] total_shmem 306839552 [ 92.432752][ T6684] total_mapped_file 200704 [ 92.434524][ T6684] total_dirty 0 [ 92.435940][ T6684] total_writeback 0 [ 92.437263][ T6684] total_workingset_refault_anon 45 [ 92.438997][ T6684] total_workingset_refault_file 1956 [ 92.440867][ T6684] total_swap 127504384 [ 92.442272][ T6684] total_swapcached 69632 [ 92.444026][ T6684] total_pgpgin 132660 [ 92.445702][ T6684] total_pgpgout 57516 [ 92.447266][ T6684] total_pgfault 16103 [ 92.448688][ T6684] total_pgmajfault 131 [ 92.450230][ T6684] total_inactive_anon 205406208 [ 92.451929][ T6684] total_active_anon 101470208 [ 92.453588][ T6684] total_inactive_file 196608 [ 92.455500][ T6684] total_active_file 499712 [ 92.457244][ T6684] total_unevictable 0 [ 92.458693][ T6684] anon_cost 0 [ 92.459943][ T6684] file_cost 0 [ 92.461117][ T6684] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.172,pid=6709,uid=0 [ 92.466973][ T6684] Memory cgroup out of memory: Killed process 6709 (syz.1.172) total-vm:98456kB, anon-rss:1168kB, file-rss:53664kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000 [ 92.682778][ T6821] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 92.696534][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 92.696548][ T40] audit: type=1400 audit(1767261065.598:370): avc: denied { create } for pid=6866 comm="syz.1.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 92.715410][ T40] audit: type=1400 audit(1767261065.618:371): avc: denied { bind } for pid=6866 comm="syz.1.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 92.733238][ T40] audit: type=1400 audit(1767261065.628:372): avc: denied { connect } for pid=6866 comm="syz.1.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 92.757217][ T6821] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 92.853900][ T6821] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 92.857080][ T6821] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 92.896058][ T6821] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 92.958219][ T6821] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 92.960670][ T6821] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 93.007957][ T6821] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 93.061793][ T6821] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 93.064276][ T6821] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 93.110897][ T6821] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 93.283400][ T6877] fuse: Bad value for 'fd' [ 93.317339][ T6715] syz.1.172 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 93.321501][ T6715] CPU: 3 UID: 0 PID: 6715 Comm: syz.1.172 Tainted: G L syzkaller #0 PREEMPT(full) [ 93.321527][ T6715] Tainted: [L]=SOFTLOCKUP [ 93.321533][ T6715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.321543][ T6715] Call Trace: [ 93.321548][ T6715] [ 93.321555][ T6715] dump_stack_lvl+0x16c/0x1f0 [ 93.321582][ T6715] dump_header+0x101/0x960 [ 93.321612][ T6715] oom_kill_process+0x176/0x910 [ 93.321639][ T6715] out_of_memory+0x350/0x1700 [ 93.321660][ T6715] ? __lock_acquire+0x436/0x2890 [ 93.321684][ T6715] ? __pfx_out_of_memory+0x10/0x10 [ 93.321714][ T6715] mem_cgroup_out_of_memory+0x118/0x130 [ 93.321730][ T6715] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 93.321751][ T6715] ? do_raw_spin_unlock+0x172/0x230 [ 93.321778][ T6715] try_charge_memcg+0x695/0xd30 [ 93.321805][ T6715] ? __pfx_try_charge_memcg+0x10/0x10 [ 93.321827][ T6715] ? __print_lock_name+0x81/0xe0 [ 93.321851][ T6715] ? rcu_read_unlock+0x17/0x60 [ 93.321881][ T6715] charge_memcg+0x8a/0x230 [ 93.321903][ T6715] __mem_cgroup_charge+0x2b/0x1e0 [ 93.321929][ T6715] shmem_alloc_and_add_folio+0x50c/0xc20 [ 93.321962][ T6715] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 93.321990][ T6715] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 93.322023][ T6715] shmem_get_folio_gfp+0x67f/0x1610 [ 93.322054][ T6715] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 93.322082][ T6715] ? __pfx_timestamp_truncate+0x10/0x10 [ 93.322111][ T6715] shmem_write_begin+0x1a4/0x3b0 [ 93.322129][ T6715] ? __pfx_shmem_write_begin+0x10/0x10 [ 93.322153][ T6715] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 93.322203][ T6715] generic_perform_write+0x3c4/0x900 [ 93.322231][ T6715] ? __pfx_generic_perform_write+0x10/0x10 [ 93.322249][ T6715] ? generic_update_time+0xcf/0xf0 [ 93.322260][ T6715] ? mnt_put_write_access_file+0x45/0xf0 [ 93.322278][ T6715] ? file_update_time_flags+0x35c/0x520 [ 93.322293][ T6715] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 93.322306][ T6715] shmem_file_write_iter+0x10e/0x140 [ 93.322321][ T6715] __kernel_write_iter+0x31a/0xb10 [ 93.322343][ T6715] ? __pfx___kernel_write_iter+0x10/0x10 [ 93.322364][ T6715] ? __up_read+0x2d1/0x700 [ 93.322388][ T6715] ? dump_user_range+0x756/0xb70 [ 93.322419][ T6715] dump_user_range+0x413/0xb70 [ 93.322451][ T6715] ? __pfx_dump_user_range+0x10/0x10 [ 93.322478][ T6715] ? elf_coredump_extra_notes_write+0xbd/0x500 [ 93.322501][ T6715] ? __pfx_writenote+0x10/0x10 [ 93.322522][ T6715] elf_core_dump+0x29c3/0x3c10 [ 93.322550][ T6715] ? __pfx_elf_core_dump+0x10/0x10 [ 93.322565][ T6715] ? kasan_save_stack+0x33/0x60 [ 93.322583][ T6715] ? kasan_save_track+0x14/0x30 [ 93.322600][ T6715] ? __kasan_kmalloc+0xaa/0xb0 [ 93.322616][ T6715] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 93.322635][ T6715] ? vfs_coredump+0x1dd9/0x55e0 [ 93.322657][ T6715] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 93.322679][ T6715] ? irqentry_exit+0x38a/0x8c0 [ 93.322699][ T6715] ? asm_exc_page_fault+0x26/0x30 [ 93.322721][ T6715] ? 0xffffffffff600000 [ 93.322780][ T6715] ? vfs_coredump+0x2b85/0x55e0 [ 93.322803][ T6715] vfs_coredump+0x2b85/0x55e0 [ 93.322837][ T6715] ? __pfx_vfs_coredump+0x10/0x10 [ 93.322861][ T6715] ? __lock_acquire+0x436/0x2890 [ 93.322886][ T6715] ? __lock_acquire+0x436/0x2890 [ 93.322907][ T6715] ? lock_acquire+0x179/0x330 [ 93.322932][ T6715] ? lock_acquire+0x179/0x330 [ 93.322968][ T6715] ? arch_stack_walk+0xa6/0x100 [ 93.322998][ T6715] ? stack_trace_save+0x8e/0xc0 [ 93.323015][ T6715] ? __pfx_stack_trace_save+0x10/0x10 [ 93.323034][ T6715] ? stack_depot_save_flags+0x29/0x9b0 [ 93.323059][ T6715] ? __lock_acquire+0x436/0x2890 [ 93.323081][ T6715] ? kasan_save_stack+0x42/0x60 [ 93.323150][ T6715] ? proc_coredump_connector+0x2d1/0x4f0 [ 93.323172][ T6715] ? __pfx_proc_coredump_connector+0x10/0x10 [ 93.323199][ T6715] ? rcu_is_watching+0x12/0xc0 [ 93.323219][ T6715] get_signal+0x22e1/0x26d0 [ 93.323255][ T6715] ? __pfx_get_signal+0x10/0x10 [ 93.323287][ T6715] arch_do_signal_or_restart+0x8f/0x7e0 [ 93.323312][ T6715] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 93.323345][ T6715] ? do_user_addr_fault+0x926/0x1370 [ 93.323371][ T6715] irqentry_exit+0x38a/0x8c0 [ 93.323395][ T6715] asm_exc_page_fault+0x26/0x30 [ 93.323410][ T6715] RIP: 0033:0xff [ 93.323429][ T6715] Code: Unable to access opcode bytes at 0xd5. [ 93.323435][ T6715] RSP: 002b:00002000000003c8 EFLAGS: 00010217 [ 93.323449][ T6715] RAX: 0000000000000000 RBX: 00007ff7f49e5fa0 RCX: 00007ff7f478f7c9 [ 93.323459][ T6715] RDX: 0000200000000400 RSI: 00002000000003c0 RDI: 0000000000000000 [ 93.323468][ T6715] RBP: 00007ff7f4813f91 R08: 0000200000000480 R09: 0000200000000480 [ 93.323477][ T6715] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000 [ 93.323486][ T6715] R13: 00007ff7f49e6038 R14: 00007ff7f49e5fa0 R15: 00007ffe77c4bd38 [ 93.323511][ T6715] [ 93.323517][ T6715] memory: usage 307200kB, limit 307200kB, failcnt 35367 [ 93.341849][ T6877] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000 [ 93.342313][ T6715] memory+swap: usage 432136kB, limit 9007199254740988kB, failcnt 0 [ 93.457053][ T6890] netlink: 16 bytes leftover after parsing attributes in process `syz.4.212'. [ 93.458576][ T6715] kmem: usage 7108kB, limit 9007199254740988kB, failcnt 0 [ 93.550523][ T6715] Memory cgroup stats for /syz1 [ 93.560503][ T6893] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 93.566161][ T6715] : [ 93.567620][ T6715] cache 306966528 [ 93.570458][ T6715] rss 323584 [ 93.572041][ T6715] rss_huge 0 [ 93.573555][ T6715] shmem 306954240 [ 93.575525][ T6715] mapped_file 0 [ 93.577235][ T6715] dirty 0 [ 93.578062][ T40] audit: type=1400 audit(1767261066.458:373): avc: denied { ioctl } for pid=6895 comm="syz.4.215" path="socket:[12796]" dev="sockfs" ino=12796 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 93.578739][ T6715] writeback 0 [ 93.592266][ T6715] workingset_refault_anon 54 [ 93.592881][ T40] audit: type=1400 audit(1767261066.478:374): avc: denied { create } for pid=6891 comm="syz.2.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 93.594396][ T6715] workingset_refault_file 10978 [ 93.594406][ T6715] swap 127934464 [ 93.609667][ T6715] swapcached 61440 [ 93.611499][ T6715] pgpgin 158685 [ 93.613042][ T6715] pgpgout 83662 [ 93.614688][ T6715] pgfault 17842 [ 93.620703][ T6715] pgmajfault 323 [ 93.622321][ T6715] inactive_anon 169508864 [ 93.624034][ T6715] active_anon 137773056 [ 93.626070][ T6715] inactive_file 12288 [ 93.627874][ T6715] active_file 0 [ 93.629410][ T6715] unevictable 0 [ 93.630943][ T6715] hierarchical_memory_limit 314572800 [ 93.633257][ T6715] hierarchical_memsw_limit 9223372036854771712 [ 93.636016][ T6715] total_cache 306966528 [ 93.637769][ T6715] total_rss 323584 [ 93.639434][ T6715] total_rss_huge 0 [ 93.641090][ T6715] total_shmem 306954240 [ 93.642879][ T6715] total_mapped_file 0 [ 93.644604][ T6715] total_dirty 0 [ 93.646326][ T6715] total_writeback 0 [ 93.648122][ T6715] total_workingset_refault_anon 54 [ 93.650382][ T6715] total_workingset_refault_file 10978 [ 93.652910][ T6715] total_swap 127934464 [ 93.655033][ T6715] total_swapcached 61440 [ 93.656875][ T6715] total_pgpgin 158685 [ 93.658807][ T6715] total_pgpgout 83662 [ 93.660562][ T6715] total_pgfault 17842 [ 93.662331][ T6715] total_pgmajfault 323 [ 93.664033][ T6715] total_inactive_anon 169508864 [ 93.666306][ T6715] total_active_anon 137773056 [ 93.668186][ T6715] total_inactive_file 12288 [ 93.670149][ T6715] total_active_file 0 [ 93.671902][ T6715] total_unevictable 0 [ 93.673665][ T6715] anon_cost 0 [ 93.680251][ T6715] file_cost 0 [ 93.681757][ T6715] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.172,pid=6714,uid=0 [ 93.688256][ T6715] Memory cgroup out of memory: Killed process 6714 (syz.1.172) total-vm:98456kB, anon-rss:1116kB, file-rss:53824kB, shmem-rss:0kB, UID:0 pgtables:196kB oom_score_adj:1000 [ 93.793169][ T6916] cgroup: Invalid name [ 93.797000][ T40] audit: type=1400 audit(1767261066.698:375): avc: denied { remount } for pid=6915 comm="syz.4.219" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 93.807620][ T6919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.220'. [ 93.811338][ T6919] netlink: 12 bytes leftover after parsing attributes in process `syz.2.220'. [ 93.819292][ T6919] netlink: 'syz.2.220': attribute type 19 has an invalid length. [ 93.832379][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'. [ 93.836583][ T6920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.216'. [ 93.840747][ T6920] netlink: 'syz.0.216': attribute type 11 has an invalid length. [ 93.844066][ T6920] netlink: 'syz.0.216': attribute type 7 has an invalid length. [ 93.851769][ T6919] Illegal XDP return value 3546985658 on prog (id 29) dev syz_tun, expect packet loss! [ 93.869116][ T40] audit: type=1400 audit(1767261066.768:376): avc: denied { create } for pid=6921 comm="syz.4.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 93.886946][ T6922] ieee802154 phy0 wpan0: encryption failed: -22 [ 93.890576][ T40] audit: type=1400 audit(1767261066.788:377): avc: denied { write } for pid=6921 comm="syz.4.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 93.924907][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 93.932353][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'. [ 93.937703][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'. [ 93.943704][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'. [ 93.948491][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'. [ 93.960337][ T6922] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=6922 comm=syz.4.221 [ 93.998161][ T40] audit: type=1400 audit(1767261066.898:378): avc: denied { write } for pid=6930 comm="syz.2.225" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 94.037468][ T6934] netlink: 12 bytes leftover after parsing attributes in process `syz.0.224'. [ 94.061860][ T6936] netlink: 20 bytes leftover after parsing attributes in process `syz.2.225'. [ 94.069805][ T6936] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 94.073467][ C3] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 94.124590][ T6724] syz.1.172 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 94.128913][ T6724] CPU: 0 UID: 0 PID: 6724 Comm: syz.1.172 Tainted: G L syzkaller #0 PREEMPT(full) [ 94.128940][ T6724] Tainted: [L]=SOFTLOCKUP [ 94.128945][ T6724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.128956][ T6724] Call Trace: [ 94.128962][ T6724] [ 94.128969][ T6724] dump_stack_lvl+0x16c/0x1f0 [ 94.128996][ T6724] dump_header+0x101/0x960 [ 94.129026][ T6724] oom_kill_process+0x176/0x910 [ 94.129055][ T6724] out_of_memory+0x350/0x1700 [ 94.129081][ T6724] ? __lock_acquire+0x436/0x2890 [ 94.129104][ T6724] ? __pfx_out_of_memory+0x10/0x10 [ 94.129137][ T6724] mem_cgroup_out_of_memory+0x118/0x130 [ 94.129156][ T6724] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 94.129178][ T6724] ? do_raw_spin_unlock+0x172/0x230 [ 94.129206][ T6724] try_charge_memcg+0x695/0xd30 [ 94.129233][ T6724] ? __pfx_try_charge_memcg+0x10/0x10 [ 94.129256][ T6724] ? __print_lock_name+0x81/0xe0 [ 94.129282][ T6724] ? rcu_read_unlock+0x17/0x60 [ 94.129312][ T6724] charge_memcg+0x8a/0x230 [ 94.129335][ T6724] __mem_cgroup_charge+0x2b/0x1e0 [ 94.129361][ T6724] shmem_alloc_and_add_folio+0x50c/0xc20 [ 94.129399][ T6724] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 94.129428][ T6724] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 94.129460][ T6724] shmem_get_folio_gfp+0x67f/0x1610 [ 94.129492][ T6724] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 94.129521][ T6724] ? __pfx_timestamp_truncate+0x10/0x10 [ 94.129550][ T6724] shmem_write_begin+0x1a4/0x3b0 [ 94.129568][ T6724] ? __pfx_shmem_write_begin+0x10/0x10 [ 94.129586][ T6724] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 94.129612][ T6724] generic_perform_write+0x3c4/0x900 [ 94.129645][ T6724] ? __pfx_generic_perform_write+0x10/0x10 [ 94.129669][ T6724] ? generic_update_time+0xcf/0xf0 [ 94.129685][ T6724] ? mnt_put_write_access_file+0x45/0xf0 [ 94.129708][ T6724] ? file_update_time_flags+0x35c/0x520 [ 94.129729][ T6724] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 94.129747][ T6724] shmem_file_write_iter+0x10e/0x140 [ 94.129768][ T6724] __kernel_write_iter+0x31a/0xb10 [ 94.129792][ T6724] ? __pfx___kernel_write_iter+0x10/0x10 [ 94.129813][ T6724] ? __up_read+0x2d1/0x700 [ 94.129838][ T6724] ? dump_user_range+0x756/0xb70 [ 94.129869][ T6724] dump_user_range+0x413/0xb70 [ 94.129900][ T6724] ? __pfx_dump_user_range+0x10/0x10 [ 94.129930][ T6724] ? elf_coredump_extra_notes_write+0xbd/0x500 [ 94.129956][ T6724] ? __pfx_writenote+0x10/0x10 [ 94.129979][ T6724] elf_core_dump+0x29c3/0x3c10 [ 94.130009][ T6724] ? __pfx_elf_core_dump+0x10/0x10 [ 94.130024][ T6724] ? kasan_save_stack+0x33/0x60 [ 94.130041][ T6724] ? kasan_save_track+0x14/0x30 [ 94.130058][ T6724] ? __kasan_kmalloc+0xaa/0xb0 [ 94.130075][ T6724] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 94.130093][ T6724] ? vfs_coredump+0x1dd9/0x55e0 [ 94.130116][ T6724] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 94.130138][ T6724] ? irqentry_exit+0x38a/0x8c0 [ 94.130157][ T6724] ? asm_exc_page_fault+0x26/0x30 [ 94.130205][ T6724] ? 0xffffffffff600000 [ 94.130263][ T6724] ? vfs_coredump+0x2b85/0x55e0 [ 94.130286][ T6724] vfs_coredump+0x2b85/0x55e0 [ 94.130320][ T6724] ? __pfx_vfs_coredump+0x10/0x10 [ 94.130344][ T6724] ? __lock_acquire+0x436/0x2890 [ 94.130369][ T6724] ? __lock_acquire+0x436/0x2890 [ 94.130396][ T6724] ? lock_acquire+0x179/0x330 [ 94.130421][ T6724] ? lock_acquire+0x179/0x330 [ 94.130458][ T6724] ? arch_stack_walk+0xa6/0x100 [ 94.130489][ T6724] ? stack_trace_save+0x8e/0xc0 [ 94.130508][ T6724] ? __pfx_stack_trace_save+0x10/0x10 [ 94.130526][ T6724] ? stack_depot_save_flags+0x29/0x9b0 [ 94.130550][ T6724] ? __lock_acquire+0x436/0x2890 [ 94.130572][ T6724] ? kasan_save_stack+0x42/0x60 [ 94.130632][ T6724] ? proc_coredump_connector+0x2d1/0x4f0 [ 94.130655][ T6724] ? __pfx_proc_coredump_connector+0x10/0x10 [ 94.130681][ T6724] ? rcu_is_watching+0x12/0xc0 [ 94.130701][ T6724] get_signal+0x22e1/0x26d0 [ 94.130735][ T6724] ? __pfx_get_signal+0x10/0x10 [ 94.130767][ T6724] arch_do_signal_or_restart+0x8f/0x7e0 [ 94.130792][ T6724] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 94.130824][ T6724] ? do_user_addr_fault+0x926/0x1370 [ 94.130851][ T6724] irqentry_exit+0x38a/0x8c0 [ 94.130876][ T6724] asm_exc_page_fault+0x26/0x30 [ 94.130892][ T6724] RIP: 0033:0xff [ 94.130910][ T6724] Code: Unable to access opcode bytes at 0xd5. [ 94.130917][ T6724] RSP: 002b:00002000000003c8 EFLAGS: 00010217 [ 94.130931][ T6724] RAX: 0000000000000000 RBX: 00007ff7f49e5fa0 RCX: 00007ff7f478f7c9 [ 94.130941][ T6724] RDX: 0000200000000400 RSI: 00002000000003c0 RDI: 0000000000000000 [ 94.130952][ T6724] RBP: 00007ff7f4813f91 R08: 0000200000000480 R09: 0000200000000480 [ 94.130962][ T6724] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000 [ 94.130972][ T6724] R13: 00007ff7f49e6038 R14: 00007ff7f49e5fa0 R15: 00007ffe77c4bd38 [ 94.130997][ T6724] [ 94.131004][ T6724] memory: usage 307200kB, limit 307200kB, failcnt 36190 [ 94.133936][ T40] audit: type=1400 audit(1767261067.028:379): avc: denied { nlmsg_write } for pid=6941 comm="syz.0.227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 94.135803][ T6724] memory+swap: usage 432040kB, limit 9007199254740988kB, failcnt 0 [ 94.212291][ T6724] kmem: usage 7420kB, limit 9007199254740988kB, failcnt 0 [ 94.361894][ T6724] Memory cgroup stats for /syz1: [ 94.362018][ T6724] cache 299356160 [ 94.366266][ T6724] rss 331776 [ 94.367766][ T6724] rss_huge 0 [ 94.369438][ T6724] shmem 297971712 [ 94.371112][ T6724] mapped_file 819200 [ 94.372887][ T6724] dirty 8192 [ 94.374407][ T6724] writeback 0 [ 94.376060][ T6724] workingset_refault_anon 57 [ 94.378082][ T6724] workingset_refault_file 11609 [ 94.380293][ T6724] swap 127238144 [ 94.381918][ T6724] swapcached 49152 [ 94.383660][ T6724] pgpgin 162118 [ 94.385568][ T6724] pgpgout 88934 [ 94.388847][ T6724] pgfault 17998 [ 94.390397][ T6724] pgmajfault 338 [ 94.391843][ T6724] inactive_anon 161177600 [ 94.395552][ T6724] active_anon 136278016 [ 94.410677][ T6724] inactive_file 0 [ 94.412325][ T6724] active_file 1269760 [ 94.414042][ T6724] unevictable 0 [ 94.415718][ T6724] hierarchical_memory_limit 314572800 [ 94.418111][ T6724] hierarchical_memsw_limit 9223372036854771712 [ 94.421140][ T6724] total_cache 299356160 [ 94.423124][ T6724] total_rss 331776 [ 94.424915][ T6724] total_rss_huge 0 [ 94.426611][ T6724] total_shmem 297971712 [ 94.428381][ T6724] total_mapped_file 819200 [ 94.430373][ T6724] total_dirty 8192 [ 94.432036][ T6724] total_writeback 0 [ 94.433709][ T6724] total_workingset_refault_anon 57 [ 94.436066][ T6724] total_workingset_refault_file 11609 [ 94.438387][ T6724] total_swap 127238144 [ 94.440183][ T6724] total_swapcached 49152 [ 94.442006][ T6724] total_pgpgin 162118 [ 94.443727][ T6724] total_pgpgout 88934 [ 94.445916][ T6724] total_pgfault 17998 [ 94.447748][ T6724] total_pgmajfault 338 [ 94.449673][ T6724] total_inactive_anon 161177600 [ 94.451874][ T6724] total_active_anon 136278016 [ 94.453868][ T6724] total_inactive_file 0 [ 94.457359][ T6724] total_active_file 1269760 [ 94.473511][ T6724] total_unevictable 0 [ 94.475684][ T6724] anon_cost 0 [ 94.485498][ T6724] file_cost 0 [ 94.490573][ T6724] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.172,pid=6715,uid=0 [ 94.509846][ T6724] Memory cgroup out of memory: Killed process 6715 (syz.1.172) total-vm:98456kB, anon-rss:1168kB, file-rss:53752kB, shmem-rss:0kB, UID:0 pgtables:196kB oom_score_adj:1000 [ 94.521035][ T64] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 94.525026][ T64] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 94.609065][ T6971] overlayfs: maximum fs stacking depth exceeded [ 94.723514][ T6977] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 94.865212][ T6697] syz.1.172 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 94.869277][ T6697] CPU: 0 UID: 0 PID: 6697 Comm: syz.1.172 Tainted: G L syzkaller #0 PREEMPT(full) [ 94.869303][ T6697] Tainted: [L]=SOFTLOCKUP [ 94.869309][ T6697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.869318][ T6697] Call Trace: [ 94.869324][ T6697] [ 94.869331][ T6697] dump_stack_lvl+0x16c/0x1f0 [ 94.869357][ T6697] dump_header+0x101/0x960 [ 94.869385][ T6697] oom_kill_process+0x176/0x910 [ 94.869411][ T6697] out_of_memory+0x350/0x1700 [ 94.869435][ T6697] ? __lock_acquire+0x436/0x2890 [ 94.869454][ T6697] ? __pfx_out_of_memory+0x10/0x10 [ 94.869491][ T6697] mem_cgroup_out_of_memory+0x118/0x130 [ 94.869508][ T6697] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 94.869529][ T6697] ? do_raw_spin_unlock+0x172/0x230 [ 94.869554][ T6697] try_charge_memcg+0x695/0xd30 [ 94.869578][ T6697] ? __pfx_try_charge_memcg+0x10/0x10 [ 94.869598][ T6697] ? __print_lock_name+0x81/0xe0 [ 94.869621][ T6697] ? rcu_read_unlock+0x17/0x60 [ 94.869649][ T6697] charge_memcg+0x8a/0x230 [ 94.869669][ T6697] __mem_cgroup_charge+0x2b/0x1e0 [ 94.869692][ T6697] shmem_alloc_and_add_folio+0x50c/0xc20 [ 94.869720][ T6697] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 94.869745][ T6697] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 94.869773][ T6697] shmem_get_folio_gfp+0x67f/0x1610 [ 94.869802][ T6697] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 94.869832][ T6697] shmem_write_begin+0x1a4/0x3b0 [ 94.869849][ T6697] ? __pfx_shmem_write_begin+0x10/0x10 [ 94.869865][ T6697] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 94.869884][ T6697] ? lockdep_hardirqs_on+0x7c/0x110 [ 94.869905][ T6697] generic_perform_write+0x3c4/0x900 [ 94.869938][ T6697] ? __pfx_generic_perform_write+0x10/0x10 [ 94.869964][ T6697] ? file_update_time_flags+0x35c/0x520 [ 94.869984][ T6697] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 94.870001][ T6697] shmem_file_write_iter+0x10e/0x140 [ 94.870019][ T6697] __kernel_write_iter+0x31a/0xb10 [ 94.870041][ T6697] ? __pfx___kernel_write_iter+0x10/0x10 [ 94.870059][ T6697] ? __up_read+0x2d1/0x700 [ 94.870081][ T6697] ? dump_user_range+0x756/0xb70 [ 94.870110][ T6697] dump_user_range+0x413/0xb70 [ 94.870138][ T6697] ? __pfx_dump_user_range+0x10/0x10 [ 94.870189][ T6697] ? elf_coredump_extra_notes_write+0xbd/0x500 [ 94.870212][ T6697] ? __pfx_writenote+0x10/0x10 [ 94.870233][ T6697] elf_core_dump+0x29c3/0x3c10 [ 94.870261][ T6697] ? __pfx_elf_core_dump+0x10/0x10 [ 94.870274][ T6697] ? kasan_save_stack+0x33/0x60 [ 94.870290][ T6697] ? kasan_save_track+0x14/0x30 [ 94.870307][ T6697] ? __kasan_kmalloc+0xaa/0xb0 [ 94.870322][ T6697] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 94.870339][ T6697] ? vfs_coredump+0x1dd9/0x55e0 [ 94.870361][ T6697] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 94.870381][ T6697] ? irqentry_exit+0x38a/0x8c0 [ 94.870399][ T6697] ? asm_exc_page_fault+0x26/0x30 [ 94.870420][ T6697] ? 0xffffffffff600000 [ 94.870479][ T6697] ? vfs_coredump+0x2b85/0x55e0 [ 94.870501][ T6697] vfs_coredump+0x2b85/0x55e0 [ 94.870532][ T6697] ? __pfx_vfs_coredump+0x10/0x10 [ 94.870554][ T6697] ? __lock_acquire+0x436/0x2890 [ 94.870577][ T6697] ? __lock_acquire+0x436/0x2890 [ 94.870596][ T6697] ? lock_acquire+0x179/0x330 [ 94.870619][ T6697] ? lock_acquire+0x179/0x330 [ 94.870651][ T6697] ? arch_stack_walk+0xa6/0x100 [ 94.870680][ T6697] ? stack_trace_save+0x8e/0xc0 [ 94.870697][ T6697] ? __pfx_stack_trace_save+0x10/0x10 [ 94.870714][ T6697] ? stack_depot_save_flags+0x29/0x9b0 [ 94.870737][ T6697] ? __lock_acquire+0x436/0x2890 [ 94.870757][ T6697] ? kasan_save_stack+0x42/0x60 [ 94.870814][ T6697] ? proc_coredump_connector+0x2d1/0x4f0 [ 94.870836][ T6697] ? __pfx_proc_coredump_connector+0x10/0x10 [ 94.870861][ T6697] ? rcu_is_watching+0x12/0xc0 [ 94.870879][ T6697] get_signal+0x22e1/0x26d0 [ 94.870911][ T6697] ? __pfx_get_signal+0x10/0x10 [ 94.870940][ T6697] arch_do_signal_or_restart+0x8f/0x7e0 [ 94.870962][ T6697] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 94.870989][ T6697] ? do_user_addr_fault+0x926/0x1370 [ 94.871012][ T6697] irqentry_exit+0x38a/0x8c0 [ 94.871036][ T6697] asm_exc_page_fault+0x26/0x30 [ 94.871051][ T6697] RIP: 0033:0xff [ 94.871069][ T6697] Code: Unable to access opcode bytes at 0xd5. [ 94.871076][ T6697] RSP: 002b:00002000000003c8 EFLAGS: 00010217 [ 94.871089][ T6697] RAX: 0000000000000000 RBX: 00007ff7f49e5fa0 RCX: 00007ff7f478f7c9 [ 94.871099][ T6697] RDX: 0000200000000400 RSI: 00002000000003c0 RDI: 0000000000000000 [ 94.871109][ T6697] RBP: 00007ff7f4813f91 R08: 0000200000000480 R09: 0000200000000480 [ 94.871119][ T6697] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000 [ 94.871129][ T6697] R13: 00007ff7f49e6038 R14: 00007ff7f49e5fa0 R15: 00007ffe77c4bd38 [ 94.871153][ T6697] [ 94.871160][ T6697] memory: usage 307200kB, limit 307200kB, failcnt 37075 [ 94.884994][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 94.898845][ T6980] Cannot find add_set index 0 as target [ 94.964883][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 94.969434][ T6697] memory+swap: usage 432060kB, limit 9007199254740988kB, failcnt 0 [ 95.082719][ T6697] kmem: usage 5004kB, limit 9007199254740988kB, failcnt 0 [ 95.085981][ T6697] Memory cgroup stats for /syz1: [ 95.086117][ T6697] cache 306864128 [ 95.089884][ T6697] rss 315392 [ 95.091284][ T6697] rss_huge 0 [ 95.092704][ T6697] shmem 305614848 [ 95.094142][ T6697] mapped_file 1036288 [ 95.095872][ T6697] dirty 0 [ 95.097210][ T6697] writeback 0 [ 95.098726][ T6697] workingset_refault_anon 63 [ 95.100782][ T6697] workingset_refault_file 12445 [ 95.102950][ T6697] swap 125882368 [ 95.104505][ T6697] swapcached 49152 [ 95.106255][ T6697] pgpgin 174980 [ 95.107777][ T6697] pgpgout 99964 [ 95.109193][ T6697] pgfault 18202 [ 95.110741][ T6697] pgmajfault 356 [ 95.112349][ T6697] inactive_anon 178692096 [ 95.115017][ T6697] active_anon 126578688 [ 95.116747][ T6697] inactive_file 0 [ 95.118044][ T6697] active_file 1249280 [ 95.119833][ T6697] unevictable 0 [ 95.121435][ T6697] hierarchical_memory_limit 314572800 [ 95.123547][ T6697] hierarchical_memsw_limit 9223372036854771712 [ 95.124942][ T64] Bluetooth: hci2: command 0x0c1a tx timeout [ 95.129861][ T6697] total_cache 306864128 [ 95.131593][ T6697] total_rss 315392 [ 95.133447][ T6697] total_rss_huge 0 [ 95.136962][ T6697] total_shmem 305614848 [ 95.139059][ T6697] total_mapped_file 1036288 [ 95.141159][ T6697] total_dirty 0 [ 95.142788][ T6697] total_writeback 0 [ 95.144480][ T6697] total_workingset_refault_anon 63 [ 95.147016][ T6697] total_workingset_refault_file 12445 [ 95.149470][ T6697] total_swap 125882368 [ 95.151241][ T6697] total_swapcached 49152 [ 95.152797][ T6697] total_pgpgin 174980 [ 95.154238][ T6697] total_pgpgout 99964 [ 95.155746][ T6697] total_pgfault 18202 [ 95.157705][ T6697] total_pgmajfault 356 [ 95.159144][ T6697] total_inactive_anon 178692096 [ 95.161310][ T6697] total_active_anon 126578688 [ 95.162994][ T6697] total_inactive_file 0 [ 95.168315][ T6697] total_active_file 1249280 [ 95.171542][ T6697] total_unevictable 0 [ 95.173208][ T6697] anon_cost 0 [ 95.174528][ T6697] file_cost 0 [ 95.195053][ T6697] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.172,pid=6711,uid=0 [ 95.202272][ T6697] Memory cgroup out of memory: Killed process 6711 (syz.1.172) total-vm:98456kB, anon-rss:1168kB, file-rss:53900kB, shmem-rss:0kB, UID:0 pgtables:196kB oom_score_adj:1000 [ 95.785517][ T7018] tmpfs: Cannot change global quota limit on remount [ 95.791211][ T7018] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 95.844640][ T7020] QAT: Device 2 not found [ 95.945673][ T1337] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 96.077059][ T7029] : entered promiscuous mode [ 96.098450][ T7027] netlink: 'syz.4.251': attribute type 1 has an invalid length. [ 96.102015][ T7029] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 96.104702][ T7029] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 96.109887][ T1337] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 96.114413][ T1337] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 96.115140][ T7029] vhci_hcd vhci_hcd.0: Device attached [ 96.124633][ T7030] vhci_hcd: connection closed [ 96.125273][ T1145] vhci_hcd vhci_hcd.2: stop threads [ 96.126885][ T1337] usb 6-1: config 220 interface 0 has no altsetting 0 [ 96.127315][ T1145] vhci_hcd vhci_hcd.2: release socket [ 96.131589][ T1337] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 96.132024][ T1145] vhci_hcd vhci_hcd.2: disconnect device [ 96.134233][ T1337] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.134254][ T1337] usb 6-1: Product: syz [ 96.134266][ T1337] usb 6-1: Manufacturer: syz [ 96.154879][ T1337] usb 6-1: SerialNumber: syz [ 96.211771][ T7035] vxcan1: entered allmulticast mode [ 96.411157][ T7013] pimreg: entered allmulticast mode [ 96.426912][ T7013] netlink: 'syz.1.245': attribute type 21 has an invalid length. [ 96.456961][ T1337] uvcvideo 6-1:220.0: Found UVC 0.00 device syz (8086:0b07) [ 96.460249][ T1337] uvcvideo 6-1:220.0: No valid video chain found. [ 96.475647][ T1337] usb 6-1: USB disconnect, device number 4 [ 96.627160][ T7058] 8021q: VLANs not supported on ip_vti0 [ 96.650455][ T7058] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7058 comm=syz.4.261 [ 96.678438][ T7069] overlayfs: missing 'lowerdir' [ 96.703077][ T7071] ip6t_rpfilter: unknown options [ 96.714077][ T7071] syzkaller0: entered promiscuous mode [ 96.716814][ T7071] syzkaller0: entered allmulticast mode [ 96.812339][ T7075] usb usb8: usbfs: process 7075 (syz.4.267) did not claim interface 0 before use [ 96.964910][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 96.975964][ T7079] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 96.979367][ T7079] UDF-fs: Scanning with blocksize 2048 failed [ 96.995102][ T7079] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 96.998411][ T7079] UDF-fs: Scanning with blocksize 4096 failed [ 97.054889][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 97.181786][ T7104] fuse: Bad value for 'fd' [ 97.204886][ T64] Bluetooth: hci2: command 0x0c1a tx timeout [ 97.355300][ T64] Bluetooth: hci0: unexpected event 0x32 length: 12 > 9 [ 97.383980][ T7119] openvswitch: netlink: Missing key (keys=40, expected=100) [ 97.815416][ T56] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 97.898325][ T7155] input: syz0 as /devices/virtual/input/input10 [ 97.908260][ T40] kauditd_printk_skb: 33 callbacks suppressed [ 97.908274][ T40] audit: type=1400 audit(1767261070.808:413): avc: denied { read } for pid=5328 comm="acpid" name="event4" dev="devtmpfs" ino=2917 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.922728][ T40] audit: type=1400 audit(1767261070.818:414): avc: denied { open } for pid=5328 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2917 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.933266][ T40] audit: type=1400 audit(1767261070.818:415): avc: denied { ioctl } for pid=5328 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2917 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.949063][ T40] audit: type=1400 audit(1767261070.848:416): avc: denied { write } for pid=7157 comm="syz.4.298" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 97.987030][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.991597][ T56] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 98.001907][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.015117][ T56] usb 5-1: config 0 descriptor?? [ 98.034440][ T7167] binder: 7166:7167 unknown command 0 [ 98.036896][ T7167] binder: 7166:7167 ioctl c0306201 2000000005c0 returned -22 [ 98.098275][ T40] audit: type=1400 audit(1767261070.998:417): avc: denied { remove_name } for pid=7171 comm="syz.1.301" name="file0" dev="9p" ino=71827807 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 98.109032][ T40] audit: type=1400 audit(1767261070.998:418): avc: denied { rename } for pid=7171 comm="syz.1.301" name="file0" dev="9p" ino=71827807 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 98.119456][ T40] audit: type=1400 audit(1767261070.998:419): avc: denied { add_name } for pid=7171 comm="syz.1.301" name="file1" dev="9p" ino=71827899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 98.130007][ T40] audit: type=1400 audit(1767261070.998:420): avc: denied { unlink } for pid=7171 comm="syz.1.301" name="file1" dev="9p" ino=71827899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 98.140138][ T40] audit: type=1400 audit(1767261070.998:421): avc: denied { create } for pid=7171 comm="syz.1.301" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 98.149326][ T40] audit: type=1400 audit(1767261070.998:422): avc: denied { associate } for pid=7171 comm="syz.1.301" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 98.344274][ T56] usbhid 5-1:0.0: can't add hid device: -71 [ 98.354616][ T56] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 98.370776][ T56] usb 5-1: USB disconnect, device number 5 [ 98.566281][ T64] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 98.569507][ T64] Bluetooth: hci0: Injecting HCI hardware error event [ 98.572780][ T64] Bluetooth: hci0: hardware error 0x00 [ 98.843259][ T7232] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 98.912861][ T7238] can0: slcan on ttyprintk. [ 99.017425][ T7237] can0 (unregistered): slcan off ttyprintk. [ 99.045142][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 99.062711][ T7254] netlink: 'syz.0.322': attribute type 1 has an invalid length. [ 99.091747][ T7254] bond3: entered promiscuous mode [ 99.094233][ T7254] 8021q: adding VLAN 0 to HW filter on device bond3 [ 99.115229][ T7254] 8021q: adding VLAN 0 to HW filter on device bond3 [ 99.118803][ T7254] bond3: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 99.123558][ T7254] bond3: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 99.128311][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 99.133424][ T7254] bond3: (slave ip6gre1): making interface the new active one [ 99.138193][ T7254] ip6gre1: entered promiscuous mode [ 99.142613][ T7254] bond3: (slave ip6gre1): Enslaving as an active interface with an up link [ 99.150921][ T7254] __nla_validate_parse: 9 callbacks suppressed [ 99.150937][ T7254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.322'. [ 99.213802][ T7260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.322'. [ 99.218341][ T7260] netlink: 16 bytes leftover after parsing attributes in process `syz.0.322'. [ 99.272274][ T7254] bond3 (unregistering): (slave ip6gre1): Releasing backup interface [ 99.276265][ T7254] ip6gre1: left promiscuous mode [ 99.295446][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout [ 99.308000][ T7254] bond3 (unregistering): Released all slaves [ 99.514540][ T7272] xt_hashlimit: invalid rate [ 99.739755][ T7291] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 99.745443][ T4634] Bluetooth: hci4: Frame reassembly failed (-84) [ 99.918075][ T7301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.335'. [ 99.932128][ T7296] netlink: 'syz.0.335': attribute type 3 has an invalid length. [ 99.935629][ T7296] netlink: 'syz.0.335': attribute type 1 has an invalid length. [ 99.993731][ T7301] netlink: 120 bytes leftover after parsing attributes in process `syz.0.335'. [ 99.997848][ T7301] netlink: 'syz.0.335': attribute type 1 has an invalid length. [ 100.001197][ T7301] netlink: 64 bytes leftover after parsing attributes in process `syz.0.335'. [ 100.106631][ T7299] /dev/sr0: Can't open blockdev [ 100.126095][ T7314] netlink: 'syz.4.340': attribute type 1 has an invalid length. [ 100.250641][ T7325] : entered promiscuous mode [ 100.263500][ T7325] netlink: 8 bytes leftover after parsing attributes in process `syz.1.344'. [ 100.654885][ T64] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 101.775249][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 101.776005][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 101.953313][ T7350] kvm: kvm [7349]: vcpu2, guest rIP: 0x9135 Unhandled WRMSR(0x11e) = 0x0 [ 101.969051][ T7351] binfmt_misc: register: failed to install interpreter file ./file0 [ 101.999456][ T7359] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 102.002487][ C1] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 102.006736][ T6016] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.105892][ T7363] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size. [ 102.145364][ T7363] fuse: Bad value for 'user_id' [ 102.147687][ T7363] fuse: Bad value for 'user_id' [ 102.197338][ T7370] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7370 comm=syz.4.358 [ 102.210788][ T7380] netlink: 'syz.0.361': attribute type 58 has an invalid length. [ 102.325542][ T7389] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 102.563043][ T7394] netlink: 168 bytes leftover after parsing attributes in process `syz.2.367'. [ 102.569622][ T7394] netlink: 168 bytes leftover after parsing attributes in process `syz.2.367'. [ 102.655631][ T7398] netlink: 12 bytes leftover after parsing attributes in process `syz.2.368'. [ 102.664169][ T7400] netlink: 'syz.1.369': attribute type 11 has an invalid length. [ 102.667870][ T7400] netlink: 'syz.1.369': attribute type 11 has an invalid length. [ 102.975076][ T56] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 103.045062][ T6016] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 103.048156][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.126134][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 103.134616][ T56] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 103.140367][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.149907][ T56] pvrusb2: Hardware description: Terratec Grabster AV400 [ 103.152808][ T56] pvrusb2: ********** [ 103.154644][ T56] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 103.160201][ T56] pvrusb2: Important functionality might not be entirely working. [ 103.163548][ T56] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 103.169089][ T56] pvrusb2: ********** [ 103.204906][ T6016] usb 6-1: Using ep0 maxpacket: 8 [ 103.210566][ T6016] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 103.214650][ T6016] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 103.218804][ T6016] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.223025][ T6016] usb 6-1: config 0 descriptor?? [ 103.333086][ T7429] ALSA: mixer_oss: invalid OSS volume 'IGAgN' [ 103.341181][ T7429] ALSA: mixer_oss: invalid OSS volume 'IM' [ 103.353748][ T2488] pvrusb2: Invalid write control endpoint [ 103.403992][ T2488] pvrusb2: Invalid write control endpoint [ 103.406645][ T7433] netlink: 'syz.4.380': attribute type 29 has an invalid length. [ 103.407291][ T7433] netlink: 'syz.4.380': attribute type 29 has an invalid length. [ 103.410387][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 103.417023][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 103.417895][ T7433] unsupported nla_type 58 [ 103.419488][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 103.428373][ T2488] pvrusb2: Device being rendered inoperable [ 103.432067][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 103.434629][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 103.440074][ T2488] pvrusb2: Attached sub-driver cx25840 [ 103.441954][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 103.446266][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 103.455968][ T6016] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 103.557762][ T56] usb 7-1: USB disconnect, device number 6 [ 103.637590][ T40] kauditd_printk_skb: 35 callbacks suppressed [ 103.637600][ T40] audit: type=1400 audit(1767261076.538:458): avc: denied { accept } for pid=7436 comm="syz.0.382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 103.775298][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.922494][ T40] audit: type=1400 audit(1767261076.818:459): avc: denied { ioctl } for pid=7406 comm="syz.1.372" path="socket:[16726]" dev="sockfs" ino=16726 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 103.935209][ T10] usb 6-1: USB disconnect, device number 5 [ 104.085030][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.207535][ T7442] netlink: 'syz.2.383': attribute type 13 has an invalid length. [ 104.265131][ T7447] program syz.4.385 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 104.506725][ T40] audit: type=1400 audit(1767261077.408:460): avc: denied { read } for pid=7455 comm="syz.1.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 104.512156][ T7458] bond2: Unable to set up delay as MII monitoring is disabled [ 104.523237][ T7458] bond2 (unregistering): Released all slaves [ 104.647234][ T5947] Bluetooth: hci3: connection err: -111 [ 104.725236][ T6013] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.839366][ T40] audit: type=1400 audit(1767261077.738:461): avc: denied { read } for pid=7477 comm="syz.1.393" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 104.850186][ T40] audit: type=1400 audit(1767261077.738:462): avc: denied { open } for pid=7477 comm="syz.1.393" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 104.861147][ T40] audit: type=1400 audit(1767261077.738:463): avc: denied { ioctl } for pid=7477 comm="syz.1.393" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 104.901522][ T7489] pim6reg: entered allmulticast mode [ 104.906106][ T7489] pim6reg: left allmulticast mode [ 104.958471][ T40] audit: type=1400 audit(1767261077.858:464): avc: denied { map } for pid=7488 comm="syz.4.395" path="/dev/vhost-net" dev="devtmpfs" ino=1300 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 104.994982][ T40] audit: type=1400 audit(1767261077.898:465): avc: denied { bind } for pid=7496 comm="syz.1.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 105.006603][ T7497] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.024603][ T7499] __nla_validate_parse: 5 callbacks suppressed [ 105.024621][ T7499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.398'. [ 105.039007][ T7499] netlink: 16 bytes leftover after parsing attributes in process `syz.2.398'. [ 105.048723][ T7501] syz_tun: entered allmulticast mode [ 105.049793][ T7499] netlink: 4 bytes leftover after parsing attributes in process `syz.2.398'. [ 105.056474][ T7501] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 105.100672][ T7505] program syz.1.402 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.137167][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.161471][ T7512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.168176][ T5947] Bluetooth: hci3: unexpected subevent 0x19 length: 24 < 28 [ 105.205068][ T40] audit: type=1400 audit(1767261078.108:466): avc: denied { read } for pid=7513 comm="syz.2.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 105.261447][ T40] audit: type=1400 audit(1767261078.158:467): avc: denied { getopt } for pid=7521 comm="syz.1.407" lport=33924 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 105.267927][ T5947] Bluetooth: hci3: unexpected event for opcode 0x0411 [ 105.601432][ T7539] ubi4: attaching mtd0 [ 105.603322][ T7539] ubi4 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66) [ 105.619451][ T7541] batman_adv: batadv0: Adding interface: dummy0 [ 105.622165][ T7541] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.632915][ T7541] batman_adv: batadv0: Interface activated: dummy0 [ 105.804136][ T5947] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 105.981187][ T7569] netlink: 20 bytes leftover after parsing attributes in process `syz.4.423'. [ 106.147683][ T5953] udevd[5953]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 106.326889][ T7592] mmap: syz.1.429 (7592) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 106.335110][ T7592] netlink: 'syz.1.429': attribute type 1 has an invalid length. [ 106.338762][ T7592] netlink: 12 bytes leftover after parsing attributes in process `syz.1.429'. [ 106.343081][ T7592] netlink: 40 bytes leftover after parsing attributes in process `syz.1.429'. [ 106.459259][ T7598] binder: 7597:7598 ioctl c0189373 200000000180 returned -22 [ 106.464607][ T7598] IPv6: sit1: Disabled Multicast RS [ 106.467162][ T7598] sit1: entered allmulticast mode [ 106.473044][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.480699][ T7602] syz_tun: entered promiscuous mode [ 106.488132][ T7602] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 106.492207][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.502576][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.506440][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.510030][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.513524][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.517623][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.521715][ T7602] netlink: 'syz.1.433': attribute type 10 has an invalid length. [ 106.632345][ T7606] netlink: 17 bytes leftover after parsing attributes in process `syz.4.434'. [ 106.695425][ T7617] comedi comedi1: dac02: I/O port conflict (0x2,8) [ 106.720537][ T7621] syz_tun (unregistering): left allmulticast mode [ 106.723609][ T7621] bond0: (slave syz_tun): Releasing backup interface [ 107.205061][ T53] net_ratelimit: 7 callbacks suppressed [ 107.205078][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.605510][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.612135][ T7648] syzkaller0: entered promiscuous mode [ 107.614534][ T7648] syzkaller0: entered allmulticast mode [ 107.629419][ T7648] veth1_macvtap: left promiscuous mode [ 107.631802][ T7648] macsec0: entered promiscuous mode [ 107.633660][ T7648] macsec0: entered allmulticast mode [ 107.745859][ T7652] netlink: 40 bytes leftover after parsing attributes in process `syz.4.449'. [ 107.765141][ T6013] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.851718][ T7663] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=7663 comm=syz.4.450 [ 107.858540][ T5947] Bluetooth: hci1: unexpected event for opcode 0x0c7d [ 108.108402][ T64] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 108.113521][ T64] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 108.120145][ T64] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 108.124700][ T64] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 108.130699][ T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 108.167962][ T6333] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.254192][ T6333] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.320943][ T7672] chnl_net:caif_netlink_parms(): no params data found [ 108.361473][ T6333] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.469966][ T6333] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.476655][ T7672] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.479771][ T7672] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.485899][ T7672] bridge_slave_0: entered allmulticast mode [ 108.490450][ T7672] bridge_slave_0: entered promiscuous mode [ 108.505986][ T7672] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.509289][ T7672] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.512678][ T7672] bridge_slave_1: entered allmulticast mode [ 108.516932][ T7672] bridge_slave_1: entered promiscuous mode [ 108.547436][ T7672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.553981][ T7672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.555541][ T7697] netlink: 36 bytes leftover after parsing attributes in process `syz.2.463'. [ 108.580381][ T7672] team0: Port device team_slave_0 added [ 108.585246][ T7672] team0: Port device team_slave_1 added [ 108.608553][ T7672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.611521][ T7672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 108.622744][ T7672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.628720][ T7672] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.631438][ T7672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 108.642752][ T7672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.712178][ T7672] hsr_slave_0: entered promiscuous mode [ 108.715880][ T7672] hsr_slave_1: entered promiscuous mode [ 108.719038][ T7672] debugfs: 'hsr0' already exists in 'hsr' [ 108.721638][ T7672] Cannot create hsr debugfs directory [ 108.817456][ T7708] XFS (nbd4): SB validate failed with error -5. [ 108.871948][ T6333] bridge_slave_1: left allmulticast mode [ 108.874517][ T6333] bridge_slave_1: left promiscuous mode [ 108.878170][ T6333] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.888890][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 108.888906][ T40] audit: type=1400 audit(1767261081.788:478): avc: denied { execmod } for pid=7716 comm="syz.2.467" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=17870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 108.890024][ T6333] bridge_slave_0: left allmulticast mode [ 108.892032][ T40] audit: type=1400 audit(1767261081.788:479): avc: denied { execute } for pid=7716 comm="syz.2.467" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=17870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 108.903257][ T6333] bridge_slave_0: left promiscuous mode [ 108.918312][ T6333] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.981178][ T40] audit: type=1400 audit(1767261081.888:480): avc: denied { accept } for pid=7716 comm="syz.2.467" laddr=::ac14:14aa lport=33806 faddr=2001:: fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 108.996240][ T40] audit: type=1400 audit(1767261081.888:481): avc: denied { write } for pid=7716 comm="syz.2.467" laddr=::ac14:14aa lport=33806 faddr=2001:: fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 109.337514][ T6333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 109.368404][ T6333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 109.416273][ T6333] bond0 (unregistering): Released all slaves [ 109.422060][ T6333] bond1 (unregistering): Released all slaves [ 109.507797][ T6333] bond2 (unregistering): Released all slaves [ 109.629919][ T6333] : left promiscuous mode [ 109.663307][ T7672] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 109.671999][ T7672] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 109.678297][ T7672] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 109.683556][ T7672] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 109.764673][ T7745] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22562 sclass=netlink_route_socket pid=7745 comm=syz.0.474 [ 109.764684][ T7747] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22562 sclass=netlink_route_socket pid=7747 comm=syz.0.474 [ 109.795838][ T7672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.862786][ T7672] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.880898][ T7758] can0: slcan on ttyprintk. [ 109.883942][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.886516][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.901098][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.904208][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.975662][ T40] audit: type=1400 audit(1767261082.878:482): avc: denied { setopt } for pid=7768 comm="syz.2.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 109.978078][ T7776] batman_adv: batadv0: Adding interface: gretap1 [ 109.984104][ T40] audit: type=1400 audit(1767261082.878:483): avc: denied { listen } for pid=7768 comm="syz.2.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 109.988896][ T7778] netlink: 8 bytes leftover after parsing attributes in process `syz.4.482'. [ 109.995459][ T40] audit: type=1400 audit(1767261082.878:484): avc: denied { accept } for pid=7768 comm="syz.2.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 109.999597][ T7776] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.017998][ T7776] batman_adv: batadv0: Interface activated: gretap1 [ 110.040603][ T40] audit: type=1400 audit(1767261082.938:485): avc: denied { create } for pid=7768 comm="syz.2.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 110.048621][ T40] audit: type=1400 audit(1767261082.948:486): avc: denied { write } for pid=7768 comm="syz.2.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 110.056101][ T7782] IPv6: NLM_F_CREATE should be specified when creating new route [ 110.059555][ T7782] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 110.062788][ T7782] IPv6: NLM_F_CREATE should be set when creating new route [ 110.065595][ T7782] IPv6: NLM_F_CREATE should be set when creating new route [ 110.167896][ T5947] Bluetooth: hci3: command tx timeout [ 110.174267][ T7786] __nla_validate_parse: 1 callbacks suppressed [ 110.174293][ T7786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.485'. [ 110.185587][ T40] audit: type=1326 audit(1767261083.088:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7781 comm="syz.4.483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f959818f7c9 code=0x7ffc0000 [ 110.232738][ T6333] hsr_slave_0: left promiscuous mode [ 110.238387][ T6333] hsr_slave_1: left promiscuous mode [ 110.243018][ T6333] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.250689][ T6333] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.254308][ T6333] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.257876][ T6333] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.262524][ T6333] batman_adv: batadv0: Interface deactivated: dummy0 [ 110.265524][ T6333] batman_adv: batadv0: Removing interface: dummy0 [ 110.284833][ T6333] veth1_macvtap: left promiscuous mode [ 110.287607][ T6333] veth1_vlan: left promiscuous mode [ 110.290077][ T6333] veth0_vlan: left promiscuous mode [ 110.381102][ T6333] pimreg (unregistering): left allmulticast mode [ 110.857957][ T6333] team0 (unregistering): Port device team_slave_1 removed [ 110.913561][ T6333] team0 (unregistering): Port device team_slave_0 removed [ 111.307273][ T7809] netlink: 12 bytes leftover after parsing attributes in process `syz.2.490'. [ 111.349153][ T7813] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 111.425937][ T7822] @: renamed from veth0_vlan (while UP) [ 111.441449][ T7672] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.448492][ T7821] netlink: 108 bytes leftover after parsing attributes in process `syz.0.494'. [ 111.500192][ T7830] sctp: [Deprecated]: syz.2.497 (pid 7830) Use of int in maxseg socket option. [ 111.500192][ T7830] Use struct sctp_assoc_value instead [ 111.547455][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.498'. [ 111.636280][ T7837] can0 (unregistered): slcan off ttyprintk. [ 111.652874][ T7837] mkiss: ax0: crc mode is auto. [ 111.669810][ T7672] veth0_vlan: entered promiscuous mode [ 111.684680][ T7672] veth1_vlan: entered promiscuous mode [ 111.708674][ T7672] veth0_macvtap: entered promiscuous mode [ 111.719878][ T7672] veth1_macvtap: entered promiscuous mode [ 111.733140][ T7672] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.746494][ T7672] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.754266][ T6333] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.759033][ T6333] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.768231][ T6333] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.769172][ T7855] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 111.772273][ T6333] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.774611][ T7855] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 111.835338][ T6330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.840339][ T6330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.863972][ T6330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.867531][ T6330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.018525][ T7868] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 112.023219][ T7868] block device autoloading is deprecated and will be removed. [ 112.065129][ T7872] overlay: filesystem on ./file0 not supported as upperdir [ 112.217125][ T7877] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.250304][ T5947] Bluetooth: hci3: command tx timeout [ 112.305627][ T7877] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.395786][ T7877] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.499383][ T7877] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.558931][ T7897] netlink: 32 bytes leftover after parsing attributes in process `syz.5.516'. [ 112.558941][ T7898] netlink: 32 bytes leftover after parsing attributes in process `syz.5.516'. [ 112.641667][ T7904] fuse: Bad value for 'group_id' [ 112.643725][ T7904] fuse: Bad value for 'group_id' [ 112.648895][ T7904] netlink: 24 bytes leftover after parsing attributes in process `syz.0.519'. [ 112.710922][ T75] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.723056][ T7907] netlink: 224 bytes leftover after parsing attributes in process `syz.5.520'. [ 112.725079][ T75] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.742653][ T75] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.757954][ T6333] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.960776][ T7917] netlink: 4 bytes leftover after parsing attributes in process `syz.4.522'. [ 112.991643][ T7917] team0 (unregistering): Port device team_slave_0 removed [ 113.001388][ T7917] team0 (unregistering): Port device team_slave_1 removed [ 113.568347][ T7940] trusted_key: syz.5.531 sent an empty control message without MSG_MORE. [ 113.787392][ T7950] netlink: 20 bytes leftover after parsing attributes in process `syz.5.535'. [ 113.885151][ T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 113.990506][ T7962] veth0_to_team: entered promiscuous mode [ 113.993375][ T7962] macvlan4: entered promiscuous mode [ 114.055399][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 114.059868][ T24] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 114.063513][ T24] usb 5-1: config 0 has no interface number 0 [ 114.067607][ T24] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 114.072388][ T24] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 114.080014][ T24] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 114.085188][ T24] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 114.091091][ T24] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 114.095924][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.096537][ T40] kauditd_printk_skb: 36 callbacks suppressed [ 114.096549][ T40] audit: type=1400 audit(1767261086.998:524): avc: denied { append } for pid=7974 comm="syz.2.540" name="file0" dev="9p" ino=71827899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 114.103199][ T24] usb 5-1: config 0 descriptor?? [ 114.116453][ T40] audit: type=1400 audit(1767261086.998:525): avc: denied { open } for pid=7974 comm="syz.2.540" path="/133/file0/file0" dev="9p" ino=71827899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 114.121037][ T24] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 114.127003][ T40] audit: type=1400 audit(1767261087.018:526): avc: denied { read write } for pid=7974 comm="syz.2.540" name="file0" dev="9p" ino=71827899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 114.405462][ T24] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 114.432641][ T5947] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 114.455048][ T6041] usb 5-1: USB disconnect, device number 6 [ 114.455131][ C1] ldusb 5-1:0.55: usb_submit_urb failed (-19) [ 114.474942][ T40] audit: type=1400 audit(1767261087.368:527): avc: denied { set_context_mgr } for pid=7982 comm="syz.2.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 114.483474][ T6041] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 114.483565][ T7978] ldusb: No device or device unplugged -19 [ 114.580511][ T24] usb 10-1: Using ep0 maxpacket: 16 [ 114.585064][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.589763][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.594447][ T24] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 114.598161][ T40] audit: type=1400 audit(1767261087.498:528): avc: denied { setopt } for pid=7989 comm="syz.2.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 114.600627][ T24] usb 10-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 114.612834][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.620666][ T24] usb 10-1: config 0 descriptor?? [ 114.673269][ T40] audit: type=1400 audit(1767261087.568:529): avc: denied { write } for pid=7994 comm="syz.2.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 114.682271][ T40] audit: type=1400 audit(1767261087.578:530): avc: denied { read } for pid=7994 comm="syz.2.547" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 114.692569][ T40] audit: type=1400 audit(1767261087.578:531): avc: denied { open } for pid=7994 comm="syz.2.547" path="/dev/input/mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 114.851097][ T40] audit: type=1400 audit(1767261087.748:532): avc: denied { append } for pid=7998 comm="syz.2.548" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 115.031348][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 115.039124][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 115.042331][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 115.046778][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 115.050035][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 115.056972][ T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input11 [ 115.078567][ T24] shield 0003:0955:7214.0004: Registered Thunderstrike controller [ 115.084637][ T24] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0 [ 115.094556][ T8004] tmpfs: Unknown parameter 'usrquotap1' [ 115.228678][ T7977] validate_nla: 61 callbacks suppressed [ 115.228694][ T7977] netlink: 'syz.5.541': attribute type 2 has an invalid length. [ 115.237057][ T7977] __nla_validate_parse: 1 callbacks suppressed [ 115.237133][ T7977] netlink: 244 bytes leftover after parsing attributes in process `syz.5.541'. [ 115.247980][ T8012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.254704][ T8012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.271364][ T6044] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 115.271596][ T6016] usb 10-1: USB disconnect, device number 2 [ 115.277231][ T6044] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 115.309123][ T8016] program syz.5.553 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 115.309592][ T8017] program syz.5.553 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 115.321764][ T40] audit: type=1400 audit(1767261088.218:533): avc: denied { watch watch_reads } for pid=8018 comm="syz.2.554" path="/dev/dlm-monitor" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 115.337368][ T4634] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.346656][ T75] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.350669][ T75] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.365878][ T75] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.665876][ T6013] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 115.678646][ T8037] macsec0: entered promiscuous mode [ 115.681258][ T8037] macsec0: entered allmulticast mode [ 115.683688][ T8037] veth1_macvtap: entered allmulticast mode [ 115.697204][ T5947] Bluetooth: hci3: command tx timeout [ 115.836483][ T6013] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 115.840433][ T6013] usb 7-1: config 0 has no interface number 0 [ 115.844530][ T6013] usb 7-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 115.851155][ T6013] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 115.856394][ T6013] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 115.864080][ T6013] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 115.868311][ T6013] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 115.871940][ T6013] usb 7-1: Product: syz [ 115.873824][ T6013] usb 7-1: SerialNumber: syz [ 115.880115][ T6013] usb 7-1: config 0 descriptor?? [ 115.889781][ T6013] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 115.895621][ T6013] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.8/input/input12 [ 116.316159][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.319398][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.323392][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.326667][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.331382][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.334629][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.337885][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.341066][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.344110][ T6013] usb 7-1: USB disconnect, device number 7 [ 116.346773][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 116.346795][ C0] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 116.390407][ T6013] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 117.009912][ T8076] netlink: 'syz.2.571': attribute type 11 has an invalid length. [ 117.222678][ T8083] netlink: 64 bytes leftover after parsing attributes in process `syz.2.573'. [ 117.498236][ T8112] No control pipe specified [ 117.498261][ T8106] No control pipe specified [ 117.530747][ T8108] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 117.538435][ T8108] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 117.567734][ T8108] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3) [ 117.595220][ C3] vcan0: j1939_tp_rxtimer: 0xffff88802ce66400: rx timeout, send abort [ 117.818509][ T8133] XFS (nbd2): SB validate failed with error -5. [ 117.930475][ T8146] No source specified [ 117.930542][ T8137] No source specified [ 118.095299][ C3] vcan0: j1939_tp_rxtimer: 0xffff88803372f800: rx timeout, send abort [ 118.100198][ C3] vcan0: j1939_tp_rxtimer: 0xffff88802ce66400: abort rx timeout. Force session deactivation [ 118.206870][ T8170] netlink: 'syz.4.594': attribute type 10 has an invalid length. [ 118.219043][ T8170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.226188][ T8170] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 118.464164][ T8183] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.599'. [ 118.468719][ T8183] netlink: 24 bytes leftover after parsing attributes in process `syz.4.599'. [ 118.524936][ T1337] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 118.560401][ T8190] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 118.599204][ C3] vcan0: j1939_tp_rxtimer: 0xffff88803372f800: abort rx timeout. Force session deactivation [ 118.676473][ T1337] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 118.679889][ T1337] usb 5-1: config 0 has no interface number 0 [ 118.682457][ T1337] usb 5-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 118.686557][ T1337] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 118.689932][ T8198] netlink: 'syz.2.604': attribute type 39 has an invalid length. [ 118.690633][ T1337] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 118.699243][ T8198] veth0_macvtap: left promiscuous mode [ 118.700822][ T1337] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 118.706402][ T1337] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 118.709918][ T1337] usb 5-1: Product: syz [ 118.711941][ T1337] usb 5-1: SerialNumber: syz [ 118.721220][ T1337] usb 5-1: config 0 descriptor?? [ 118.728378][ T1337] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 118.733969][ T1337] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input14 [ 118.741065][ T8199] netlink: 'syz.2.604': attribute type 39 has an invalid length. [ 118.748294][ T8199] netlink: 'syz.2.604': attribute type 39 has an invalid length. [ 118.844999][ T10] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 118.926859][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 118.997760][ T10] usb 9-1: config index 0 descriptor too short (expected 23569, got 27) [ 119.001695][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.007636][ T10] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 119.011805][ T10] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 119.015525][ T10] usb 9-1: Manufacturer: syz [ 119.019484][ T10] usb 9-1: config 0 descriptor?? [ 119.095003][ T10] rc_core: IR keymap rc-hauppauge not found [ 119.097465][ T8203] /dev/sr0: Can't open blockdev [ 119.097695][ T10] Registered IR keymap rc-empty [ 119.100001][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0 [ 119.108382][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input15 [ 119.163937][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 119.170022][ T1337] usb 5-1: USB disconnect, device number 7 [ 119.173365][ C2] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 119.217135][ T1337] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 119.232731][ T8194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.238848][ T8194] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.243666][ T6033] usb 9-1: USB disconnect, device number 2 [ 119.826924][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 119.826943][ T40] audit: type=1400 audit(1767261092.718:561): avc: denied { map } for pid=8258 comm="syz.2.619" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 119.840748][ T40] audit: type=1400 audit(1767261092.728:562): avc: denied { execute } for pid=8258 comm="syz.2.619" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 119.881236][ T40] audit: type=1400 audit(1767261092.778:563): avc: denied { getopt } for pid=8265 comm="syz.2.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 119.978270][ T8273] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8273 comm=syz.2.624 [ 119.987112][ T8273] netlink: 'syz.2.624': attribute type 1 has an invalid length. [ 120.022868][ T8273] bond3: (slave bridge2): making interface the new active one [ 120.027081][ T8273] bond3: (slave bridge2): Enslaving as an active interface with an up link [ 120.189488][ T8279] netlink: 'syz.2.625': attribute type 1 has an invalid length. [ 120.246054][ T8284] netlink: 'syz.0.627': attribute type 39 has an invalid length. [ 120.251045][ T8284] veth0_macvtap: left promiscuous mode [ 120.252256][ T5947] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 120.267004][ T40] audit: type=1400 audit(1767261093.158:564): avc: denied { bind } for pid=8285 comm="syz.4.628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 120.359029][ T40] audit: type=1400 audit(1767261093.258:565): avc: denied { map } for pid=8283 comm="syz.0.627" path="socket:[20310]" dev="sockfs" ino=20310 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 120.377731][ T8293] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20003 [ 120.425169][ T6044] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 120.601834][ T6044] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x3D, changing to 0xD [ 120.607095][ T6044] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 198, changing to 11 [ 120.611932][ T6044] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 42683, setting to 1024 [ 120.620543][ T6044] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 120.624631][ T6044] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.628781][ T6044] usb 7-1: Product: syz [ 120.630954][ T6044] usb 7-1: Manufacturer: syz [ 120.633149][ T6044] usb 7-1: SerialNumber: syz [ 120.640003][ T6044] usb 7-1: config 0 descriptor?? [ 120.643096][ T8278] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 120.847662][ T8278] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 120.928046][ T6044] usb 7-1: USB disconnect, device number 8 [ 120.937888][ T8302] syzkaller1: entered promiscuous mode [ 120.943934][ T8302] syzkaller1: entered allmulticast mode [ 120.977094][ T5950] udevd[5950]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 121.007476][ T8302] netlink: 'syz.5.631': attribute type 1 has an invalid length. [ 121.012445][ T8302] btrfs: Unknown parameter 'GPL' [ 121.013384][ T8309] sp0: Synchronizing with TNC [ 121.033491][ T40] audit: type=1400 audit(1767261093.928:566): avc: denied { block_suspend } for pid=8307 comm="syz.0.633" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 121.109366][ T8314] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 121.131942][ T40] audit: type=1400 audit(1767261094.028:567): avc: denied { ioctl } for pid=8315 comm="syz.5.635" path="socket:[23186]" dev="sockfs" ino=23186 ioctlcmd=0xf50f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 121.179690][ T8320] netlink: 504 bytes leftover after parsing attributes in process `syz.0.637'. [ 121.208450][ T8324] tmpfs: Bad value for 'mpol' [ 121.229800][ T5947] Bluetooth: hci3: unexpected event 0x32 length: 12 > 9 [ 121.230637][ T40] audit: type=1400 audit(1767261094.128:568): avc: denied { bind } for pid=8321 comm="syz.5.638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 121.305585][ T8329] 8021q: VLANs not supported on lo [ 121.338155][ T8331] tipc: Started in network mode [ 121.340879][ T8331] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 121.347079][ T8331] tipc: Enabling of bearer rejected, failed to enable media [ 121.426935][ T40] audit: type=1400 audit(1767261094.318:569): avc: denied { read } for pid=8335 comm="syz.5.643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 121.427439][ T6333] Bluetooth: hci4: Frame reassembly failed (-84) [ 121.445789][ T6333] Bluetooth: hci4: Frame reassembly failed (-84) [ 121.721966][ T40] audit: type=1800 audit(1767261094.618:570): pid=8345 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.645" name="file0" dev="9p" ino=71827899 res=0 errno=0 [ 121.738056][ T8345] ucma_write: process 446 (syz.4.645) changed security contexts after opening file descriptor, this is not allowed. [ 122.108819][ T8364] bond4: Unable to set up delay as MII monitoring is disabled [ 122.118572][ T8364] bond4 (unregistering): Released all slaves [ 122.366433][ T8387] block nbd4: not configured, cannot reconfigure [ 122.366958][ T8381] udevd[8381]: failed to send result of seq 13383 to main daemon: Connection refused [ 122.435116][ T8393] binder: 8391:8393 ioctl c0306201 200000000680 returned -14 [ 122.439742][ T8393] openvswitch: netlink: Key type 270 is out of range max 32 [ 122.517655][ T8397] netlink: 28 bytes leftover after parsing attributes in process `syz.4.663'. [ 122.579329][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.664'. [ 122.584042][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.664'. [ 122.594501][ T8402] syz_tun: entered allmulticast mode [ 122.630069][ T8404] netlink: 9 bytes leftover after parsing attributes in process `syz.4.665'. [ 122.633973][ T8404] 0·: renamed from hsr0 (while UP) [ 122.649190][ T8404] 0·: entered allmulticast mode [ 122.651488][ T8404] hsr_slave_0: entered allmulticast mode [ 122.654079][ T8398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.662'. [ 122.657958][ T8404] hsr_slave_1: entered allmulticast mode [ 122.658346][ T8404] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 122.661077][ T8398] netlink: 12 bytes leftover after parsing attributes in process `syz.2.662'. [ 122.672988][ T8404] netlink: 9 bytes leftover after parsing attributes in process `syz.4.665'. [ 122.677073][ T8404] 1·: renamed from 70· (while UP) [ 122.682815][ T8404] A link change request failed with some changes committed already. Interface 71· may have been left with an inconsistent configuration, please check. [ 122.690720][ T8406] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 122.775295][ T8413] random: crng reseeded on system resumption [ 122.783571][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.788280][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.793452][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.797833][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.802158][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.806471][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.810387][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.814495][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.819224][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.823207][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.827514][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.830599][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.834371][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.845530][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.849688][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.854512][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.859648][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.863613][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.867962][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.872159][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.876430][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.880417][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.884255][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.889125][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.892966][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.901299][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.905358][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.909194][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.912959][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.917107][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.920676][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.924450][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.928778][ T8412] program syz.0.668 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.377854][ T8446] netlink: 'syz.2.679': attribute type 7 has an invalid length. [ 123.381293][ T8446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.679'. [ 123.445014][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 123.445093][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 123.557314][ T8452] Cannot find set identified by id 0 to match [ 123.561541][ T8452] netlink: 'syz.2.681': attribute type 5 has an invalid length. [ 123.855044][ T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 123.984665][ T8463] netlink: 16 bytes leftover after parsing attributes in process `syz.4.685'. [ 123.989376][ T1145] bond0: (slave bond_slave_0): interface is now down [ 123.992724][ T1145] bond0: (slave bond_slave_1): interface is now down [ 123.998456][ T1145] bond0: (slave batadv0): interface is now down [ 124.005063][ T1145] bond0: now running without any active interface! [ 124.017138][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 124.020905][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.023884][ T10] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 124.028412][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.033750][ T10] usb 7-1: config 0 descriptor?? [ 124.419375][ T8494] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.422502][ T8494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.447603][ T10] mcp2221 0003:04D8:00DD.0005: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 124.530593][ T8504] input: syz1 as /devices/virtual/input/input16 [ 124.533517][ T8504] input: failed to attach handler leds to device input16, error: -6 [ 124.656180][ T6016] usb 7-1: USB disconnect, device number 9 [ 124.703485][ T8502] ------------[ cut here ]------------ [ 124.706261][ T8502] WARNING: arch/x86/kvm/vmx/vmx.c:5393 at handle_exception_nmi+0x14a2/0x1720, CPU#1: syz.5.704/8502 [ 124.710391][ T8502] Modules linked in: [ 124.712212][ T8502] CPU: 1 UID: 0 PID: 8502 Comm: syz.5.704 Tainted: G L syzkaller #0 PREEMPT(full) [ 124.717211][ T8502] Tainted: [L]=SOFTLOCKUP [ 124.718887][ T8502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.723474][ T8502] RIP: 0010:handle_exception_nmi+0x14a2/0x1720 [ 124.726244][ T8502] Code: 1e fe ff 31 ff 89 c5 89 c6 e8 aa 77 6a 00 85 ed 0f 85 ea fd ff ff e8 fd 7c 6a 00 90 0f 0b 90 e9 dc fd ff ff e8 ef 7c 6a 00 90 <0f> 0b 90 e9 fd f2 ff ff e8 e1 7c 6a 00 31 f6 48 89 df e8 57 e6 ec [ 124.733681][ T8502] RSP: 0018:ffffc90003b279c0 EFLAGS: 00010283 [ 124.736581][ T8502] RAX: 000000000001b001 RBX: ffff888057ab8000 RCX: ffffc90007a43000 [ 124.739798][ T8502] RDX: 0000000000080000 RSI: ffffffff81546bd1 RDI: 0000000000000001 [ 124.742690][ T8502] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 124.746398][ T8502] R10: 0000000000000000 R11: ffff888032df0b30 R12: 000000000f6632eb [ 124.749586][ T8502] R13: 0000000000000007 R14: 0000000080000300 R15: ffff888057ab80d8 [ 124.752539][ T8502] FS: 00007fc710bc96c0(0000) GS:ffff8880d69f5000(0000) knlGS:0000000000000000 [ 124.756840][ T8502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.760269][ T8502] CR2: 000000000f6632eb CR3: 000000006454f000 CR4: 0000000000352ef0 [ 124.763992][ T8502] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000036 [ 124.768576][ T8502] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 124.772330][ T8502] Call Trace: [ 124.773930][ T8502] [ 124.775428][ T8502] ? __pfx_handle_exception_nmi+0x10/0x10 [ 124.777941][ T8502] vmx_handle_exit+0x129b/0x1a00 [ 124.780128][ T8502] vcpu_run+0x3468/0x5a80 [ 124.781919][ T8502] ? __pfx_vcpu_run+0x10/0x10 [ 124.783782][ T8502] ? rcu_is_watching+0x12/0xc0 [ 124.785720][ T8502] ? kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 124.788166][ T8502] kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 124.790439][ T8502] kvm_vcpu_ioctl+0x76d/0x16d0 [ 124.792309][ T8502] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 124.794478][ T8502] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 124.797100][ T8502] ? do_vfs_ioctl+0x128/0x14f0 [ 124.798962][ T8502] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 124.800910][ T8502] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 124.803612][ T8502] ? hook_file_ioctl_common+0x144/0x410 [ 124.805932][ T8502] ? selinux_file_ioctl+0x180/0x270 [ 124.808053][ T8502] ? selinux_file_ioctl+0xb4/0x270 [ 124.810079][ T8502] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 124.812004][ T8502] __x64_sys_ioctl+0x18e/0x210 [ 124.814099][ T8502] do_syscall_64+0xcd/0xf80 [ 124.816451][ T8502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.818999][ T8502] RIP: 0033:0x7fc70fd8f7c9 [ 124.820632][ T8502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.827915][ T8502] RSP: 002b:00007fc710bc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.831012][ T8502] RAX: ffffffffffffffda RBX: 00007fc70ffe5fa0 RCX: 00007fc70fd8f7c9 [ 124.833917][ T8502] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 124.837012][ T8502] RBP: 00007fc70fe13f91 R08: 0000000000000000 R09: 0000000000000000 [ 124.840206][ T8502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.843300][ T8502] R13: 00007fc70ffe6038 R14: 00007fc70ffe5fa0 R15: 00007ffc718d4f38 [ 124.846488][ T8502] [ 124.847779][ T8502] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 124.850590][ T8502] CPU: 1 UID: 0 PID: 8502 Comm: syz.5.704 Tainted: G L syzkaller #0 PREEMPT(full) [ 124.855264][ T8502] Tainted: [L]=SOFTLOCKUP [ 124.856925][ T8502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.861963][ T8502] Call Trace: [ 124.863576][ T8502] [ 124.865012][ T8502] dump_stack_lvl+0x3d/0x1f0 [ 124.867255][ T8502] vpanic+0x640/0x6f0 [ 124.869157][ T8502] ? handle_exception_nmi+0x14a2/0x1720 [ 124.871928][ T8502] panic+0xca/0xd0 [ 124.873763][ T8502] ? __pfx_panic+0x10/0x10 [ 124.875843][ T8502] check_panic_on_warn+0xab/0xb0 [ 124.877976][ T8502] __warn+0x108/0x3c0 [ 124.880001][ T8502] __report_bug+0x2a0/0x520 [ 124.882275][ T8502] ? handle_exception_nmi+0x14a2/0x1720 [ 124.884972][ T8502] ? __pfx___report_bug+0x10/0x10 [ 124.887658][ T8502] ? __pfx_skip_emulated_instruction+0x10/0x10 [ 124.890381][ T8502] ? kvm_pmu_trigger_event.isra.0+0x23/0x7d0 [ 124.893424][ T8502] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 124.896220][ T8502] ? handle_exception_nmi+0x14a2/0x1720 [ 124.898952][ T8502] report_bug+0xb2/0x220 [ 124.901026][ T8502] ? handle_exception_nmi+0x14a2/0x1720 [ 124.903661][ T8502] handle_bug+0x127/0x260 [ 124.905848][ T8502] exc_invalid_op+0x17/0x50 [ 124.908072][ T8502] asm_exc_invalid_op+0x1a/0x20 [ 124.910443][ T8502] RIP: 0010:handle_exception_nmi+0x14a2/0x1720 [ 124.913150][ T8502] Code: 1e fe ff 31 ff 89 c5 89 c6 e8 aa 77 6a 00 85 ed 0f 85 ea fd ff ff e8 fd 7c 6a 00 90 0f 0b 90 e9 dc fd ff ff e8 ef 7c 6a 00 90 <0f> 0b 90 e9 fd f2 ff ff e8 e1 7c 6a 00 31 f6 48 89 df e8 57 e6 ec [ 124.921266][ T8502] RSP: 0018:ffffc90003b279c0 EFLAGS: 00010283 [ 124.923512][ T8502] RAX: 000000000001b001 RBX: ffff888057ab8000 RCX: ffffc90007a43000 [ 124.927087][ T8502] RDX: 0000000000080000 RSI: ffffffff81546bd1 RDI: 0000000000000001 [ 124.930709][ T8502] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 124.934338][ T8502] R10: 0000000000000000 R11: ffff888032df0b30 R12: 000000000f6632eb [ 124.937906][ T8502] R13: 0000000000000007 R14: 0000000080000300 R15: ffff888057ab80d8 [ 124.941127][ T8502] ? handle_exception_nmi+0x14a1/0x1720 [ 124.943465][ T8502] ? __pfx_handle_exception_nmi+0x10/0x10 [ 124.945912][ T8502] vmx_handle_exit+0x129b/0x1a00 [ 124.948144][ T8502] vcpu_run+0x3468/0x5a80 [ 124.950168][ T8502] ? __pfx_vcpu_run+0x10/0x10 [ 124.952324][ T8502] ? rcu_is_watching+0x12/0xc0 [ 124.954163][ T8502] ? kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 124.956437][ T8502] kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 124.959012][ T8502] kvm_vcpu_ioctl+0x76d/0x16d0 [ 124.961332][ T8502] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 124.963642][ T8502] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 124.966212][ T8502] ? do_vfs_ioctl+0x128/0x14f0 [ 124.968302][ T8502] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 124.970528][ T8502] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 124.973653][ T8502] ? hook_file_ioctl_common+0x144/0x410 [ 124.976183][ T8502] ? selinux_file_ioctl+0x180/0x270 [ 124.978421][ T8502] ? selinux_file_ioctl+0xb4/0x270 [ 124.980751][ T8502] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 124.982705][ T8502] __x64_sys_ioctl+0x18e/0x210 [ 124.984947][ T8502] do_syscall_64+0xcd/0xf80 [ 124.987128][ T8502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.989458][ T8502] RIP: 0033:0x7fc70fd8f7c9 [ 124.991298][ T8502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.999415][ T8502] RSP: 002b:00007fc710bc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.002592][ T8502] RAX: ffffffffffffffda RBX: 00007fc70ffe5fa0 RCX: 00007fc70fd8f7c9 [ 125.006220][ T8502] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 125.009478][ T8502] RBP: 00007fc70fe13f91 R08: 0000000000000000 R09: 0000000000000000 [ 125.012739][ T8502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.016388][ T8502] R13: 00007fc70ffe6038 R14: 00007fc70ffe5fa0 R15: 00007ffc718d4f38 [ 125.019528][ T8502] [ 125.023086][ T8502] Kernel Offset: disabled [ 125.024639][ T8502] Rebooting in 86400 seconds..