last executing test programs: 8.161758286s ago: executing program 0 (id=3976): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCSFLAGS1(r3, 0x4004743a, &(0x7f0000000300)) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000001f00)) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r4, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x4, 0x7f}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10}}}}}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched_retired(r5, &(0x7f00000090c0)={0x0, 0x0, &(0x7f0000009080)={&(0x7f00000038c0)=@newtaction={0x18, 0x4e, 0x334239e91bf4481f, 0x0, 0x0, {0x0, 0x1b}, [{0x4}]}, 0x18}}, 0x0) sendmmsg(r1, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f00000007c0)="17fa2bd6f580883e4e2c5d2852f8633c2c38a0ae9bd5a351caac646236d8121922a96395e3721a0de33b7bcdf53d90df07319af9d65fd6c09b4ee0e338f8a52e1d6331d8783a89a3c6535b9054a1bfd0c520ac7e132e5c028dc98b9684a2637897eb8b231384f4d6aedc4378de09f5eefa0a5a2fc38da8e9a48e00294537892bf60abe3d50bf9b7789b28c6394b1d7ca6d819cc92dc5b47ce85a8ad5eeb9416761f104e1766d2cfce67b3fb859c6fa3c07bc627255c2b45ff9e2cccae1364fd087c26771eac077ae59eb9e3a8d4c9cc45e2d66983b14be70cade6acdb94d14d2fa9ebdb6fd4cadc7ba5737934122f758677414b4b880f25279188281d765aff9a918cea85b229af1fbec85dc29cab7d6e4bb745464cce005545b7478fa7428179d307137cffc8366d4884893504d8ed5f9beabc270ae86ae7af89d647185f4c9e956474024fb0e76ed057cfd31d6aa50ce5de42ea639b4dd93561e1b9038ba8f6fdb69a3546209b181556e19821f9af95eace9cc57b7bbc93531780e505ddc5f35f7258b19ed5b812bc146dcc223ddaabd1208d55a613b3838bf0b0f5cc92c7872de96de3c361c8a8dac2b013d5483e1df8c41a0f890e6715a7b79306d0f12749aef1de54f5ce8da3eef5adde5db516e711e866440061e03b0c66a09e3b38af6d6462379eadc008cbdd43fa2a209a3e99cc425dacf209f38ba97e34298c52a9ba9f985272d58b445128ca4f438de2297356d1e65301c72d85426f3473fbd3ddd4e7776d41d0323d3ac08bdd1ad675978410750a6cd16403e63c633926a5aaa79e8da7ed03a1e2f8ecf3d5311df5aa73d476e0c4f04d748070ee9fa7ce325f7c24af933daaf2f77020af17e7013f475e7c710890478f7b4d35ee5b8a5f29539bda2c141cc3e72c49f04b0ff6e4ce13de390d0f1fceaf0aef7d00ca57ed46851fa0deeea8110e405028c93505fb11c9af1981e5daa0c9838a9541942b0a3a0cc1bcc6bb05424ed67944d9ef3583a63fe0d7ef51fe173f7458c683f18a0146e064778305cd623db7da8b63c2afebbbb7ef878730f503e9e58e8e647aa2e5ce47104daa0a69c47fb1c86b3fa503c09930131580b6bdae9e1b8ae27de56852b87afaa599cde0925a7cbccc4f2618093dc829c0bb410b1e9dc74edb116d5761ec13a5416ffbe4ef37adefa959a5974b561b211edfc8e36502d70a9a651bf2b768e545155161667719ec944f493c623479bfbdb7dbe4e98a69034cb5d7e6979e53c0c131738475901fc5e885ca67808f2806a337c4e83b27bc5203f98a11571f340ab263ad81015f7f8669bfc4c09d7557fb81f57f11d91bac4c29958aaaee1986bac0acd02c1b10d164ab9fec333c5cf3e992ac7b637080be0b69cc5c6ac44b516c23304a48038cece79714eaf1bdbc3f118c45a8105b7385f14b668c14c87c8e733f0d60f514c875a29e6951248e783dfc550911c419f2c2e6d77012d2abe4c1c079c2175f1bb36d2bbf69d82bb3b607cf521c8e0001f0f44ab7b922efc44341ed358e22f2dfa8eea6831c2f1b97880c2aad6193cd98d6f93b2999278ddf23adffd5b0b7324bb8f057282354a45f709992689be747b4684e4761d6be7db05e185784a53f4936b9cc963e0d41b5016e03fb44d1b68df1470413ac24f9039e3629cf9530dfa1ebed0ab53f07debb3f5cb9b7df395462714ed40007585f6c9ecfc4c4103198bcbccc032c6cc8ad71ac2d50d52731a57073aa9c1e9a89fb668265b09fc3cec0883767ad080ba4dc534f825f2fa5304f6a06b297cc5497df42df04314ec26b34402159b3d61a049b920fda462d9cc0e34ba5ee4bf037e00d7c2ec884ffa92bb4270668c93c2bb15f48565224a298691405665b37c5f2435b522d0aa67c46e5125b624fb8ded61b8bd2db7ffb3164ccbf2806c99e7d24f796d1f155df2c68577c0d821898c196693e2b5e7853b115567774e0d9c47b399618bd0717fb9437f269d7ea1ee4fb03b10cc686ee2632284fe63a67d4810b715f7aa926ed81a93ca4cdab6d28f4f3cd05da804ee4415ade7509b316fec4054fa423c16298320ecd309abae99b3b685f5094b1a1088f828bfc16723725df4fe244af45000fee1216aac61b10836084a464e18bf5ba6c53c788b70baff3b9b0f185b62362838d119342b140c97648f18c29687cb8370fc344417d0d5bdda5dd6ba4af89ab869506ca7ced0e6c7742f790242349d922b217ac249f24a7c4742308881c2383b7ce57d2e2a117925342deeaed35190e5c2c32c1e", 0x650}, {&(0x7f0000001f40)}, {0x0}], 0x4, &(0x7f00000017c0)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001d40)=[{0x10, 0x10f, 0x14}], 0x10}}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000002fc0)="5799bd91723799bc90", 0x9}], 0x1}}], 0x3, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r6 = inotify_init1(0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) 7.099357513s ago: executing program 0 (id=3979): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) madvise(&(0x7f00004fb000/0x3000)=nil, 0x3000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x100, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffffff, 0xffffffff, 0x210, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev, [], [], 'batadv0\x00', 'wg1\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x4c00}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0xba}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@func_proto={0x2, 0x0, 0x0, 0x4, 0x2}, @var={0x2, 0x0, 0x0, 0x11, 0x3}]}, {0x0, [0x2e, 0x5f]}}, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080)=0xb4) r5 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) r6 = syz_open_procfs$namespace(0x0, 0x0) dup2(r6, 0xffffffffffffffff) setns(r5, 0x0) 6.984841399s ago: executing program 2 (id=3980): r0 = fanotify_init(0x200, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip6_tables_targets\x00') r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SG_IO(r4, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x201, 0x40406, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mknod$loop(0x0, 0x0, 0x1) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r5 = io_uring_setup(0x29ea, &(0x7f0000000480)={0x0, 0x0, 0x2}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r5, 0x13, &(0x7f0000000080), 0x2) fanotify_mark(r0, 0x101, 0x4000086e, r1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r6 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mknodat$loop(r6, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0) linkat(r7, &(0x7f0000000140)='./file1\x00', r7, &(0x7f00000002c0)='./file0\x00', 0x0) 5.986357579s ago: executing program 2 (id=3986): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x400, 0x2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_emit_ethernet(0x11c, &(0x7f00000003c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0xe6, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, [{}, {}, {0x0, 0xe, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e2718"}, {0x21, 0x5, "b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d9"}, {0x0, 0x4, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1e"}, {0x0, 0x1, "d5170000dce9674a36da018dff"}]}}}}}}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000580)={0x84, r6, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x1c}}}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "95c80b8f60239e3698f17e55c2"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x28, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x8080}, 0x80d2) setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f00000000c0), 0x4) socket(0x10, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r8 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) r9 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r12}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0x2, 0x9, 0x0, 0x8, 0x80ffffff}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r11}, {}, {0x15, 0x0, 0x0, 0xffffff85}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) write$UHID_INPUT(r8, &(0x7f0000002f80)={0x8, {"44de2c4bdba56c9782e7a0fe056a8318d47a47a85ec080e7435c24d522cba5401f47fa1765fc11697283315044bce40ff71d2364445821b9f644f8eca065619fa14fc5ed8de5928e1299772f0bef77afa7f4af7f6fec08bd89d7341b5836519de700b419266309ec97820742c85e9fff8d8538ca0929aaa8584598d8ef1b44381101e0d31d021e13d1c90a8aee2d838ce4f565a72bc74cb12a56e5b957ad5dbb49b235dafb1399007f11fd54cc4c8b26e586181231ae13dcfdc1907385510efb33d352a6f6db3676f534f39c55b7ef3003e84d655c5ef0a1f9f700a8d57957259bb32b23c3b6862608172d909e2478e1cc437f22dc1953e42199a24a1378fafb1212af6a10c5b6c465c5ddbebe276008479989d9d907f9e1d46e899884ed8c4347262fbf2046c936cccf2b81df61d2c59b4b0b08970ee2e26a090c2f81cf31c6477aa6c9d28cb9bcb093fe078a8f0ed3b1a6b6ad13c79617fb1bd7953757f8b519fce8bfe454f7fb01777d91c909f2ba381caece4ed5945fdede2a63e9fe71e1d4a2cd5b5f41d9c9ccd33cd31d271bb38c5a3086da872c8459986b894a6381b36fde4cdabe9b1102ee96ac58c60aa10c04d24695f7aa111dd85f50ea02216782a94cfe9add72d08e6fd4779bf4eaefaf8bfeb04e409012dfe82b35626f0c0562d7b3a1b926c4039e193833e9c4dafd2c8984c0b9894747a143551fe8ab99295fbcbcec930940ab8f0d2e84512c2f25636967eabbdadbd5472c0da355ddb12ecb02dc90d00d79d0f1fd188f82a1b1d66ee873daddf45d35dd50b1e1501f4e2755d701c511e7853b6ed722a8687570abe9781cb486c1b45eb4b92379f35aabc853b2ddf191527f5e18fe9b1addffbb6fcc2f61a54780643c3b58254da05d6f4a1102333414ca5f3e06e20f2f6e1fcd0d68fef70611b481fbcf0ec4c0dc387fc6bd035148bd6b6d163f1ed0c87778c11229a81e5dbbc6c7599ad923b1058e17a8890db9ec6cf80196a99fdfa21848a120f407e21708c3881b29d407ac67b6392301b16cd1ce515fa3e4a8f3b62390f298ea573d5acc8073752ef5fff18b96229547dfbe5ebbcc2247c7b240aaec3437bf0fe6d5cf1d421d1da9509ea10aa23b2b5837bc0ee1971052ca7b20aaf90ccce231b45042ec2efd1bc9e9fec064fcf9d6722113979e947a833df47d428075982ff4985723a12b3b6a5c087a6dbbe0706cbdfc2786c44b7878c47997e2381abbb40fec3bb6ca994b60338788349ecb8cfeb7f35e20c58e499b090a83a72c012f34e55c0e3bcb22ad42a80fef3eb13e509455e3a4c1d99d6e3dab630ccb4a6b47527863baff5c850284115bf666ffce70762c2691de4110bec25a1257b47b0e81d2e1a6bb873b428d607488ca438b16ba83f597d43e77499c51e7fd10daca8fd2edaf5be1f2ab557ee4fd7c147c008612a607c8a3171968927564c4a157b896382e9a1a25545665de3f2027022bad0d9cb9695be56fac9012ac8c7dc83996f492ebb657e70b4e71a9ef3af6b1821905122fb9e4550968b1329c35011ce7853ffa2560f6e2cc20e6dc1cc7931466ee199ff8ebb085eb2ce1d6ca778b8ccb99eb06d4d625e7e2609f21bfa5d11decbfe94886b7eb7d0bc444693c5e4b160bd550a1fae62ace3c1522c327ebbbecd4c67a29850ce6211f23505e1b1acbb857b421ea3a0c71972b828dfc22f7cfdcff26f5339a0555554c51dbe31b83ad75d365ba3e3ca68dcbd85ea64df91a805ff711ea5892d414dad0529a80934384b7396259242382ec9ee6f3f8456c5facbdec134a568ff001a49f5e196bbd02cd448bf4c1983b4f26255fdee0c12d4f8775a7e6d03ec13c5306924d57fc88df00c91b734f2e91c14b73ed3335ab3c80932a30f0cf17939c2228b55cad158e982eacd4130c9dfc87f63f218adb27609134f3a77ea8d541041f549d99432ea3ce073e009b26d9aedec180a22d4aff7f1b152d966ed4165f0b9234c87971f1eb3bc57b16f98ccb7a3a072e6a3ac25f33255c0c7b07ce27131cfac16dd090a6011b69fd6d4a5faa1d1d6309c34a5ebbbb2494397438258da83633f85b77fa05c09c8eb1151ae1aa4387400b20e69d3c17a20be1149ef2b8f52f04ae9167a84256049e278cf9411f3eefe250a6f2ffdd29a332c26877b2ed790627ae77846136f1cf6b7807585b9dcef2ab000024609e7d19f83443596438c462e10467709da31c3fa63cf1b567a21f67f8db41d4dab87110aa4355312ed223289689ea36d0869339906ef5bfc2bdc7ef7d15d40bda91120bacaaad5b25b2a5c42a0e588a1d518c25338cab3db6d7705b2a73aa0378834ecad133ec0d37df420ac3302c3340f68bfce44fc38b00bfccb6f39d833a23612ce1ec48941b0bbc855f8f11961c6d5e9434424492bb01f4870afec7e253acac6d9530d0ec87e95796cea24e36a420293246b160d25f3ff963ce1d1658fb98baab92b97a71ff6368612f044ccf6450da9b62b817b66440ec9f20fd40c3b32acf2e12f172ee0622c62b24100274f7511bf7f55b89778a61edf9eb9d52300480832dc0ac6b9efd8cf6a22347f752dc087b212a8fcc99fe97a1de522dba620dbd97bd9c9f9e4edc0efa763342c82edc556efbf5c7e3a5ae56515510c67c7ce37c3ce53ff67d823f1551adc8931d73ed779894e050379f6ff36102cbe98aec394c4aa0139bda727b7c7813c462bdc1020000634e94eca73b3cc8a08e7eb06362df7c771f27144093a3945cefdfa9f93050b2f95b8ec15ba1b807437b9fb19c7243ceefc827eac23a9043f8a65e9c612581507a75d4306b12619835574e457c81a4a045487447cfa7759e05f602e690caec83f5700ecf74fecbdea3685d6f8791c38300f76f341e858b530999e16a11545a2ceb97105fbd4db03fe48f2dd34cd3b20d3f8c2fcfc29c180a232de3f9c92b0a411fbb72c28680a7cf7de32e68ddf0191f1e2d0ba36a8bb68dd0e300be210a4f149b5cc42b978ffb4ce95984e9bb2db97f112db8305b589ccf587cbe3d00dd196d0c51b7fed6dddde44459c99342d38bf4b18d14949103a7b8c3e3d050fa8adc688a47508c90da1e9be00b9fa3929cba71100d92e91ed50d5ff0361869e733e872b5088d1dd402506a83da04b3b4d4c262bda6053b1c80535ecc6e8af73cb9c3cff32355d3287911019f231a09a0d9a8d01a4ca9c03ea3f2a4a3f8887b79bc772f9c299837d3d0674255f8938520b32b1965e1b8a3eb7fba503d337af38bf4ef58b7423c01ef2079135e0860c3bebd00c8c11b68fce7a6a5470d86de64786dfce553f1ed022e01967cd841433cf461e5b5d3d936e3c1eae808fe822ffecc2dcab482d744c208aa7855adce23c4724cda7e268dceb231b9552771fa5bf8e00c49b1756db72fbabc4596baf6ceef428061462db9bd55fb62d37f078c501c704a4fad1f4159ae9229a4860bf09d335eb8219a0429e59e689ed595cf22d4cd80e70ab667d8f0379874276370b7b3944c6370cdb1ac850f5de954fe3217f778a12c6c57430ddda4ab0fe1562ab5f87731880464e38efdc84fa4f124c501e0dc0ba0d90b1faf3850fb7a6b933221a9ebdd5838ee4ec43ed8cb7664c33234a18db670662474f4a21444a487fdccdde51666cec2df20df2dfe3b806372babca4c1e9400d7b3e954bd30f483fda9e5ccc5ae51c0d422ec839bca9a4a09b72da27d306e1e5db26e1a9aae18cc88c715bf1b79090b0caacf10b634894fe82ef8f393418cd78c51536ec8c00e2f93ab79fcea8cc9319893da43c79ccd3c668c39eef981b4cc28101a07b43d6a332516236f42e0c89696dda2ae4c43a48b675690baebf3eaeccbdf6c8547d2d63ebbeee530c8ffb3a671be41f084b8f35447fdf2ff5b37265d07d1f68aa5ced3acd9857fcaa394c2d211ee458a16fa852c8a539fa06f3010df08eab331a8da26d3fd13065a57278c611ea18b199572509da5cca4a8a901fc5caeef6dce212db1ce0e79d36e7566179d323cb7a30bf949702536b56d521cf2a9eb60275b355784d810295d5c6449b921028c7e7568a7701ede2d326d745165c4caa6bc6000c8c11e6f593055f488731fb4bbddf8494299cdc06bfeb4f7cac80e8680ce8f3fb84c2a75c8a5053f7f219953ae07e33d432a52a07c095034615c9786d7a2aa66b7b624f9faa07dae3fa0102955a38843c2dbfac30d39234c05bd63dec451feded6eb39e64448dd0210b182cf34ac57b8636838b5cb84a4cec9c44ebdc899b4fc308d5cbff75ae1e3734d3acfe36dcbea5bec0bad524a8181b849bda405f3e0633984dd9d395d72d65ab22a7f5b791d2822c77020ef40433255a827d79c209e832cb4c6c4a137ddfd6f490937c9a7cec3ffc2f1a13fe95ae8982cdd01730a91fdbce76ee2c0963ce06a9d38e8244003d02f96a72470475b1d2e4749d2fd800375104e2951f037d12b49d4f4b9b6fa99fcb82f0d4182a349316b9ed566f4060f3c838b199a8e3a402b64b6e5f084839e72e7be73462192f113c370095d4d02c52421c7180c8638defe863230ba636b3e6500f1bfdc179d1dbe0c5e0dc297704e266c9f64b1d8cc54ac4500ca0eadd508335816d358df37dc2e9ee84dd422937517b6930be42fb86f21980b6cd2881c5151b96cf3e8e9d64473a84f655ae9fb2209448f0111c0b19d624a5ed09b56b4302407c4fc242df44966b1477df9ebd0c0e00e61836f16200942f5fc19e6198cb54786710cb4c790831513cc50db2e544d8d979cac8710fa9cefab6a3ebb56fd218c72e971b28261056cf149a613ab65e8ee06f393ca2ada9e82a99f65eb6e071575d5ade3f5f6a8d0d327a683d427751bc7ae762d8724f128af48f8c1121ea701f88603a0504ffb8c6d1e0ea24627efb8f5f7cfdeaca37df73adce48295cbb26b6c944095353ef3bd20645afcd776d36bf7361f61190c7d9196212c02b9908fc980c02a5fc0a09dc42f6443875add2d04b07f729c9bfdd4775b40384bebdc05c0b832193377ed7fecd08e2f82448522731917de56ee8967748413b878cb0e623ef4e53f521e5af40d931fae3da4ed5583071f31ab306d0af65a184406a2a63399245847274ee3bafed30734a9e27fde78e5d4e320f41fa98406525e8c3448fa3ea9799349fed1927c5539691e34bf37605b114076bb1ff547502f2bc8f19cc88e1ba58724830a7e0cf42ac167021bfc9a323a9c72953dd4a6402c20de5d7bf6390b8aa0276d707fe9b0dc25fa441ca094beeff4e670e68cdbf70a56f6d6963bcfd89c9ee44ee40e9b258216c77015df378baacd92957d002f07055914a3d210d014264360f3bc55aefd25068306bfafcc5d1bd9b4ee0af0b928e65a441bde7b9ffc7ef2c8be3eeef84adb598588fea129e28f5a15c9b0cc7e7302bed9f5afb397841ac7aa7e7ba71570d2118b003b4c889b8449f12aeabf9052a3e9bcdb79f588eb2de29a8a7849299542661839462b4b5fc7542b470752dc86de641731fed1202252c8cc1aca641d3c45b7b9663f6af383388ab50ab06f04b6a40a0464e8ef5b68100d74a4af595c08a79d25a4d25da89c8d38e63ab313b0f2f034b7708ec14420a337513a25c0e9ca0c7d0c0ca1c983c0a8273738581d6f951b0ae141313e3d17a861b768e1fbf9dd30a07aa24c8f19d6dc30691f29828134b4f80235873b450d398eb3894e4de346ad993d4c28edd88e9a53ca85f4d504e7e5f618a1adc1985260cc2a04e9876dd73798a07c0b977197cc5d9f7c2c3629c53f5def514b6a0dce23249f44cd6de", 0x1000}}, 0x1006) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, 0x0) 4.755928049s ago: executing program 2 (id=3995): ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x38}}, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, r1, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r4 = inotify_init1(0x0) fcntl$setown(r4, 0x8, 0xffffffffffffffff) mkdir(0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[], [], 0x2f}) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fcntl$getownex(r4, 0x10, &(0x7f0000000140)={0x0, 0x0}) r8 = syz_open_procfs(r7, &(0x7f0000000600)='fd/4\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000000000000b704000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x90) ioctl$EXT4_IOC_GROUP_EXTEND(r8, 0x40305829, &(0x7f0000000240)) 3.676186242s ago: executing program 2 (id=3999): r0 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB=')'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 3.586266017s ago: executing program 2 (id=4001): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) fcntl$dupfd(r0, 0x0, r1) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) socket$l2tp(0x2, 0x2, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000380)={'bridge_slave_0\x00', &(0x7f0000000080)=@ethtool_cmd={0x26, 0x1002007d}}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r5, 0x0, 0xb) splice(r4, 0x0, r6, 0x0, 0x80, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r7, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r7, &(0x7f0000000080)={0x24, @long}, 0x14) fcntl$setpipe(r6, 0x407, 0x0) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x3, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r9, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x2, 0x0, 0x1}}, 0x40) setsockopt$inet6_tcp_int(r8, 0x6, 0x5, &(0x7f0000000180)=0x1, 0x4) getsockopt$inet6_tcp_int(r8, 0x6, 0x5, 0x0, &(0x7f0000000040)) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x80000, 0x3d) 2.979479216s ago: executing program 0 (id=4002): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) syz_emit_vhci(0x0, 0x8) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000180)={&(0x7f00000002c0)=""/48, 0x30}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) 2.961505614s ago: executing program 3 (id=4003): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xe, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r1, &(0x7f0000000240), &(0x7f00000000c0)=""/30}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x5}, {0x0, [0x2e, 0x0, 0x2e]}}, 0x0, 0x1d, 0x0, 0x0, 0xfffffff9, 0x0, @void, @value}, 0x28) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r2}, 0x10) socket$packet(0x11, 0x3, 0x300) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001340)="45f9e8e5af9f7e488a1619ea0cd4902570249f1e29b175dfa0d3ae9be1933b972b835f966d432045a33e064403006bdb8ef95b90e76baae34f74778049ff8fa4a59adf7623aaddb922b32dbbfda740b88a07e87eb2cd97c0393db1036a1ec8a376c919cdd0b40dbb899c07f1349c7a1113f57495c795bc7e38166a7bdef463457189549f4b13279fffd050bdfea3477a62d3edea8321a2e98c65330fe7199ca6bee7202aa5a5d56c4ed4c22dbb28cebcaec033c75eb78820ad1d8ceb6f90b569e165002e702e1a206666d3c9d903ce78c73f778eae82d58317c634016a3e01ae29607f7b5ff253c607e4f60c0aa49021205073cdd574a3d4c25fbf79cc8ac99ff149ae54aa56286204e628dc2dfe4384ef74c8dac04ace6c5762d03f9e19942e4b6bbbb41fefc569cc23b3319d4ebc55551fecf8f936221e9787e744f2e1422baaa25b2f5bf59205190b7fe52f0641f149c5e00b764c493afadeaa04324783c268f48772b1c532d52d211865704db5fbafc3193385adc9855a1ad9ea0c05479329efd6c08ed22c5656eab2ea050f53bf441a9dfb4157d14b99214fa59b8b0e53200795762145a63d61c5c526edb03429e1e14072e1d7dff102fdb9801234bbbb8e0274a861dd60f3a21f129326b2f6fee61f690fa3967cdc5f6f9519282c48e28d6aa7d1b0ed07bdd72ebf1dd97b46f24ffde352095f4bffd6fdd0b9f0d60f16746f1c1ec46656cf94ae2237540c558c1863fb2ffd4619e5ee5b7aa5757e252b821e003fcef57f33cd70f19ec0b5f8098c030741147e8e4319109892fd56b22d261800b7107a393b9a7d835383e3504f5f2794f30914c4f8145ed446a06e3787eb32ab90abf595d45013c8b6d9c26cf4e60812b02427a4d2a8dcbdfaf8ace4e17f0f598676a5f26dc3615eddea77e1d68c857fbe2b39b67ccacd6afcea94b4f9592490c1a51e11f4ffc6dd4d4cdc44995b09864743b906e07a12c93045b654abf2faaf1127ee92698e09efee1d8d45ceb103973c3d1d5c98090d9af08789f867873bbeb522cb367bacaf2d94bc6fa7aab57b542af353d693230a3da636762204d96f2889f7decc9ad3992a8be2be92bdd6a7367bd64c8604ec219a92c80a7536f218926b5d18677f4bc22454a843f7ec6bfaadaec1a47896f902725cddc264226a0c7f673468459528101da2368d77d37d9ae6d52cb44efb9b5af74fdd4c8341980d7b3f4a3176c8de3c3a0144e3f327fcb30c6bda7a62ec37215367d06ef1b85fa2bc329fe99071f65b0d5a48b50139016b0753bc99c389f4aba551bf2da38b78e7b4dbb3be3ecf8749b39a022c86febf3a30070def590bd2a9cb0f95d09eac8de27c370d758e340193773a7dfbb2046e0b2e34bef073ed8368f4fbf464206fbe88c3260f6974b383bcf8a000db483d822536000df416d09dfc55c920cbc3c8b24af1757099903759e9312b576b9f04e61ae20a60d7d0ce978d193dbf9e7a20c04b4f985936402823feb4c045be085b565c283602d9f4c7efe1db4d81f126855712cb5d9cc86250c4b81f4cd823b4b3204d5e88c77f671b93f8ca0d7846a4eb429ab9aa3c8283e3aabe924b5b33d99ba5933d79856316642459e1b0806a0f7546fcf2db6159ad2f5d28c0141dc8777dbc67e3d1b02e2daa828eee0bb0fae22852012318cef6d55e0677fe28340f7c02b20ddbbeef78b6522d5c90540939b471306acadbfda2c3a91f9b5fa4d2", 0x4cd}], 0x1}}], 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0x1801, 0x4) sendto$inet(r3, &(0x7f0000000700)="09028a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f9111a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 2.819802621s ago: executing program 0 (id=4004): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0xc02c5341, &(0x7f00000000c0)) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r4) recvmmsg(r3, &(0x7f00000026c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10162, 0x0) 2.768598053s ago: executing program 3 (id=4005): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="0003"], 0x20) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}}, 0x1c) 2.644078568s ago: executing program 1 (id=4006): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0xfffffeff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r9, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000200)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cabf00", 0x19, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x3, 0x1, "a78ce540065980"}]}}}}}}, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r10, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r11, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r8, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r9, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendfile(r5, r6, 0x0, 0x8000002b) 2.519322111s ago: executing program 3 (id=4007): mount(0x0, 0x0, &(0x7f0000000000)='nfs4\x00', 0x0, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, 0x0, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x3, 0x0, 0x20000000) 2.409477829s ago: executing program 3 (id=4008): getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)='%-5lx \x00'}, 0x20) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ptrace$ARCH_SHSTK_UNLOCK(0x1e, 0x0, 0x0, 0x5004) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffffff857b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2f08, 0x10, 0x10, &(0x7f00000006c0)="0000000009000005", &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x34}}, 0x0) 1.83769272s ago: executing program 0 (id=4009): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r4, 0x0, 0x0, 0x0) socket$inet(0x2, 0x80001, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r5, 0x80047456, &(0x7f0000000040)={0x3, 0x0, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) 1.624116432s ago: executing program 3 (id=4010): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x10010) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000d40)) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = dup(r3) fsetxattr$security_selinux(r4, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0) 1.539764585s ago: executing program 1 (id=4011): syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e04023c20"], 0x7) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000024c0)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYBLOB]) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge0\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000700)=ANY=[], 0x67) 1.409496679s ago: executing program 1 (id=4012): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x8) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000180)={&(0x7f00000002c0)=""/48, 0x30}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) 1.289149572s ago: executing program 1 (id=4013): sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1ae8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='jbd2_handle_stats\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0xe, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@int={0xd, 0x0, 0x0, 0x1, 0x0, 0x26, 0x0, 0x2e}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0xe, 0x1}]}]}}, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001580)=@bpf_tracing={0x1b, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000740), 0x8, 0x10, &(0x7f0000000780), 0x10, 0x3, 0xffffffffffffffff, 0x0, &(0x7f0000000840)=[0xffffffffffffffff], 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x3}, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@cgroup, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000700)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f00000003c0)=0x1ff, 0x12) mkdirat$cgroup(r3, 0x0, 0x1ff) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @rand_addr, @local}, &(0x7f00000001c0)=0xc) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000280)={@dev={0xfe, 0x80, '\x00', 0x30}, 0x7d, r5}) syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x2) 884.815536ms ago: executing program 0 (id=4014): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet(0x2, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a001700000000040037000900030001632564b758b9", 0x2f}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bind$alg(0xffffffffffffffff, 0x0, 0x0) quotactl$Q_QUOTAON(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0xb0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) ioctl$IMADDTIMER(r3, 0x80044940, &(0x7f0000000080)=0x14) io_uring_setup(0x1782, &(0x7f00000011c0)) r4 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000001240)=ANY=[@ANYBLOB], 0x18) connect$inet6(r4, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x5411, 0x0) syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, 0x0) 359.550336ms ago: executing program 1 (id=4015): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) sendmsg$nl_route_sched(r3, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x4}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x70}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00004e7000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000380), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x13, r7, 0x0) ioctl$FS_IOC_RESVSP(r7, 0x40305829, &(0x7f0000000100)={0x1100, 0x0, 0x800, 0x10000}) getsockopt$inet6_buf(r6, 0x6, 0x6, &(0x7f0000001500)=""/19, &(0x7f0000000240)=0x13) pidfd_send_signal(r7, 0x28, &(0x7f00000004c0)={0x29, 0x6, 0xffff}, 0x0) mmap(&(0x7f0000b15000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r5, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) close(r0) 259.361999ms ago: executing program 3 (id=4016): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b4000000000000007916910000000000c3000000000000", @ANYRES8], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) pipe2$9p(&(0x7f0000002180), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000380), 0x60a5c0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setparam(0x0, &(0x7f0000000280)=0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x88300, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000340)={0x4}) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) madvise(&(0x7f0000f21000/0x8000)=nil, 0x8000, 0x8) socket$inet_udplite(0x2, 0x2, 0x88) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) openat$ptmx(0xffffff9c, &(0x7f0000000340), 0x480000, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x80007) r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) 194.727405ms ago: executing program 1 (id=4017): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x4e) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r0, r2, 0x3, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000140)='b', 0x1}], 0x1, 0x0) write(r1, 0x0, 0x0) 0s ago: executing program 2 (id=4018): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0x0) syz_emit_ethernet(0x46, &(0x7f0000000340)=ANY=[@ANYBLOB="3c82bf073aaebbbbbbbbbbbb86dd6001010000101100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000001090780200000000"], 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) socket$kcm(0x29, 0x5, 0x0) close(r4) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000012c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000e40)={r5, 0x4, 0x2}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000240)={r5, 0xffffffffffffff00, 0x8, 0x1}) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): er on device bond0 [ 532.296090][T13023] team0: Port device team_slave_1 added [ 532.733808][T13023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 532.739019][T13023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.754632][T13023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 532.768145][T13023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 532.771612][T13023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.782875][T13023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 532.828034][T12926] 8021q: adding VLAN 0 to HW filter on device team0 [ 532.840276][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.843705][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 532.859894][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.863551][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 533.087602][T13023] hsr_slave_0: entered promiscuous mode [ 533.091759][T13023] hsr_slave_1: entered promiscuous mode [ 533.095968][T13023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 533.100438][T13023] Cannot create hsr debugfs directory [ 533.192324][T13121] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2264'. [ 533.343400][T12926] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 533.543352][T12926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 533.631313][T12926] veth0_vlan: entered promiscuous mode [ 533.644568][T12926] veth1_vlan: entered promiscuous mode [ 533.751948][T12926] veth0_macvtap: entered promiscuous mode [ 533.760305][T12926] veth1_macvtap: entered promiscuous mode [ 533.789088][T12926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 533.795462][T12926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.800365][T12926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 533.805370][T12926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.810952][T12926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 533.816549][T12926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.833104][T12926] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 533.841337][T12926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 533.848361][T12926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.852836][T12926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 533.858088][T12926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.863127][T12926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 533.869833][T12926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.884834][T12926] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 533.907802][T12926] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.913063][T12926] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.934812][T12926] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.939874][T12926] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.098337][T13023] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 534.120205][T13023] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 534.132929][T13023] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 534.148617][T13023] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 534.172410][T12587] Bluetooth: hci2: command tx timeout [ 534.223575][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.233460][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.275400][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.279388][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.318771][T13158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2267'. [ 534.365235][T13023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 534.408555][T13023] 8021q: adding VLAN 0 to HW filter on device team0 [ 534.451365][T10987] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.454608][T10987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 534.475217][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.479130][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 534.552010][T13023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 534.722758][T13023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.780450][T13023] veth0_vlan: entered promiscuous mode [ 534.791383][T13023] veth1_vlan: entered promiscuous mode [ 534.824403][T13023] veth0_macvtap: entered promiscuous mode [ 534.831548][T13023] veth1_macvtap: entered promiscuous mode [ 534.853656][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 534.858898][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.862275][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 534.867196][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.871166][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 534.876135][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.880101][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 534.884406][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.891100][T13023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 534.898393][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 534.905772][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.909859][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 534.914193][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.919456][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 534.923415][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.927886][T13023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 534.931715][T13023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 534.938049][T13023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 534.946794][T13173] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 534.994022][T13023] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.998623][T13023] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.002320][T13023] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.017314][T13023] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.230902][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 535.245035][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.280415][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 535.287015][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.292809][T13179] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 535.336785][T13184] binder: 13182:13184 ioctl c018620c 20000080 returned -22 [ 535.350208][T13184] 9pnet_fd: Insufficient options for proto=fd [ 535.587955][T13191] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2273'. [ 536.470939][T13201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2275'. [ 537.365549][T12587] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 538.211256][T13234] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2285'. [ 539.043502][T13240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2287'. [ 539.239512][T13250] xt_cgroup: invalid path, errno=-2 [ 539.265821][T13249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2289'. [ 539.378173][T12587] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 539.382736][T12587] Bluetooth: hci3: Injecting HCI hardware error event [ 539.389421][T12587] Bluetooth: hci3: hardware error 0x00 [ 539.890723][T13265] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 539.921560][T13247] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 540.846019][T13288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2302'. [ 541.636269][T12587] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 541.874107][ T39] audit: type=1400 audit(2000000158.419:1213): avc: denied { map } for pid=13305 comm="syz.1.2308" path="socket:[42040]" dev="sockfs" ino=42040 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 542.258510][T13312] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2310'. [ 543.068202][T13326] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 543.749042][ T39] audit: type=1400 audit(2000000160.239:1214): avc: denied { getopt } for pid=13331 comm="syz.3.2317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 544.022088][ T39] audit: type=1400 audit(2000000160.569:1215): avc: denied { connect } for pid=13341 comm="syz.1.2320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 544.079112][ T39] audit: type=1400 audit(2000000160.569:1216): avc: denied { read } for pid=13341 comm="syz.1.2320" path="socket:[43072]" dev="sockfs" ino=43072 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 544.382290][T13348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2319'. [ 545.352307][T13370] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 545.356583][T13370] IPv6: NLM_F_CREATE should be set when creating new route [ 546.121123][T13388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2335'. [ 546.125062][T13388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2335'. [ 546.551953][ T25] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 546.783760][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 546.789948][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.795144][ T25] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 546.800956][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.812415][ T25] usb 6-1: config 0 descriptor?? [ 546.817489][ T25] hub 6-1:0.0: USB hub found [ 547.030702][ T25] hub 6-1:0.0: 1 port detected [ 548.072422][T13420] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2346'. [ 548.169469][ T5428] hub 6-1:0.0: hub_ext_port_status failed (err = -71) [ 548.176187][ T25] usb 6-1: USB disconnect, device number 18 [ 548.309105][T13426] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2348'. [ 548.313366][T13426] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2348'. [ 548.511511][T13431] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 548.514959][T13431] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 548.528400][T13431] vhci_hcd vhci_hcd.0: Device attached [ 548.710049][T13435] vhci_hcd: connection closed [ 548.721611][ T83] vhci_hcd: stop threads [ 548.731706][ T83] vhci_hcd: release socket [ 548.740422][ T83] vhci_hcd: disconnect device [ 551.607261][T13483] serio: Serial port ptm0 [ 552.168976][T12587] Bluetooth: hci2: command 0x0406 tx timeout [ 553.646264][ T39] audit: type=1400 audit(2000000170.149:1217): avc: denied { setopt } for pid=13508 comm="syz.1.2372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 553.960261][T11206] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 554.333191][T13539] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 554.340572][T13539] cramfs: wrong magic [ 554.715190][T13544] binder: BINDER_SET_CONTEXT_MGR already set [ 554.722881][T13544] binder: 13542:13544 ioctl 4018620d 20000040 returned -16 [ 554.972492][T13535] syz.3.2380 (13535): drop_caches: 2 [ 555.059117][T13530] syz.3.2380 (13530): drop_caches: 2 [ 555.092069][T13534] syz.3.2380 (13534): drop_caches: 2 [ 555.505552][T13556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2387'. [ 555.510284][T13556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2387'. [ 555.779375][ T39] audit: type=1326 audit(2000000172.329:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.793553][ T39] audit: type=1326 audit(2000000172.329:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.803273][ T39] audit: type=1326 audit(2000000172.329:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.813412][ T39] audit: type=1326 audit(2000000172.329:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.824518][ T39] audit: type=1326 audit(2000000172.329:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.835746][ T39] audit: type=1326 audit(2000000172.329:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.905957][ T39] audit: type=1326 audit(2000000172.329:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.917628][ T39] audit: type=1326 audit(2000000172.329:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 555.927422][ T39] audit: type=1326 audit(2000000172.329:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13561 comm="syz.0.2389" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe1817def9 code=0x7ffc0000 [ 556.229488][T13575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2393'. [ 561.040875][T13676] netlink: 'syz.0.2428': attribute type 322 has an invalid length. [ 561.815733][T13694] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2434'. [ 561.823797][T13694] erspan0: entered promiscuous mode [ 561.826428][T13694] macvlan2: entered allmulticast mode [ 561.828872][T13694] erspan0: entered allmulticast mode [ 562.515439][ T58] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 562.711343][ T58] usb 7-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 562.717047][ T58] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.721444][ T58] usb 7-1: Product: syz [ 562.724261][ T58] usb 7-1: Manufacturer: syz [ 562.727353][ T58] usb 7-1: SerialNumber: syz [ 562.732242][ T58] usb 7-1: config 0 descriptor?? [ 562.957503][ T58] hso 7-1:0.0: Failed to find INT IN ep [ 562.960598][ T58] usb-storage 7-1:0.0: USB Mass Storage device detected [ 563.160132][T12732] usb 7-1: USB disconnect, device number 19 [ 564.499369][T13738] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2445'. [ 565.872917][ T39] kauditd_printk_skb: 14 callbacks suppressed [ 565.872933][ T39] audit: type=1400 audit(2000000182.419:1241): avc: denied { read } for pid=13746 comm="syz.2.2448" name="file2" dev="tmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 566.227000][T11206] Bluetooth: hci2: unexpected event for opcode 0x0c7d [ 566.227249][T13766] binder: 13765:13766 ioctl c018620c 20000080 returned -22 [ 566.240604][T13766] 9pnet_fd: Insufficient options for proto=fd [ 566.244753][T13768] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2453'. [ 568.738775][T13823] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2473'. [ 568.898153][ T1386] ieee802154 phy0 wpan0: encryption failed: -22 [ 569.268082][T13831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2476'. [ 569.551373][T13837] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2477'. [ 569.662586][ T39] audit: type=1400 audit(2000000186.209:1242): avc: denied { connect } for pid=13840 comm="syz.1.2481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 570.104616][T13851] input: syz1 as /devices/virtual/input/input18 [ 570.414101][T11206] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 570.419840][T11206] Bluetooth: hci2: Injecting HCI hardware error event [ 570.458025][T12587] Bluetooth: hci2: hardware error 0x00 [ 571.434167][ T39] audit: type=1400 audit(2000000187.989:1243): avc: denied { bind } for pid=13871 comm="syz.2.2487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 571.975368][ T39] audit: type=1400 audit(2000000188.519:1244): avc: denied { ioctl } for pid=13882 comm="syz.1.2489" path="/dev/nullb0" dev="devtmpfs" ino=693 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 572.006344][T13883] binder: 13880:13883 ioctl c018620c 20000080 returned -22 [ 572.011611][T13883] 9pnet_fd: Insufficient options for proto=fd [ 572.071792][T13889] 9pnet_fd: Insufficient options for proto=fd [ 572.142494][T13893] geneve2: entered promiscuous mode [ 572.145495][T13893] geneve2: entered allmulticast mode [ 572.805577][T12587] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 573.027548][ T64] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 573.123181][T13914] binder: 13913:13914 ioctl c018620c 20000080 returned -22 [ 573.146795][T13914] 9pnet_fd: Insufficient options for proto=fd [ 573.381534][T12118] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 573.500353][ T39] audit: type=1326 audit(2000000190.049:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.512445][ T39] audit: type=1326 audit(2000000190.049:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.525850][ T39] audit: type=1326 audit(2000000190.059:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f817957c9df code=0x7ffc0000 [ 573.537958][ T39] audit: type=1326 audit(2000000190.059:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.549758][ T39] audit: type=1326 audit(2000000190.059:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.560925][ T39] audit: type=1326 audit(2000000190.069:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.570732][ T39] audit: type=1326 audit(2000000190.069:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.582061][ T39] audit: type=1326 audit(2000000190.069:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13930 comm="syz.3.2507" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ffc0000 [ 573.739895][T12118] usb 5-1: Using ep0 maxpacket: 32 [ 573.746164][T12118] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 573.750940][T12118] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 573.755984][T12118] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 573.760000][T12118] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.771221][T12118] usb 5-1: config 0 descriptor?? [ 573.774367][T13910] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 573.779697][T12118] hub 5-1:0.0: USB hub found [ 574.382284][T12118] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 574.696105][T12118] usbhid 5-1:0.0: can't add hid device: -71 [ 574.700244][T12118] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 574.735982][T12118] usb 5-1: USB disconnect, device number 16 [ 575.346833][T13951] binder: 13950:13951 ioctl c018620c 20000080 returned -22 [ 575.352121][T13951] 9pnet_fd: Insufficient options for proto=fd [ 576.005557][T12587] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 576.010581][T12587] Bluetooth: hci1: Injecting HCI hardware error event [ 576.017734][T12587] Bluetooth: hci1: hardware error 0x00 [ 577.192817][T13983] syz.0.2521 (13983): drop_caches: 2 [ 577.198277][T13983] syz.0.2521 (13983): drop_caches: 2 [ 577.208920][T13983] syz.0.2521 (13983): drop_caches: 2 [ 577.211774][T13983] syz.0.2521 (13983): drop_caches: 2 [ 578.125416][T12587] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 579.831978][T14027] netlink: 'syz.2.2533': attribute type 3 has an invalid length. [ 579.835588][T14027] netlink: 'syz.2.2533': attribute type 3 has an invalid length. [ 579.839304][T14027] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2533'. [ 580.157607][T14034] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2536'. [ 580.812825][T14048] syz.3.2539[14048] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 580.812972][T14048] syz.3.2539[14048] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 582.143211][T14058] syz.1.2541 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 582.392134][T14065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2544'. [ 582.397890][T14065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2544'. [ 582.491396][T14071] tipc: Started in network mode [ 582.493269][T14071] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 582.497277][T14071] tipc: Enabling of bearer rejected, failed to enable media [ 582.646758][T14075] syz.1.2544 (14075): attempted to duplicate a private mapping with mremap. This is not supported. [ 582.983611][T14070] wireguard0: entered promiscuous mode [ 582.987337][T14070] wireguard0: entered allmulticast mode [ 583.436395][T14083] binder: 14082:14083 ioctl c018620c 20000080 returned -22 [ 583.698497][T14091] fuse: Bad value for 'rootmode' [ 584.221320][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.481275][T14101] input: syz0 as /devices/virtual/input/input19 [ 585.350329][T14110] bpq0: entered allmulticast mode [ 585.456786][T14113] [U] [ 585.459085][T14113] [U] [ 585.460951][T14113] [U] [ 585.462739][T14113] [U] [ 585.484229][T14113] [U] [ 585.485560][T14113] [U] [ 585.486799][T14113] [U] [ 585.488029][T14113] [U] [ 585.494129][T14113] [U] [ 585.496171][T14115] netlink: 'syz.3.2558': attribute type 3 has an invalid length. [ 585.510715][T14113] [U] [ 585.510806][T14113] [U] [ 585.516833][ C1] vkms_vblank_simulate: vblank timer overrun [ 585.517054][T14115] netlink: 'syz.3.2558': attribute type 3 has an invalid length. [ 585.520892][T14115] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2558'. [ 585.527357][T14113] [U] [ 585.550861][ C1] vkms_vblank_simulate: vblank timer overrun [ 585.755447][T14113] [U] [ 585.757077][T14113] [U] [ 585.758261][T14113] [U] [ 585.759597][T14113] [U] [ 585.770196][T14113] [U] [ 585.771591][T14113] [U] [ 585.772993][T14113] [U] [ 585.774317][T14113] [U] [ 585.783630][T14113] [U] [ 585.786276][T14113] [U] [ 585.787749][T14113] [U] [ 585.789056][T14113] [U] [ 585.793734][T14113] [U] [ 585.795252][T14113] [U] [ 585.796505][T14113] [U] [ 585.797604][T14113] [U] [ 585.804263][T14113] [U] [ 585.805554][T14113] [U] [ 585.806961][T14113] [U] [ 585.808533][T14113] [U] [ 585.811326][T14113] [U] [ 585.812309][T14113] [U] [ 585.813658][T14113] [U] [ 585.814866][T14113] [U] [ 585.817632][T14113] [U] [ 585.818847][T14113] [U] [ 585.820064][T14113] [U] [ 585.821704][T14113] [U] [ 585.823762][T14113] [U] [ 585.825046][T14113] [U] [ 585.826442][T14113] [U] [ 585.827826][T14113] [U] [ 585.832296][T14113] [U] [ 585.833601][T14113] [U] [ 585.834799][T14113] [U] [ 585.835956][T14113] [U] [ 585.838158][T14113] [U] [ 585.839433][T14113] [U] [ 585.840773][T14113] [U] [ 585.842803][T14113] [U] [ 585.847363][T14113] [U] [ 585.848579][T14113] [U] [ 585.849899][T14113] [U] [ 585.851331][T14113] [U] [ 585.860363][T14113] [U] [ 585.861681][T14113] [U] [ 585.863063][T14113] [U] [ 585.864435][T14113] [U] [ 585.869119][T14113] [U] [ 585.871057][T14113] [U] [ 585.872789][T14113] [U] [ 585.874309][T14113] [U] [ 585.883002][T14113] [U] [ 585.884534][T14113] [U] [ 585.885943][T14113] [U] [ 585.887408][T14113] [U] [ 585.893523][T14113] [U] [ 585.895661][T14113] [U] [ 585.897209][T14113] [U] [ 585.898760][T14113] [U] [ 585.905922][T14113] [U] [ 585.907337][T14113] [U] [ 585.908499][T14113] [U] [ 585.909707][T14113] [U] [ 585.911284][T14113] [U] [ 585.912898][T14113] [U] [ 585.913792][T14113] [U] [ 585.914678][T14113] [U] [ 585.916419][T14113] [U] [ 585.917447][T14113] [U] [ 585.918446][T14113] [U] [ 585.919444][T14113] [U] [ 585.920564][T14113] [U] [ 585.921656][T14113] [U] [ 585.922719][T14113] [U] [ 585.923719][T14113] [U] [ 585.924827][T14113] [U] [ 585.928966][T14113] [U] [ 585.930163][T14113] [U] [ 585.931328][T14113] [U] [ 585.934958][T14113] [U] [ 585.936065][T14113] [U] [ 585.937410][T14113] [U] [ 585.938495][T14113] [U] [ 585.940954][T14113] [U] [ 585.942007][T14113] [U] [ 585.943104][T14113] [U] [ 585.944120][T14113] [U] [ 585.945890][T14113] [U] [ 585.947007][T14113] [U] [ 585.948013][T14113] [U] [ 585.949029][T14113] [U] [ 585.951236][T14113] [U] [ 585.952293][T14113] [U] [ 585.953464][T14113] [U] [ 585.956195][T14113] [U] [ 585.958527][T14113] [U] [ 585.960024][T14113] [U] [ 585.961818][T14113] [U] [ 585.966186][T14113] [U] [ 585.968835][T14113] [U] [ 585.970119][T14113] [U] [ 585.986497][T14113] [U] [ 585.987801][T14113] [U] [ 585.990187][T14113] [U] [ 585.991549][T14113] [U] [ 585.992850][T14113] [U] [ 585.994310][T14113] [U] [ 585.996028][T14113] [U] [ 585.997309][T14113] [U] [ 585.998833][T14113] [U] [ 586.000188][T14113] [U] [ 586.001742][T14113] [U] [ 586.003204][T14113] [U] [ 586.004488][T14113] [U] [ 586.009635][T14111] [U] [ 586.076066][ T39] kauditd_printk_skb: 22 callbacks suppressed [ 586.076083][ T39] audit: type=1400 audit(2000000202.619:1275): avc: denied { accept } for pid=14124 comm="syz.2.2561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 586.862055][ T39] audit: type=1400 audit(2000000203.409:1276): avc: denied { read } for pid=14132 comm="syz.2.2564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 587.334626][T14146] netlink: 'syz.2.2567': attribute type 3 has an invalid length. [ 587.355377][T14146] netlink: 'syz.2.2567': attribute type 3 has an invalid length. [ 587.359093][T14146] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2567'. [ 587.706812][T14136] ceph: No mds server is up or the cluster is laggy [ 588.256098][ T39] audit: type=1400 audit(2000000204.809:1277): avc: denied { create } for pid=14158 comm="syz.1.2570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 588.266593][T14161] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 588.485920][ T58] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 588.605362][ T8147] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 588.681382][ T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.686728][ T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.691292][ T58] usb 7-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 588.708145][ T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.717909][ T58] usb 7-1: config 0 descriptor?? [ 588.810395][ T8147] usb 6-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 588.829664][ T8147] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.835696][ T8147] usb 6-1: config 0 descriptor?? [ 588.844671][ T8147] usb 6-1: selecting invalid altsetting 1 [ 588.878972][ T8147] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 588.900442][T13858] udevd[13858]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 589.124238][T14178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 589.163489][ T58] samsung 0003:0419:0600.000B: global environment stack underflow [ 589.167613][ T58] samsung 0003:0419:0600.000B: item 0 4 1 11 parsing failed [ 589.171994][ T58] samsung 0003:0419:0600.000B: parse failed [ 589.175456][ T58] samsung 0003:0419:0600.000B: probe with driver samsung failed with error -22 [ 589.216154][T14178] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.537832][ T8147] usb 7-1: USB disconnect, device number 20 [ 590.122878][T14187] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 590.163641][T14186] IPVS: stopping backup sync thread 14187 ... [ 590.182320][ T39] audit: type=1400 audit(2000000206.729:1278): avc: denied { write } for pid=14184 comm="syz.0.2578" name="mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 590.195033][ T39] audit: type=1400 audit(2000000206.729:1279): avc: denied { open } for pid=14184 comm="syz.0.2578" path="/dev/input/mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 591.043156][T14198] MTD: Attempt to mount non-MTD device "/dev/nbd0" [ 591.046277][T14198] cramfs: wrong magic [ 591.607446][ T57] usb 6-1: USB disconnect, device number 19 [ 592.893215][ T39] audit: type=1326 audit(2000000209.439:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14226 comm="syz.0.2591" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe1817def9 code=0x0 [ 594.988124][T14287] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2612'. [ 595.057216][ C2] vkms_vblank_simulate: vblank timer overrun [ 597.398442][T14322] Bluetooth: MGMT ver 1.23 [ 600.143182][T14359] netlink: 8280 bytes leftover after parsing attributes in process `syz.3.2635'. [ 600.151368][T14359] netlink: 8280 bytes leftover after parsing attributes in process `syz.3.2635'. [ 600.225477][T14355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2635'. [ 600.554606][T14380] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2643'. [ 601.245932][T14389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2649'. [ 603.269880][T14451] caif0 speed is unknown, defaulting to 1000 [ 603.324700][T14453] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2673'. [ 603.328517][T14453] 0·: renamed from hsr_slave_1 (while UP) [ 603.338157][T14453] 0·: entered allmulticast mode [ 603.342792][T14453] A link change request failed with some changes committed already. Interface c0· may have been left with an inconsistent configuration, please check. [ 604.609985][T14476] binder: 14474:14476 ioctl c018620c 20000080 returned -22 [ 605.786901][T14509] binder: 14506:14509 ioctl c018620c 20000080 returned -22 [ 607.054556][T14535] binder: 14534:14535 ioctl c018620c 20000080 returned -22 [ 607.166816][ T83] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 607.764007][T14558] binder: 14557:14558 ioctl c018620c 20000080 returned -22 [ 608.324462][T14589] binder: 14587:14589 ioctl c018620c 20000080 returned -22 [ 608.347203][T14590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2729'. [ 609.385337][T12587] Bluetooth: hci0: unexpected event for opcode 0x0c7d [ 609.389945][T14635] binder: 14634:14635 ioctl c018620c 20000080 returned -22 [ 609.572186][T14646] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2754'. [ 609.877158][T10992] bridge_slave_1: left allmulticast mode [ 609.884634][T10992] bridge_slave_1: left promiscuous mode [ 609.889715][T10992] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.897688][T10992] bridge_slave_0: left allmulticast mode [ 609.901326][T10992] bridge_slave_0: left promiscuous mode [ 609.906018][T10992] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.200025][T14677] binder: 14676:14677 ioctl c018620c 20000080 returned -22 [ 610.757347][T10992] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 610.785734][T10992] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 610.817391][T10992] bond0 (unregistering): Released all slaves [ 610.904991][T14692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2777'. [ 610.917367][T14692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2777'. [ 611.022812][T10992] tipc: Left network mode [ 611.460979][T14728] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14728 comm=syz.0.2787 [ 612.156036][T10992] hsr_slave_0: left promiscuous mode [ 612.159932][T10992] hsr_slave_1: left promiscuous mode [ 612.164965][T10992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 612.185380][T10992] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 612.196253][T10992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 612.199712][T10992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.320983][T10992] veth1_macvtap: left promiscuous mode [ 612.324150][T10992] veth0_macvtap: left promiscuous mode [ 612.335495][T10992] veth1_vlan: left promiscuous mode [ 612.338077][T10992] veth0_vlan: left promiscuous mode [ 616.120324][T10992] team0 (unregistering): Port device team_slave_1 removed [ 616.481976][T10992] team0 (unregistering): Port device team_slave_0 removed [ 617.650035][ T40] smc: removing ib device syz1 [ 617.973656][T14750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2798'. [ 618.248587][T14833] binder: 14832:14833 ioctl c018620c 20000080 returned -22 [ 622.086045][T14896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2856'. [ 622.104853][T14896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2856'. [ 623.761924][T12587] Bluetooth: hci0: unexpected event for opcode 0x0c7d [ 623.763441][T14972] binder: 14971:14972 ioctl c018620c 20000080 returned -22 [ 624.135491][T14995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2897'. [ 624.138988][T14995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2897'. [ 624.226375][T15013] tipc: Enabling of bearer rejected, failed to enable media [ 624.669786][T15037] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 624.673039][T15037] cramfs: wrong magic [ 627.535482][T15122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2954'. [ 627.540801][T15122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2954'. [ 627.653661][ C2] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 628.385006][ T39] audit: type=1400 audit(2000000244.929:1281): avc: denied { checkpoint_restore } for pid=15158 comm="syz.0.2965" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 628.566871][T15163] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2966'. [ 629.274141][T15169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2968'. [ 629.279064][T15169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2968'. [ 629.707673][T15180] syz.3.2969: attempt to access beyond end of device [ 629.707673][T15180] loop3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 629.717084][T15180] syz.3.2969: attempt to access beyond end of device [ 629.717084][T15180] loop3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 629.722720][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 629.728866][T15180] syz.3.2969: attempt to access beyond end of device [ 629.728866][T15180] loop3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 629.734568][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 629.738862][T15180] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 629.742363][T15180] UDF-fs: Scanning with blocksize 512 failed [ 629.749398][T15180] syz.3.2969: attempt to access beyond end of device [ 629.749398][T15180] loop3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 629.755902][T15180] syz.3.2969: attempt to access beyond end of device [ 629.755902][T15180] loop3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 629.761097][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 629.767185][T15180] syz.3.2969: attempt to access beyond end of device [ 629.767185][T15180] loop3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 629.772245][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 629.776602][T15180] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 629.780025][T15180] UDF-fs: Scanning with blocksize 1024 failed [ 629.783309][T15180] syz.3.2969: attempt to access beyond end of device [ 629.783309][T15180] loop3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 629.789088][T15180] syz.3.2969: attempt to access beyond end of device [ 629.789088][T15180] loop3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 629.794858][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 629.799640][T15180] syz.3.2969: attempt to access beyond end of device [ 629.799640][T15180] loop3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 629.805475][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 629.809665][T15180] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 629.813056][T15180] UDF-fs: Scanning with blocksize 2048 failed [ 629.816861][T15180] syz.3.2969: attempt to access beyond end of device [ 629.816861][T15180] loop3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 629.822935][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 629.826984][T15180] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 629.830991][T15180] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 629.834013][T15180] UDF-fs: Scanning with blocksize 4096 failed [ 629.836756][T15180] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1) [ 630.025405][ T39] audit: type=1400 audit(2000000246.239:1282): avc: denied { mounton } for pid=15173 comm="syz.3.2969" path="/189/file0" dev="tmpfs" ino=1006 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 630.356141][ T1386] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.482066][T15187] hub 6-0:1.0: USB hub found [ 630.489163][T15187] hub 6-0:1.0: 1 port detected [ 631.995212][T15208] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2976'. [ 632.106800][T15212] binder: 15211:15212 ioctl c018620c 20000080 returned -22 [ 632.107004][T15210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2978'. [ 633.712743][T15221] MTD: Attempt to mount non-MTD device "/dev/nbd1" [ 633.716148][T15221] cramfs: wrong magic [ 636.189487][T15248] netlink: 'syz.1.2988': attribute type 6 has an invalid length. [ 636.418108][T15252] ALSA: seq fatal error: cannot create timer (-22) [ 636.697186][T15255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2990'. [ 637.054288][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 637.453296][T15264] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 637.456659][T15264] cramfs: wrong magic [ 637.781170][T15271] mkiss: ax0: crc mode is auto. [ 638.059299][ T39] audit: type=1400 audit(2000000254.609:1283): avc: denied { mount } for pid=15267 comm="syz.0.2996" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 638.069664][ T39] audit: type=1400 audit(2000000254.619:1284): avc: denied { remount } for pid=15267 comm="syz.0.2996" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 638.257042][ T5394] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 638.485764][ T5394] usb 7-1: Using ep0 maxpacket: 16 [ 638.495389][ T5394] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 638.505420][ T5394] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 638.511139][ T5394] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 638.592999][ T5394] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.601435][ T39] audit: type=1400 audit(2000000255.149:1285): avc: denied { unmount } for pid=12586 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 638.606775][ T5394] usb 7-1: config 0 descriptor?? [ 639.035379][ T39] audit: type=1400 audit(2000000255.579:1286): avc: denied { read } for pid=15292 comm="syz.1.3000" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 639.045372][ T39] audit: type=1400 audit(2000000255.579:1287): avc: denied { open } for pid=15292 comm="syz.1.3000" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 639.056509][ T39] audit: type=1400 audit(2000000255.609:1288): avc: denied { ioctl } for pid=15292 comm="syz.1.3000" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 639.549494][T10992] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.770763][T10992] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.861501][T10992] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.130539][T15298] MTD: Attempt to mount non-MTD device "/dev/nbd1" [ 640.133542][T15298] cramfs: wrong magic [ 640.211773][T10992] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.314575][T11206] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 640.325769][T11206] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 640.338155][T11206] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 640.343338][T11206] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 640.349399][T11206] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 640.355641][T11206] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 640.475521][T10992] bridge_slave_1: left allmulticast mode [ 640.483753][T10992] bridge_slave_1: left promiscuous mode [ 640.486843][T15302] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3004'. [ 640.491795][T10992] bridge0: port 2(bridge_slave_1) entered disabled state [ 640.511219][T10992] bridge_slave_0: left allmulticast mode [ 640.514846][T10992] bridge_slave_0: left promiscuous mode [ 640.520442][T10992] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.792383][ T5394] usbhid 7-1:0.0: can't add hid device: -71 [ 640.795184][ T5394] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 640.809151][ T5394] usb 7-1: USB disconnect, device number 21 [ 641.547172][T10992] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 641.558550][T10992] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 641.565011][T10992] bond0 (unregistering): Released all slaves [ 641.763640][ T39] audit: type=1400 audit(2000000258.309:1289): avc: denied { write } for pid=15318 comm="syz.1.3007" name="ptp0" dev="devtmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 642.360334][T15299] chnl_net:caif_netlink_parms(): no params data found [ 642.455135][T11206] Bluetooth: hci3: command tx timeout [ 642.908532][T15349] fuse: Unknown parameter 'grou‚_id' [ 642.915173][T15299] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.920605][T15299] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.947316][T15299] bridge_slave_0: entered allmulticast mode [ 642.956924][T15299] bridge_slave_0: entered promiscuous mode [ 642.967821][T15299] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.971266][T15299] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.975000][T15299] bridge_slave_1: entered allmulticast mode [ 643.001025][T15299] bridge_slave_1: entered promiscuous mode [ 643.218810][T10992] hsr_slave_0: left promiscuous mode [ 643.235558][T10992] 0·: left promiscuous mode [ 643.238631][T10992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 643.241942][T10992] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 643.253556][T10992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 643.259938][T10992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 643.358259][T10992] veth1_macvtap: left promiscuous mode [ 643.360986][T10992] veth0_macvtap: left promiscuous mode [ 643.363872][T10992] veth1_vlan: left promiscuous mode [ 643.373379][T10992] veth0_vlan: left promiscuous mode [ 644.498472][T11206] Bluetooth: hci3: command tx timeout [ 645.379584][T10992] team0 (unregistering): Port device team_slave_1 removed [ 645.518807][T10992] team0 (unregistering): Port device team_slave_0 removed [ 646.571585][T11206] Bluetooth: hci3: command tx timeout [ 646.807224][T15299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.827315][T15363] bridge0: port 3(vlan3) entered blocking state [ 646.830163][T15363] bridge0: port 3(vlan3) entered disabled state [ 646.833004][T15363] vlan3: entered allmulticast mode [ 646.851231][T15363] vlan3: left allmulticast mode [ 646.935356][T15299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 647.083591][T15299] team0: Port device team_slave_0 added [ 647.128183][T15299] team0: Port device team_slave_1 added [ 647.183325][ T39] audit: type=1400 audit(2000000263.719:1290): avc: denied { write } for pid=15379 comm="syz.1.3017" name="wireless" dev="proc" ino=4026533142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 647.319086][T15299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 647.322069][T15299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.333595][T15299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 647.363761][T15299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 647.376718][T15299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.396362][T15299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.719222][T15299] hsr_slave_0: entered promiscuous mode [ 647.730728][T15299] hsr_slave_1: entered promiscuous mode [ 647.752026][ T39] audit: type=1400 audit(2000000264.299:1291): avc: denied { bind } for pid=15379 comm="syz.1.3017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 647.762440][T15299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.767957][T15299] Cannot create hsr debugfs directory [ 648.104702][ T39] audit: type=1400 audit(2000000264.649:1292): avc: denied { map } for pid=15390 comm="syz.2.3018" path="/dev/hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 648.645636][T11206] Bluetooth: hci3: command tx timeout [ 649.101830][T15299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 649.181544][T15299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 649.210561][T15299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 649.231774][T15299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 649.416597][T15299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 649.457885][T15299] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.484876][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.488621][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.527326][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.530568][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.931167][T15299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 649.998260][T15299] veth0_vlan: entered promiscuous mode [ 650.008816][T15299] veth1_vlan: entered promiscuous mode [ 650.074978][T15299] veth0_macvtap: entered promiscuous mode [ 650.120737][T15299] veth1_macvtap: entered promiscuous mode [ 650.137735][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.144667][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.155699][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.160098][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.164573][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.172344][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.179307][T15299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 650.190029][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.194481][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.205712][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.210324][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.214471][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.223082][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.233282][T15299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 650.248661][T15299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.252709][T15299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.273471][T15299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.277727][T15299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.400508][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.403950][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.545350][ T39] audit: type=1400 audit(2000000267.089:1293): avc: denied { write } for pid=15451 comm="syz.1.3027" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 650.568628][T10987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.573103][T10987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 651.725978][ T39] audit: type=1400 audit(2000000268.269:1294): avc: denied { mount } for pid=15487 comm="syz.1.3032" name="/" dev="configfs" ino=3168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 651.765186][ T39] audit: type=1800 audit(2000000268.289:1295): pid=15496 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3031" name="/" dev="fuse" ino=1 res=0 errno=0 [ 651.886592][T15492] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 651.954058][ T39] audit: type=1400 audit(2000000268.499:1296): avc: denied { read } for pid=15487 comm="syz.1.3032" name="/" dev="configfs" ino=3168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 652.000414][ T39] audit: type=1400 audit(2000000268.539:1297): avc: denied { open } for pid=15487 comm="syz.1.3032" path="/" dev="configfs" ino=3168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 652.384531][ T39] audit: type=1400 audit(2000000268.929:1298): avc: denied { unmount } for pid=13023 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 652.922963][T15508] wg2: entered promiscuous mode [ 652.925938][T15508] wg2: entered allmulticast mode [ 655.754089][T15548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3046'. [ 655.760299][T15548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3046'. [ 657.710023][ T8147] IPVS: starting estimator thread 0... [ 657.896430][T15583] IPVS: using max 21 ests per chain, 50400 per kthread [ 658.305845][T15587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3055'. [ 659.456494][ T39] audit: type=1326 audit(2000000275.999:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.469979][ T39] audit: type=1326 audit(2000000275.999:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.485560][ T39] audit: type=1326 audit(2000000275.999:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.496957][ T39] audit: type=1326 audit(2000000275.999:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.511206][ T39] audit: type=1326 audit(2000000275.999:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.520285][ T39] audit: type=1326 audit(2000000275.999:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.530149][ T39] audit: type=1326 audit(2000000275.999:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.541243][ T39] audit: type=1326 audit(2000000275.999:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.551054][ T39] audit: type=1326 audit(2000000275.999:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 659.635469][ T39] audit: type=1326 audit(2000000275.999:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15600 comm="syz.3.3060" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817957def9 code=0x7ff00000 [ 661.106274][ C3] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 662.942577][T15654] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3073'. [ 663.005529][T15654] Êü: entered promiscuous mode [ 664.422245][T15672] pimreg: entered allmulticast mode [ 665.058849][T15667] pimreg: left allmulticast mode [ 665.891591][ T39] kauditd_printk_skb: 669 callbacks suppressed [ 665.891609][ T39] audit: type=1400 audit(2000000282.279:1978): avc: denied { remount } for pid=15687 comm="syz.1.3082" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 666.496804][T15700] bridge0: port 3(vlan3) entered blocking state [ 666.500724][T15700] bridge0: port 3(vlan3) entered disabled state [ 666.504056][T15700] vlan3: entered allmulticast mode [ 666.576755][T15700] vlan3: left allmulticast mode [ 666.607702][T15702] netlink: 'syz.0.3086': attribute type 13 has an invalid length. [ 666.611588][T15702] netlink: 24859 bytes leftover after parsing attributes in process `syz.0.3086'. [ 666.894713][T15708] binder: 15707:15708 ioctl c018620c 20000080 returned -22 [ 667.101125][T15715] overlay: ./bus is not a directory [ 667.232801][ T5428] kernel write not supported for file [eventfd] (pid: 5428 comm: kworker/2:5) [ 667.591176][T15727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3093'. [ 667.980027][ T39] audit: type=1400 audit(2000000284.529:1979): avc: denied { create } for pid=15730 comm="syz.0.3095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 668.599805][ T39] audit: type=1400 audit(2000000285.149:1980): avc: denied { getopt } for pid=15730 comm="syz.0.3095" lport=51614 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 668.615779][ T39] audit: type=1400 audit(2000000285.159:1981): avc: denied { name_bind } for pid=15730 comm="syz.0.3095" src=28324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 668.639321][T15736] lo speed is unknown, defaulting to 1000 [ 668.641958][T15736] lo speed is unknown, defaulting to 1000 [ 668.651098][T15736] lo speed is unknown, defaulting to 1000 [ 668.661954][T15736] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 668.679956][T15736] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 668.705036][T15736] lo speed is unknown, defaulting to 1000 [ 668.767682][T15736] lo speed is unknown, defaulting to 1000 [ 668.778282][T15736] lo speed is unknown, defaulting to 1000 [ 668.783619][T15736] lo speed is unknown, defaulting to 1000 [ 669.011717][T15747] fuse: Unknown parameter 'grou‚_id' [ 670.149202][T15749] binder: 15748:15749 ioctl c018620c 20000080 returned -22 [ 670.234167][T15754] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3100'. [ 670.419517][T15767] bridge0: port 3(vlan2) entered blocking state [ 670.422733][T15767] bridge0: port 3(vlan2) entered disabled state [ 670.430564][T15767] vlan2: entered allmulticast mode [ 670.436582][T15767] vlan2: left allmulticast mode [ 671.434054][ T39] audit: type=1326 audit(2000000287.979:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.451432][ T39] audit: type=1326 audit(2000000287.979:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.464633][ T39] audit: type=1326 audit(2000000287.999:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.477991][ T39] audit: type=1326 audit(2000000287.999:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.489591][ T39] audit: type=1326 audit(2000000287.999:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.503435][ T39] audit: type=1326 audit(2000000288.009:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.514788][ T39] audit: type=1326 audit(2000000288.009:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.518038][T15780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3109'. [ 671.525389][ T39] audit: type=1326 audit(2000000288.009:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.539258][ T39] audit: type=1326 audit(2000000288.009:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.552583][ T39] audit: type=1326 audit(2000000288.009:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.1.3109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x7ffc0000 [ 671.685101][T15784] binder: 15783:15784 ioctl c018620c 20000080 returned -22 [ 672.213902][T15794] bridge0: port 3(vlan2) entered blocking state [ 672.219959][T15794] bridge0: port 3(vlan2) entered disabled state [ 672.224594][T15794] vlan2: entered allmulticast mode [ 672.231393][T15794] vlan2: left allmulticast mode [ 673.127654][T15807] ax25_connect(): syz.0.3119 uses autobind, please contact jreuter@yaina.de [ 673.252208][T15809] binder: 15808:15809 ioctl c018620c 20000080 returned -22 [ 673.716364][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.309566][T15824] bridge0: port 3(vlan2) entered blocking state [ 674.312705][T15824] bridge0: port 3(vlan2) entered disabled state [ 674.317082][T15824] vlan2: entered allmulticast mode [ 674.321405][T15824] vlan2: left allmulticast mode [ 676.870974][ T39] kauditd_printk_skb: 34 callbacks suppressed [ 676.870989][ T39] audit: type=1400 audit(2000000293.419:2026): avc: denied { unmount } for pid=12926 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 677.052750][T15864] bridge0: port 3(vlan2) entered blocking state [ 677.073025][T15864] bridge0: port 3(vlan2) entered disabled state [ 677.076139][T15864] vlan2: entered allmulticast mode [ 677.156390][T15864] vlan2: left allmulticast mode [ 677.776828][ T39] audit: type=1400 audit(2000000294.329:2027): avc: denied { setopt } for pid=15876 comm="syz.3.3138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 678.381230][ T39] audit: type=1400 audit(2000000294.929:2028): avc: denied { ioctl } for pid=15886 comm="syz.1.3141" path="pid:[4026533079]" dev="nsfs" ino=4026533079 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 679.121064][T15893] wg2: entered promiscuous mode [ 679.122859][T15893] wg2: entered allmulticast mode [ 679.463151][T15899] netlink: 'syz.3.3143': attribute type 1 has an invalid length. [ 679.823950][T15907] bridge0: port 3(vlan3) entered blocking state [ 679.827391][T15907] bridge0: port 3(vlan3) entered disabled state [ 679.830329][T15907] vlan3: entered allmulticast mode [ 679.846175][T15907] vlan3: left allmulticast mode [ 681.444003][ T39] audit: type=1400 audit(2000000297.989:2029): avc: denied { read } for pid=15934 comm="syz.2.3150" path="socket:[50811]" dev="sockfs" ino=50811 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 681.515567][ T39] audit: type=1400 audit(2000000298.019:2030): avc: denied { create } for pid=15931 comm="syz.0.3149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 681.525713][ T39] audit: type=1400 audit(2000000298.019:2031): avc: denied { setopt } for pid=15931 comm="syz.0.3149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 681.715080][T15944] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=15944 comm=syz.3.3152 [ 681.737081][ T39] audit: type=1400 audit(2000000298.279:2032): avc: denied { getopt } for pid=15943 comm="syz.3.3152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 682.171138][ T39] audit: type=1400 audit(2000000298.719:2033): avc: denied { unmount } for pid=15299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 684.251092][T15969] hfs: can't find a HFS filesystem on dev nullb0 [ 684.873747][T15972] bridge0: port 3(vlan2) entered blocking state [ 684.878033][T15972] bridge0: port 3(vlan2) entered disabled state [ 684.880969][T15972] vlan2: entered allmulticast mode [ 684.885022][T15972] vlan2: left allmulticast mode [ 685.045160][T15978] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 685.276458][T15983] fuse: Unknown parameter 'grou‚_id' [ 686.253848][T16010] bridge0: port 3(vlan3) entered blocking state [ 686.259540][T16010] bridge0: port 3(vlan3) entered disabled state [ 686.262850][T16010] vlan3: entered allmulticast mode [ 686.269693][T16010] vlan3: left allmulticast mode [ 686.495375][T12118] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 686.722727][T12118] usb 7-1: config 0 has an invalid interface number: 204 but max is 1 [ 686.727670][T12118] usb 7-1: config 0 has no interface number 1 [ 686.787639][T16019] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 686.790509][T16019] cramfs: wrong magic [ 686.923132][T12118] usb 7-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=b9.bf [ 686.928948][T12118] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.935371][T12118] usb 7-1: Product: syz [ 686.937303][T12118] usb 7-1: Manufacturer: syz [ 686.939308][T12118] usb 7-1: SerialNumber: syz [ 686.944112][T12118] usb 7-1: config 0 descriptor?? [ 687.010081][T12118] snd-usb-audio 7-1:0.204: probe with driver snd-usb-audio failed with error -22 [ 687.053503][T16009] udevd[16009]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.204/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 687.160388][ T25] usb 7-1: USB disconnect, device number 22 [ 687.642006][ T39] audit: type=1400 audit(2000000304.189:2034): avc: denied { lock } for pid=16028 comm="syz.0.3175" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=49760 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 688.030995][T16037] fuse: Unknown parameter 'grou‚_id' [ 688.481193][T16047] bridge0: port 3(vlan2) entered blocking state [ 688.484100][T16047] bridge0: port 3(vlan2) entered disabled state [ 688.494248][T16047] vlan2: entered allmulticast mode [ 688.529500][T16047] vlan2: left allmulticast mode [ 688.539933][ T39] audit: type=1400 audit(2000000305.093:2035): avc: denied { write } for pid=16039 comm="syz.3.3178" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 688.554971][ T39] audit: type=1400 audit(2000000305.093:2036): avc: denied { open } for pid=16039 comm="syz.3.3178" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 688.928512][T16056] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3182'. [ 689.066084][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.071122][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.074591][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.191761][T16054] infiniband syz1: set active [ 689.193942][T16054] infiniband syz1: added vcan0 [ 689.229162][ T58] vcan0 speed is unknown, defaulting to 1000 [ 689.233484][T16054] RDS/IB: syz1: added [ 689.235423][T16054] smc: adding ib device syz1 with port count 1 [ 689.238008][T16054] smc: ib device syz1 port 1 has pnetid [ 689.246601][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.251126][ T58] vcan0 speed is unknown, defaulting to 1000 [ 689.454214][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.580334][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.737058][T16054] vcan0 speed is unknown, defaulting to 1000 [ 689.849389][T16069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3184'. [ 690.109118][T16073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3186'. [ 690.115833][T16073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3186'. [ 690.466960][T16083] bridge0: port 3(vlan3) entered blocking state [ 690.469834][T16083] bridge0: port 3(vlan3) entered disabled state [ 690.472697][T16083] vlan3: entered allmulticast mode [ 690.516970][T16083] vlan3: left allmulticast mode [ 690.819459][T16087] fuse: Unknown parameter 'grou‚_id' [ 691.774948][ T1386] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.809259][T16110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3196'. [ 691.815244][T16104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3195'. [ 691.822615][T16104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3195'. [ 693.347641][ T39] audit: type=1326 audit(2000000309.893:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.375226][ T39] audit: type=1326 audit(2000000309.893:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.395674][ T39] audit: type=1326 audit(2000000309.903:2039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.415831][ T39] audit: type=1326 audit(2000000309.903:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.441358][ T39] audit: type=1326 audit(2000000309.903:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.452548][ T39] audit: type=1326 audit(2000000309.903:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.467573][ T39] audit: type=1326 audit(2000000309.903:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.501121][ T39] audit: type=1326 audit(2000000309.903:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.522011][ T39] audit: type=1326 audit(2000000309.903:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 693.532106][ T39] audit: type=1326 audit(2000000309.903:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16128 comm="syz.0.3203" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f72f717c890 code=0x7ffc0000 [ 693.785875][T16132] binder: 16131:16132 ioctl c018620c 20000080 returned -22 [ 693.934023][T16136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3205'. [ 693.940152][T16136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3205'. [ 694.242007][T16146] xt_CT: You must specify a L4 protocol and not use inversions on it [ 694.939188][T16160] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3212'. [ 694.951039][T16163] binder: 16161:16163 ioctl c018620c 20000080 returned -22 [ 695.562085][T16172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3216'. [ 695.567355][T16172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3216'. [ 695.827416][T16179] kvm: emulating exchange as write [ 697.073630][T16197] netlink: 'syz.2.3223': attribute type 3 has an invalid length. [ 697.687075][T16207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3225'. [ 697.691006][T16207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3225'. [ 697.863466][T16217] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3227'. [ 698.475746][T16235] No such timeout policy "syz0" [ 698.561046][T16234] input: syz1 as /devices/virtual/input/input20 [ 698.845567][T16239] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3236'. [ 698.855678][T16239] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3236'. [ 699.473682][T16251] input: syz1 as /devices/virtual/input/input21 [ 700.113162][T16266] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3245'. [ 700.523928][T16271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3246'. [ 700.528750][T16271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3246'. [ 701.987307][T16302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3255'. [ 701.990816][T16302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3255'. [ 703.231886][T16320] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 703.460392][T16332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3266'. [ 703.464214][T16332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3266'. [ 703.561892][T16338] input: syz1 as /devices/virtual/input/input22 [ 703.776449][T11206] Bluetooth: hci3: command 0x0406 tx timeout [ 704.001366][T16342] fuse: Unknown parameter 'grou‚_id' [ 704.390599][T12587] Bluetooth: hci0: unexpected event for opcode 0x0c7d [ 704.392354][T16352] binder: 16351:16352 ioctl c018620c 20000080 returned -22 [ 705.236277][T16365] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3275'. [ 705.806427][ T25] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 705.828179][T16386] overlayfs: failed to resolve './file0': -2 [ 706.011256][ T25] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 706.027590][ T25] usb 6-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f [ 706.044377][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.084206][ T25] usb 6-1: config 0 descriptor?? [ 706.089598][ T25] usb 6-1: bad CDC descriptors [ 706.733732][T16397] overlayfs: failed to resolve './file1': -2 [ 707.752180][T16411] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 708.221505][T16413] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3286'. [ 708.240432][T16413] netlink: 264 bytes leftover after parsing attributes in process `syz.0.3286'. [ 708.244248][T16413] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3286'. [ 708.277926][T12118] usb 6-1: USB disconnect, device number 20 [ 708.437123][T12587] Bluetooth: hci3: unexpected event for opcode 0x0c7d [ 708.445885][T16416] binder: 16415:16416 ioctl c018620c 20000080 returned -22 [ 708.472022][T16422] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3290'. [ 708.777462][T16435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3293'. [ 709.497648][T16445] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3297'. [ 709.603460][T16450] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3299'. [ 709.665636][T12587] Bluetooth: hci0: unknown advertising packet type: 0x63 [ 709.696111][T16454] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 711.354673][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 711.354690][ T39] audit: type=1400 audit(2000000327.883:2064): avc: denied { append } for pid=16476 comm="syz.1.3308" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 711.533412][ T39] audit: type=1400 audit(2000000328.083:2065): avc: denied { mount } for pid=16469 comm="syz.0.3305" name="/" dev="autofs" ino=52915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 711.615895][T16484] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3309'. [ 711.937689][ T39] audit: type=1400 audit(2000000328.493:2066): avc: denied { unmount } for pid=15299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 712.486830][T12587] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 712.491649][T12587] Bluetooth: hci3: Injecting HCI hardware error event [ 712.498883][T11206] Bluetooth: hci3: hardware error 0x00 [ 712.775971][T16501] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3314'. [ 712.955181][T12587] Bluetooth: hci3: unexpected event for opcode 0x0c7d [ 712.959029][T16505] binder: 16503:16505 ioctl c018620c 20000080 returned -22 [ 713.563173][T16516] lo speed is unknown, defaulting to 1000 [ 713.639327][T16516] vcan0 speed is unknown, defaulting to 1000 [ 714.102373][ T39] audit: type=1400 audit(2000000330.653:2067): avc: denied { setattr } for pid=16518 comm="syz.2.3319" name="ptmx" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1 [ 714.132377][ T39] audit: type=1400 audit(2000000330.653:2068): avc: denied { append } for pid=16518 comm="syz.2.3319" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 714.228945][T16521] dvmrp0: entered allmulticast mode [ 714.895745][T11206] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 716.450140][T16552] lo speed is unknown, defaulting to 1000 [ 716.454111][T16552] vcan0 speed is unknown, defaulting to 1000 [ 717.034462][T16556] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3328'. [ 717.120339][T16559] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3328'. [ 717.220845][T16564] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 717.659555][T16575] SELinux: policydb version -258872103 does not match my version range 15-33 [ 717.664492][T16575] SELinux: failed to load policy [ 717.668122][ T39] audit: type=1400 audit(2000000334.213:2069): avc: denied { load_policy } for pid=16572 comm="syz.2.3334" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 718.380039][T16587] overlayfs: conflicting lowerdir path [ 719.334019][T16597] pim6reg: entered allmulticast mode [ 719.628394][T16606] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3343'. [ 719.718954][T16608] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 719.740608][ T39] audit: type=1326 audit(2000000336.293:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.2.3343" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x0 [ 719.859717][T16604] infiniband syz2: set active [ 719.863502][T16604] infiniband syz2: added team_slave_1 [ 719.920035][T16604] RDS/IB: syz2: added [ 719.923312][T16604] smc: adding ib device syz2 with port count 1 [ 719.928160][T16604] smc: ib device syz2 port 1 has pnetid [ 720.749029][T16622] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 720.752036][T16622] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 720.755855][T16622] vhci_hcd vhci_hcd.0: Device attached [ 721.315496][T16623] vhci_hcd: connection closed [ 721.336739][ T1165] vhci_hcd: stop threads [ 721.340844][ T1165] vhci_hcd: release socket [ 721.342989][ T1165] vhci_hcd: disconnect device [ 721.466310][ T35] vhci_hcd: vhci_device speed not set [ 721.868532][ T39] audit: type=1400 audit(2000000338.423:2071): avc: denied { map } for pid=16639 comm="syz.1.3352" path="socket:[53051]" dev="sockfs" ino=53051 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 722.351610][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 723.532776][ T39] audit: type=1400 audit(2000000340.083:2072): avc: denied { mount } for pid=16662 comm="syz.3.3359" name="/" dev="rpc_pipefs" ino=54556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 723.950692][T16679] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3363'. [ 724.692320][T16695] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3368'. [ 724.697240][T16695] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3368'. [ 724.962299][T16701] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3369'. [ 724.976206][T16701] Êü: entered promiscuous mode [ 725.068766][ T39] audit: type=1400 audit(2000000341.613:2073): avc: denied { relabelfrom } for pid=16699 comm="syz.2.3370" name="NETLINK" dev="sockfs" ino=55468 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 725.093624][ T39] audit: type=1400 audit(2000000341.613:2074): avc: denied { relabelto } for pid=16699 comm="syz.2.3370" name="NETLINK" dev="sockfs" ino=55468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 725.994577][T16713] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3373'. [ 726.006367][T16715] binder: 16714:16715 ioctl c018620c 0 returned -14 [ 726.263375][T16723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3377'. [ 726.267441][T16723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3377'. [ 726.878427][T16734] xt_NFQUEUE: number of queues (65534) out of range (got 131068) [ 727.296820][T16744] binder: 16743:16744 ioctl c018620c 20000080 returned -1 [ 727.392068][ T39] audit: type=1326 audit(2000000343.943:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.660742][ T39] audit: type=1326 audit(2000000343.943:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.673501][ T39] audit: type=1326 audit(2000000343.953:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.683989][ T39] audit: type=1326 audit(2000000343.953:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.693727][ T39] audit: type=1326 audit(2000000343.953:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.707411][ T39] audit: type=1326 audit(2000000343.953:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.732212][ T39] audit: type=1326 audit(2000000343.963:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16741 comm="syz.0.3382" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 727.734192][ T58] IPVS: starting estimator thread 0... [ 727.848276][T16748] IPVS: using max 22 ests per chain, 52800 per kthread [ 727.918380][T16750] xt_bpf: check failed: parse error [ 728.078964][T16756] bridge0: port 3(vlan2) entered blocking state [ 728.083003][T16756] bridge0: port 3(vlan2) entered disabled state [ 728.086827][T16756] vlan2: entered allmulticast mode [ 728.092163][T16756] vlan2: left allmulticast mode [ 728.350514][T11206] Bluetooth: hci0: Malformed Event: 0x2f [ 729.052538][T16775] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3390'. [ 729.282919][T16783] binder: 16782:16783 ioctl c018620c 20000080 returned -1 [ 729.753402][T16791] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 729.762725][T16791] cramfs: wrong magic [ 730.078146][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 730.078258][ T39] audit: type=1400 audit(2000000346.633:2105): avc: denied { nlmsg_write } for pid=16792 comm="syz.2.3395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 732.246931][T11206] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 732.732186][T16824] binder: 16823:16824 ioctl c018620c 20000080 returned -1 [ 732.902075][T16830] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3403'. [ 733.282028][T16836] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 733.292063][T16836] cramfs: wrong magic [ 733.857515][ T39] audit: type=1400 audit(2000000350.413:2106): avc: denied { append } for pid=16844 comm="syz.1.3407" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 734.002512][ T39] audit: type=1400 audit(2000000350.553:2107): avc: denied { mount } for pid=16844 comm="syz.1.3407" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 734.010164][T11206] Bluetooth: hci0: unexpected subevent 0x1a length: 10 > 6 [ 734.022712][ T25] kernel write not supported for file /snd/seq (pid: 25 comm: kworker/2:0) [ 734.052099][T16852] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3410'. [ 734.859137][T16866] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3415'. [ 734.950751][T16870] ip6t_srh: unknown srh match flags 4000 [ 735.284217][T16877] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 735.289291][T16877] cramfs: wrong magic [ 736.322805][T16886] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3420'. [ 737.497592][T11206] Bluetooth: hci0: Malformed Event: 0x2f [ 738.893062][T16917] wg2: left promiscuous mode [ 738.894777][T16917] wg2: left allmulticast mode [ 738.933018][T16917] wg2: entered promiscuous mode [ 738.937470][T16917] wg2: entered allmulticast mode [ 739.246961][T16924] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 739.255381][T16924] cramfs: wrong magic [ 740.083135][T16936] binder: 16935:16936 ioctl c0306201 0 returned -14 [ 740.185674][T16937] xt_bpf: check failed: parse error [ 740.390178][T16939] hub 9-0:1.0: USB hub found [ 740.395213][T16939] hub 9-0:1.0: 1 port detected [ 740.916475][T16946] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3435'. [ 741.866558][T16961] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3438'. [ 742.339449][T16976] sp0: Synchronizing with TNC [ 743.099285][T16987] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3446'. [ 743.222415][T11206] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 743.502875][ T39] audit: type=1400 audit(2000000360.053:2108): avc: denied { bind } for pid=16993 comm="syz.3.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 743.525795][ T39] audit: type=1400 audit(2000000360.053:2109): avc: denied { write } for pid=16993 comm="syz.3.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 743.776653][T17005] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3450'. [ 743.921225][T11206] Bluetooth: hci0: unexpected event for opcode 0x204e [ 745.432062][T17037] mkiss: ax0: crc mode is auto. [ 745.761380][T17048] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3463'. [ 745.934351][T11206] Bluetooth: hci0: Malformed Event: 0x2f [ 748.080625][T17093] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3478'. [ 748.529002][T17104] rdma_rxe: rxe_newlink: failed to add vcan0 [ 749.240257][T17110] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3490'. [ 749.380380][T17114] vivid-000: disconnect [ 749.385592][T17114] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 749.405352][ T39] audit: type=1400 audit(2000000365.953:2110): avc: denied { read } for pid=17111 comm="syz.2.3483" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 749.416287][ T39] audit: type=1400 audit(2000000365.953:2111): avc: denied { open } for pid=17111 comm="syz.2.3483" path="/dev/nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 750.187311][T17111] vivid-000: reconnect [ 750.324374][T17123] cgroup: Unknown parameter '/dev/snd/timer' [ 750.612328][T17138] wg2: left promiscuous mode [ 750.615526][T17138] wg2: left allmulticast mode [ 750.754139][T17138] wg2: entered promiscuous mode [ 750.757518][T17138] wg2: entered allmulticast mode [ 752.272142][T17162] bridge0: port 3(vlan2) entered blocking state [ 752.278161][T17162] bridge0: port 3(vlan2) entered disabled state [ 752.281325][T17162] vlan2: entered allmulticast mode [ 752.289562][T17162] vlan2: left allmulticast mode [ 752.955375][ T57] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 753.169379][ T57] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 753.173557][ T57] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 753.184261][ T57] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 753.188409][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 753.192315][ T57] usb 5-1: SerialNumber: syz [ 753.217297][ T1386] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.243287][ T39] audit: type=1400 audit(2000000369.793:2112): avc: denied { search } for pid=17184 comm="syz.2.3504" name="/" dev="configfs" ino=3168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 753.305107][ T39] audit: type=1326 audit(2000000369.853:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17184 comm="syz.2.3504" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f098ff7def9 code=0x0 [ 753.371857][ T39] audit: type=1400 audit(2000000369.923:2114): avc: granted { setsecparam } for pid=17184 comm="syz.2.3504" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 753.392927][ T39] audit: type=1400 audit(2000000369.923:2115): avc: denied { write } for pid=17184 comm="syz.2.3504" name="/" dev="configfs" ino=3168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 753.416779][ T57] usb 5-1: 0:2 : does not exist [ 753.427695][ T57] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 753.451362][ T57] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 753.481581][ T57] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 753.489697][ T57] usb 5-1: USB disconnect, device number 17 [ 753.596784][T17137] udevd[17137]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 754.108647][ T39] audit: type=1400 audit(2000000370.663:2116): avc: denied { getopt } for pid=17193 comm="syz.0.3505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 754.850932][T17209] syz.3.3510 (17209): /proc/17208/oom_adj is deprecated, please use /proc/17208/oom_score_adj instead. [ 755.282712][T17219] fuse: Unknown parameter 'grou‚_id' [ 757.363792][T17243] bridge0: port 3(vlan2) entered blocking state [ 757.367280][T17243] bridge0: port 3(vlan2) entered disabled state [ 757.370979][T17243] vlan2: entered allmulticast mode [ 757.376127][T17243] vlan2: left allmulticast mode [ 757.599494][ T39] audit: type=1400 audit(2000000374.143:2117): avc: denied { setopt } for pid=17244 comm="syz.1.3521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 757.675625][T17250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3522'. [ 757.679756][T17250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3522'. [ 757.828777][T17255] fuse: Unknown parameter 'grou‚_id' [ 758.413491][ T39] audit: type=1400 audit(2000000374.963:2118): avc: denied { unmount } for pid=13023 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 758.537024][T17264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3526'. [ 758.648642][ T39] audit: type=1400 audit(2000000375.203:2119): avc: denied { module_request } for pid=17265 comm="syz.0.3527" kmod="net-pf-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 758.814058][ T39] audit: type=1326 audit(2000000375.363:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 758.824424][ T39] audit: type=1326 audit(2000000375.363:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 758.834714][ T39] audit: type=1326 audit(2000000375.373:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 758.846582][ T39] audit: type=1326 audit(2000000375.373:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 758.856579][ T39] audit: type=1326 audit(2000000375.373:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 758.865932][ T39] audit: type=1326 audit(2000000375.373:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 758.892188][ T39] audit: type=1326 audit(2000000375.373:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17269 comm="syz.2.3528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 759.246514][T11206] Bluetooth: hci0: unexpected event for opcode 0x204e [ 759.704501][T17281] bridge0: port 3(vlan2) entered blocking state [ 759.710968][T17281] bridge0: port 3(vlan2) entered disabled state [ 759.714610][T17281] vlan2: entered allmulticast mode [ 759.719674][T17281] vlan2: left allmulticast mode [ 760.355465][T17297] dccp_invalid_packet: P.Data Offset(170) too large [ 763.242088][T17333] dccp_close: ABORT with 32 bytes unread [ 764.765983][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 764.765999][ T39] audit: type=1400 audit(2000000381.313:2150): avc: denied { write } for pid=17352 comm="syz.1.3554" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 764.785621][ T39] audit: type=1400 audit(2000000381.313:2151): avc: denied { open } for pid=17352 comm="syz.1.3554" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 764.794060][ T39] audit: type=1400 audit(2000000381.343:2152): avc: denied { read } for pid=17352 comm="syz.1.3554" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 765.499410][T17359] sctp: [Deprecated]: syz.3.3555 (pid 17359) Use of struct sctp_assoc_value in delayed_ack socket option. [ 765.499410][T17359] Use struct sctp_sack_info instead [ 767.505367][T12013] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 767.700901][T12013] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.715409][T12013] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 767.719614][T12013] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.731580][T12013] usb 7-1: config 0 descriptor?? [ 768.051309][T17383] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 768.160861][T12013] keytouch 0003:0926:3333.000C: fixing up Keytouch IEC report descriptor [ 768.173772][T12013] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0926:3333.000C/input/input23 [ 768.493255][T12013] keytouch 0003:0926:3333.000C: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 768.521524][T12013] usb 7-1: USB disconnect, device number 23 [ 769.090926][T17397] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 769.094177][T17397] cramfs: wrong magic [ 769.500087][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.504326][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.571435][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.655474][ T57] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 769.665843][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.775445][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.778770][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.781784][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.806903][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.810346][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.813808][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.835404][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.838756][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.842094][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.865711][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.869108][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.881720][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.886730][ T57] usb 6-1: config 0 has no interfaces? [ 769.889380][ T57] usb 6-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 769.893547][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.896590][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.907774][ T57] usb 6-1: config 0 descriptor?? [ 769.911695][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.920079][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.941100][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.956247][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.960107][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.968178][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.974697][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.979471][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.983070][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.989136][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.991982][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 769.994981][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 770.005996][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 770.009299][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 770.013035][ T8147] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 770.020802][ T8147] hid-generic 0000:0000:0000.000D: hidraw1: HID v0.00 Device [syz0] on syz0 [ 770.243324][ T8147] usb 6-1: USB disconnect, device number 21 [ 770.978724][T17426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3574'. [ 770.983142][T17426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3574'. [ 771.235263][T12587] Bluetooth: hci0: unknown advertising packet type: 0x63 [ 771.272219][T17429] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 771.946283][T17435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3577'. [ 772.705554][ T39] audit: type=1400 audit(2000000389.223:2153): avc: denied { mount } for pid=17441 comm="syz.1.3580" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 772.899696][T17448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3580'. [ 773.655326][ T39] audit: type=1400 audit(2000000390.203:2154): avc: denied { unmount } for pid=13023 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 773.828756][T17464] wireguard0: entered promiscuous mode [ 773.831595][T17464] wireguard0: entered allmulticast mode [ 774.213729][T17471] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 774.793877][T17483] program syz.2.3587 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 775.214799][T17473] dccp_close: ABORT with 32 bytes unread [ 775.281048][T17491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3590'. [ 776.716784][T17527] netlink: 'syz.1.3601': attribute type 2 has an invalid length. [ 776.721756][T17527] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3601'. [ 776.738206][T17527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3601'. [ 777.768735][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 777.772862][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 778.102161][T17548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3607'. [ 779.021223][T17563] MTD: Attempt to mount non-MTD device "/dev/nbd0" [ 779.026236][T17563] cramfs: wrong magic [ 780.541373][T17582] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3616'. [ 780.549257][T17582] netlink: 272 bytes leftover after parsing attributes in process `syz.2.3616'. [ 781.360709][ T39] audit: type=1400 audit(2000000397.903:2155): avc: denied { setopt } for pid=17589 comm="syz.0.3618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 782.107740][T17608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3621'. [ 782.134307][T17609] fuse: Unknown parameter 'grou‚_id' [ 783.674930][T17645] Bluetooth: (null): Invalid header checksum [ 783.761799][T17651] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3636'. [ 783.773003][T10992] Bluetooth: (null): Invalid header checksum [ 783.776938][T10992] Bluetooth: (null): Invalid header checksum [ 783.884230][ T1107] Bluetooth: (null): Invalid header checksum [ 783.997924][T10992] Bluetooth: (null): Invalid header checksum [ 784.116656][ T1107] Bluetooth: (null): Invalid header checksum [ 784.226098][T10992] Bluetooth: (null): Invalid header checksum [ 784.322649][ T39] audit: type=1400 audit(2000000400.873:2156): avc: denied { map } for pid=17655 comm="syz.1.3639" path="socket:[55217]" dev="sockfs" ino=55217 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 784.374256][ T1107] Bluetooth: (null): Invalid header checksum [ 784.449133][T10987] Bluetooth: (null): Invalid header checksum [ 785.061403][ T39] audit: type=1400 audit(2000000401.613:2157): avc: denied { map } for pid=17664 comm="syz.0.3642" path="socket:[57001]" dev="sockfs" ino=57001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 786.983641][T17694] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3648'. [ 787.219339][ T39] audit: type=1400 audit(2000000403.773:2158): avc: denied { ioctl } for pid=17696 comm="syz.3.3649" path="socket:[55238]" dev="sockfs" ino=55238 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 789.277843][T17741] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 790.109351][T17742] 9pnet_fd: Insufficient options for proto=fd [ 790.134543][T17753] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3663'. [ 791.650248][T12587] Bluetooth: hci0: unexpected event for opcode 0x204e [ 792.552085][ T39] audit: type=1400 audit(2000000409.103:2159): avc: denied { create } for pid=17803 comm="syz.3.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 792.576584][ T39] audit: type=1400 audit(2000000409.133:2160): avc: denied { bind } for pid=17803 comm="syz.3.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 792.631434][T17806] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3680'. [ 794.419758][T17839] fuse: Bad value for 'user_id' [ 794.422347][T17839] fuse: Bad value for 'user_id' [ 794.832137][T17845] openvswitch: netlink: Message has 4 unknown bytes. [ 795.007028][T17847] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3690'. [ 796.034772][T17865] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3695'. [ 796.084385][T17867] lo speed is unknown, defaulting to 1000 [ 796.087891][T17867] vcan0 speed is unknown, defaulting to 1000 [ 796.165677][ T39] audit: type=1400 audit(2000000412.683:2161): avc: denied { mount } for pid=17858 comm="syz.0.3693" name="/" dev="hugetlbfs" ino=58538 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 796.695612][ T39] audit: type=1400 audit(2000000413.253:2162): avc: denied { unmount } for pid=15299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 796.852224][ T39] audit: type=1400 audit(2000000413.403:2163): avc: denied { ioctl } for pid=17875 comm="syz.2.3697" path="socket:[57977]" dev="sockfs" ino=57977 ioctlcmd=0x8932 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 797.103630][ T39] audit: type=1400 audit(2000000413.653:2164): avc: denied { connect } for pid=17884 comm="syz.3.3700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 797.110738][T17885] tipc: Cannot configure node identity twice [ 798.881195][T17912] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3708'. [ 799.074905][T12587] Bluetooth: hci0: unexpected event for opcode 0x203c [ 799.110157][T17916] fuse: Unknown parameter '0x0000000000000005' [ 799.946317][T12118] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 800.135512][T12118] usb 5-1: Using ep0 maxpacket: 16 [ 800.594132][T12118] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 800.598755][T12118] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.602536][T12118] usb 5-1: Product: syz [ 800.604431][T12118] usb 5-1: Manufacturer: syz [ 800.611350][T12118] usb 5-1: SerialNumber: syz [ 800.631977][T12118] usb 5-1: config 0 descriptor?? [ 800.643400][T12118] ums-onetouch 5-1:0.0: USB Mass Storage device detected [ 801.170498][T17952] netlink: 'syz.2.3717': attribute type 10 has an invalid length. [ 801.225184][T17952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 801.236095][T17952] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 801.490967][T12732] usb 5-1: USB disconnect, device number 18 [ 801.914470][ T39] audit: type=1326 audit(2000000418.463:2165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17963 comm="syz.1.3721" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fac81f7def9 code=0x0 [ 802.142235][ T39] audit: type=1400 audit(2000000418.693:2166): avc: denied { setattr } for pid=17963 comm="syz.1.3721" name="NETLINK" dev="sockfs" ino=57295 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 802.374265][T17972] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3723'. [ 804.105225][T17991] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 804.134465][T17991] cramfs: wrong magic [ 806.257269][T18030] input: syz1 as /devices/virtual/input/input24 [ 806.517340][T18030] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 806.733234][T18038] MTD: Attempt to mount non-MTD device "/dev/nbd0" [ 806.744314][T18038] cramfs: wrong magic [ 808.982216][T18063] usb usb9: usbfs: process 18063 (syz.3.3749) did not claim interface 0 before use [ 808.986549][T18063] usb usb9: selecting invalid altsetting 21783 [ 811.281675][ T39] audit: type=1400 audit(2000000427.833:2167): avc: denied { bind } for pid=18110 comm="syz.2.3767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 814.426824][ T39] audit: type=1400 audit(2000000430.973:2168): avc: denied { setattr } for pid=18156 comm="syz.0.3779" name="PACKET" dev="sockfs" ino=59714 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 814.648507][ T1386] ieee802154 phy0 wpan0: encryption failed: -22 [ 818.522866][T18219] fuse: Unknown parameter '0x0000000000000005' [ 818.683740][T18225] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 821.138064][T18285] program syz.2.3814 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 822.358343][T18311] binder: 18300:18311 ioctl c0306201 200001c0 returned -14 [ 823.628647][T18335] No such timeout policy "syz1" [ 824.784104][T18352] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3832'. [ 827.228276][T18382] x_tables: duplicate underflow at hook 1 [ 827.880634][T18398] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3846'. [ 828.492181][T18403] lo speed is unknown, defaulting to 1000 [ 828.496213][T18403] vcan0 speed is unknown, defaulting to 1000 [ 829.518999][T18414] input: syz1 as /devices/virtual/input/input25 [ 829.888384][T18416] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3851'. [ 829.920164][ T39] audit: type=1400 audit(2000000446.473:2169): avc: denied { append } for pid=18421 comm="syz.3.3853" name="renderD128" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 830.146797][T18435] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3858'. [ 830.310966][T12587] Bluetooth: hci0: unexpected event for opcode 0x203c [ 830.330135][T18441] fuse: Unknown parameter '0x0000000000000005' [ 830.402324][T18447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3861'. [ 831.086675][ C2] vkms_vblank_simulate: vblank timer overrun [ 831.933321][T18471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3868'. [ 832.166748][T12013] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 832.385408][T12013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 832.390111][T12013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 832.394252][T12013] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 832.407319][T12013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 832.426365][T12013] usb 6-1: config 0 descriptor?? [ 833.027357][T12013] hid (null): bogus close delimiter [ 833.235409][T12013] usb 6-1: string descriptor 0 read error: -22 [ 833.670986][T12013] uclogic 0003:256C:006D.000E: failed retrieving string descriptor #100: -71 [ 833.679271][T12013] uclogic 0003:256C:006D.000E: failed retrieving pen parameters: -71 [ 833.683598][T12013] uclogic 0003:256C:006D.000E: failed probing pen v1 parameters: -71 [ 833.688815][T12013] uclogic 0003:256C:006D.000E: failed probing parameters: -71 [ 833.693108][T12013] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71 [ 833.698819][T12013] usb 6-1: USB disconnect, device number 22 [ 834.733590][T18530] input: syz1 as /devices/virtual/input/input26 [ 836.930457][ T39] audit: type=1400 audit(2000000453.483:2170): avc: denied { write } for pid=18563 comm="syz.1.3903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 837.962534][T18597] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3913'. [ 839.063080][T12013] IPVS: starting estimator thread 0... [ 839.239182][T18623] IPVS: using max 35 ests per chain, 84000 per kthread [ 840.259648][ T39] audit: type=1400 audit(2000000456.783:2171): avc: denied { mount } for pid=18633 comm="syz.1.3926" name="/" dev="ramfs" ino=60846 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 840.628053][T18657] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3932'. [ 841.357610][ T39] audit: type=1400 audit(2000000457.913:2172): avc: denied { unmount } for pid=13023 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 841.590769][T18667] program syz.1.3935 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 841.735944][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 842.410133][T18689] Option ',¨©:¿ÐÁé5S¤Š}˜cˆ°‚ûì"¼§&7ý' to dns_resolver key: bad/missing value [ 843.413223][ T39] audit: type=1400 audit(2000000459.963:2173): avc: denied { create } for pid=18702 comm="syz.2.3943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 845.465440][T12587] Bluetooth: hci0: unexpected event for opcode 0x204e [ 845.846900][T18734] fuse: Unknown parameter '0xffffffffffffffff' [ 846.405749][ T39] audit: type=1400 audit(2000000462.963:2174): avc: denied { read } for pid=18739 comm="syz.0.3955" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 846.433105][ T39] audit: type=1400 audit(2000000462.973:2175): avc: denied { open } for pid=18739 comm="syz.0.3955" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 846.741235][T18749] fuse: Unknown parameter 'grou‚_id' [ 847.235398][ T39] audit: type=1326 audit(2000000463.783:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 847.255538][ T39] audit: type=1326 audit(2000000463.783:2177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 847.275353][ T39] audit: type=1326 audit(2000000463.783:2178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 847.288366][ T39] audit: type=1326 audit(2000000463.783:2179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 847.315249][ T39] audit: type=1326 audit(2000000463.783:2180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 847.327634][ T39] audit: type=1326 audit(2000000463.803:2181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 847.339453][ T39] audit: type=1326 audit(2000000463.803:2182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18756 comm="syz.0.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f717def9 code=0x7ffc0000 [ 848.158884][T18778] fuse: Unknown parameter 'grou‚_id' [ 848.515419][ T39] kauditd_printk_skb: 31 callbacks suppressed [ 848.515431][ T39] audit: type=1326 audit(2000000465.023:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.541450][ T39] audit: type=1326 audit(2000000465.023:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.556330][ T39] audit: type=1326 audit(2000000465.023:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.572201][ T39] audit: type=1326 audit(2000000465.023:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.586027][ T39] audit: type=1326 audit(2000000465.023:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.605334][ T39] audit: type=1326 audit(2000000465.023:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.622033][ T39] audit: type=1326 audit(2000000465.023:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.648354][ T39] audit: type=1326 audit(2000000465.023:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.659014][ T39] audit: type=1326 audit(2000000465.023:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 848.670619][ T39] audit: type=1326 audit(2000000465.023:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18786 comm="syz.2.3971" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098ff7def9 code=0x7ffc0000 [ 849.403399][T18795] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3973'. [ 851.551634][T18839] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3983'. [ 853.176404][ T25] libceph: connect (1)[c::]:6789 error -101 [ 853.179647][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 853.266477][T12013] libceph: connect (1)[c::]:6789 error -101 [ 853.270338][T12013] libceph: mon0 (1)[c::]:6789 connect error [ 853.435785][ T25] libceph: connect (1)[c::]:6789 error -101 [ 853.441469][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 853.559142][T12013] libceph: connect (1)[c::]:6789 error -101 [ 853.571365][T12013] libceph: mon0 (1)[c::]:6789 connect error [ 853.945940][ T25] libceph: connect (1)[c::]:6789 error -101 [ 853.948891][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 853.950329][T18877] ceph: No mds server is up or the cluster is laggy [ 853.953319][T18872] ceph: No mds server is up or the cluster is laggy [ 855.308825][T18935] netlink: 'syz.1.4006': attribute type 13 has an invalid length. [ 856.371249][T18949] fuse: Unknown parameter '0xffffffffffffffff' [ 857.335415][T12013] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 857.539308][T12013] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 857.544268][T12013] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 857.555909][T12013] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 857.560443][T12013] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 857.564801][T12013] usb 5-1: Manufacturer: syz [ 857.588116][T12013] usb 5-1: config 0 descriptor?? [ 857.907096][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 857.907111][ T39] audit: type=1400 audit(2000000474.463:2231): avc: denied { write } for pid=18963 comm="syz.3.4016" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 857.946408][ T39] audit: type=1400 audit(2000000474.483:2232): avc: denied { ioctl } for pid=18963 comm="syz.3.4016" path="/dev/nvram" dev="devtmpfs" ino=633 ioctlcmd=0xaee0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 858.198777][T11206] ================================================================== [ 858.203707][T11206] BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.209491][T11206] Read of size 8 at addr ffff88802ab0f418 by task kworker/u33:0/11206 [ 858.216165][T11206] [ 858.217242][T11206] CPU: 1 UID: 0 PID: 11206 Comm: kworker/u33:0 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0 [ 858.222594][T11206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 858.227333][T11206] Workqueue: hci0 hci_cmd_sync_work [ 858.229641][T11206] Call Trace: [ 858.231137][T11206] [ 858.232456][T11206] dump_stack_lvl+0x116/0x1f0 [ 858.234592][T11206] print_report+0xc3/0x620 [ 858.236820][T11206] ? __virt_addr_valid+0x5e/0x590 [ 858.239040][T11206] ? __phys_addr+0xc6/0x150 [ 858.241031][T11206] kasan_report+0xd9/0x110 [ 858.243150][T11206] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.245706][T11206] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.247965][T11206] mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.250117][T11206] hci_cmd_sync_work+0x1a4/0x410 [ 858.252053][T11206] process_one_work+0x9c5/0x1b40 [ 858.253999][T11206] ? __pfx_lock_acquire+0x10/0x10 [ 858.256140][T11206] ? __pfx_process_one_work+0x10/0x10 [ 858.258492][T11206] ? assign_work+0x1a0/0x250 [ 858.260606][T11206] worker_thread+0x6c8/0xed0 [ 858.262732][T11206] ? __kthread_parkme+0x148/0x220 [ 858.264927][T11206] ? __pfx_worker_thread+0x10/0x10 [ 858.267103][T11206] kthread+0x2c1/0x3a0 [ 858.268862][T11206] ? _raw_spin_unlock_irq+0x23/0x50 [ 858.271033][T11206] ? __pfx_kthread+0x10/0x10 [ 858.272879][T11206] ret_from_fork+0x45/0x80 [ 858.274929][T11206] ? __pfx_kthread+0x10/0x10 [ 858.276963][T11206] ret_from_fork_asm+0x1a/0x30 [ 858.279058][T11206] [ 858.280502][T11206] [ 858.281594][T11206] Allocated by task 18278: [ 858.283820][T11206] kasan_save_stack+0x33/0x60 [ 858.286233][T11206] kasan_save_track+0x14/0x30 [ 858.288684][T11206] __kasan_kmalloc+0xaa/0xb0 [ 858.291434][T11206] mgmt_pending_new+0x5b/0x290 [ 858.294066][T11206] mgmt_pending_add+0x36/0x160 [ 858.296424][T11206] remove_adv_monitor+0x124/0x1b0 [ 858.299449][T11206] hci_sock_sendmsg+0x1528/0x25e0 [ 858.301920][T11206] sock_write_iter+0x50a/0x5c0 [ 858.304168][T11206] vfs_write+0x6b6/0x1140 [ 858.306166][T11206] ksys_write+0x1f8/0x260 [ 858.308164][T11206] do_syscall_64+0xcd/0x250 [ 858.310728][T11206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.313548][T11206] [ 858.314697][T11206] Freed by task 18972: [ 858.316565][T11206] kasan_save_stack+0x33/0x60 [ 858.318775][T11206] kasan_save_track+0x14/0x30 [ 858.321240][T11206] kasan_save_free_info+0x3b/0x60 [ 858.323652][T11206] poison_slab_object+0xf7/0x160 [ 858.326197][T11206] __kasan_slab_free+0x32/0x50 [ 858.329125][T11206] kfree+0x12a/0x3b0 [ 858.331828][T11206] cmd_complete_rsp+0x119/0x160 [ 858.335262][T11206] mgmt_pending_foreach+0xdf/0x140 [ 858.337970][T11206] __mgmt_power_off+0x12f/0x2c0 [ 858.340187][T11206] hci_dev_close_sync+0xc33/0x1110 [ 858.342657][T11206] hci_dev_do_close+0x2e/0x90 [ 858.346201][T11206] hci_dev_close+0x183/0x1e0 [ 858.349051][T11206] hci_sock_ioctl+0x28c/0x880 [ 858.352006][T11206] sock_do_ioctl+0x116/0x280 [ 858.354952][T11206] sock_ioctl+0x22e/0x6c0 [ 858.357627][T11206] __x64_sys_ioctl+0x193/0x220 [ 858.360537][T11206] do_syscall_64+0xcd/0x250 [ 858.363158][T11206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.366858][T11206] [ 858.368120][T11206] The buggy address belongs to the object at ffff88802ab0f400 [ 858.368120][T11206] which belongs to the cache kmalloc-96 of size 96 [ 858.375470][T11206] The buggy address is located 24 bytes inside of [ 858.375470][T11206] freed 96-byte region [ffff88802ab0f400, ffff88802ab0f460) [ 858.382128][T11206] [ 858.383321][T11206] The buggy address belongs to the physical page: [ 858.386559][T11206] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802ab0f300 pfn:0x2ab0f [ 858.391305][T11206] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 858.394442][T11206] page_type: 0xfdffffff(slab) [ 858.396472][T11206] raw: 00fff00000000000 ffff88801ac42280 ffffea00012fb540 dead000000000004 [ 858.401795][T11206] raw: ffff88802ab0f300 0000000000200009 00000001fdffffff 0000000000000000 [ 858.405264][T11206] page dumped because: kasan: bad access detected [ 858.407956][T11206] page_owner tracks the page as allocated [ 858.410438][T11206] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1165, tgid 1165 (kworker/u32:9), ts 71974063550, free_ts 70470028792 [ 858.418807][T11206] post_alloc_hook+0x2d1/0x350 [ 858.420850][T11206] get_page_from_freelist+0x1351/0x2e50 [ 858.423108][T11206] __alloc_pages_noprof+0x22b/0x2460 [ 858.425119][T11206] alloc_slab_page+0x4e/0xf0 [ 858.426961][T11206] new_slab+0x84/0x260 [ 858.428548][T11206] ___slab_alloc+0xdac/0x1870 [ 858.430488][T11206] __slab_alloc.constprop.0+0x56/0xb0 [ 858.432748][T11206] __kmalloc_cache_noprof+0x2b4/0x300 [ 858.435084][T11206] dst_cow_metrics_generic+0x4c/0x1e0 [ 858.437377][T11206] icmp6_dst_alloc+0x370/0x490 [ 858.439518][T11206] ndisc_send_skb+0x1279/0x1c30 [ 858.441643][T11206] ndisc_send_rs+0x129/0x670 [ 858.443480][T11206] addrconf_dad_completed+0x4a1/0x1060 [ 858.445552][T11206] addrconf_dad_work+0x7fb/0x14d0 [ 858.447479][T11206] process_one_work+0x9c5/0x1b40 [ 858.449406][T11206] worker_thread+0x6c8/0xed0 [ 858.451588][T11206] page last free pid 5402 tgid 5402 stack trace: [ 858.455233][T11206] free_unref_page+0x64a/0xe40 [ 858.457392][T11206] qlist_free_all+0x4e/0x140 [ 858.459525][T11206] kasan_quarantine_reduce+0x192/0x1e0 [ 858.461912][T11206] __kasan_slab_alloc+0x69/0x90 [ 858.464499][T11206] kmem_cache_alloc_noprof+0x121/0x2f0 [ 858.467288][T11206] mas_alloc_nodes+0x176/0x860 [ 858.469362][T11206] mas_node_count_gfp+0x105/0x130 [ 858.471576][T11206] mas_preallocate+0x3bb/0x1020 [ 858.473703][T11206] __split_vma+0x474/0x11c0 [ 858.475692][T11206] do_vmi_align_munmap+0x362/0x19c0 [ 858.478226][T11206] do_vmi_munmap+0x231/0x410 [ 858.480280][T11206] mmap_region+0x17f/0x2760 [ 858.482240][T11206] do_mmap+0xbfb/0xfb0 [ 858.484012][T11206] vm_mmap_pgoff+0x1ba/0x360 [ 858.486029][T11206] ksys_mmap_pgoff+0x332/0x5d0 [ 858.488240][T11206] __x64_sys_mmap+0x125/0x190 [ 858.490448][T11206] [ 858.491546][T11206] Memory state around the buggy address: [ 858.493947][T11206] ffff88802ab0f300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 858.497972][T11206] ffff88802ab0f380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 858.502498][T11206] >ffff88802ab0f400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 858.506171][T11206] ^ [ 858.508466][T11206] ffff88802ab0f480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 858.512621][T11206] ffff88802ab0f500: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 858.516776][T11206] ================================================================== [ 858.541591][T11206] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 858.545029][T11206] CPU: 0 UID: 0 PID: 11206 Comm: kworker/u33:0 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 858.549828][T11206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 858.555159][T11206] Workqueue: hci0 hci_cmd_sync_work [ 858.559305][T11206] Call Trace: [ 858.560636][T11206] [ 858.561789][T11206] dump_stack_lvl+0x3d/0x1f0 [ 858.563603][T11206] panic+0x6dc/0x7c0 [ 858.565141][T11206] ? __pfx_panic+0x10/0x10 [ 858.566896][T11206] ? irqentry_exit+0x3b/0x90 [ 858.568937][T11206] ? lockdep_hardirqs_on+0x7c/0x110 [ 858.571270][T11206] ? preempt_schedule_thunk+0x1a/0x30 [ 858.573608][T11206] ? preempt_schedule_common+0x44/0xc0 [ 858.592533][T11206] ? check_panic_on_warn+0x1f/0xb0 [ 858.598633][T11206] check_panic_on_warn+0xab/0xb0 [ 858.601680][T11206] end_report+0x117/0x180 [ 858.603890][T11206] kasan_report+0xe9/0x110 [ 858.606946][T11206] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.610677][T11206] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.613190][T11206] mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 858.616615][T11206] hci_cmd_sync_work+0x1a4/0x410 [ 858.618730][T11206] process_one_work+0x9c5/0x1b40 [ 858.620753][T11206] ? __pfx_lock_acquire+0x10/0x10 [ 858.623269][T11206] ? __pfx_process_one_work+0x10/0x10 [ 858.626003][T11206] ? assign_work+0x1a0/0x250 [ 858.628239][T11206] worker_thread+0x6c8/0xed0 [ 858.630503][T11206] ? __kthread_parkme+0x148/0x220 [ 858.632654][T11206] ? __pfx_worker_thread+0x10/0x10 [ 858.635149][T11206] kthread+0x2c1/0x3a0 [ 858.636988][T11206] ? _raw_spin_unlock_irq+0x23/0x50 [ 858.639260][T11206] ? __pfx_kthread+0x10/0x10 [ 858.641247][T11206] ret_from_fork+0x45/0x80 [ 858.643169][T11206] ? __pfx_kthread+0x10/0x10 [ 858.645188][T11206] ret_from_fork_asm+0x1a/0x30 [ 858.648300][T11206] [ 858.650844][T11206] Kernel Offset: disabled [ 858.652689][T11206] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:50:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffc9000697ff58 RCX=ffffffff814fd791 RDX=ffff888029a3a440 RSI=ffffffff814fd972 RDI=ffffc9000697ff58 RBP=ffffc9000697ff48 RSP=ffffc9000697ff20 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=000000000000003d R13=000000000000003d R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8b16efc0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055555d360500 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002004a000 CR3=000000003fa40000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe2e55e7f0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f81795f199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f81795f19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f81795f19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f81795f19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f81795f1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f81795f1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000002f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85030e45 RDI=ffffffff9a5b4fa0 RBP=ffffffff9a5b4f60 RSP=ffffc9000371f710 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3062613230386552 R12=0000000000000000 R13=000000000000002f R14=ffffffff85030de0 R15=0000000000000000 RIP=ffffffff85030e6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 000fffff 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 000fffff 00000000 FS =0000 0000000000000000 000fffff 00000000 GS =0000 ffff88806a700000 000fffff 00000000 LDT=0000 0000000000000000 000fffff 00000000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000043aca000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813084bd ffffffff813107f5 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813107f5 ffffffff813084bd ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff813084bd ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f098fff199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f098fff19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f098fff19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f098fff19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f098fff1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f098fff1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82047f41 ffffffff82047f0e ffffffff82047ef1 ffffffff82047d66 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff820483cc ffffffff8204833b ffffffff00040008 000c00130014000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82047fc1 ffffffff82047f41 ffffffff82047f0e ffffffff82047ef1 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff90144d18 RBX=1ffff92000becef0 RCX=ffffffff8169c0c9 RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff90144d18 RBP=0000000000000002 RSP=ffffc90005f67760 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000001 R12=ffff88806a83edd8 R13=ffff88802a7df200 R14=000000000003db0c R15=ffff88806a83edc0 RIP=ffffffff81ea8ab2 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0990c656c0 CR3=0000000043ad0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac8210b488 00007fac8210b480 00007fac8210b478 00007fac8210b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac82c6d100 00007fac8210b440 00007fac82100004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac8210b498 00007fac8210b490 00007fac8210b488 00007fac8210b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=bf8c2ea922061a85 RCX=ffffffff81698ce8 RDX=1ffff11006a3ca6a RSI=0000000000000008 RDI=ffffffff96924708 RBP=0000000000000040 RSP=ffffc90000908b78 R8 =0000000000000000 R9 =fffffbfff2d248e1 R10=ffffffff9692470f R11=0000000000000000 R12=ffff8880351e5381 R13=ffff8880351e5388 R14=0000000000000002 R15=ffff8880351e4880 RIP=ffffffff81698837 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f817a2c76c0 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3a008e CR3=0000000043ad0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac81ff1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac8210b488 00007fac8210b480 00007fac8210b478 00007fac8210b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac82c6d100 00007fac8210b440 00007fac82100004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac8210b498 00007fac8210b490 00007fac8210b488 00007fac8210b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000