last executing test programs: 20.993314833s ago: executing program 2 (id=690): r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="580000001000370401000000f8dbdf2500000000", @ANYRES32=r1, @ANYBLOB="890c040031810000300012800900010069706970000000002000028008000200ac1414bb06000f000200000004001300050005000100000008001f0006"], 0x58}, 0x1, 0x0, 0x0, 0x44801}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r3, &(0x7f0000001680)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @loopback}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000500)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x2, 0x4040880) 20.992537951s ago: executing program 2 (id=691): mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0xa031, 0xffffffffffffffff, 0x180000000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000005, 0x10010, r2, 0x308e6000) remap_file_pages(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x1, 0x0) 20.843479275s ago: executing program 2 (id=692): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x101080, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x50, r0, 0xbd65000) 20.842363922s ago: executing program 2 (id=693): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x3d520, 0x0, 0x2d, 0x6, 0xfe, "0012412d08d500201e200021077b0a0080edff"}) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000040)=0xd) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{@gid}]}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="450a000000ff03ffc311a400100100001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) 20.763358854s ago: executing program 2 (id=694): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x82, 0x158}, 0x18) openat(r1, &(0x7f00000001c0)='./file0\x00', 0x64100, 0x24) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)={0x44, r0, 0x801, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac08}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x44151}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, r0, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xfffb}, @NL80211_ATTR_MAC={0xa, 0x6, @random="9694159def44"}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000044}, 0x24000000) 20.540754141s ago: executing program 2 (id=698): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="07000000000000000000020000001400018006000100020f"], 0x28}}, 0x0) (async) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="07000000000000000000020000001400018006000100020f"], 0x28}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x2, 0x2) sendmsg$SMC_PNETID_GET(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) (async) close_range(r8, 0xffffffffffffffff, 0x0) getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r9, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@deltclass={0x24, 0x29, 0x800, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xd, 0xfff3}, {0xb, 0xfff1}, {0x6, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x4000) socket$netlink(0x10, 0x3, 0x0) (async) r10 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$KVM_SET_IRQCHIP(r5, 0xc048aec8, &(0x7f0000000080)={0x0, 0x0, @ioapic={0xffff1000, 0x1, 0x3, 0x4, 0x0, [{0x3, 0x99, 0x6, '\x00', 0xa}, {0x5, 0x1, 0x6b, '\x00', 0x21}, {0x8, 0x11, 0x2d, '\x00', 0xb}, {0x6d, 0x3, 0x2, '\x00', 0x3}, {0x8, 0x4, 0x4, '\x00', 0x23}, {0x4, 0x7, 0x91, '\x00', 0x7}, {0x9, 0x0, 0x8, '\x00', 0x6}, {0x6, 0x80, 0x94, '\x00', 0x7}, {0x3, 0xff, 0x8, '\x00', 0xfa}, {0x8, 0xe4, 0x1, '\x00', 0x3}, {0x8, 0x7, 0xe, '\x00', 0x4}, {0x0, 0x3, 0x9, '\x00', 0x7}, {0x6, 0xa, 0x1}, {0x6, 0x4, 0x4, '\x00', 0x7}, {0x81, 0x8, 0xc, '\x00', 0x1}, {0x9, 0x9, 0xe9, '\x00', 0x5}, {0x8, 0x0, 0xc6, '\x00', 0x8e}, {0xa, 0x3, 0x8, '\x00', 0xc5}, {0x1, 0xa3, 0x7}, {0x81, 0x3, 0x7, '\x00', 0x1}, {0x40, 0x5, 0x9, '\x00', 0xc}, {0x8, 0x80, 0x4b, '\x00', 0x6}, {0x9, 0x9, 0xf4, '\x00', 0x7}, {0x7f, 0x7, 0x9, '\x00', 0xdd}]}}) (async) ioctl$KVM_SET_IRQCHIP(r5, 0xc048aec8, &(0x7f0000000080)={0x0, 0x0, @ioapic={0xffff1000, 0x1, 0x3, 0x4, 0x0, [{0x3, 0x99, 0x6, '\x00', 0xa}, {0x5, 0x1, 0x6b, '\x00', 0x21}, {0x8, 0x11, 0x2d, '\x00', 0xb}, {0x6d, 0x3, 0x2, '\x00', 0x3}, {0x8, 0x4, 0x4, '\x00', 0x23}, {0x4, 0x7, 0x91, '\x00', 0x7}, {0x9, 0x0, 0x8, '\x00', 0x6}, {0x6, 0x80, 0x94, '\x00', 0x7}, {0x3, 0xff, 0x8, '\x00', 0xfa}, {0x8, 0xe4, 0x1, '\x00', 0x3}, {0x8, 0x7, 0xe, '\x00', 0x4}, {0x0, 0x3, 0x9, '\x00', 0x7}, {0x6, 0xa, 0x1}, {0x6, 0x4, 0x4, '\x00', 0x7}, {0x81, 0x8, 0xc, '\x00', 0x1}, {0x9, 0x9, 0xe9, '\x00', 0x5}, {0x8, 0x0, 0xc6, '\x00', 0x8e}, {0xa, 0x3, 0x8, '\x00', 0xc5}, {0x1, 0xa3, 0x7}, {0x81, 0x3, 0x7, '\x00', 0x1}, {0x40, 0x5, 0x9, '\x00', 0xc}, {0x8, 0x80, 0x4b, '\x00', 0x6}, {0x9, 0x9, 0xf4, '\x00', 0x7}, {0x7f, 0x7, 0x9, '\x00', 0xdd}]}}) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x4, @local, 0xb}, 0x1c) listen(r3, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaeaaaaaaaa86dd6000150000180600fe800000000000000000000000000000000000000000aa00004e22000000000000000000", @ANYBLOB="3d286ff1f5d716f460f4709030018fc2624c7fed5a12e5c8a302937a57efaf5f9239fa6d4f79b83892c74f874def768e0eb3a85f3ea1b90c94f127ba1533c11febbf60f408bd8d6a480433b1dacd69ed810dddbab03600226a899980052e", @ANYBLOB="77024f73ccc0f076e6fe3438d473595d983345b1d8b97ac77bcdb8c9079e5b94f1d0592ac32f867328776f849145c107d6633f0777cff05dd52cb41f489772214c68c5aac51adb076d6ca364c7d572111df96e494fab506f465c054c1eba1ccbce039514da7c5daadbd7e2799aa672c919fa484cc8708dd524d516f0f0bdf1539b728b6989902b1dadc020e3997136b0e1c600e132957fd01cf156fbf9230ba3c3985a406be5bf325232f9f34fd1be2102440407a54a", @ANYBLOB="64c20209907800101e040135bc59cd61a073def1aeb8f43e6f608e467c972afc57"], 0x0) 20.417667487s ago: executing program 32 (id=698): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="07000000000000000000020000001400018006000100020f"], 0x28}}, 0x0) (async) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="07000000000000000000020000001400018006000100020f"], 0x28}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x2, 0x2) sendmsg$SMC_PNETID_GET(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) (async) close_range(r8, 0xffffffffffffffff, 0x0) getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r9, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@deltclass={0x24, 0x29, 0x800, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xd, 0xfff3}, {0xb, 0xfff1}, {0x6, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x4000) socket$netlink(0x10, 0x3, 0x0) (async) r10 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$KVM_SET_IRQCHIP(r5, 0xc048aec8, &(0x7f0000000080)={0x0, 0x0, @ioapic={0xffff1000, 0x1, 0x3, 0x4, 0x0, [{0x3, 0x99, 0x6, '\x00', 0xa}, {0x5, 0x1, 0x6b, '\x00', 0x21}, {0x8, 0x11, 0x2d, '\x00', 0xb}, {0x6d, 0x3, 0x2, '\x00', 0x3}, {0x8, 0x4, 0x4, '\x00', 0x23}, {0x4, 0x7, 0x91, '\x00', 0x7}, {0x9, 0x0, 0x8, '\x00', 0x6}, {0x6, 0x80, 0x94, '\x00', 0x7}, {0x3, 0xff, 0x8, '\x00', 0xfa}, {0x8, 0xe4, 0x1, '\x00', 0x3}, {0x8, 0x7, 0xe, '\x00', 0x4}, {0x0, 0x3, 0x9, '\x00', 0x7}, {0x6, 0xa, 0x1}, {0x6, 0x4, 0x4, '\x00', 0x7}, {0x81, 0x8, 0xc, '\x00', 0x1}, {0x9, 0x9, 0xe9, '\x00', 0x5}, {0x8, 0x0, 0xc6, '\x00', 0x8e}, {0xa, 0x3, 0x8, '\x00', 0xc5}, {0x1, 0xa3, 0x7}, {0x81, 0x3, 0x7, '\x00', 0x1}, {0x40, 0x5, 0x9, '\x00', 0xc}, {0x8, 0x80, 0x4b, '\x00', 0x6}, {0x9, 0x9, 0xf4, '\x00', 0x7}, {0x7f, 0x7, 0x9, '\x00', 0xdd}]}}) (async) ioctl$KVM_SET_IRQCHIP(r5, 0xc048aec8, &(0x7f0000000080)={0x0, 0x0, @ioapic={0xffff1000, 0x1, 0x3, 0x4, 0x0, [{0x3, 0x99, 0x6, '\x00', 0xa}, {0x5, 0x1, 0x6b, '\x00', 0x21}, {0x8, 0x11, 0x2d, '\x00', 0xb}, {0x6d, 0x3, 0x2, '\x00', 0x3}, {0x8, 0x4, 0x4, '\x00', 0x23}, {0x4, 0x7, 0x91, '\x00', 0x7}, {0x9, 0x0, 0x8, '\x00', 0x6}, {0x6, 0x80, 0x94, '\x00', 0x7}, {0x3, 0xff, 0x8, '\x00', 0xfa}, {0x8, 0xe4, 0x1, '\x00', 0x3}, {0x8, 0x7, 0xe, '\x00', 0x4}, {0x0, 0x3, 0x9, '\x00', 0x7}, {0x6, 0xa, 0x1}, {0x6, 0x4, 0x4, '\x00', 0x7}, {0x81, 0x8, 0xc, '\x00', 0x1}, {0x9, 0x9, 0xe9, '\x00', 0x5}, {0x8, 0x0, 0xc6, '\x00', 0x8e}, {0xa, 0x3, 0x8, '\x00', 0xc5}, {0x1, 0xa3, 0x7}, {0x81, 0x3, 0x7, '\x00', 0x1}, {0x40, 0x5, 0x9, '\x00', 0xc}, {0x8, 0x80, 0x4b, '\x00', 0x6}, {0x9, 0x9, 0xf4, '\x00', 0x7}, {0x7f, 0x7, 0x9, '\x00', 0xdd}]}}) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x4, @local, 0xb}, 0x1c) listen(r3, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaeaaaaaaaa86dd6000150000180600fe800000000000000000000000000000000000000000aa00004e22000000000000000000", @ANYBLOB="3d286ff1f5d716f460f4709030018fc2624c7fed5a12e5c8a302937a57efaf5f9239fa6d4f79b83892c74f874def768e0eb3a85f3ea1b90c94f127ba1533c11febbf60f408bd8d6a480433b1dacd69ed810dddbab03600226a899980052e", @ANYBLOB="77024f73ccc0f076e6fe3438d473595d983345b1d8b97ac77bcdb8c9079e5b94f1d0592ac32f867328776f849145c107d6633f0777cff05dd52cb41f489772214c68c5aac51adb076d6ca364c7d572111df96e494fab506f465c054c1eba1ccbce039514da7c5daadbd7e2799aa672c919fa484cc8708dd524d516f0f0bdf1539b728b6989902b1dadc020e3997136b0e1c600e132957fd01cf156fbf9230ba3c3985a406be5bf325232f9f34fd1be2102440407a54a", @ANYBLOB="64c20209907800101e040135bc59cd61a073def1aeb8f43e6f608e467c972afc57"], 0x0) 1.603049974s ago: executing program 4 (id=965): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x12, r0, 0x0) vmsplice(r0, &(0x7f0000000300)=[{&(0x7f0000000340)='N', 0x1}], 0x1, 0x0) r2 = semget$private(0x0, 0x3, 0x0) semop(r2, &(0x7f0000000000)=[{0x1, 0xff00, 0x3000}], 0x1) semctl$GETNCNT(r2, 0x1, 0xe, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x2000000, 0x0, {{{@in6=@mcast1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0xa0}, {@in6=@dev={0xfe, 0x80, '\x00', 0x2e}, 0x0, 0x33}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffff1}, {0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffe}, {0xe6, 0x0, 0x4c}}, 0x0, 0x1a0b1}}, 0xf8}}, 0x20000000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x0) (async) close_range(r3, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x10, 0x8, 0x0, 0x10}, 0x50) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x10, 0x8, 0x0, 0x10}, 0x50) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r5, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r4}, &(0x7f0000000240)=0x43, &(0x7f0000000280)=r5}, 0x20) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="67d8901bdb", 0x5}], 0x1}, 0x0) (async) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="67d8901bdb", 0x5}], 0x1}, 0x0) recvmmsg$unix(r7, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10120, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.522647573s ago: executing program 4 (id=968): r0 = fsmount(0xffffffffffffffff, 0x0, 0x81) quotactl_fd$Q_SYNC(r0, 0x3, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4e071, 0xffffffffffffffff, 0x80000000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 1.443222853s ago: executing program 4 (id=969): prctl$PR_SET_KEEPCAPS(0x8, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110440000000000dc0500002000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48) 1.442554043s ago: executing program 4 (id=970): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00001b4000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x12, 0x0, 0x0) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x6}, @NHA_FDB={0x4}]}, 0x24}}, 0x0) (async) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2}) (async) r3 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x200, 0x154) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) connect$can_j1939(r3, &(0x7f0000000200)={0x1d, r4, 0x0, {0x0, 0x0, 0x3}, 0xfe}, 0x18) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000540), 0x800, 0x0) ioctl$RTC_ALM_READ(r5, 0x80247008, &(0x7f0000002740)) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x3}, 0x24}}, 0x0) (async) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000400), r7) sendmsg$NLBL_MGMT_C_REMOVEDEF(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r8, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48005}, 0x4) (async) setsockopt$inet6_tcp_int(r6, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) (async) recvmmsg(r6, 0x0, 0x0, 0x100, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000180)=@multiplanar_userptr={0x7, 0xa, 0x4, 0x0, 0x89, {}, {0x5, 0x8, 0xc1, 0x6a, 0x9, 0x5, "a8ed9837"}, 0xfff, 0x2, {&(0x7f00000000c0)=[{0x0, 0x8000, {0x0}, 0xa}, {0x9fb, 0xd4, {0x0}, 0xfff}]}, 0x5}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc}) 1.352711604s ago: executing program 4 (id=971): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x19a) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cgroup.max.depth\x00', 0x2, 0x0) sendfile(r0, r1, &(0x7f00000000c0)=0x10000, 0x81) (async) sendfile(r1, r1, 0x0, 0x97) 1.351531113s ago: executing program 4 (id=972): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd}}, 0x1c}}, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000c, 0x31, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0xffffbf7f) mkdir(0x0, 0x0) 1.151900956s ago: executing program 1 (id=973): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="8b3329bd70000000000005000000080003"], 0x1c}}, 0x0) r2 = syz_open_dev$media(&(0x7f0000000040), 0x43, 0xe0000) ioctl$MEDIA_IOC_G_TOPOLOGY(r2, 0xc0487c04, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000140)=[{}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4c}, [@ldst={0x3, 0x0, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 1.151590666s ago: executing program 1 (id=974): getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000100)={@empty, @loopback, 0x0}, &(0x7f0000000140)=0xc) (async, rerun: 32) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) (rerun: 32) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x50) r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)=@o_path={&(0x7f0000000280)='./file0\x00', 0x0, 0x4000}, 0x18) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0x0, 0x9, 0x4}, 0xc) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x1, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x0, 0x3, 0x0, 0x9, 0x10}], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x69, &(0x7f0000000080)=""/105, 0x41000, 0x11, '\x00', r0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x2, 0x3, 0x0, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r2, r3, 0x1, r4], 0x0, 0x10, 0x8000}, 0x94) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000440)={'bond0\x00', 0x200}) (async, rerun: 32) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000004c0)=@o_path={&(0x7f0000000480)='./file0\x00', r3, 0x4000, r2}, 0x18) (async, rerun: 32) chdir(&(0x7f0000000500)='./file0\x00') (async, rerun: 64) readlink(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)=""/81, 0x51) (async, rerun: 64) landlock_restrict_self(0xffffffffffffffff, 0x3) (async, rerun: 64) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xf, 0x4, &(0x7f0000000600)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x6}, @map_val={0x18, 0x7, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000640)='syzkaller\x00', 0x7, 0x0, &(0x7f0000000680), 0x40f00, 0x21, '\x00', r0, @fallback=0x13, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x2, 0x5, 0x170, 0x2}, 0x10, 0x0, r5, 0x7, &(0x7f0000000700)=[r3], &(0x7f0000000740)=[{0x2, 0x4, 0x2, 0x9}, {0x3, 0x4, 0x9, 0x9}, {0x5, 0x3, 0x0, 0x7}, {0x2, 0x5, 0x1, 0x4}, {0x1, 0x1, 0xd, 0x4}, {0x2, 0x5, 0x9, 0x5}, {0x5, 0x1, 0xf}]}, 0x94) (async, rerun: 64) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000880), 0x240400, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r7, 0xc0189378, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r3, {r6}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r8, 0xc0189372, &(0x7f0000000900)={{0x1, 0x1, 0x18, r1, {0xedb}}, './file0\x00'}) (async, rerun: 64) r10 = openat$cgroup_procs(r8, &(0x7f0000000940)='cgroup.threads\x00', 0x2, 0x0) (rerun: 64) fsetxattr$trusted_overlay_redirect(r10, &(0x7f0000000980), &(0x7f00000009c0)='./file0\x00', 0x8, 0x2) (async, rerun: 32) get_mempolicy(&(0x7f0000000a00), &(0x7f0000000a40), 0x601, &(0x7f0000ffd000/0x3000)=nil, 0x5) (async, rerun: 32) r11 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000ac0)=@generic={&(0x7f0000000a80)='./file1\x00'}, 0x18) (async) r12 = signalfd4(r7, &(0x7f0000000b00)={[0x7]}, 0x8, 0x0) (async) setsockopt$inet_udp_encap(r8, 0x11, 0x64, &(0x7f0000000b40)=0x5, 0x4) open_by_handle_at(r10, &(0x7f0000000b80)=@fuse={0xc, 0x81, {0xc, 0x5c, 0x5}}, 0x202000) ioctl$TIOCSETD(r12, 0x5423, &(0x7f0000000bc0)=0x12) (async) write(r3, &(0x7f0000000c00)="146ef65d004be43e35a6dd608db45ea29babd4003fd37b4cdee04af27c7d7bca63f293103e81e7b3560bf61c0b230ba1f9bc09459153325a50e3b448870598b2b54921b50723a1a0cc5affa42d6e82085e5b5690c13c4a3dff8c5e1b06ec91878603230d946ef7813c9b2f2a8dea678b803b46bac3fbeb40f7e527322b1f460ae2e6", 0x82) getsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f0000000d80)={{{@in=@loopback, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@private}}, &(0x7f0000000e80)=0xe8) (async) statx(r8, &(0x7f0000000ec0)='./file1\x00', 0x0, 0x206, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_virtio(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40), 0x2, &(0x7f0000001000)={'trans=virtio,', {[{@cache_none}, {@version_9p2000}, {@noextend}, {@dfltuid={'dfltuid', 0x3d, r13}}, {@fscache}, {@debug={'debug', 0x3d, 0x2}}, {@ignoreqv}, {@ignoreqv}, {@ignoreqv}], [{@fsname}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@fowner_eq={'fowner', 0x3d, r14}}]}}) (async) getpeername$unix(r9, &(0x7f00000010c0), &(0x7f0000001140)=0x6e) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r9, 0xc0189379, &(0x7f00000011c0)={{0x1, 0x1, 0x18, r11}, './file1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000001180), r15) 1.082666398s ago: executing program 1 (id=975): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b70200000b000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f7a80d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001e8c76bbe7ff988a28ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4522bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b9fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabfd50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd1389a0963de85dd2b189774450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f326df86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c39b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa525235da0000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc32a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f8293cf83bceaf6c9eda1f83166aa1e2093d626870510e6cd176d501fe01e4a752fc30134073188e3f826f695e4e14fca6596943467c7df154493023f77c107b3db20ea75b493b4b38dc43986d94748cbfab954edae20982b6d212a44f4b40387876bc9eb73900"/3112], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000100)="b9ff0b076859268cb89e14f088a847", 0x0, 0xf00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0xfffe, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)={0x18, 0x3, 0x1, 0x5, 0x0, 0x0, {0x7c4e8f2b0a2b5aa0, 0x0, 0x5}, [@CTA_TUPLE_REPLY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x11}, 0x40) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r5, r4], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) ioctl$DRM_IOCTL_MODE_GETENCODER(r6, 0xc01464a6, &(0x7f0000000180)={r7}) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000240)=@x86={0x88, 0x1c, 0x6, 0x0, 0x0, 0x1, 0x7, 0x9, 0x7, 0x8, 0x84, 0x3, 0x0, 0x9, 0x10, 0x8, 0xac, 0xd, 0x6, '\x00', 0x4, 0xffff}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r9, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r9, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r9, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r8, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r8, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) sendmmsg$inet6(r8, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r8, 0x84, 0x77, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="0100"], 0x18) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x34, r11, 0x1, 0xffffffff, 0x0, {0x2f}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) 831.836321ms ago: executing program 1 (id=980): mount(&(0x7f00000006c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x20d081, 0x0) r0 = socket(0x22, 0x2, 0x2) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000040), 0x4) r1 = accept$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs, &(0x7f0000000040)=0x6e) ioctl$AUTOFS_IOC_EXPIRE(r1, 0x810c9365, &(0x7f0000000140)={{0xf3e0, 0x80000000}, 0x100, './file0\x00'}) 707.797459ms ago: executing program 1 (id=984): syz_emit_ethernet(0xbd, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @remote, @void, {@generic={0x22f0, "af82e86e7c7a2c3690d53edcd790ebdf8f9ba6de95a52dc68120178a2649dc93f27244511c9383fe1d8ff6da2608ebf8b46d5bf649b1b6624bc1ed00223812a39c0a116975ad087c83fd4cacd2789d00d940f6e5b845f716da14b7888529a001309976a45ef4efeb08e1e21d9ad3c38967a16360e9e184527726f6ef491bb4ba073b3d797c4eb5eab41cf0e6feb0d6f8c3dedcb15cb00f58b24921f3593ec036d344e9653f0ea9cb9864771ed75442"}}}, 0x0) 707.618128ms ago: executing program 1 (id=985): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000001780)='/dev/comedi4\x00', 0x80000, 0x0) socket$kcm(0x2, 0xa, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') close_range(r1, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 706.486502ms ago: executing program 0 (id=987): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x88482) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000440)={{0xfffe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53}) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x100, 0x0, 0x65dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x20}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) ioctl$UI_DEV_CREATE(r1, 0x5501) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="700000000009010100000000000000000a000007080005400000000c0900010073797a310000ff000c00048008090000000000063c0002000c00028005000100010000002c0001"], 0x70}}, 0x80) ioctl$EVIOCGREP(r0, 0x80284504, &(0x7f0000000040)=""/102) syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x88, 0x3a, 0x0, @rand_addr=' \x01\x00', @mcast2, {[@routing={0x3c, 0xa, 0x1, 0x6, 0x0, [@dev={0xfe, 0x80, '\x00', 0x37}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x3a}]}], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00 \x00', 0x0, 0x1d, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x88482) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000440)={{0xfffe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53}) (async) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x100, 0x0, 0x65dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x20}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) (async) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0) (async) read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020) (async) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="700000000009010100000000000000000a000007080005400000000c0900010073797a310000ff000c00048008090000000000063c0002000c00028005000100010000002c0001"], 0x70}}, 0x80) (async) ioctl$EVIOCGREP(r0, 0x80284504, &(0x7f0000000040)=""/102) (async) syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x88, 0x3a, 0x0, @rand_addr=' \x01\x00', @mcast2, {[@routing={0x3c, 0xa, 0x1, 0x6, 0x0, [@dev={0xfe, 0x80, '\x00', 0x37}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x3a}]}], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00 \x00', 0x0, 0x1d, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0) (async) 587.008503ms ago: executing program 0 (id=989): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x18, 0x1402, 0x1, 0x70bd2a, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) sendto$inet6(r0, 0x0, 0x0, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, @empty, @empty, 0x0, 0x10}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000740)="55f4", 0x2}], 0x1}, 0x1) setsockopt$sock_attach_bpf(r3, 0x1, 0xa, &(0x7f0000000180), 0x4) recvmsg$unix(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x40010002) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setuid(0xee00) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="b7050000000000007910a80000000000c3a00000000000009500000000ca39496efaa63ab93dc5352d000000614329ebfe769a60e49a52eac935e5d370ed06a46d492970fa2c53fb2795fcf811ef4aebd8cf707e73c58a0287e296cec1eb97a155fe6a0529ad8f69249c2cc6cd66eaff44dd2941f74ec2d4366c25fdf426910fab2f2e3108771150df82fc0727f0cb78658662"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r5) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b800ab2c6acb371dbf6b0a03bd580000", @ANYRES16=r6, @ANYBLOB="000326bd7000fddbdf25700000000c00990007000000460000000a000600ffffffffffff00000a00060008021100000100000a000600ffffffffffff00000a000600ffffffffffff00000a000600ffffffffffff00000a00060008021100000100000a000600ffffffffffff00000a000600ffffffffffff00000a00060008021100000100000a0006000802110000010000"], 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x0) mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, r5, 0x0) munmap(&(0x7f0000b8b000/0x4000)=nil, 0x4000) 514.973464ms ago: executing program 0 (id=990): r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) (async) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0) (async) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) (async) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000680)=@filter={'filter\x00', 0xe, 0x4, 0x3f8, 0xffffffff, 0xf8, 0xf8, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000140), {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}, {0x0, 0x80}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x3, 0x5}, {0x3, 0x3, 0x7}}}}, {{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x2b, 0x9, 0x7, 0x7f, 0x101, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0x0, 0xffffff00, 0xff], [0xffffffff, 0xffffff00, 0xff, 0xffffffff], [0x0, 0x0, 0xff, 0xff000000], 0x100, 0x211}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x3, 0x5, 0x5}, {0x4, 0x0, 0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458) (async) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x48) syz_emit_vhci(&(0x7f00000004c0)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}}}, 0x9) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007000000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000640)='syzkaller\x00', 0x2}, 0x94) 514.722133ms ago: executing program 0 (id=991): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@private1, 0x20800, 0x1, 0x103, 0x1, 0x0, 0x7}, 0x20) (async, rerun: 64) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@local}, &(0x7f0000000040)=0xfffffffffffffff1) (rerun: 64) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async) timer_create(0x1, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001400)) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x2, 0x1}]}}, &(0x7f0000000140)=""/148, 0x26, 0x94, 0x1}, 0x20) (async, rerun: 64) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) (async, rerun: 64) writev(r1, &(0x7f0000000640)=[{&(0x7f00000006c0)="2e31b69c9bd4beb2ce56518bf0aea548722f054677edd0cb67e2afb987c3e16e3b65bfe50c4d55086a56832bebeb32802ecd8e61032995b891d24c782afea345", 0x40}], 0x1) (async) r2 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc02063a1, 0x0) (async) mount(&(0x7f00000006c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0) 514.283834ms ago: executing program 0 (id=992): getpid() (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004d40)={0x14, 0x31, 0x9, 0x70bd2b, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x844) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0) 425.515446ms ago: executing program 0 (id=993): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="024000"/20, @ANYRES32=0x0, @ANYBLOB="360300"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRES64=r0], 0x48) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0) ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000180)={0x0, 0x0, 0x4, &(0x7f0000000240)={0x0, "50f04611cbc3ad9335b1cad63f1683e3bfdb00"}}) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f048}) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x48e, 0x0, 0x94}]}) connect$pppoe(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0x0, {0x2, @random="6ed1aa9df489", 'bond0\x00'}}, 0x1e) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000300)={{0x7000, 0xdddd1000, 0x0, 0x2, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x2, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x2, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0x7f, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x8000000, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3, 0x2, 0x0, 0x7}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0x7901, 0x0, [0x0, 0x0, 0x1]}) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc67", 0x6}], 0x1}, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r2, 0x1, 0x80, 0x0, {{}, {@void, @val={0xc, 0x99, {0x6, 0x101}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7fffffff}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r11) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="26003300b0910300ffffffffffff08021100000050505050505457f99eb3c401010003005c0200000600cd0000"], 0x50}, 0x1, 0x0, 0x0, 0xc0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x9, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffffff1f}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xb, 0x8, 0x9}, {0x4, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x7, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 333.666678ms ago: executing program 3 (id=997): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYRES16=r0], 0x5c}}, 0x0) 332.278501ms ago: executing program 3 (id=998): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48) rseq(&(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x29, 0x4, 0x5}, 0x2}, 0x20, 0x1, 0x0) 248.263034ms ago: executing program 3 (id=999): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) (async) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r3, 0x6, 0x19, 0x0, &(0x7f00000006c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) unshare(0x20000400) (async) r4 = socket$inet6_icmp(0xa, 0x2, 0x3a) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, '\x00', 0x4, 0x0}, 0x5}, 0x1c) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e21, 0x6, @loopback}, 0x1c) (async) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="0208316e", @ANYRES16=r5, @ANYBLOB="010000000000000000005200000008000300", @ANYRES32=r2, @ANYBLOB="06004800000000000a0006000802110000000000050088000200000004002a000500890000000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) (rerun: 32) sendmsg$NL80211_CMD_LEAVE_IBSS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x20, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) 247.97ms ago: executing program 3 (id=1000): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYRES32], 0x0, 0x44, 0x0, 0xfffffffe}, 0x28) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$inet6(0xa, 0x6, 0x254) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}, 0x1c) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket(0x10, 0x3, 0x800) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0) close(r5) ioctl$KVM_CHECK_EXTENSION(r6, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000001c0)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000ee3000/0x2000)=nil}) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8}) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000000c0)={0x0, 0xfffffffffffffdde, &(0x7f00000044c0)={0x0}, 0x1, 0x0, 0x0, 0x811}, 0x4) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000140)={0x80f0f000, 0x2, "9a555c14c966e134d198b9aaaa7da80f8e4fa888dece6ffdb507a3c83e58e128", 0x0, 0x0, 0x0, 0x0, 0x3, 0x100, 0x0, 0x0, [0x1]}) sendmmsg$inet6(r1, &(0x7f0000003cc0), 0x0, 0x4001c00) socket$netlink(0x10, 0x3, 0x7) r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r8, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000001640)={0x18, 0x140b, 0x101, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$int_in(r7, 0x73, &(0x7f0000000340)) close_range(r0, 0xffffffffffffffff, 0x0) r9 = dup(0xffffffffffffffff) write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18}, 0x18) 2.448301ms ago: executing program 3 (id=1001): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x60) lseek(r0, 0x0, 0x2) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './file0', [{0x20, '($(!{X$'}], 0xa, "62d6f274e0c6f23448943cdf38a242d6a7685dbf7264b6c9d14caf872c80415620f9a640"}, 0x37) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x6804, 0x0) mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3) munlock(&(0x7f00003b3000/0x1000)=nil, 0x1000) 0s ago: executing program 3 (id=1002): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x30, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000100)=[0x7], 0x0, 0x0, 0x1, 0x0, r1}}, 0x40) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x5, 0x300, 0x0, &(0x7f00000000c0), 0x5000000) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r2, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xa) ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000000)) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) kernel console output (not intermixed with test programs): usb 8-1: unable to get BOS descriptor or descriptor too short [ 66.691668][ T6044] usb 8-1: no configurations [ 66.693742][ T6044] usb 8-1: can't read configurations, error -22 [ 66.733184][ T6020] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 66.883032][ T6020] usb 6-1: Using ep0 maxpacket: 8 [ 66.886696][ T6020] usb 6-1: config 0 interface 0 has no altsetting 0 [ 66.889491][ T6020] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 66.896219][ T6020] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.903190][ T6020] usb 6-1: config 0 descriptor?? [ 67.051067][ T6631] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 67.054001][ T6631] overlayfs: missing 'lowerdir' [ 67.129322][ T6637] 9pnet_fd: Insufficient options for proto=fd [ 67.187643][ T6646] capability: warning: `syz.0.180' uses deprecated v2 capabilities in a way that may be insecure [ 67.216037][ T6646] netfs: Couldn't get user pages (rc=-14) [ 67.231705][ T6646] 9pnet_virtio: no channels available for device 127.0.0.1 [ 67.269297][ T6651] netlink: 'syz.3.182': attribute type 15 has an invalid length. [ 67.272568][ T6651] __nla_validate_parse: 4 callbacks suppressed [ 67.272578][ T6651] netlink: 24 bytes leftover after parsing attributes in process `syz.3.182'. [ 67.311003][ T6020] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 67.365139][ T6655] xt_hashlimit: overflow, rate too high: 0 [ 67.518427][ T836] usb 6-1: USB disconnect, device number 5 [ 67.527459][ T6662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.186'. [ 67.634962][ T40] kauditd_printk_skb: 61 callbacks suppressed [ 67.634977][ T40] audit: type=1400 audit(1752155298.602:375): avc: denied { map } for pid=6657 comm="syz.3.184" path="socket:[10170]" dev="sockfs" ino=10170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 67.647580][ T40] audit: type=1400 audit(1752155298.602:376): avc: denied { read } for pid=6657 comm="syz.3.184" path="socket:[10170]" dev="sockfs" ino=10170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 67.681209][ T40] audit: type=1400 audit(1752155298.642:377): avc: denied { kexec_image_load } for pid=6666 comm="syz.0.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 67.736555][ T6672] syz.3.184 uses obsolete (PF_INET,SOCK_PACKET) [ 67.792599][ T40] audit: type=1400 audit(1752155298.752:378): avc: denied { getopt } for pid=6657 comm="syz.3.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 68.043600][ T40] audit: type=1400 audit(1752155299.012:379): avc: denied { unmount } for pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 68.071081][ T40] audit: type=1400 audit(1752155299.032:380): avc: denied { accept } for pid=6674 comm="syz.1.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 68.143605][ T40] audit: type=1400 audit(1752155299.112:381): avc: denied { write } for pid=6681 comm="syz.2.192" name="001" dev="devtmpfs" ino=764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 68.157670][ T40] audit: type=1400 audit(1752155299.122:382): avc: denied { ioctl } for pid=6678 comm="syz.1.191" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x1264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 68.308294][ T6691] netlink: 12 bytes leftover after parsing attributes in process `syz.3.194'. [ 68.321213][ T6691] 8021q: adding VLAN 0 to HW filter on device bond1 [ 68.361103][ T40] audit: type=1400 audit(1752155299.322:383): avc: denied { map } for pid=6694 comm="syz.2.196" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 68.508083][ T6705] fuse: Unknown parameter 'P7fd' [ 68.677441][ T40] audit: type=1400 audit(1752155299.642:384): avc: denied { ioctl } for pid=6730 comm="syz.1.207" path="socket:[11035]" dev="sockfs" ino=11035 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 68.797135][ T6741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.800054][ T6741] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.806430][ T6743] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.211'. [ 68.810482][ T6743] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 68.819375][ T6743] CIFS: Unable to determine destination address [ 68.901864][ T6747] netlink: 'syz.1.212': attribute type 3 has an invalid length. [ 68.905066][ T6747] netlink: 'syz.1.212': attribute type 1 has an invalid length. [ 68.985403][ T6761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.216'. [ 69.002110][ T6763] program syz.2.217 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 69.007815][ T6741] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 69.076582][ T6768] netlink: 'syz.3.219': attribute type 29 has an invalid length. [ 69.082193][ T6768] netlink: 'syz.3.219': attribute type 29 has an invalid length. [ 69.086277][ T6768] netlink: 'syz.3.219': attribute type 29 has an invalid length. [ 69.633775][ T6792] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 69.635993][ T6792] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 69.639406][ T6792] vhci_hcd vhci_hcd.0: Device attached [ 69.643336][ T6792] /dev/sg0: Can't lookup blockdev [ 69.795471][ T6793] vhci_hcd: connection closed [ 69.795704][ T46] vhci_hcd: stop threads [ 69.799574][ T46] vhci_hcd: release socket [ 69.802596][ T46] vhci_hcd: disconnect device [ 69.824010][ T6799] ip6erspan0: entered promiscuous mode [ 70.043766][ T6814] random: crng reseeded on system resumption [ 70.055182][ T6814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.235'. [ 70.063612][ T6815] netlink: 144 bytes leftover after parsing attributes in process `syz.2.235'. [ 70.067428][ T6814] netlink: 144 bytes leftover after parsing attributes in process `syz.2.235'. [ 70.161748][ T6823] syz.2.237: vmalloc error: size 16781312, failed to allocated page array size 32776, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 70.171179][ T6823] CPU: 2 UID: 0 PID: 6823 Comm: syz.2.237 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 70.171204][ T6823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.171214][ T6823] Call Trace: [ 70.171219][ T6823] [ 70.171226][ T6823] dump_stack_lvl+0x16c/0x1f0 [ 70.171274][ T6823] warn_alloc+0x248/0x3a0 [ 70.171297][ T6823] ? __pfx_warn_alloc+0x10/0x10 [ 70.171326][ T6823] ? xskq_create+0xfb/0x1d0 [ 70.171346][ T6823] ? __vmalloc_node_noprof+0xad/0xf0 [ 70.171367][ T6823] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 70.171390][ T6823] ? xskq_create+0xfb/0x1d0 [ 70.171414][ T6823] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 70.171438][ T6823] ? xskq_create+0xfb/0x1d0 [ 70.171456][ T6823] vmalloc_user_noprof+0x9e/0xe0 [ 70.171474][ T6823] ? xskq_create+0xfb/0x1d0 [ 70.171493][ T6823] xskq_create+0xfb/0x1d0 [ 70.171513][ T6823] xsk_setsockopt+0x684/0x840 [ 70.171531][ T6823] ? __pfx_xsk_setsockopt+0x10/0x10 [ 70.171545][ T6823] ? __lock_acquire+0x622/0x1c90 [ 70.171566][ T6823] ? selinux_socket_setsockopt+0x6a/0x80 [ 70.171596][ T6823] ? __pfx_xsk_setsockopt+0x10/0x10 [ 70.171615][ T6823] do_sock_setsockopt+0x221/0x470 [ 70.171640][ T6823] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 70.171681][ T6823] __sys_setsockopt+0x1a0/0x230 [ 70.171708][ T6823] __x64_sys_setsockopt+0xbd/0x160 [ 70.171727][ T6823] ? do_syscall_64+0x91/0x4c0 [ 70.171750][ T6823] ? lockdep_hardirqs_on+0x7c/0x110 [ 70.171772][ T6823] do_syscall_64+0xcd/0x4c0 [ 70.171798][ T6823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.171815][ T6823] RIP: 0033:0x7f46a478e929 [ 70.171829][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.171844][ T6823] RSP: 002b:00007f46a56de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 70.171860][ T6823] RAX: ffffffffffffffda RBX: 00007f46a49b5fa0 RCX: 00007f46a478e929 [ 70.171870][ T6823] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000007 [ 70.171879][ T6823] RBP: 00007f46a4810b39 R08: 0000000000000004 R09: 0000000000000000 [ 70.171888][ T6823] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 70.171898][ T6823] R13: 0000000000000000 R14: 00007f46a49b5fa0 R15: 00007ffe952d7688 [ 70.171920][ T6823] [ 70.171926][ T6823] Mem-Info: [ 70.261611][ T6823] active_anon:8996 inactive_anon:0 isolated_anon:0 [ 70.261611][ T6823] active_file:12810 inactive_file:40596 isolated_file:0 [ 70.261611][ T6823] unevictable:1768 dirty:1691 writeback:0 [ 70.261611][ T6823] slab_reclaimable:11560 slab_unreclaimable:70726 [ 70.261611][ T6823] mapped:24729 shmem:2398 pagetables:1252 [ 70.261611][ T6823] sec_pagetables:299 bounce:0 [ 70.261611][ T6823] kernel_misc_reclaimable:0 [ 70.261611][ T6823] free:449467 free_pcp:22563 free_cma:0 [ 70.282879][ T6823] Node 0 active_anon:35984kB inactive_anon:0kB active_file:51240kB inactive_file:162184kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:98916kB dirty:6764kB writeback:0kB shmem:6056kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12784kB pagetables:4816kB sec_pagetables:1196kB all_unreclaimable? no Balloon:0kB [ 70.294402][ T6823] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:144kB pagetables:192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 70.304413][ T6823] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 70.313403][ T6823] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 70.315223][ T6823] Node 0 DMA32 free:174716kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36084kB inactive_anon:0kB active_file:51240kB inactive_file:162252kB unevictable:3536kB writepending:6828kB present:2080628kB managed:1264188kB mlocked:0kB bounce:0kB free_pcp:74400kB local_pcp:11104kB free_cma:0kB [ 70.325040][ T6823] lowmem_reserve[]: 0 0 0 0 0 [ 70.326522][ T6823] Node 1 Normal free:1607792kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:16196kB local_pcp:3540kB free_cma:0kB [ 70.335802][ T6823] lowmem_reserve[]: 0 0 0 0 0 [ 70.337341][ T6823] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 70.341224][ T6823] Node 0 DMA32: 1*4kB (M) 235*8kB (UM) 516*16kB (UM) 396*32kB (UME) 321*64kB (UME) 59*128kB (UME) 27*256kB (UM) 20*512kB (UME) 10*1024kB (UM) 5*2048kB (UM) 21*4096kB (UM) = 174556kB [ 70.347020][ T6823] Node 1 Normal: 6*4kB (UME) 9*8kB (ME) 19*16kB (UME) 19*32kB (UME) 14*64kB (UME) 10*128kB (UME) 0*256kB 4*512kB (ME) 1*1024kB (E) 2*2048kB (UM) 390*4096kB (M) = 1607792kB [ 70.352248][ T6823] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 70.355403][ T6823] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 70.358254][ T6823] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 70.361170][ T6823] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 70.364353][ T6823] 55817 total pagecache pages [ 70.365806][ T6823] 0 pages in swap cache [ 70.367201][ T6823] Free swap = 124996kB [ 70.368515][ T6823] Total swap = 124996kB [ 70.369897][ T6823] 1048443 pages RAM [ 70.371092][ T6823] 0 pages HighMem/MovableOnly [ 70.372467][ T6830] tmpfs: Bad value for 'mpol' [ 70.372566][ T6823] 283067 pages reserved [ 70.372587][ T6823] 0 pages cma reserved [ 70.392057][ T6832] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5378 sclass=netlink_route_socket pid=6832 comm=syz.3.240 [ 70.580123][ T6852] gtp0: entered promiscuous mode [ 70.618868][ T6855] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 70.757585][ T6870] netlink: 20 bytes leftover after parsing attributes in process `syz.2.255'. [ 70.802548][ T6874] overlay: ./file0 is not a directory [ 70.820088][ T6872] netlink: 'syz.1.256': attribute type 4 has an invalid length. [ 70.831440][ T6872] netlink: 36 bytes leftover after parsing attributes in process `syz.1.256'. [ 71.138418][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.178381][ T6885] nft_compat: unsupported protocol 0 [ 71.186180][ T6885] sp0: Synchronizing with TNC [ 71.407787][ T6896] ata3.00: invalid multi_count 1 ignored [ 71.591352][ T6903] syzkaller1: entered promiscuous mode [ 71.593798][ T6903] syzkaller1: entered allmulticast mode [ 71.863051][ T10] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 72.032928][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 72.037617][ T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 72.041081][ T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 72.045940][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 72.049824][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 72.053923][ T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 72.059059][ T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 72.062690][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.275147][ T10] usb 8-1: usb_control_msg returned -32 [ 72.276987][ T10] usbtmc 8-1:16.0: can't read capabilities [ 72.628784][ T6923] openvswitch: netlink: IP tunnel dst address not specified [ 72.796134][ T6932] __nla_validate_parse: 1 callbacks suppressed [ 72.796151][ T6932] netlink: 8 bytes leftover after parsing attributes in process `syz.2.275'. [ 72.802582][ T6932] netlink: 12 bytes leftover after parsing attributes in process `syz.2.275'. [ 72.807071][ T6932] netlink: 'syz.2.275': attribute type 6 has an invalid length. [ 72.847978][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 72.847992][ T40] audit: type=1400 audit(1752155303.812:409): avc: denied { write } for pid=6937 comm="syz.0.276" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 72.863949][ T6939] netlink: 40 bytes leftover after parsing attributes in process `syz.0.276'. [ 73.013618][ T6946] netlink: 104 bytes leftover after parsing attributes in process `syz.2.279'. [ 73.059973][ T40] audit: type=1400 audit(1752155304.022:410): avc: denied { remount } for pid=6949 comm="syz.0.281" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 73.067444][ T40] audit: type=1400 audit(1752155304.022:411): avc: denied { write } for pid=6948 comm="syz.2.282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 73.076705][ T40] audit: type=1400 audit(1752155304.022:412): avc: denied { write } for pid=6948 comm="syz.2.282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 73.312721][ T6964] ceph: Path missing in source [ 73.411396][ T6971] netlink: 16 bytes leftover after parsing attributes in process `syz.0.287'. [ 73.414451][ T6971] sit0: Master is either lo or non-ether device [ 73.417712][ T6971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.287'. [ 73.454551][ T6971] bond0: (slave bond_slave_1): Releasing backup interface [ 73.643244][ T54] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 73.648140][ T40] audit: type=1400 audit(1752155304.612:413): avc: denied { connect } for pid=6975 comm="syz.1.290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 73.812956][ T54] usb 7-1: Using ep0 maxpacket: 32 [ 73.816650][ T54] usb 7-1: config 0 has an invalid interface number: 247 but max is 0 [ 73.820096][ T54] usb 7-1: config 0 has no interface number 0 [ 73.824615][ T54] usb 7-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 73.828452][ T54] usb 7-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 73.831615][ T54] usb 7-1: Product: syz [ 73.833575][ T54] usb 7-1: Manufacturer: syz [ 73.837855][ T54] usb 7-1: config 0 descriptor?? [ 74.051089][ T6019] usb 7-1: USB disconnect, device number 9 [ 74.278777][ T6999] netlink: 8 bytes leftover after parsing attributes in process `syz.0.295'. [ 74.366731][ T7001] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 74.370137][ T7001] qnx6: wrong signature (magic) in superblock #1. [ 74.372124][ T7001] qnx6: unable to read the first superblock [ 74.477243][ T7005] netlink: 'syz.0.297': attribute type 3 has an invalid length. [ 74.519986][ T40] audit: type=1400 audit(1752155305.482:414): avc: denied { bind } for pid=7007 comm="syz.0.298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 74.520888][ T7008] program syz.0.298 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 74.566188][ T40] audit: type=1400 audit(1752155305.532:415): avc: denied { accept } for pid=7009 comm="syz.0.299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 74.568428][ T7010] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 74.584005][ T54] usb 8-1: USB disconnect, device number 7 [ 74.601743][ T7012] mmap: syz.2.300 (7012) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 74.615227][ T7012] ======================================================= [ 74.615227][ T7012] WARNING: The mand mount option has been deprecated and [ 74.615227][ T7012] and is ignored by this kernel. Remove the mand [ 74.615227][ T7012] option from the mount to silence this warning. [ 74.615227][ T7012] ======================================================= [ 74.679093][ T7016] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 3354 [ 74.682601][ T40] audit: type=1400 audit(1752155305.642:416): avc: denied { setopt } for pid=7013 comm="syz.0.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 74.873608][ T40] audit: type=1400 audit(1752155305.842:417): avc: denied { search } for pid=7028 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 74.882308][ T40] audit: type=1400 audit(1752155305.842:418): avc: denied { search } for pid=7028 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1905 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 74.910739][ T7033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.917581][ T7033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.924217][ T7033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.306'. [ 74.953383][ T7027] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 74.967304][ T7033] bond0: option use_carrier: invalid value (128) [ 74.970415][ T7029] netlink: 'syz.3.305': attribute type 10 has an invalid length. [ 74.984541][ T7029] macvlan0: entered promiscuous mode [ 74.986739][ T7029] macvlan0: entered allmulticast mode [ 74.993586][ T7029] veth1_vlan: entered allmulticast mode [ 74.999362][ T7029] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 75.588930][ T7070] could not allocate digest TFM handle crc32-generic [ 75.611778][ T7068] could not allocate digest TFM handle crc32-generic [ 76.079729][ T7114] use of bytesused == 0 is deprecated and will be removed in the future, [ 76.082627][ T7114] use the actual size instead. [ 76.086019][ T7114] netlink: 36 bytes leftover after parsing attributes in process `syz.0.318'. [ 76.089512][ T7114] netlink: 'syz.0.318': attribute type 23 has an invalid length. [ 76.454709][ T7128] gfs2: path_lookup on 6(+dQnB!eUV!`: 8DSE y|YT{-,mb/ returned error -2 [ 76.472920][ T7125] 9pnet_fd: Insufficient options for proto=fd [ 76.473017][ T7126] 9pnet_fd: Insufficient options for proto=fd [ 77.062276][ T7148] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 77.066071][ T7148] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 77.070315][ T7148] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 77.073830][ T7148] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 77.075774][ T7155] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535) [ 77.327298][ T7163] Attempt to restore checkpoint with obsolete wellknown handles [ 77.632525][ T7181] xt_l2tp: wrong L2TP version: 0 [ 77.706851][ T7186] binder: BC_ACQUIRE_RESULT not supported [ 77.708917][ T7186] binder: 7185:7186 ioctl c0306201 200000000180 returned -22 [ 77.731510][ T7187] random: crng reseeded on system resumption [ 77.759896][ T7189] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 77.762032][ T7189] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 77.764865][ T7189] vhci_hcd vhci_hcd.0: Device attached [ 78.012847][ T29] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 78.012872][ T836] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 78.173002][ T29] usb 8-1: Using ep0 maxpacket: 16 [ 78.176197][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.179937][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 78.183596][ T29] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 78.187887][ T29] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 78.190926][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.194992][ T29] usb 8-1: config 0 descriptor?? [ 78.400403][ T7190] usbip_core: unknown command [ 78.402725][ T7190] vhci_hcd: unknown pdu 1023410944 [ 78.404789][ T7190] usbip_core: unknown command [ 78.408472][ T13] vhci_hcd: stop threads [ 78.410187][ T13] vhci_hcd: release socket [ 78.411958][ T13] vhci_hcd: disconnect device [ 78.571545][ T7197] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 78.581284][ T40] kauditd_printk_skb: 36 callbacks suppressed [ 78.581294][ T40] audit: type=1400 audit(1752155309.542:455): avc: denied { read } for pid=7196 comm="syz.2.345" path="socket:[14166]" dev="sockfs" ino=14166 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 78.711784][ T7199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.346'. [ 78.717055][ T7199] netlink: 12 bytes leftover after parsing attributes in process `syz.2.346'. [ 78.955532][ T40] audit: type=1400 audit(1752155309.922:456): avc: denied { append } for pid=7201 comm="syz.2.347" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 79.017087][ T40] audit: type=1400 audit(1752155309.982:457): avc: denied { read } for pid=7206 comm="syz.2.348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 79.068047][ T40] audit: type=1400 audit(1752155310.032:458): avc: denied { block_suspend } for pid=7206 comm="syz.2.348" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 79.362720][ T40] audit: type=1400 audit(1752155310.322:459): avc: denied { setattr } for pid=7213 comm="syz.2.351" name="L2TP/IPv6" dev="sockfs" ino=16938 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 79.426060][ T40] audit: type=1400 audit(1752155310.392:460): avc: denied { read write } for pid=7215 comm="syz.2.352" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.432667][ T40] audit: type=1400 audit(1752155310.392:461): avc: denied { open } for pid=7215 comm="syz.2.352" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.767751][ T7223] fuse: Bad value for 'user_id' [ 79.769407][ T7223] fuse: Bad value for 'user_id' [ 79.772645][ T7223] netlink: 40 bytes leftover after parsing attributes in process `syz.2.354'. [ 79.848528][ T7227] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 79.856162][ T40] audit: type=1400 audit(1752155310.822:462): avc: denied { execmem } for pid=7226 comm="syz.2.356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 79.916706][ T7230] fuse: Unknown parameter '' [ 79.969669][ T40] audit: type=1400 audit(1752155310.932:463): avc: denied { read } for pid=7231 comm="syz.2.358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 79.976581][ T40] audit: type=1400 audit(1752155310.932:464): avc: denied { ioctl } for pid=7231 comm="syz.2.358" path="socket:[14217]" dev="sockfs" ino=14217 ioctlcmd=0x940e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 80.106074][ T7236] netlink: 'syz.2.360': attribute type 12 has an invalid length. [ 80.111455][ T7236] netlink: 'syz.2.360': attribute type 1 has an invalid length. [ 80.123772][ T7236] vlan2: entered allmulticast mode [ 80.125925][ T7236] veth1: entered allmulticast mode [ 80.474962][ T7250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.365'. [ 80.478673][ T7250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.365'. [ 80.482195][ T7250] netlink: 'syz.2.365': attribute type 19 has an invalid length. [ 80.773974][ T29] usbhid 8-1:0.0: can't add hid device: -71 [ 80.775931][ T29] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 80.781749][ T29] usb 8-1: USB disconnect, device number 8 [ 80.826595][ T7263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.369'. [ 81.238797][ T7294] SELinux: syz.2.375 (7294) set checkreqprot to 1. This is no longer supported. [ 81.250880][ T7294] netlink: 24 bytes leftover after parsing attributes in process `syz.2.375'. [ 81.393977][ T112] cfg80211: failed to load regulatory.db [ 81.417054][ T7309] netlink: 328 bytes leftover after parsing attributes in process `syz.3.378'. [ 81.431505][ T7304] efs: device does not support 512 byte blocks [ 81.446387][ T7304] device does not support 512 byte blocks [ 81.446387][ T7304] [ 81.693777][ T7321] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 81.790650][ T7330] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 81.790650][ T7330] program syz.2.384 not setting count and/or reply_len properly [ 81.816497][ T7333] xt_hashlimit: size too large, truncated to 1048576 [ 81.908960][ T7338] netlink: 20 bytes leftover after parsing attributes in process `syz.0.385'. [ 81.917275][ T7338] syz.0.385: attempt to access beyond end of device [ 81.917275][ T7338] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 81.926057][ T7338] exFAT-fs (nbd0): unable to read boot sector [ 81.934056][ T7338] exFAT-fs (nbd0): failed to read boot sector [ 81.936272][ T7338] exFAT-fs (nbd0): failed to recognize exfat type [ 82.108871][ T7362] netlink: 20 bytes leftover after parsing attributes in process `syz.0.393'. [ 82.182098][ T7366] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 82.185566][ T7366] macvtap1: entered allmulticast mode [ 82.187779][ T7366] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 82.194481][ T7366] batman_adv: batadv0: Adding interface: macvtap1 [ 82.197198][ T7366] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.206391][ T7366] batman_adv: batadv0: Interface activated: macvtap1 [ 82.210724][ T7366] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5122 sclass=netlink_route_socket pid=7366 comm=syz.2.392 [ 82.214176][ T7368] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 82.287922][ T7381] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7381 comm=syz.0.398 [ 82.335975][ T7388] overlay: filesystem on ./bus is read-only [ 82.371760][ T7391] netlink: 'syz.2.402': attribute type 2 has an invalid length. [ 82.382730][ T7395] netlink: 'syz.0.404': attribute type 2 has an invalid length. [ 82.576436][ T7411] openvswitch: netlink: Port 10289156 exceeds max allowable 65535 [ 82.648285][ T7414] XFS (nullb0): Invalid superblock magic number [ 82.869664][ T7451] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 83.143171][ T836] vhci_hcd: vhci_device speed not set [ 83.816634][ T7488] sg_write: process 377 (syz.2.432) changed security contexts after opening file descriptor, this is not allowed. [ 83.821246][ T40] kauditd_printk_skb: 36 callbacks suppressed [ 83.821255][ T40] audit: type=1400 audit(1752155314.782:501): avc: denied { write } for pid=7487 comm="syz.2.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 83.829558][ T40] audit: type=1400 audit(1752155314.782:502): avc: denied { nlmsg_write } for pid=7487 comm="syz.2.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 83.856514][ T40] audit: type=1400 audit(1752155314.822:503): avc: denied { unmount } for pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 83.887677][ T40] audit: type=1400 audit(1752155314.852:504): avc: denied { ioctl } for pid=7489 comm="syz.2.433" path="socket:[17364]" dev="sockfs" ino=17364 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 84.172992][ T5955] Bluetooth: hci0: command 0x0401 tx timeout [ 84.463688][ T7553] block device autoloading is deprecated and will be removed. [ 84.644327][ T7564] xt_CT: You must specify a L4 protocol and not use inversions on it [ 84.679529][ T7566] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 84.682846][ T7566] netlink: 'syz.0.452': attribute type 1 has an invalid length. [ 84.685248][ T7566] __nla_validate_parse: 3 callbacks suppressed [ 84.685254][ T7566] netlink: 56 bytes leftover after parsing attributes in process `syz.0.452'. [ 84.733143][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.927216][ T40] audit: type=1400 audit(1752155315.882:505): avc: denied { read write } for pid=5950 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.934662][ T40] audit: type=1400 audit(1752155315.882:506): avc: denied { open } for pid=5950 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.957689][ T40] audit: type=1400 audit(1752155315.882:507): avc: denied { ioctl } for pid=5950 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.975022][ T40] audit: type=1400 audit(1752155315.892:508): avc: denied { recv } for pid=5922 comm="syz-executor" saddr=127.0.0.1 src=43280 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 84.985587][ T40] audit: type=1400 audit(1752155315.902:509): avc: denied { prog_load } for pid=7587 comm="syz.1.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 84.993448][ T40] audit: type=1400 audit(1752155315.902:510): avc: denied { bpf } for pid=7587 comm="syz.1.459" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 85.047882][ T7594] xt_CT: You must specify a L4 protocol and not use inversions on it [ 85.323028][ T836] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 85.492949][ T836] usb 8-1: Using ep0 maxpacket: 32 [ 85.549830][ T7596] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.462'. [ 85.559480][ T836] usb 8-1: unable to get BOS descriptor or descriptor too short [ 85.563180][ T836] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 85.566445][ T836] usb 8-1: can't read configurations, error -71 [ 86.145687][ T7623] cdrom: dropping to single frame dma [ 86.269916][ T7646] xt_CT: You must specify a L4 protocol and not use inversions on it [ 86.376162][ T7660] netlink: 'syz.0.483': attribute type 11 has an invalid length. [ 86.505607][ T7679] syz.0.487: calling unsupported SCSI_IOCTL_SEND_COMMAND [ 86.554961][ T7688] IPVS: set_ctl: invalid protocol: 92 224.0.0.1:19999 [ 86.563101][ T7688] netlink: 20 bytes leftover after parsing attributes in process `syz.0.490'. [ 86.696775][ T7701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.699573][ T7701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.808317][ T7712] binder: 7711:7712 ioctl 5608 2 returned -22 [ 87.041803][ T7729] xt_CT: You must specify a L4 protocol and not use inversions on it [ 87.140024][ T7739] usb usb8: usbfs: process 7739 (syz.1.510) did not claim interface 0 before use [ 87.147062][ T7741] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 87.229622][ T7759] tmpfs: Bad value for 'mpol' [ 87.450314][ T7771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.457592][ T7771] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.492626][ T7773] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 87.496305][ T7773] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=7773 comm=syz.3.521 [ 87.860652][ T7787] program syz.2.526 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.992913][ T24] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 88.077836][ T7794] netlink: 48 bytes leftover after parsing attributes in process `syz.0.529'. [ 88.142851][ T24] usb 8-1: Using ep0 maxpacket: 16 [ 88.146055][ T24] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 88.149122][ T24] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 1096, setting to 1024 [ 88.152536][ T24] usb 8-1: config 0 interface 0 has no altsetting 0 [ 88.154003][ T7799] openvswitch: netlink: IP tunnel TTL not specified. [ 88.162891][ T24] usb 8-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 88.165885][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.168382][ T24] usb 8-1: Product: syz [ 88.169690][ T24] usb 8-1: Manufacturer: syz [ 88.171135][ T24] usb 8-1: SerialNumber: syz [ 88.178590][ T24] usb 8-1: config 0 descriptor?? [ 88.305009][ T6108] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 88.384604][ T24] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input9 [ 88.453278][ T6108] usb 6-1: Using ep0 maxpacket: 32 [ 88.459507][ T6108] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.463897][ T6108] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.467543][ T6108] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 88.471012][ T6108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.478839][ T6108] usb 6-1: config 0 descriptor?? [ 88.640139][ T7810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.643267][ T7810] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.669658][ T61] usb 8-1: USB disconnect, device number 11 [ 88.796086][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.799839][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.803309][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.806423][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.809456][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.812531][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.816051][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.819129][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.822170][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.826298][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.829329][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.832347][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.839727][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.842657][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.847739][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.850696][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.853799][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.856849][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.859847][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.862956][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.866040][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.869067][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.872050][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.875310][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.878225][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.881248][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.884504][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.887156][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.890022][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.892674][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.896481][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.896954][ T6108] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 88.899485][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 88.907832][ T7815] comedi comedi1: comedi_config --init_data is deprecated [ 89.040873][ T7828] netlink: 60 bytes leftover after parsing attributes in process `syz.2.538'. [ 89.085117][ T40] kauditd_printk_skb: 168 callbacks suppressed [ 89.085132][ T40] audit: type=1400 audit(1752155320.052:679): avc: denied { append } for pid=7791 comm="syz.1.528" name="hiddev0" dev="devtmpfs" ino=3072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 89.145937][ T40] audit: type=1400 audit(1752155320.112:680): avc: denied { create } for pid=7791 comm="syz.1.528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 89.151651][ T40] audit: type=1400 audit(1752155320.112:681): avc: denied { bind } for pid=7791 comm="syz.1.528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 89.158427][ T7835] xt_CT: You must specify a L4 protocol and not use inversions on it [ 89.200592][ T7838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.204136][ T7838] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.214187][ T6108] usb 6-1: USB disconnect, device number 6 [ 89.299714][ T6020] IPVS: starting estimator thread 0... [ 89.303088][ T7841] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.541'. [ 89.383044][ T7842] IPVS: using max 29 ests per chain, 69600 per kthread [ 89.387998][ T40] audit: type=1400 audit(1752155320.352:682): avc: denied { bind } for pid=7843 comm="syz.0.542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 89.394462][ T40] audit: type=1400 audit(1752155320.362:683): avc: denied { read } for pid=7843 comm="syz.0.542" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 89.401894][ T40] audit: type=1400 audit(1752155320.362:684): avc: denied { open } for pid=7843 comm="syz.0.542" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 89.409429][ T40] audit: type=1400 audit(1752155320.362:685): avc: denied { ioctl } for pid=7843 comm="syz.0.542" path="socket:[19075]" dev="sockfs" ino=19075 ioctlcmd=0x9411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 89.486715][ T40] audit: type=1400 audit(1752155320.452:686): avc: denied { unmount } for pid=5950 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 89.514518][ T7847] program syz.0.543 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.514595][ T7848] program syz.0.543 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.564880][ T7847] program syz.0.543 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.565360][ T7849] program syz.0.543 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.572715][ T40] audit: type=1400 audit(1752155320.532:687): avc: denied { getopt } for pid=7846 comm="syz.0.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 89.653244][ T7854] netlink: 28 bytes leftover after parsing attributes in process `syz.0.545'. [ 89.686454][ T40] audit: type=1400 audit(1752155320.652:688): avc: denied { connect } for pid=7855 comm="syz.0.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 89.904272][ T7872] delete_channel: no stack [ 90.125846][ T7891] macsec1: entered promiscuous mode [ 90.128064][ T7891] macsec1: entered allmulticast mode [ 90.175947][ T7895] xt_socket: unknown flags 0x50 [ 90.196523][ T7895] block device autoloading is deprecated and will be removed. [ 90.307113][ T7906] xt_CT: You must specify a L4 protocol and not use inversions on it [ 90.350294][ T5955] Bluetooth: hci3: unexpected event for opcode 0x0c1b [ 90.512875][ T112] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 90.598444][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.571'. [ 90.643322][ T112] usb 7-1: device descriptor read/64, error -71 [ 90.674768][ T7926] bond0: (slave bond_slave_1): Releasing backup interface [ 90.779302][ T7929] loop6: detected capacity change from 0 to 2098 [ 90.817043][ T7931] vim2m vim2m.0: vidioc_s_fmt queue busy [ 90.893735][ T112] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 91.022867][ T112] usb 7-1: device descriptor read/64, error -71 [ 91.136892][ T112] usb usb7-port1: attempt power cycle [ 91.154524][ T6020] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 91.302928][ T6020] usb 6-1: Using ep0 maxpacket: 16 [ 91.306146][ T6020] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 91.311039][ T6020] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 91.313955][ T6020] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.316236][ T6020] usb 6-1: Product: syz [ 91.317488][ T6020] usb 6-1: Manufacturer: syz [ 91.318937][ T6020] usb 6-1: SerialNumber: syz [ 91.321555][ T6020] usb 6-1: config 0 descriptor?? [ 91.324863][ T6020] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 91.327690][ T6020] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 91.352871][ T29] usb 8-1: new low-speed USB device number 12 using dummy_hcd [ 91.472902][ T112] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 91.483172][ T29] usb 8-1: device descriptor read/64, error -71 [ 91.495516][ T112] usb 7-1: device descriptor read/8, error -71 [ 91.583501][ T6020] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 91.650212][ T6020] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 91.653276][ T6020] em28xx 6-1:0.0: board has no eeprom [ 91.712869][ T6020] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 91.715435][ T6020] em28xx 6-1:0.0: dvb set to bulk mode. [ 91.717420][ T6108] em28xx 6-1:0.0: Binding DVB extension [ 91.723037][ T29] usb 8-1: new low-speed USB device number 13 using dummy_hcd [ 91.725517][ T6020] usb 6-1: USB disconnect, device number 7 [ 91.728479][ T6020] em28xx 6-1:0.0: Disconnecting em28xx [ 91.743126][ T112] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 91.763962][ T6108] em28xx 6-1:0.0: Registering input extension [ 91.764186][ T112] usb 7-1: device descriptor read/8, error -71 [ 91.766153][ T6020] em28xx 6-1:0.0: Closing input extension [ 91.779612][ T6020] em28xx 6-1:0.0: Freeing device [ 91.815009][ T7954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.817891][ T7954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.873202][ T29] usb 8-1: device descriptor read/64, error -71 [ 91.883154][ T112] usb usb7-port1: unable to enumerate USB device [ 91.983425][ T29] usb usb8-port1: attempt power cycle [ 92.125172][ T7973] sctp: [Deprecated]: syz.0.585 (pid 7973) Use of int in max_burst socket option. [ 92.125172][ T7973] Use struct sctp_assoc_value instead [ 92.132557][ T7973] netlink: 'syz.0.585': attribute type 1 has an invalid length. [ 92.135668][ T7973] netlink: 228 bytes leftover after parsing attributes in process `syz.0.585'. [ 92.216440][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.219258][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.223833][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.230961][ T7978] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 92.242896][ T7978] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 92.268162][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.272235][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.278032][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.282675][ T7978] xfrm0 speed is unknown, defaulting to 1000 [ 92.323020][ T29] usb 8-1: new low-speed USB device number 14 using dummy_hcd [ 92.343591][ T29] usb 8-1: device descriptor read/8, error -71 [ 92.582991][ T61] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 92.583098][ T29] usb 8-1: new low-speed USB device number 15 using dummy_hcd [ 92.603952][ T29] usb 8-1: device descriptor read/8, error -71 [ 92.723308][ T29] usb usb8-port1: unable to enumerate USB device [ 92.753609][ T61] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 92.758534][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.761928][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.765630][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.770120][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.774187][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.778787][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.783249][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.787003][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.791479][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.796115][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.799868][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.804494][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.808952][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.812697][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.817401][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.822522][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.825818][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.829960][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.834546][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.838229][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.841613][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.844646][ T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 92.847825][ T61] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 92.852056][ T61] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.855965][ T61] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 92.859203][ T61] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 92.861807][ T61] usb 6-1: Product: syz [ 92.863250][ T61] usb 6-1: Manufacturer: syz [ 92.864757][ T61] usb 6-1: SerialNumber: syz [ 92.869463][ T61] usb 6-1: config 0 descriptor?? [ 92.885391][ T61] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 93.649893][ T8006] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 93.655148][ T1148] Bluetooth: hci4: Frame reassembly failed (-84) [ 94.156651][ T40] kauditd_printk_skb: 49 callbacks suppressed [ 94.156662][ T40] audit: type=1400 audit(1752155325.122:738): avc: denied { mount } for pid=8013 comm="syz.3.598" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 94.165593][ T40] audit: type=1400 audit(1752155325.122:739): avc: denied { create } for pid=8013 comm="syz.3.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 94.174168][ T40] audit: type=1400 audit(1752155325.122:740): avc: denied { write } for pid=8013 comm="syz.3.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 94.182161][ T40] audit: type=1400 audit(1752155325.132:741): avc: denied { lock } for pid=8011 comm="syz.0.597" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=19269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 94.192814][ T40] audit: type=1400 audit(1752155325.132:742): avc: denied { open } for pid=8011 comm="syz.0.597" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=19269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 94.235268][ T8018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.599'. [ 94.330084][ T40] audit: type=1400 audit(1752155325.292:743): avc: denied { create } for pid=8024 comm="syz.3.601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 94.336444][ T40] audit: type=1400 audit(1752155325.292:744): avc: denied { setattr } for pid=8024 comm="syz.3.601" name="IEEE-802.15.4-RAW" dev="sockfs" ino=21187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 94.393674][ T40] audit: type=1400 audit(1752155325.362:745): avc: denied { recv } for pid=33 comm="ksoftirqd/3" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=43280 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 94.401962][ T8027] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.602'. [ 94.402475][ T40] audit: type=1400 audit(1752155325.362:746): avc: denied { recv } for pid=33 comm="ksoftirqd/3" saddr=127.0.0.1 src=43280 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 94.416640][ T40] audit: type=1400 audit(1752155325.362:747): avc: denied { write } for pid=8026 comm="syz.3.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 94.526076][ T8031] usb usb3: check_ctrlrecip: process 8031 (syz.3.604) requesting ep 01 but needs 81 [ 94.530149][ T8031] usb usb3: usbfs: process 8031 (syz.3.604) did not claim interface 0 before use [ 94.597475][ T8036] tmpfs: Invalid uid '0x00000000ffffffff' [ 94.693697][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.697024][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.699560][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.702068][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.705472][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.708003][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.710449][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.713128][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.715592][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.718032][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.720470][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.723095][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.725571][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.728000][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.730445][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.735558][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.738559][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.741138][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.744093][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.746680][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.749187][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.751634][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.754583][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.757152][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.759614][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.762099][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.764973][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.767438][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.767610][ T8054] batadv_slave_1: entered promiscuous mode [ 94.769889][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.774282][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.776925][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.779371][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.781889][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.784490][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.785016][ T8053] batadv_slave_1: left promiscuous mode [ 94.786966][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.792375][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.795394][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.797874][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.800336][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.802942][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.805542][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.808014][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.810474][ T61] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 94.818734][ T61] hid-generic 0000:007F:FFFFFFFE.0006: hidraw1: HID v0.00 Device [syz1] on syz0 [ 94.821125][ T8057] netlink: 'syz.0.613': attribute type 1 has an invalid length. [ 94.846043][ T8057] 8021q: adding VLAN 0 to HW filter on device bond1 [ 94.863923][ T8058] fido_id[8058]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 94.875189][ T8057] 8021q: adding VLAN 0 to HW filter on device bond1 [ 94.879662][ T8057] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 94.887265][ T8057] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 94.908766][ T8063] gretap1: entered promiscuous mode [ 94.912433][ T8063] bond1: (slave gretap1): making interface the new active one [ 94.916436][ T8063] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 94.927570][ T8063] bond1: (slave vlan3): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 95.133215][ C3] usb 6-1: yurex_control_callback - control failed: -2 [ 95.142195][ C3] usb 6-1: yurex_control_callback - control failed: -32 [ 95.153281][ T6044] usb 6-1: USB disconnect, device number 8 [ 95.156325][ T6044] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 95.251942][ T8079] qnx6: unable to set blocksize [ 95.260212][ T8081] qnx6: unable to set blocksize [ 95.261429][ T8073] team0 (unregistering): Port device team_slave_0 removed [ 95.270149][ T8073] team0 (unregistering): Port device team_slave_1 removed [ 95.466672][ T8089] netlink: 20 bytes leftover after parsing attributes in process `syz.0.618'. [ 95.469561][ T8089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.618'. [ 95.472382][ T8089] tipc: MTU too low for tipc bearer [ 95.683513][ T8097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.622'. [ 95.693264][ T5959] Bluetooth: hci4: command 0x1003 tx timeout [ 95.693325][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 95.756496][ T8101] hashlimit_mt_check_common: 1 callbacks suppressed [ 95.756553][ T8101] xt_hashlimit: size too large, truncated to 1048576 [ 95.762025][ T8101] syz.2.624: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 95.767079][ T8101] CPU: 3 UID: 0 PID: 8101 Comm: syz.2.624 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 95.767093][ T8101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.767099][ T8101] Call Trace: [ 95.767103][ T8101] [ 95.767107][ T8101] dump_stack_lvl+0x16c/0x1f0 [ 95.767143][ T8101] warn_alloc+0x248/0x3a0 [ 95.767158][ T8101] ? __pfx_warn_alloc+0x10/0x10 [ 95.767177][ T8101] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 95.767202][ T8101] ? __vmalloc_node_noprof+0xad/0xf0 [ 95.767216][ T8101] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 95.767232][ T8101] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 95.767245][ T8101] ? rcu_is_watching+0x12/0xc0 [ 95.767261][ T8101] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 95.767273][ T8101] ? __alloc_pages_noprof+0xb/0x1b0 [ 95.767285][ T8101] ? ___kmalloc_large_node+0x84/0x1e0 [ 95.767299][ T8101] __kvmalloc_node_noprof+0x30a/0x620 [ 95.767311][ T8101] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 95.767324][ T8101] ? net_generic+0xea/0x2a0 [ 95.767334][ T8101] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 95.767349][ T8101] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 95.767360][ T8101] hashlimit_mt_check_common+0x8bb/0x1460 [ 95.767377][ T8101] hashlimit_mt_check+0x71/0x90 [ 95.767388][ T8101] ? __pfx_hashlimit_mt_check+0x10/0x10 [ 95.767400][ T8101] xt_check_match+0x286/0xa50 [ 95.767411][ T8101] ? __schedule+0xef2/0x5de0 [ 95.767424][ T8101] ? __pfx_xt_check_match+0x10/0x10 [ 95.767437][ T8101] ? xt_find_target+0x1f2/0x290 [ 95.767449][ T8101] ? xt_find_match+0x1f6/0x290 [ 95.767463][ T8101] find_check_entry.constprop.0+0x34e/0xa20 [ 95.767479][ T8101] ? __pfx_find_check_entry.constprop.0+0x10/0x10 [ 95.767496][ T8101] ? kasan_quarantine_put+0x10a/0x240 [ 95.767513][ T8101] ? lockdep_hardirqs_on+0x7c/0x110 [ 95.767528][ T8101] ? kfree+0x2b4/0x4d0 [ 95.767539][ T8101] ? translate_table+0xc0e/0x17b0 [ 95.767552][ T8101] translate_table+0xd0b/0x17b0 [ 95.767569][ T8101] ? __pfx_translate_table+0x10/0x10 [ 95.767579][ T8101] ? xt_alloc_table_info+0x3e/0xa0 [ 95.767594][ T8101] do_ip6t_set_ctl+0x570/0xb00 [ 95.767605][ T8101] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 95.767619][ T8101] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 95.767632][ T8101] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 95.767654][ T8101] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 95.767666][ T8101] nf_setsockopt+0x8a/0xf0 [ 95.767677][ T8101] ipv6_setsockopt+0x135/0x170 [ 95.767689][ T8101] rawv6_setsockopt+0xc2/0x510 [ 95.767705][ T8101] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 95.767722][ T8101] ? selinux_socket_setsockopt+0x6a/0x80 [ 95.767739][ T8101] ? sock_common_setsockopt+0x2e/0xf0 [ 95.767756][ T8101] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 95.767773][ T8101] do_sock_setsockopt+0x221/0x470 [ 95.767789][ T8101] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 95.767813][ T8101] __sys_setsockopt+0x1a0/0x230 [ 95.767828][ T8101] __x64_sys_setsockopt+0xbd/0x160 [ 95.767840][ T8101] ? do_syscall_64+0x91/0x4c0 [ 95.767854][ T8101] ? lockdep_hardirqs_on+0x7c/0x110 [ 95.767867][ T8101] do_syscall_64+0xcd/0x4c0 [ 95.767882][ T8101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.767893][ T8101] RIP: 0033:0x7f46a478e929 [ 95.767901][ T8101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.767911][ T8101] RSP: 002b:00007f46a56de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 95.767921][ T8101] RAX: ffffffffffffffda RBX: 00007f46a49b5fa0 RCX: 00007f46a478e929 [ 95.767927][ T8101] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006 [ 95.767933][ T8101] RBP: 00007f46a4810b39 R08: 0000000000000588 R09: 0000000000000000 [ 95.767938][ T8101] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000 [ 95.767945][ T8101] R13: 0000000000000000 R14: 00007f46a49b5fa0 R15: 00007ffe952d7688 [ 95.767958][ T8101] [ 95.767994][ T8101] Mem-Info: [ 95.876550][ T8099] VFS: Lookup of 'file0' in fuse fuse would have caused loop [ 95.893030][ T8101] active_anon:13617 inactive_anon:0 isolated_anon:0 [ 95.893030][ T8101] active_file:6174 inactive_file:52301 isolated_file:0 [ 95.893030][ T8101] unevictable:1768 dirty:83 writeback:0 [ 95.893030][ T8101] slab_reclaimable:11882 slab_unreclaimable:71104 [ 95.893030][ T8101] mapped:25723 shmem:2415 pagetables:1416 [ 95.893030][ T8101] sec_pagetables:298 bounce:0 [ 95.893030][ T8101] kernel_misc_reclaimable:0 [ 95.893030][ T8101] free:445754 free_pcp:13146 free_cma:0 [ 95.893078][ T8101] Node 0 active_anon:54468kB inactive_anon:0kB active_file:24696kB inactive_file:208992kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:102880kB dirty:328kB writeback:0kB shmem:6124kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13136kB pagetables:5472kB sec_pagetables:1192kB all_unreclaimable? no Balloon:0kB [ 95.893120][ T8101] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:144kB pagetables:192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 95.893162][ T8101] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 95.966794][ T8101] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 95.966841][ T8101] Node 0 DMA32 free:158652kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:54488kB inactive_anon:0kB active_file:24696kB inactive_file:208992kB unevictable:3536kB writepending:328kB present:2080628kB managed:1264188kB mlocked:0kB bounce:0kB free_pcp:38176kB local_pcp:17928kB free_cma:0kB [ 95.980501][ T8101] lowmem_reserve[]: 0 0 0 0 0 [ 95.980539][ T8101] Node 1 Normal free:1608944kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:3536kB writepending:4kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:14844kB local_pcp:2432kB free_cma:0kB [ 95.980588][ T8101] lowmem_reserve[]: 0 0 0 0 0 [ 95.980622][ T8101] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 95.980726][ T8101] Node 0 DMA32: 901*4kB (UM) 767*8kB (UME) 309*16kB (UME) 457*32kB (UME) 155*64kB (UME) 31*128kB (UME) 13*256kB (ME) 13*512kB (ME) 9*1024kB (UME) 7*2048kB (UME) 20*4096kB (M) = 158652kB [ 95.980877][ T8101] Node 1 Normal: 4*4kB (UE) 8*8kB (UE) 20*16kB (UE) 33*32kB (UME) 21*64kB (UME) 12*128kB (UME) 0*256kB 4*512kB (ME) 1*1024kB (E) 2*2048kB (UM) 390*4096kB (M) = 1608944kB [ 95.981028][ T8101] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 95.981041][ T8101] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 95.981057][ T8101] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 95.981072][ T8101] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 95.981088][ T8101] 60869 total pagecache pages [ 95.981095][ T8101] 0 pages in swap cache [ 96.023024][ T8101] Free swap = 124996kB [ 96.023031][ T8101] Total swap = 124996kB [ 96.023037][ T8101] 1048443 pages RAM [ 96.023041][ T8101] 0 pages HighMem/MovableOnly [ 96.023045][ T8101] 283067 pages reserved [ 96.023048][ T8101] 0 pages cma reserved [ 96.342410][ T8135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.627'. [ 96.414856][ T8139] program syz.3.628 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 96.508625][ T8151] netlink: 8 bytes leftover after parsing attributes in process `syz.2.631'. [ 96.540902][ T8143] IPv6: sit1: Disabled Multicast RS [ 96.609464][ T8160] netlink: 'syz.2.634': attribute type 10 has an invalid length. [ 96.655176][ T8165] NILFS (nbd2): device size too small [ 96.664320][ T8165] NILFS (nbd2): device size too small [ 96.720340][ T8173] netlink: 'syz.3.637': attribute type 1 has an invalid length. [ 96.770129][ T8177] xfrm0 speed is unknown, defaulting to 1000 [ 96.814576][ T8181] tipc: Enabling not permitted [ 96.816415][ T8181] tipc: Enabling of bearer rejected, failed to enable media [ 96.853501][ T8181] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2497854787 (2497854787 ns) > initial count (677988424 ns). Using initial count to start timer. [ 96.879148][ T8185] netlink: 'syz.1.640': attribute type 1 has an invalid length. [ 96.923047][ T8185] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 96.936594][ T8185] geneve2: entered promiscuous mode [ 96.938359][ T8185] geneve2: entered allmulticast mode [ 96.947827][ T8185] 8021q: adding VLAN 0 to HW filter on device bond1 [ 96.952000][ T46] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 97.084934][ T1237] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 97.157248][ T8206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.647'. [ 97.157265][ T8207] netlink: 24 bytes leftover after parsing attributes in process `syz.1.647'. [ 97.174144][ T8209] netlink: 20 bytes leftover after parsing attributes in process `syz.2.649'. [ 97.310280][ T8213] kvm: Disabled LAPIC found during irq injection [ 97.329926][ T8225] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 97.342107][ T8225] btrfs: Unknown parameter 'discard9$&0 [ 97.342107][ T8225] Cpi {a?{qS|SG%!Jt8`$ꣃ-k߹qPrԵX\D [ 97.342107][ T8225] G' [ 97.420085][ T8233] /dev/nullb0: Can't open blockdev [ 97.520206][ T8246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.657'. [ 97.524144][ T8245] tmpfs: Bad value for 'mpol' [ 97.532649][ T8250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.658'. [ 97.545715][ T8250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.658'. [ 97.551130][ T8250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.658'. [ 97.671504][ T8259] fuse: Bad value for 'group_id' [ 97.675996][ T8259] fuse: Bad value for 'group_id' [ 97.814970][ T8267] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.818059][ T8267] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.820829][ T8267] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.824743][ T8267] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.849760][ T8269] ipt_REJECT: ECHOREPLY no longer supported. [ 97.910637][ T8276] x_tables: duplicate underflow at hook 3 [ 97.915511][ T8276] x_tables: duplicate underflow at hook 1 [ 97.928070][ T8275] IPv6: NLM_F_CREATE should be specified when creating new route [ 97.956584][ T8279] hpfs: hpfs_map_sector(): read error [ 97.985338][ T8282] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 98.272855][ T836] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 98.423066][ T836] usb 6-1: Using ep0 maxpacket: 8 [ 98.427287][ T836] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 98.430557][ T836] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 98.433876][ T836] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 98.437346][ T836] usb 6-1: config 250 has no interface number 0 [ 98.439807][ T836] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 98.444321][ T836] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 98.448225][ T836] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 98.452050][ T836] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 98.457263][ T836] usb 6-1: config 250 interface 228 has no altsetting 0 [ 98.461578][ T836] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 98.465718][ T836] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 98.468944][ T836] usb 6-1: Product: syz [ 98.470694][ T836] usb 6-1: SerialNumber: syz [ 98.478385][ T836] hub 6-1:250.228: bad descriptor, ignoring hub [ 98.480819][ T836] hub 6-1:250.228: probe with driver hub failed with error -5 [ 98.678680][ T836] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 9 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 98.734057][ T8308] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 98.834459][ T8322] mkiss: ax0: crc mode is auto. [ 98.956859][ C0] usblp0: nonzero read bulk status received: -71 [ 98.985800][ T29] usb 6-1: USB disconnect, device number 9 [ 98.990390][ T29] usblp0: removed [ 99.132954][ T6108] usb 8-1: new full-speed USB device number 16 using dummy_hcd [ 99.251338][ T40] kauditd_printk_skb: 177 callbacks suppressed [ 99.251348][ T40] audit: type=1800 audit(1752155330.212:925): pid=8354 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.691" name="[kvm-gmem]" dev="anon_inodefs" ino=23908 res=0 errno=0 [ 99.284957][ T6108] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 99.289442][ T6108] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 99.293609][ T6108] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 99.300808][ T6108] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.304697][ T6108] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 99.307936][ T6108] usb 8-1: SerialNumber: syz [ 99.312622][ T8326] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 99.325370][ T6108] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22 [ 99.359261][ T40] audit: type=1400 audit(1752155330.322:926): avc: denied { map } for pid=8355 comm="syz.2.692" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 99.373272][ T40] audit: type=1400 audit(1752155330.322:927): avc: denied { execute } for pid=8355 comm="syz.2.692" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 99.418565][ T40] audit: type=1400 audit(1752155330.382:928): avc: denied { unmount } for pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 99.502449][ T40] audit: type=1400 audit(1752155330.462:929): avc: denied { create } for pid=8359 comm="syz.0.695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 99.521712][ T61] usb 8-1: USB disconnect, device number 16 [ 99.651041][ T40] audit: type=1400 audit(1752155330.612:930): avc: denied { write } for pid=8364 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 99.659024][ T40] audit: type=1400 audit(1752155330.612:931): avc: denied { nlmsg_write } for pid=8364 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 99.688184][ T8367] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0 [ 99.701581][ T1237] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.713200][ T1237] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.807659][ T1237] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.809094][ T40] audit: type=1400 audit(1752155330.772:932): avc: denied { execute } for pid=8368 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 99.810922][ T1237] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.823191][ T40] audit: type=1400 audit(1752155330.772:933): avc: denied { execute_no_trans } for pid=8368 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 99.887015][ T1237] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.890066][ T1237] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.908887][ T40] audit: type=1400 audit(1752155330.872:934): avc: denied { ioctl } for pid=8371 comm="syz.0.701" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=22823 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 99.926613][ T5959] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 99.930020][ T5959] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 99.933809][ T5959] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 99.939776][ T5959] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 99.952646][ T5959] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 99.957682][ T1237] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.960876][ T1237] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.984722][ T8373] xfrm0 speed is unknown, defaulting to 1000 [ 100.017481][ T8380] block device autoloading is deprecated and will be removed. [ 100.099329][ T8373] chnl_net:caif_netlink_parms(): no params data found [ 100.194849][ T1237] bridge_slave_1: left allmulticast mode [ 100.197138][ T1237] bridge_slave_1: left promiscuous mode [ 100.199694][ T1237] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.210809][ T1237] bridge_slave_0: left allmulticast mode [ 100.212652][ T1237] bridge_slave_0: left promiscuous mode [ 100.216040][ T1237] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.741790][ T1237] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.746377][ T1237] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 100.749973][ T1237] bond0 (unregistering): Released all slaves [ 100.770386][ T8373] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.772674][ T8373] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.775220][ T8373] bridge_slave_0: entered allmulticast mode [ 100.777824][ T8373] bridge_slave_0: entered promiscuous mode [ 100.813826][ T8373] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.816157][ T8373] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.818647][ T8373] bridge_slave_1: entered allmulticast mode [ 100.821259][ T8373] bridge_slave_1: entered promiscuous mode [ 100.878710][ T8373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.883491][ T8373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.946093][ T8416] netlink: 'syz.3.710': attribute type 10 has an invalid length. [ 100.948797][ T8373] team0: Port device team_slave_0 added [ 100.954314][ T8373] team0: Port device team_slave_1 added [ 100.960158][ T8416] 9pnet_virtio: no channels available for device syz [ 100.967023][ T8419] __nla_validate_parse: 67 callbacks suppressed [ 100.967033][ T8419] netlink: 32 bytes leftover after parsing attributes in process `syz.0.711'. [ 101.006122][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.008766][ T8423] netlink: 24 bytes leftover after parsing attributes in process `syz.0.713'. [ 101.008971][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.009007][ T8373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.046521][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.049414][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.062137][ T8373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.093905][ T1237] batman_adv: batadv0: Interface deactivated: macvtap1 [ 101.097613][ T1237] mac80211_hwsim hwsim4 wlan0 (unregistering): left allmulticast mode [ 101.119850][ T1237] batman_adv: batadv0: Removing interface: macvtap1 [ 101.276304][ T8373] hsr_slave_0: entered promiscuous mode [ 101.278968][ T8373] hsr_slave_1: entered promiscuous mode [ 101.281323][ T8373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.284652][ T8373] Cannot create hsr debugfs directory [ 101.333009][ T1237] hsr_slave_0: left promiscuous mode [ 101.344677][ T1237] hsr_slave_1: left promiscuous mode [ 101.346978][ T1237] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.349472][ T1237] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.364241][ T1237] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.367104][ T1237] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.400769][ T1237] veth1_macvtap: left promiscuous mode [ 101.404546][ T1237] veth1_vlan: left promiscuous mode [ 101.406806][ T1237] veth0_vlan: left promiscuous mode [ 101.720874][ T8466] QAT: Device 9 not found [ 101.729721][ T8466] QAT: Invalid ioctl 1342215170 [ 101.812917][ T836] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 101.814966][ T8468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.725'. [ 101.819379][ T8468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.725'. [ 101.823349][ T8468] netlink: 'syz.3.725': attribute type 20 has an invalid length. [ 101.928887][ T5955] block nbd0: Receive control failed (result -11) [ 101.987307][ T836] usb 6-1: Using ep0 maxpacket: 32 [ 101.991205][ T836] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 101.995748][ T836] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 101.999198][ T836] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 102.002192][ T836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 102.005891][ T836] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 102.009101][ T836] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 102.013491][ T836] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 102.013542][ T5955] Bluetooth: hci2: command tx timeout [ 102.016606][ T836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.019312][ T836] usb 6-1: config 0 descriptor?? [ 102.130903][ T1237] team0 (unregistering): Port device team_slave_1 removed [ 102.160399][ T8480] binder: 8477:8480 ioctl 5387 2000000001c0 returned -22 [ 102.220347][ T1237] team0 (unregistering): Port device team_slave_0 removed [ 102.221086][ T8457] i2c i2c-1: Invalid block write size 34 [ 102.229569][ T8483] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 102.239672][ T836] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 102.247177][ T836] usb 6-1: USB disconnect, device number 10 [ 102.257937][ T836] usblp0: removed [ 102.676692][ T6044] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 102.803764][ T6044] usb 6-1: device descriptor read/64, error -71 [ 102.918494][ T8493] netlink: 'syz.3.732': attribute type 5 has an invalid length. [ 103.039341][ T8373] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 103.043040][ T6044] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 103.047490][ T8373] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 103.056638][ T8373] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 103.069946][ T8373] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 103.141561][ T8373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.157403][ T8373] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.163928][ T8397] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.167111][ T8397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.175761][ T6044] usb 6-1: device descriptor read/64, error -71 [ 103.179392][ T8397] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.182246][ T8397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.206538][ T8519] misc userio: Begin command sent, but we're already running [ 103.283731][ T6044] usb usb6-port1: attempt power cycle [ 103.388146][ T8373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.618389][ T8373] veth0_vlan: entered promiscuous mode [ 103.627396][ T8373] veth1_vlan: entered promiscuous mode [ 103.635591][ T6044] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 103.653667][ T6044] usb 6-1: device descriptor read/8, error -71 [ 103.666269][ T8373] veth0_macvtap: entered promiscuous mode [ 103.671533][ T8373] veth1_macvtap: entered promiscuous mode [ 103.686973][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.695584][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.701801][ T8373] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.706552][ T8373] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.710063][ T8373] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.713614][ T8373] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.784428][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.786901][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.818231][ T8397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.822231][ T8397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.892927][ T6044] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 103.923136][ T6044] usb 6-1: device descriptor read/8, error -71 [ 104.033072][ T6044] usb usb6-port1: unable to enumerate USB device [ 104.103017][ T5955] Bluetooth: hci2: command tx timeout [ 104.146610][ T8575] netlink: 88 bytes leftover after parsing attributes in process `syz.3.741'. [ 104.593118][ T6020] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 104.628140][ T40] kauditd_printk_skb: 56 callbacks suppressed [ 104.628156][ T40] audit: type=1400 audit(1752155335.592:991): avc: denied { mount } for pid=8605 comm="syz.1.746" name="/" dev="autofs" ino=25920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 104.653727][ T40] audit: type=1400 audit(1752155335.622:992): avc: denied { unmount } for pid=5964 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 104.746460][ T6020] usb 8-1: config index 0 descriptor too short (expected 9, got 0) [ 104.749851][ T6020] usb 8-1: can't read configurations, error -22 [ 104.755454][ T8614] netlink: 32 bytes leftover after parsing attributes in process `syz.0.748'. [ 104.895575][ T6020] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 104.899031][ T40] audit: type=1400 audit(1752155335.862:993): avc: denied { getopt } for pid=8624 comm="syz.0.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 104.935524][ T40] audit: type=1400 audit(1752155335.902:994): avc: denied { accept } for pid=8631 comm="syz.0.751" lport=52096 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 104.943972][ T40] audit: type=1400 audit(1752155335.902:995): avc: denied { listen } for pid=8631 comm="syz.0.751" lport=52096 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 104.954843][ T40] audit: type=1400 audit(1752155335.902:996): avc: denied { setopt } for pid=8631 comm="syz.0.751" lport=52096 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 104.974354][ T40] audit: type=1400 audit(1752155335.942:997): avc: denied { read } for pid=8619 comm="syz.1.749" path="/171/file0/cpu.stat" dev="9p" ino=35913977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 104.984505][ T40] audit: type=1400 audit(1752155335.942:998): avc: denied { write } for pid=8619 comm="syz.1.749" name="bus" dev="9p" ino=35913978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 105.064730][ T6020] usb 8-1: config index 0 descriptor too short (expected 9, got 0) [ 105.067389][ T6020] usb 8-1: can't read configurations, error -22 [ 105.069490][ T6020] usb usb8-port1: attempt power cycle [ 105.070526][ T40] audit: type=1400 audit(1752155336.032:999): avc: denied { name_bind } for pid=8640 comm="syz.0.752" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 105.129272][ T8644] geneve2: entered promiscuous mode [ 105.131525][ T8644] geneve2: entered allmulticast mode [ 105.237071][ T8646] tmpfs: Unknown parameter 'nS +rJinod' [ 105.254856][ T8646] xfrm0 speed is unknown, defaulting to 1000 [ 105.295952][ T8650] input: syz1 as /devices/virtual/input/input16 [ 105.303047][ T40] audit: type=1400 audit(1752155336.262:1000): avc: denied { read } for pid=5349 comm="acpid" name="event4" dev="devtmpfs" ino=3127 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 105.402912][ T6020] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 105.426956][ T6020] usb 8-1: config index 0 descriptor too short (expected 9, got 0) [ 105.430146][ T6020] usb 8-1: can't read configurations, error -22 [ 105.565714][ T6020] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 105.585740][ T6020] usb 8-1: config index 0 descriptor too short (expected 9, got 0) [ 105.588256][ T6020] usb 8-1: can't read configurations, error -22 [ 105.591949][ T6020] usb usb8-port1: unable to enumerate USB device [ 106.062902][ T61] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 106.172907][ T5955] Bluetooth: hci2: command tx timeout [ 106.244353][ T61] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.247962][ T61] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 106.255840][ T61] usb 6-1: New USB device found, idVendor=494f, idProduct=7e69, bcdDevice=51.78 [ 106.258899][ T61] usb 6-1: New USB device strings: Mfr=123, Product=174, SerialNumber=30 [ 106.261752][ T61] usb 6-1: Product: syz [ 106.263572][ T61] usb 6-1: Manufacturer: syz [ 106.265125][ T61] usb 6-1: SerialNumber: syz [ 106.268466][ T61] usb 6-1: config 0 descriptor?? [ 106.766882][ T61] usb 6-1: USB disconnect, device number 15 [ 106.830401][ T8668] netlink: 48 bytes leftover after parsing attributes in process `syz.0.757'. [ 106.865680][ T8670] trusted_key: syz.0.758 sent an empty control message without MSG_MORE. [ 106.870535][ T8670] tmpfs: Unknown parameter ']uota' [ 107.372211][ T8684] /dev/nullb0: Can't open blockdev [ 107.544601][ T8697] syz.3.764: attempt to access beyond end of device [ 107.544601][ T8697] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 107.549959][ T8697] exFAT-fs (nbd3): unable to read boot sector [ 107.552523][ T8697] exFAT-fs (nbd3): failed to read boot sector [ 107.555121][ T8697] exFAT-fs (nbd3): failed to recognize exfat type [ 107.602470][ T8699] xfrm0 speed is unknown, defaulting to 1000 [ 108.034724][ T8711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.771'. [ 108.235121][ T8715] Scaler: ================= START STATUS ================= [ 108.235637][ T8717] Scaler: ================= START STATUS ================= [ 108.238185][ T8715] Scaler: ================== END STATUS ================== [ 108.240446][ T8717] Scaler: ================== END STATUS ================== [ 108.264537][ T8719] syz.3.773: attempt to access beyond end of device [ 108.264537][ T8719] loop3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 108.269803][ T8719] MINIX-fs: unable to read superblock [ 108.319013][ T8725] xt_CT: You must specify a L4 protocol and not use inversions on it [ 108.469279][ T8740] overlayfs: missing 'lowerdir' [ 108.480508][ T8731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.555461][ T8748] netlink: 4 bytes leftover after parsing attributes in process `syz.1.778'. [ 108.555598][ T8747] overlayfs: failed to decode file handle (len=9, type=0, flags=0, err=-22) [ 108.571145][ T8748] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.574218][ T8748] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.577092][ T8748] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.579840][ T8748] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.584744][ T8748] vxlan0: entered promiscuous mode [ 108.916470][ T8771] xt_CT: You must specify a L4 protocol and not use inversions on it [ 108.989395][ T8775] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8775 comm=syz.3.789 [ 108.995026][ T8775] netlink: 36 bytes leftover after parsing attributes in process `syz.3.789'. [ 109.042215][ T8777] autofs4:pid:8777:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1986356271.1668118063), cmd(0xc018937d) [ 109.047120][ T8777] autofs4:pid:8777:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937d) [ 109.313587][ T8793] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8793 comm=syz.1.793 [ 109.321493][ T8793] program syz.1.793 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.437003][ T8806] xt_CT: You must specify a L4 protocol and not use inversions on it [ 109.447024][ T8803] netlink: 28 bytes leftover after parsing attributes in process `syz.0.796'. [ 109.450444][ T8803] netlink: 28 bytes leftover after parsing attributes in process `syz.0.796'. [ 109.458607][ T8803] gretap0: entered promiscuous mode [ 109.461695][ T8803] gretap0: left promiscuous mode [ 109.497886][ T8810] overlay: filesystem on ./bus not supported as upperdir [ 109.547717][ T8818] erspan0: entered promiscuous mode [ 109.648733][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 109.648745][ T40] audit: type=1400 audit(1752155340.612:1030): avc: denied { watch } for pid=8829 comm="syz.0.805" path="/220/file0" dev="tmpfs" ino=1189 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 109.693039][ T40] audit: type=1400 audit(1752155340.612:1031): avc: denied { watch_sb watch_reads } for pid=8829 comm="syz.0.805" path="/220/file0" dev="tmpfs" ino=1189 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 109.714395][ T8840] i2c i2c-1: Invalid block write size 34 [ 109.834600][ T8851] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8851 comm=syz.4.807 [ 109.846037][ T8850] can0: slcan on ptm0. [ 109.892009][ T8857] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 109.921738][ T8849] can0 (unregistered): slcan off ptm0. [ 109.925132][ T40] audit: type=1400 audit(1752155340.892:1032): avc: denied { write } for pid=8846 comm="syz.3.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 109.931646][ T40] audit: type=1400 audit(1752155340.892:1033): avc: denied { getopt } for pid=8846 comm="syz.3.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 109.935932][ T8847] syz.3.808: attempt to access beyond end of device [ 109.935932][ T8847] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 109.950561][ T8847] syz.3.808: attempt to access beyond end of device [ 109.950561][ T8847] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 109.957633][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 109.962490][ T8847] syz.3.808: attempt to access beyond end of device [ 109.962490][ T8847] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 109.968637][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 109.972903][ T8863] netlink: 8 bytes leftover after parsing attributes in process `syz.0.813'. [ 109.977206][ T8847] syz.3.808: attempt to access beyond end of device [ 109.977206][ T8847] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 109.981153][ T8847] syz.3.808: attempt to access beyond end of device [ 109.981153][ T8847] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 109.987931][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 109.991787][ T8847] syz.3.808: attempt to access beyond end of device [ 109.991787][ T8847] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 109.996683][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 110.001220][ T8847] syz.3.808: attempt to access beyond end of device [ 110.001220][ T8847] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 110.007331][ T8847] syz.3.808: attempt to access beyond end of device [ 110.007331][ T8847] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 110.012539][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 110.017013][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 110.021379][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 110.033523][ T8847] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 110.037340][ T8847] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 110.086524][ T8877] netlink: 4 bytes leftover after parsing attributes in process `syz.1.816'. [ 110.089043][ T8878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.816'. [ 110.093999][ T8871] 8021q: adding VLAN 0 to HW filter on device bond2 [ 110.168025][ T8889] netlink: 8 bytes leftover after parsing attributes in process `syz.4.818'. [ 110.220254][ T8877] hsr_slave_1 (unregistering): left promiscuous mode [ 110.228238][ T8893] xt_CT: You must specify a L4 protocol and not use inversions on it [ 110.275674][ T40] audit: type=1400 audit(1752155341.242:1034): avc: denied { getopt } for pid=8895 comm="syz.4.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 110.281929][ T40] audit: type=1400 audit(1752155341.242:1035): avc: denied { write } for pid=8895 comm="syz.4.820" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 110.296504][ T8896] netlink: 'syz.4.820': attribute type 10 has an invalid length. [ 110.329805][ T8896] team0: Port device wlan1 added [ 110.358179][ T40] audit: type=1400 audit(1752155341.322:1036): avc: denied { accept } for pid=8901 comm="syz.1.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 110.366023][ T8902] netlink: 'syz.1.822': attribute type 7 has an invalid length. [ 110.366185][ T40] audit: type=1400 audit(1752155341.332:1037): avc: denied { shutdown } for pid=8901 comm="syz.1.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 110.377165][ T40] audit: type=1400 audit(1752155341.342:1038): avc: denied { write } for pid=8901 comm="syz.1.822" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 110.379677][ T8904] /dev/sg0: Can't lookup blockdev [ 110.409765][ T40] audit: type=1400 audit(1752155341.372:1039): avc: denied { ioctl } for pid=8903 comm="syz.0.823" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4602 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 110.449908][ T8910] bpf: Bad value for 'mode' [ 110.602391][ T8921] xt_CT: You must specify a L4 protocol and not use inversions on it [ 110.652245][ T8929] program syz.0.830 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.708605][ T8938] program syz.0.830 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.792633][ T8948] SELinux: security_context_str_to_sid (5] S9q#) failed with errno=-22 [ 110.878501][ T8972] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 110.953521][ T8978] No such timeout policy "syz0" [ 111.016038][ T8978] evm: overlay not supported [ 111.120842][ T9004] loop2: detected capacity change from 0 to 7 [ 111.128739][ T5957] Dev loop2: unable to read RDB block 7 [ 111.130622][ T5957] loop2: AHDI p1 p2 p3 p4 [ 111.132003][ T5957] loop2: partition table partially beyond EOD, truncated [ 111.136505][ T5957] loop2: p1 start 1601398130 is beyond EOD, truncated [ 111.138682][ T5957] loop2: p2 start 1702059890 is beyond EOD, truncated [ 111.140751][ T5957] loop2: p3 size 150995200 extends beyond EOD, truncated [ 111.157030][ T9004] Dev loop2: unable to read RDB block 7 [ 111.159123][ T9004] loop2: AHDI p1 p2 p3 p4 [ 111.160987][ T9004] loop2: partition table partially beyond EOD, truncated [ 111.164952][ T9004] loop2: p1 start 1601398130 is beyond EOD, truncated [ 111.167816][ T9004] loop2: p2 start 1702059890 is beyond EOD, truncated [ 111.170723][ T9004] loop2: p3 size 150995200 extends beyond EOD, truncated [ 111.234822][ T5957] udevd[5957]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 111.327281][ T9027] xt_CT: You must specify a L4 protocol and not use inversions on it [ 111.385335][ T9035] /dev/nullb0: Can't open blockdev [ 111.623701][ T5959] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 111.626828][ T5959] Bluetooth: hci2: Injecting HCI hardware error event [ 111.736563][ T9057] 9pnet_fd: Insufficient options for proto=fd [ 112.129267][ T9075] 9p: Unknown access argument sERߗ=\ըW ŧW(@mmpG [ 117.408803][ T9337] dump_stack_lvl+0x16c/0x1f0 [ 117.408837][ T9337] warn_alloc+0x248/0x3a0 [ 117.408853][ T9337] ? __pfx_warn_alloc+0x10/0x10 [ 117.408871][ T9337] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 117.408882][ T9337] ? __vmalloc_node_noprof+0xad/0xf0 [ 117.408895][ T9337] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 117.408911][ T9337] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 117.408924][ T9337] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 117.408940][ T9337] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 117.408950][ T9337] vmalloc_user_noprof+0x9e/0xe0 [ 117.408961][ T9337] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 117.408972][ T9337] vb2_vmalloc_alloc+0x135/0x3f0 [ 117.408982][ T9337] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 117.408992][ T9337] __vb2_queue_alloc+0x8c9/0x1280 [ 117.409015][ T9337] vb2_core_reqbufs+0xa90/0xfe0 [ 117.409028][ T9337] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 117.409037][ T9337] ? __pfx___mutex_trylock_common+0x10/0x10 [ 117.409048][ T9337] ? __pfx___might_resched+0x10/0x10 [ 117.409064][ T9337] ? trace_contention_end+0xdd/0x130 [ 117.409074][ T9337] ? __mutex_lock+0x1ca/0xb90 [ 117.409090][ T9337] vb2_reqbufs+0x1a3/0x1f0 [ 117.409104][ T9337] ? __pfx_vb2_reqbufs+0x10/0x10 [ 117.409117][ T9337] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 117.409134][ T9337] ? kasan_quarantine_put+0x10a/0x240 [ 117.409146][ T9337] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.409160][ T9337] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 117.409177][ T9337] v4l_reqbufs+0x152/0x1e0 [ 117.409189][ T9337] __video_do_ioctl+0xb3d/0xfc0 [ 117.409204][ T9337] ? __might_fault+0xe3/0x190 [ 117.409218][ T9337] ? __pfx___video_do_ioctl+0x10/0x10 [ 117.409235][ T9337] video_usercopy+0x4cd/0x1720 [ 117.409250][ T9337] ? __pfx___video_do_ioctl+0x10/0x10 [ 117.409262][ T9337] ? selinux_kernel_read_file+0x80/0x130 [ 117.409280][ T9337] ? __pfx_video_usercopy+0x10/0x10 [ 117.409302][ T9337] v4l2_ioctl+0x1ba/0x250 [ 117.409314][ T9337] ? __pfx_v4l2_ioctl+0x10/0x10 [ 117.409327][ T9337] __x64_sys_ioctl+0x18b/0x210 [ 117.409340][ T9337] do_syscall_64+0xcd/0x4c0 [ 117.409368][ T9337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.409379][ T9337] RIP: 0033:0x7f99dd58e929 [ 117.409388][ T9337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.409398][ T9337] RSP: 002b:00007f99de34c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 117.409407][ T9337] RAX: ffffffffffffffda RBX: 00007f99dd7b5fa0 RCX: 00007f99dd58e929 [ 117.409413][ T9337] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 000000000000000d [ 117.409419][ T9337] RBP: 00007f99dd610b39 R08: 0000000000000000 R09: 0000000000000000 [ 117.409425][ T9337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.409431][ T9337] R13: 0000000000000000 R14: 00007f99dd7b5fa0 R15: 00007fffa9bc1618 [ 117.409444][ T9337] [ 117.409481][ T9337] Mem-Info: [ 117.511959][ T9337] active_anon:12843 inactive_anon:0 isolated_anon:0 [ 117.511959][ T9337] active_file:6538 inactive_file:51099 isolated_file:0 [ 117.511959][ T9337] unevictable:1768 dirty:47 writeback:0 [ 117.511959][ T9337] slab_reclaimable:12170 slab_unreclaimable:73413 [ 117.511959][ T9337] mapped:24889 shmem:2428 pagetables:1310 [ 117.511959][ T9337] sec_pagetables:298 bounce:0 [ 117.511959][ T9337] kernel_misc_reclaimable:0 [ 117.511959][ T9337] free:441276 free_pcp:16103 free_cma:0 [ 117.527408][ T9337] Node 0 active_anon:51372kB inactive_anon:0kB active_file:26152kB inactive_file:204184kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:99556kB dirty:184kB writeback:0kB shmem:6176kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12880kB pagetables:5048kB sec_pagetables:1192kB all_unreclaimable? no Balloon:0kB [ 117.538213][ T9337] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:144kB pagetables:192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 117.548534][ T9337] Node 0 DMA free:14780kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:212kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:332kB local_pcp:156kB free_cma:0kB [ 117.557951][ T9337] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 117.559824][ T9337] Node 0 DMA32 free:144032kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:51344kB inactive_anon:0kB active_file:25940kB inactive_file:204188kB unevictable:3536kB writepending:100kB present:2080628kB managed:1264188kB mlocked:0kB bounce:0kB free_pcp:44292kB local_pcp:12776kB free_cma:0kB [ 117.570170][ T9337] lowmem_reserve[]: 0 0 0 0 0 [ 117.571725][ T9337] Node 1 Normal free:1605944kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:3536kB writepending:4kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:22400kB local_pcp:2912kB free_cma:0kB [ 117.582154][ T9337] lowmem_reserve[]: 0 0 0 0 0 [ 117.583926][ T9337] Node 0 DMA: 2*4kB (UM) 5*8kB (UM) 4*16kB (UME) 7*32kB (UME) 6*64kB (UME) 4*128kB (UME) 1*256kB (E) 4*512kB (UME) 3*1024kB (ME) 2*2048kB (ME) 1*4096kB (M) = 14800kB [ 117.589700][ T9337] Node 0 DMA32: 2545*4kB (UME) 804*8kB (UME) 601*16kB (UME) 887*32kB (UME) 297*64kB (UME) 86*128kB (UM) 52*256kB (UM) 38*512kB (UM) 14*1024kB (UM) 6*2048kB (M) 0*4096kB = 144020kB [ 117.595535][ T9337] Node 1 Normal: 4*4kB (UE) 11*8kB (UME) 23*16kB (UE) 51*32kB (UME) 26*64kB (UME) 13*128kB (UME) 0*256kB 4*512kB (ME) 1*1024kB (E) 2*2048kB (UM) 389*4096kB (M) = 1605944kB [ 117.601053][ T9337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 117.604515][ T9337] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 117.607454][ T9337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 117.610524][ T9337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 117.613754][ T9337] 60066 total pagecache pages [ 117.615287][ T9337] 0 pages in swap cache [ 117.616706][ T9337] Free swap = 124996kB [ 117.618038][ T9337] Total swap = 124996kB [ 117.619392][ T9337] 1048443 pages RAM [ 117.620661][ T9337] 0 pages HighMem/MovableOnly [ 117.622238][ T9337] 283067 pages reserved [ 117.623653][ T9337] 0 pages cma reserved [ 117.690344][ T9350] netlink: 'syz.4.946': attribute type 1 has an invalid length. [ 117.713788][ T9350] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 117.923947][ T9379] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffc) [ 117.932255][ T5959] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 117.966668][ T9385] CIFS mount error: No usable UNC path provided in device string! [ 117.966668][ T9385] [ 117.971887][ T9385] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 118.100613][ T9393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.959'. [ 118.103464][ T9393] netlink: 12 bytes leftover after parsing attributes in process `syz.0.959'. [ 118.106263][ T9393] netlink: 'syz.0.959': attribute type 12 has an invalid length. [ 118.175797][ T9400] i2c i2c-1: Invalid block write size 34 [ 118.230066][ T9402] netlink: 24 bytes leftover after parsing attributes in process `syz.1.960'. [ 118.384748][ T9314] cdc_wdm 8-1:1.0: Error autopm - -16 [ 118.384852][ T29] usb 8-1: USB disconnect, device number 22 [ 118.387942][ T9406] netlink: 'syz.4.962': attribute type 1 has an invalid length. [ 118.411504][ T9406] 8021q: adding VLAN 0 to HW filter on device bond1 [ 118.461739][ T9406] bond1: (slave veth3): Enslaving as an active interface with a down link [ 118.488575][ T9406] bond1: (slave veth0_to_bond): making interface the new active one [ 118.492387][ T9406] veth0_to_bond: entered promiscuous mode [ 118.497655][ T9406] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 118.525036][ T9406] netlink: 'syz.4.962': attribute type 11 has an invalid length. [ 118.543493][ T29] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 118.604959][ T9415] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 118.637778][ T9417] syz_tun: entered allmulticast mode [ 118.644973][ T9416] syz_tun: left allmulticast mode [ 118.726644][ T29] usb 8-1: unable to get BOS descriptor or descriptor too short [ 118.731719][ T29] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 118.742704][ T29] usb 8-1: can't read configurations, error -71 [ 118.883967][ T9441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.886731][ T9441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.143172][ T112] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 119.273173][ T112] usb 9-1: device descriptor read/64, error -71 [ 119.436297][ T9473] comedi comedi1: comedi_config --init_data is deprecated [ 119.439025][ T9473] netlink: 20 bytes leftover after parsing attributes in process `syz.3.982'. [ 119.516157][ T9480] ata1.00: invalid cdb length 6 [ 119.531899][ T9484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.987'. [ 119.534298][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'. [ 119.534917][ T112] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 119.542035][ T9484] input: syz1 as /devices/virtual/input/input21 [ 119.548972][ T9484] netlink: 'syz.0.987': attribute type 2 has an invalid length. [ 119.553365][ T9484] netlink: 'syz.0.987': attribute type 1 has an invalid length. [ 119.555861][ T9484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.987'. [ 119.678488][ T112] usb 9-1: device descriptor read/64, error -71 [ 119.725400][ T9505] tipc: Started in network mode [ 119.727009][ T9505] tipc: Node identity ac1414aa, cluster identity 4711 [ 119.730067][ T9505] tipc: Enabled bearer , priority 10 [ 119.798640][ T112] usb usb9-port1: attempt power cycle [ 119.854591][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.993'. [ 119.858443][ C0] Unknown status report in ack skb [ 120.159798][ T112] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 120.182434][ T112] usb 9-1: device descriptor read/8, error -71 [ 120.410938][ T9482] ================================================================== [ 120.413611][ T9482] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60 [ 120.416259][ T9482] Read of size 1 at addr ffff888025b264b0 by task syz.1.985/9482 [ 120.420406][ T9482] [ 120.421582][ T9482] CPU: 3 UID: 0 PID: 9482 Comm: syz.1.985 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 120.421607][ T9482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.421614][ T9482] Call Trace: [ 120.421618][ T9482] [ 120.421623][ T9482] dump_stack_lvl+0x116/0x1f0 [ 120.421641][ T9482] print_report+0xcd/0x680 [ 120.421656][ T9482] ? __virt_addr_valid+0x81/0x610 [ 120.421670][ T9482] ? __phys_addr+0xe8/0x180 [ 120.421682][ T9482] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 120.421694][ T9482] kasan_report+0xe0/0x110 [ 120.421708][ T9482] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 120.421722][ T9482] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 120.421735][ T9482] __kasan_check_byte+0x36/0x50 [ 120.421749][ T9482] lock_acquire+0xfc/0x350 [ 120.421759][ T9482] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 120.421772][ T9482] ? find_held_lock+0x2b/0x80 [ 120.421791][ T9482] _raw_spin_lock_irqsave+0x3a/0x60 [ 120.421809][ T9482] ? remove_wait_queue+0x25/0x180 [ 120.421831][ T9482] remove_wait_queue+0x25/0x180 [ 120.421849][ T9482] poll_freewait+0xd5/0x250 [ 120.421881][ T9482] do_select+0xe52/0x17e0 [ 120.421899][ T9482] ? __pfx_do_select+0x10/0x10 [ 120.421918][ T9482] ? psi_task_switch+0x2c1/0x8e0 [ 120.421935][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.421947][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.421960][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.421986][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.422020][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.422043][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.422056][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.422070][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.422083][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.422097][ T9482] ? find_held_lock+0x2b/0x80 [ 120.422119][ T9482] ? __might_fault+0xe3/0x190 [ 120.422137][ T9482] ? __might_fault+0xe3/0x190 [ 120.422149][ T9482] ? __might_fault+0x13b/0x190 [ 120.422165][ T9482] ? core_sys_select+0x453/0xc10 [ 120.422183][ T9482] core_sys_select+0x453/0xc10 [ 120.422198][ T9482] ? __pfx_core_sys_select+0x10/0x10 [ 120.422211][ T9482] ? find_held_lock+0x2b/0x80 [ 120.422228][ T9482] ? set_user_sigmask+0x21b/0x2b0 [ 120.422239][ T9482] ? __pfx_set_user_sigmask+0x10/0x10 [ 120.422252][ T9482] do_pselect.constprop.0+0x19f/0x1e0 [ 120.422266][ T9482] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 120.422285][ T9482] ? __x64_sys_futex+0x1e0/0x4c0 [ 120.422301][ T9482] __x64_sys_pselect6+0x182/0x240 [ 120.422314][ T9482] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 120.422329][ T9482] do_syscall_64+0xcd/0x4c0 [ 120.422343][ T9482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.422354][ T9482] RIP: 0033:0x7fd3e3b8e929 [ 120.422364][ T9482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.422374][ T9482] RSP: 002b:00007fd3e4a2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 120.422384][ T9482] RAX: ffffffffffffffda RBX: 00007fd3e3db5fa0 RCX: 00007fd3e3b8e929 [ 120.422390][ T9482] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 120.422396][ T9482] RBP: 00007fd3e3c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 120.422402][ T9482] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000 [ 120.422408][ T9482] R13: 0000000000000000 R14: 00007fd3e3db5fa0 R15: 00007ffc89696738 [ 120.422418][ T9482] [ 120.422421][ T9482] [ 120.430932][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 120.430944][ T40] audit: type=1400 audit(1752155351.319:1112): avc: denied { write } for pid=5922 comm="syz-executor" path="pipe:[860]" dev="pipefs" ino=860 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 120.431566][ T9482] Allocated by task 1: [ 120.431574][ T9482] kasan_save_stack+0x33/0x60 [ 120.437696][ T112] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 120.437986][ T9482] kasan_save_track+0x14/0x30 [ 120.470699][ T112] usb 9-1: device descriptor read/8, error -71 [ 120.471341][ T9482] __kasan_kmalloc+0xaa/0xb0 [ 120.551391][ T9482] comedi_device_postconfig+0x2cb/0xc80 [ 120.553723][ T9482] comedi_auto_config+0x1a3/0x440 [ 120.555877][ T9482] comedi_test_init+0xd0/0x160 [ 120.557922][ T9482] do_one_initcall+0x120/0x6e0 [ 120.559676][ T9482] kernel_init_freeable+0x5c2/0x900 [ 120.561342][ T9482] kernel_init+0x1c/0x2b0 [ 120.562698][ T9482] ret_from_fork+0x5d7/0x6f0 [ 120.564155][ T9482] ret_from_fork_asm+0x1a/0x30 [ 120.565661][ T9482] [ 120.566429][ T9482] Freed by task 9528: [ 120.567686][ T9482] kasan_save_stack+0x33/0x60 [ 120.569366][ T9482] kasan_save_track+0x14/0x30 [ 120.571333][ T9482] kasan_save_free_info+0x3b/0x60 [ 120.573512][ T9482] __kasan_slab_free+0x51/0x70 [ 120.575557][ T9482] kfree+0x2b4/0x4d0 [ 120.577234][ T9482] comedi_device_detach+0x2a4/0x9e0 [ 120.579422][ T9482] do_devconfig_ioctl+0x46c/0x580 [ 120.581545][ T9482] comedi_unlocked_ioctl+0x15bb/0x2e90 [ 120.583823][ T9482] __x64_sys_ioctl+0x18b/0x210 [ 120.585858][ T9482] do_syscall_64+0xcd/0x4c0 [ 120.587790][ T9482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.590260][ T9482] [ 120.591289][ T9482] The buggy address belongs to the object at ffff888025b26400 [ 120.591289][ T9482] which belongs to the cache kmalloc-256 of size 256 [ 120.597010][ T9482] The buggy address is located 176 bytes inside of [ 120.597010][ T9482] freed 256-byte region [ffff888025b26400, ffff888025b26500) [ 120.602076][ T9482] [ 120.603106][ T9482] The buggy address belongs to the physical page: [ 120.605776][ T9482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25b26 [ 120.609277][ T9482] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 120.612365][ T9482] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 120.615491][ T9482] page_type: f5(slab) [ 120.617197][ T9482] raw: 00fff00000000040 ffff88801b842b40 ffffea0000cc2e00 dead000000000002 [ 120.620318][ T9482] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 120.622989][ T9482] head: 00fff00000000040 ffff88801b842b40 ffffea0000cc2e00 dead000000000002 [ 120.625652][ T9482] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 120.628328][ T9482] head: 00fff00000000001 ffffea000096c981 00000000ffffffff 00000000ffffffff [ 120.631796][ T9482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 120.635366][ T9482] page dumped because: kasan: bad access detected [ 120.638086][ T9482] page_owner tracks the page as allocated [ 120.640453][ T9482] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 36, tgid 36 (kdevtmpfs), ts 7639700145, free_ts 0 [ 120.646335][ T9482] post_alloc_hook+0x1c0/0x230 [ 120.647840][ T9482] get_page_from_freelist+0x1321/0x3890 [ 120.649911][ T9482] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 120.652361][ T9482] alloc_pages_mpol+0x1fb/0x550 [ 120.654298][ T9482] new_slab+0x23b/0x330 [ 120.656009][ T9482] ___slab_alloc+0xd9c/0x1940 [ 120.657854][ T9482] __slab_alloc.constprop.0+0x56/0xb0 [ 120.659585][ T9482] __kmalloc_noprof+0x2f2/0x510 [ 120.661144][ T9482] security_inode_init_security+0x13f/0x390 [ 120.663492][ T9482] shmem_mknod+0x22e/0x450 [ 120.665334][ T9482] vfs_mknod+0x5d7/0x8e0 [ 120.667118][ T9482] devtmpfs_work_loop+0x1b0/0xd90 [ 120.669213][ T9482] devtmpfsd+0x4c/0x50 [ 120.670910][ T9482] kthread+0x3c5/0x780 [ 120.672646][ T9482] ret_from_fork+0x5d7/0x6f0 [ 120.674630][ T9482] ret_from_fork_asm+0x1a/0x30 [ 120.676665][ T9482] page_owner free stack trace missing [ 120.678837][ T9482] [ 120.679613][ T9482] Memory state around the buggy address: [ 120.681438][ T9482] ffff888025b26380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.683839][ T9482] ffff888025b26400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.686843][ T9482] >ffff888025b26480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.690051][ T9482] ^ [ 120.692347][ T9482] ffff888025b26500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.695645][ T9482] ffff888025b26580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.698941][ T9482] ================================================================== [ 120.702266][ T9482] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 120.705241][ T9482] CPU: 3 UID: 0 PID: 9482 Comm: syz.1.985 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 120.710101][ T9482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.714480][ T9482] Call Trace: [ 120.715757][ T9482] [ 120.717025][ T9482] dump_stack_lvl+0x3d/0x1f0 [ 120.718976][ T9482] panic+0x71c/0x800 [ 120.720616][ T9482] ? __pfx_panic+0x10/0x10 [ 120.722508][ T9482] ? __pfx__printk+0x10/0x10 [ 120.724462][ T9482] ? end_report+0x4c/0x170 [ 120.726382][ T9482] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 120.728569][ T9482] check_panic_on_warn+0xab/0xb0 [ 120.730647][ T9482] end_report+0x107/0x170 [ 120.732492][ T9482] kasan_report+0xee/0x110 [ 120.734400][ T9482] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 120.736711][ T9482] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 120.738932][ T9482] __kasan_check_byte+0x36/0x50 [ 120.740988][ T9482] lock_acquire+0xfc/0x350 [ 120.742877][ T9482] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 120.745626][ T9482] ? find_held_lock+0x2b/0x80 [ 120.747609][ T9482] _raw_spin_lock_irqsave+0x3a/0x60 [ 120.749791][ T9482] ? remove_wait_queue+0x25/0x180 [ 120.751898][ T9482] remove_wait_queue+0x25/0x180 [ 120.753964][ T9482] poll_freewait+0xd5/0x250 [ 120.755908][ T9482] do_select+0xe52/0x17e0 [ 120.757760][ T9482] ? __pfx_do_select+0x10/0x10 [ 120.759769][ T9482] ? psi_task_switch+0x2c1/0x8e0 [ 120.761912][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.763831][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.765778][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.767759][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.769770][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.771774][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.773785][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.775798][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.777787][ T9482] ? __pfx_pollwake+0x10/0x10 [ 120.779746][ T9482] ? find_held_lock+0x2b/0x80 [ 120.781757][ T9482] ? __might_fault+0xe3/0x190 [ 120.783725][ T9482] ? __might_fault+0xe3/0x190 [ 120.785728][ T9482] ? __might_fault+0x13b/0x190 [ 120.787828][ T9482] ? core_sys_select+0x453/0xc10 [ 120.789958][ T9482] core_sys_select+0x453/0xc10 [ 120.791995][ T9482] ? __pfx_core_sys_select+0x10/0x10 [ 120.794234][ T9482] ? find_held_lock+0x2b/0x80 [ 120.796255][ T9482] ? set_user_sigmask+0x21b/0x2b0 [ 120.798370][ T9482] ? __pfx_set_user_sigmask+0x10/0x10 [ 120.800564][ T9482] do_pselect.constprop.0+0x19f/0x1e0 [ 120.802827][ T9482] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 120.805317][ T9482] ? __x64_sys_futex+0x1e0/0x4c0 [ 120.807414][ T9482] __x64_sys_pselect6+0x182/0x240 [ 120.809553][ T9482] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 120.811859][ T9482] do_syscall_64+0xcd/0x4c0 [ 120.813798][ T9482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.816309][ T9482] RIP: 0033:0x7fd3e3b8e929 [ 120.818167][ T9482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.825857][ T9482] RSP: 002b:00007fd3e4a2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 120.829283][ T9482] RAX: ffffffffffffffda RBX: 00007fd3e3db5fa0 RCX: 00007fd3e3b8e929 [ 120.832569][ T9482] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 120.835870][ T9482] RBP: 00007fd3e3c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 120.839149][ T9482] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000 [ 120.842425][ T9482] R13: 0000000000000000 R14: 00007fd3e3db5fa0 R15: 00007ffc89696738 [ 120.845683][ T9482] [ 120.847772][ T9482] Kernel Offset: disabled [ 120.849600][ T9482] Rebooting in 86400 seconds.. VM DIAGNOSIS: 13:49:11 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffffff8e78a060 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff8c158ee0 RDI=ffffffff8c158f20 RBP=0000000000000000 RSP=ffffc90006bbf248 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8b883427 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f0fe693d6c0 ffffffff 00c00000 GS =0000 ffff8880d6716000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555594b43808 CR3=000000004f635000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004000b000c0008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000104e8b RBX=0000000000000001 RCX=ffffffff8b882c79 RDX=0000000000000000 RSI=ffffffff8de32516 RDI=ffffffff8c158f60 RBP=ffffed1003bdf488 RSP=ffffc90000177df8 R8 =0000000000000001 R9 =ffffed100d4a6645 R10=ffff88806a53322b R11=0000000000000001 R12=0000000000000001 R13=ffff88801defa440 R14=ffffffff90a97f50 R15=0000000000000000 RIP=ffffffff8b8817df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6816000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c36b0b7 CR3=000000003bf90000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000000032e7 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000002c00000012 0004000000080024 0000000000280030 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000003f2 0000001000000000 0000000000000000 0000000000000014 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f666e69746e756f 6d01ffffffffffff ffffeb080180031a 000002ee00000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008006003001000 50030fffffffffff ff04400300100030 030fffffffffffff ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0420030280080010 0304808008007490 0300080074880354 0400748003748004 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0003000800041000 541000060270bc01 8004010800040075 8c006f666e69746e ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 756f6d01ffffffff ffffffffeb080180 0301800401080004 01758c0002000700 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5404000180030180 0455800300100002 8e80040100000408 0606016890000800 ZMM25=2ad022512ad02251 2ad022512ad02251 2ad022512ad02251 2ad022512ad02251 2ad022512ad02251 2ad022512ad02251 2ad022512ad02251 2ad022512ad02251 ZMM26=9471f0d19471f0d1 9471f0d19471f0d1 9471f0d19471f0d1 9471f0d19471f0d1 9471f0d19471f0d1 9471f0d19471f0d1 9471f0d19471f0d1 9471f0d19471f0d1 ZMM27=335e7a5d335e7a5d 335e7a5d335e7a5d 335e7a5d335e7a5d 335e7a5d335e7a5d 335e7a5d335e7a5d 335e7a5d335e7a5d 335e7a5d335e7a5d 335e7a5d335e7a5d ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=3b0500003b050000 3b0500003b050000 3b0500003b050000 3b0500003b050000 3b0500003b050000 3b0500003b050000 3b0500003b050000 3b0500003b050000 info registers vcpu 2 CPU#2 RAX=00000000000e8c67 RBX=0000000000000002 RCX=ffffffff8b882c79 RDX=0000000000000000 RSI=ffffffff8de32516 RDI=ffffffff8c158f60 RBP=ffffed1003bdf910 RSP=ffffc90000187df8 R8 =0000000000000001 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000001 R12=0000000000000002 R13=ffff88801defc880 R14=ffffffff90a97f50 R15=0000000000000000 RIP=ffffffff8b8817df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6916000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555594b43808 CR3=0000000052bb5000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc89696ac0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bc395 RDI=ffffffff9b0c42a0 RBP=ffffffff9b0c4260 RSP=ffffc900048aefc0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000038343954 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0c4260 R15=ffffffff855bc330 RIP=ffffffff855bc3bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd3e4a2f6c0 ffffffff 00c00000 GS =0000 ffff8880d6a16000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0fe5db2000 CR3=00000000599ed000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3c11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3d85488 00007fd3e3d85480 00007fd3e3d85478 00007fd3e3d85450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e48ed100 00007fd3e3d85440 00007fd3e3d80004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd3e3d85498 00007fd3e3d85490 00007fd3e3d85488 00007fd3e3d85480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000