last executing test programs: 42.872926217s ago: executing program 2 (id=3077): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x2, 0x1, 0x60000000, 0x60000000, 0x80000000, 0x339eb16a}) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000009e80c20000000806"], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000380)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) pwritev(r4, &(0x7f0000000380)=[{&(0x7f00000000c0)='\v,', 0x2}, {&(0x7f0000000140)="9235ab2a48f74286e66df595dccc29f4b945cd542189667ee3"}, {&(0x7f0000000200)="93c9178ac5436e9ae48866df99d28e2206e52a4d4770fa052dce4dfe2374679992f89d03885bb2ca49a5c5b151a4c2746d1b5f6a651ea567f3d618a7e9052bc79728778526f14dfd9e92911b971b44ad2b7cb354e7c631c13637e0b60816f5f480532a7f9b8d1739e9fec475e2e7c434bc906f7c51d4ef16975b9e166ceafe1968e4f5e383447d76d0174d1a1084cf7559a675d56c0e1cc0ccef58d3aa90cd57a529f151a336f465f60d1ae52277176460774f1492094eb098ce265aff6b418ac9c1a7932c4dfa8158614fbf8950c29eaa357b374b84e30544f3fd"}, {&(0x7f0000000300)="564c932bfef1cebfdb83023e72ad5119d859bab7ec7fac84c4b647bdf622c0d0167566fb683b7ec4e70cd84245560cdcf3ff4a6672e682d40c786457caa437301fcede5b9df3c4a61d3dc2b4a811f379bd1dc9b8c15af33a2f009fcc8e340d0b486474a253db6177fe8608e79eee48e4c209efcc"}], 0x10000000000003a8, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) getdents64(r6, &(0x7f0000000000)=""/55, 0x37) r7 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r7, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x10000000}}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) ioctl$KVM_RUN(r5, 0xae80, 0x0) 42.603517472s ago: executing program 2 (id=3081): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000300)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) syz_usbip_server_init(0x3) write$usbip_server(0xffffffffffffffff, &(0x7f0000000080)=@ret_unlink={{0x4, 0x5, 0x0, 0x0, 0x3}, {0x5}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pwrite64(r6, &(0x7f0000000180)="14", 0x1, 0x4011000bffd) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r8, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) write$nci(r4, &(0x7f0000000f40)=ANY=[@ANYBLOB="40bd79d60f59"], 0x6) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x3e, &(0x7f0000000040)="b9425b446505397f00466e5b7462c24a16941ff5f4b4f1f0add7fc8280adbfa66d5b5e62a7000000000000484d4609741adf42b8f59f90604e07d2388862") write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) read$FUSE(r9, &(0x7f0000003240)={0x2020}, 0x2020) 36.394551553s ago: executing program 2 (id=3081): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000300)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) syz_usbip_server_init(0x3) write$usbip_server(0xffffffffffffffff, &(0x7f0000000080)=@ret_unlink={{0x4, 0x5, 0x0, 0x0, 0x3}, {0x5}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pwrite64(r6, &(0x7f0000000180)="14", 0x1, 0x4011000bffd) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r8, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) write$nci(r4, &(0x7f0000000f40)=ANY=[@ANYBLOB="40bd79d60f59"], 0x6) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x3e, &(0x7f0000000040)="b9425b446505397f00466e5b7462c24a16941ff5f4b4f1f0add7fc8280adbfa66d5b5e62a7000000000000484d4609741adf42b8f59f90604e07d2388862") write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) read$FUSE(r9, &(0x7f0000003240)={0x2020}, 0x2020) 26.468726055s ago: executing program 2 (id=3081): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000300)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) syz_usbip_server_init(0x3) write$usbip_server(0xffffffffffffffff, &(0x7f0000000080)=@ret_unlink={{0x4, 0x5, 0x0, 0x0, 0x3}, {0x5}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pwrite64(r6, &(0x7f0000000180)="14", 0x1, 0x4011000bffd) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r8, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) write$nci(r4, &(0x7f0000000f40)=ANY=[@ANYBLOB="40bd79d60f59"], 0x6) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x3e, &(0x7f0000000040)="b9425b446505397f00466e5b7462c24a16941ff5f4b4f1f0add7fc8280adbfa66d5b5e62a7000000000000484d4609741adf42b8f59f90604e07d2388862") write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) read$FUSE(r9, &(0x7f0000003240)={0x2020}, 0x2020) 13.823842839s ago: executing program 2 (id=3081): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000300)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) syz_usbip_server_init(0x3) write$usbip_server(0xffffffffffffffff, &(0x7f0000000080)=@ret_unlink={{0x4, 0x5, 0x0, 0x0, 0x3}, {0x5}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pwrite64(r6, &(0x7f0000000180)="14", 0x1, 0x4011000bffd) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r8, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) write$nci(r4, &(0x7f0000000f40)=ANY=[@ANYBLOB="40bd79d60f59"], 0x6) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x3e, &(0x7f0000000040)="b9425b446505397f00466e5b7462c24a16941ff5f4b4f1f0add7fc8280adbfa66d5b5e62a7000000000000484d4609741adf42b8f59f90604e07d2388862") write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) read$FUSE(r9, &(0x7f0000003240)={0x2020}, 0x2020) 4.628101049s ago: executing program 0 (id=3296): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) creat(&(0x7f0000000080)='./bus\x00', 0x0) lsetxattr$security_ima(&(0x7f0000000400)='./bus\x00', &(0x7f0000000040), &(0x7f0000000100)=ANY=[@ANYBLOB="049d"], 0x2, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) gettid() r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448de, &(0x7f00000000c0)={0x0, 0x0, "a4cd91"}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r2, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "be5e08", 0x10}) timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b) 4.333753679s ago: executing program 0 (id=3298): mount$fuse(0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',default_permissions,blksize=0x00000000000004']) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c8001e794e4cee84d39856f4752833767be125637ee49dc79a52f2f9465718460cd05feda51bbf4206b5e7325945e5f819bbace34f7d33b43908e14fa05a0f06d9dccb7f0580fe9d42d7bf6530f1a2d22cfd5396c3c67afcdc34613911e96affd46ebd4aa6c60ca02f7648783a10deccc27340c4f24ed37dd6563758d14f732e63a853a4c71c356a6309a485ed"], 0x22) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="89070404", 0x4) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x804}, 0x0) ppoll(&(0x7f0000000100)=[{r4}], 0x1, &(0x7f0000000140), 0x0, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = io_uring_setup(0x15ae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) 3.927040229s ago: executing program 0 (id=3300): io_uring_setup(0x168e, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000000)={0x1fe}, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5402, 0x0) 3.348170681s ago: executing program 1 (id=3303): r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000b40), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000b80)={0x4c, r2, 0x503, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x2d, 0x7, 'system_u:object_r:netcontrol_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0x4c}}, 0x0) socket$kcm(0xa, 0x3, 0x87) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) read(0xffffffffffffffff, &(0x7f0000002340)=""/4096, 0x1002) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000002200)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) r4 = io_uring_setup(0x336b, &(0x7f00000000c0)) r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r5) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r6, r7, 0x0, 0x1335f0a6) ioctl$EVIOCRMFF(r5, 0x4004550f, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x8, 0x4, 0x4, 0x23fc, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) fallocate(r3, 0x0, 0x0, 0x1c8000000) 3.343854726s ago: executing program 2 (id=3081): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000300)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) syz_usbip_server_init(0x3) write$usbip_server(0xffffffffffffffff, &(0x7f0000000080)=@ret_unlink={{0x4, 0x5, 0x0, 0x0, 0x3}, {0x5}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pwrite64(r6, &(0x7f0000000180)="14", 0x1, 0x4011000bffd) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r8, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) write$nci(r4, &(0x7f0000000f40)=ANY=[@ANYBLOB="40bd79d60f59"], 0x6) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x3e, &(0x7f0000000040)="b9425b446505397f00466e5b7462c24a16941ff5f4b4f1f0add7fc8280adbfa66d5b5e62a7000000000000484d4609741adf42b8f59f90604e07d2388862") write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) read$FUSE(r9, &(0x7f0000003240)={0x2020}, 0x2020) 2.7364261s ago: executing program 0 (id=3304): r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000b40), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000b80)={0x4c, r2, 0x503, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x2d, 0x7, 'system_u:object_r:netcontrol_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0x4c}}, 0x0) socket$kcm(0xa, 0x3, 0x87) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) read(0xffffffffffffffff, &(0x7f0000002340)=""/4096, 0x1002) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000002200)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) r4 = io_uring_setup(0x336b, &(0x7f00000000c0)) r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r5) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r6, r7, 0x0, 0x1335f0a6) ioctl$EVIOCRMFF(r5, 0x4004550f, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x8, 0x4, 0x4, 0x23fc, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) fallocate(r3, 0x0, 0x0, 0x1c8000000) 1.848302453s ago: executing program 1 (id=3306): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=0xffffffffffffffff, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000006e0000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a3000000000090002007379803200000000140000001100010000000000000000000000190a47813cfb1b1c17a59fd352d013bb950a2b2589d749e69cedb2860362804143c989b66489dfcbca28e627e4e5"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000080a03000800000000000000020000000c00034000000000000000000900020073797a32000000000900010073797a3000000000140000001100010004000000000000000000000a"], 0x60}}, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000bc0)=ANY=[@ANYBLOB="140100002b00010000000000fedbdf25010100800c000000faffffffffffffff14000000fe8000000000000000000000000000aa50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd0000003a1b1cc70d0273e03f5c9cccb58f975f0b5b1cf4590a9d1c857ca953b3f618a81ffbc367ee35318b81946bf20d7ab213848799cda25c2a381c9784f7eef81d02caad5cbe6d92967e8c34b6b51a0b6ff1a8d9dbed0860592036c01b5cc5985bc0f01f5cc45270bb694dabeafea2655088f85dcbb43a7ffb7c67eaa239e6bbd55b2a28ae5cbd987f43e50493b21a1b53b2c48b939c5014d0683ae2995dfa10795a6bffe07b0a19fe7921b0da5b8774e97b5da3c0b905bf607b3e1217847252487e2b1db4aacfe8d0f46aa50e2a4f63bfe76e08d2027f93091dc975aab8f5f32d1a9c76f1cf3245b949b82e7b6612b34079"], 0x114}], 0x1}, 0x0) 1.847734279s ago: executing program 3 (id=3307): syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB], 0x0) epoll_create1(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x5, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x2, 0xfff, 0x1000000) 1.847213475s ago: executing program 1 (id=3308): mount$fuse(0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',default_permissions,blksize=0x00000000000004']) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c8001e794e4cee84d39856f4752833767be125637ee49dc79a52f2f9465718460cd05feda51bbf4206b5e7325945e5f819bbace34f7d33b43908e14fa05a0f06d9dccb7f0580fe9d42d7bf6530f1a2d22cfd5396c3c67afcdc34613911e96affd46ebd4aa6c60ca02f7648783a10deccc27340c4f24ed37dd6563758d14f732e63a853a4c71c356a6309a485ed"], 0x22) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="89070404", 0x4) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x804}, 0x0) ppoll(&(0x7f0000000100)=[{r4}], 0x1, &(0x7f0000000140), 0x0, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = io_uring_setup(0x15ae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) 1.788840709s ago: executing program 3 (id=3309): r0 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001680)=@nat={'nat\x00', 0x19, 0x1, 0x12e, [], 0x0, 0x0, &(0x7f0000001500)=[{}, {0x0, '\x00', 0x0, 0x0, 0x1, [{0x0, 0x0, 0x0, 'ip6gretap0\x00', 'bridge0\x00', 'syzkaller0\x00', 'bridge_slave_1\x00', @empty, [], @multicast, [], 0x6e, 0x6e, 0x9e, [], [], @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1}]}, 0x1a6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000780)=ANY=[], &(0x7f0000000400)=""/41, 0x58, 0x29, 0x0, 0x5}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet(0x2, 0x0, 0x2) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r3}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60adf85b00180000fe80000000000000000000"], 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0xf5ff, 0x0}, &(0x7f0000000000)="12b2536b0513", 0x0, 0x0, 0x0, 0x0, 0x0}) 1.488561646s ago: executing program 1 (id=3310): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x2, 0x1, 0x60000000, 0x60000000, 0x80000000, 0x339eb16a}) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000009e80c20000000806"], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000380)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) pwritev(r4, &(0x7f0000000380)=[{&(0x7f00000000c0)='\v,', 0x2}, {&(0x7f0000000140)="9235ab2a48f74286e66df595dccc29f4b945cd542189667ee3"}, {&(0x7f0000000200)="93c9178ac5436e9ae48866df99d28e2206e52a4d4770fa052dce4dfe2374679992f89d03885bb2ca49a5c5b151a4c2746d1b5f6a651ea567f3d618a7e9052bc79728778526f14dfd9e92911b971b44ad2b7cb354e7c631c13637e0b60816f5f480532a7f9b8d1739e9fec475e2e7c434bc906f7c51d4ef16975b9e166ceafe1968e4f5e383447d76d0174d1a1084cf7559a675d56c0e1cc0ccef58d3aa90cd57a529f151a336f465f60d1ae52277176460774f1492094eb098ce265aff6b418ac9c1a7932c4dfa8158614fbf8950c29eaa357b374b84e30544f3fd"}, {&(0x7f0000000300)="564c932bfef1cebfdb83023e72ad5119d859bab7ec7fac84c4b647bdf622c0d0167566fb683b7ec4e70cd84245560cdcf3ff4a6672e682d40c786457caa437301fcede5b9df3c4a61d3dc2b4a811f379bd1dc9b8c15af33a2f009fcc8e340d0b486474a253db6177fe8608e79eee48e4c209efcc"}], 0x10000000000003a8, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, 0xffffffffffffffff, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) getdents64(r5, &(0x7f0000000000)=""/55, 0x37) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 1.345822016s ago: executing program 3 (id=3311): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x2, 0x1, 0x60000000, 0x60000000, 0x80000000, 0x339eb16a}) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000009e80c20000000806"], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000380)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) getdents64(r4, &(0x7f0000000000)=""/55, 0x37) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.086294757s ago: executing program 0 (id=3312): r0 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001680)=@nat={'nat\x00', 0x19, 0x1, 0x12e, [], 0x0, 0x0, &(0x7f0000001500)=[{}, {0x0, '\x00', 0x0, 0x0, 0x1, [{0x0, 0x0, 0x0, 'ip6gretap0\x00', 'bridge0\x00', 'syzkaller0\x00', 'bridge_slave_1\x00', @empty, [], @multicast, [], 0x6e, 0x6e, 0x9e, [], [], @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1}]}, 0x1a6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000780)=ANY=[], &(0x7f0000000400)=""/41, 0x58, 0x29, 0x0, 0x5}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet(0x2, 0x0, 0x2) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r3}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60adf85b00180000fe80000000000000000000"], 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000007700), 0x0, 0x0) 969.304944ms ago: executing program 1 (id=3313): r0 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001680)=@nat={'nat\x00', 0x19, 0x1, 0x12e, [], 0x0, 0x0, &(0x7f0000001500)=[{}, {0x0, '\x00', 0x0, 0x0, 0x1, [{0x0, 0x0, 0x0, 'ip6gretap0\x00', 'bridge0\x00', 'syzkaller0\x00', 'bridge_slave_1\x00', @empty, [], @multicast, [], 0x6e, 0x6e, 0x9e, [], [], @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1}]}, 0x1a6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000780)=ANY=[], &(0x7f0000000400)=""/41, 0x58, 0x29, 0x0, 0x5}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet(0x2, 0x0, 0x2) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r3}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60adf85b00180000fe80000000000000000000"], 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000007700), 0x0, 0x0) 737.321093ms ago: executing program 3 (id=3314): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000500)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000180)=0x10) r3 = socket$inet(0x2, 0x80001, 0x84) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') preadv(r4, &(0x7f0000000040)=[{&(0x7f0000000080)=""/4090, 0xffa}], 0x1, 0x7f, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000001080)={0x6e8, 0x72c1c91a, 0x9, 0x6, 0x40}) getsockopt$sock_cred(r5, 0x1, 0x2f, &(0x7f0000000380)={0x0}, &(0x7f00000003c0)=0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESOCT=r6]) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x83, &(0x7f0000000080)={r7}, 0x8) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000140)=0x0) bind$nfc_llcp(r8, &(0x7f00000000c0)={0x27, r9, 0x0, 0x0, 0x0, 0x0, "edd0961fcbe3a714779b769277aa362003e40900661e12bcca7f88cd6d07f364ac21a4b612bf8bcc2e8ea25b96f8fffffffffffffffe700a13056afd600927"}, 0x60) recvmsg(r8, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) 418.685133ms ago: executing program 0 (id=3315): r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000b40), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000b80)={0x4c, r2, 0x503, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x2d, 0x7, 'system_u:object_r:netcontrol_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0x4c}}, 0x0) socket$kcm(0xa, 0x3, 0x87) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) read(0xffffffffffffffff, &(0x7f0000002340)=""/4096, 0x1002) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r4 = open$dir(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000002200)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) r5 = io_uring_setup(0x336b, &(0x7f00000000c0)) r6 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r6) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r7, r8, 0x0, 0x1335f0a6) ioctl$EVIOCRMFF(r6, 0x4004550f, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x8, 0x4, 0x4, 0x23fc, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) sendfile(r3, r4, 0x0, 0x11f06) 307.965252ms ago: executing program 3 (id=3316): socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x21, &(0x7f0000000080)=0x200, 0x4) syz_emit_ethernet(0x66, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x30, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2, {[], @time_exceed={0xa1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '%kT', 0x0, 0x0, 0x0, @mcast1, @dev={0xfe, 0x80, '\x00', 0x3b}}}}}}}}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x10, 0xfffffffe}, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) pwritev2(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)="7270aa3f0c63ef31716980d71af481e691d156e5c690c37493c965008b713ed133a85027d43b49d05b8ec0e538f674752205f76fb42632a5233a7d64e1cea692029b6a", 0x43}], 0x1, 0x0, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000ac0)={0x1, 0x0, [{0x0, 0xd3, &(0x7f0000000780)=""/211}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=""/253, 0x0, &(0x7f0000000600)=""/91}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1}) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='gre0\x00', 0x10) sendto$inet(r0, &(0x7f00000000c0)="929c", 0xfdef, 0x4, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10) 258.660107ms ago: executing program 3 (id=3317): getsockname$packet(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x11000) io_setup(0x3ff, &(0x7f0000000500)=0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0xa, 0x80, 0x80}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000001c0), 0xbde, r3}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f00000000c0), &(0x7f0000000100)=""/95, &(0x7f0000000180), &(0x7f00000003c0), 0x4, r3}, 0x38) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) io_submit(r2, 0x1, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x0, r1, &(0x7f0000000080)="4e8fc38e71", 0x5}]) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000c00)=ANY=[@ANYBLOB="06000000000000fd9b000040"]) socket$inet6_udp(0xa, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) vmsplice(r0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=3318): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) creat(&(0x7f0000000080)='./bus\x00', 0x0) lsetxattr$security_ima(&(0x7f0000000400)='./bus\x00', &(0x7f0000000040), &(0x7f0000000100)=ANY=[@ANYBLOB="049d"], 0x2, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) gettid() r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448de, &(0x7f00000000c0)={0x0, 0x0, "a4cd91"}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r2, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "be5e08", 0x10}) timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b) kernel console output (not intermixed with test programs): socket [ 328.378015][ T13] vhci_hcd: disconnect device [ 328.485771][ T4633] Bluetooth: hci2: command 0x0405 tx timeout [ 328.549024][T14784] binder: BINDER_SET_CONTEXT_MGR already set [ 328.551452][T14784] binder: 14783:14784 ioctl 4018620d 200001c0 returned -16 [ 328.678920][T14778] vhci_hcd: connection reset by peer [ 328.681426][ T1148] vhci_hcd: stop threads [ 328.683145][ T1148] vhci_hcd: release socket [ 328.684885][ T1148] vhci_hcd: disconnect device [ 328.701238][T14789] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2732'. [ 328.787074][ T39] audit: type=1804 audit(1719776241.207:11960): pid=14793 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.2734" name="/syzkaller.jW5AXB/22/cgroup.controllers" dev="sda1" ino=1981 res=1 errno=0 [ 329.260546][T14801] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 329.637488][T14806] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 329.885364][ T39] audit: type=1800 audit(1719776242.297:11961): pid=14821 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2742" name="bus" dev="sda1" ino=1980 res=0 errno=0 [ 329.982294][T14825] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 329.984570][T14825] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 329.987743][T14825] vhci_hcd vhci_hcd.0: Device attached [ 330.003171][ T39] audit: type=1326 audit(1719776242.417:11962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14822 comm="syz.2.2743" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a08b75b99 code=0x0 [ 330.023397][ T39] audit: type=1800 audit(1719776242.437:11963): pid=14825 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.2744" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 330.065387][T14833] fuse: Invalid group_id [ 330.130240][T14833] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 330.131753][T14833] overlayfs: workdir and upperdir must be separate subtrees [ 330.196325][ T39] audit: type=1804 audit(1719776242.617:11964): pid=14844 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.2747" name="/syzkaller.N0jcIn/142/cgroup.controllers" dev="sda1" ino=1981 res=1 errno=0 [ 330.245767][ T5205] Bluetooth: hci0: command tx timeout [ 330.265850][ T5262] usb 13-1: new high-speed USB device number 14 using vhci_hcd [ 330.561169][T14847] fuse: Invalid group_id [ 330.631447][T14847] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 330.640236][T14847] overlayfs: workdir and upperdir must be separate subtrees [ 330.707946][ T39] audit: type=1804 audit(1719776243.127:11965): pid=14853 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.2749" name="/syzkaller.Qisz7r/447/cgroup.controllers" dev="sda1" ino=1983 res=1 errno=0 [ 330.809236][T14826] vhci_hcd: connection reset by peer [ 330.811331][ T13] vhci_hcd: stop threads [ 330.812852][ T13] vhci_hcd: release socket [ 330.814538][ T13] vhci_hcd: disconnect device [ 330.976034][ T825] vhci_hcd: vhci_device speed not set [ 332.111313][ T39] audit: type=1400 audit(1719776244.527:11966): avc: denied { write } for pid=14882 comm="syz.2.2760" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 332.328328][ T5205] Bluetooth: hci0: command tx timeout [ 332.635234][T14892] binder: BINDER_SET_CONTEXT_MGR already set [ 332.640569][T14892] binder: 14891:14892 ioctl 4018620d 200001c0 returned -16 [ 332.902898][T14894] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 332.909915][ T39] audit: type=1400 audit(1719776245.327:11967): avc: denied { bind } for pid=14895 comm="syz.1.2764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 332.980870][ T39] audit: type=1400 audit(1719776245.397:11968): avc: denied { listen } for pid=14903 comm="syz.0.2766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 332.991227][ T39] audit: type=1400 audit(1719776245.407:11969): avc: denied { ioctl } for pid=14903 comm="syz.0.2766" path="socket:[88843]" dev="sockfs" ino=88843 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 333.001778][ T39] audit: type=1400 audit(1719776245.417:11970): avc: denied { accept } for pid=14903 comm="syz.0.2766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 333.070070][T14910] fuse: Invalid group_id [ 333.141036][T14910] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 333.147651][T14910] overlayfs: workdir and upperdir must be separate subtrees [ 333.200443][ T39] audit: type=1804 audit(1719776245.617:11971): pid=14921 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.2770" name="/syzkaller.Qisz7r/453/bus" dev="sda1" ino=1953 res=1 errno=0 [ 333.213228][T14928] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14928 comm=syz.1.2772 [ 333.213722][ T39] audit: type=1800 audit(1719776245.627:11972): pid=14921 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2770" name="bus" dev="sda1" ino=1953 res=0 errno=0 [ 333.227973][T14928] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=14928 comm=syz.1.2772 [ 333.268680][ T39] audit: type=1804 audit(1719776245.677:11973): pid=14931 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.2770" name="/syzkaller.Qisz7r/453/bus" dev="sda1" ino=1953 res=1 errno=0 [ 333.278497][ T39] audit: type=1800 audit(1719776245.677:11974): pid=14931 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2770" name="bus" dev="sda1" ino=1953 res=0 errno=0 [ 333.455791][ T5258] usb 16-1: device descriptor read/8, error -110 [ 333.904713][ T5258] usb usb16-port1: attempt power cycle [ 334.027853][T14939] fuse: Invalid group_id [ 334.094450][T14939] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 334.102832][T14939] overlayfs: workdir and upperdir must be separate subtrees [ 334.175403][T14947] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 25 (only 8 groups) [ 334.362058][T14959] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2784'. [ 334.366467][T14963] fuse: Invalid group_id [ 334.415736][ T4633] Bluetooth: hci0: command tx timeout [ 334.436516][T14963] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 334.438427][T14963] overlayfs: workdir and upperdir must be separate subtrees [ 334.566968][ T5258] usb usb16-port1: unable to enumerate USB device [ 334.648287][T14981] vxcan1: tx drop: invalid sa for name 0xffffffffffffffff [ 334.728920][ T39] audit: type=1804 audit(1719776247.147:11975): pid=14981 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.2790" name="/syzkaller.jW5AXB/38/cgroup.controllers" dev="sda1" ino=1980 res=1 errno=0 [ 334.863799][T14994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2795'. [ 334.941518][T14996] fuse: Invalid group_id [ 335.015217][T14996] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 335.029862][T14996] overlayfs: workdir and upperdir must be separate subtrees [ 335.264610][T15012] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 335.267907][T15012] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 335.271820][T15012] vhci_hcd vhci_hcd.0: Device attached [ 335.301887][ T39] audit: type=1800 audit(1719776247.717:11976): pid=15012 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.2801" name="bus" dev="sda1" ino=1958 res=0 errno=0 [ 335.367383][ T5262] vhci_hcd: vhci_device speed not set [ 335.439440][T15021] vxcan1: tx drop: invalid sa for name 0xffffffffffffffff [ 335.547016][ T825] usb 15-1: new high-speed USB device number 9 using vhci_hcd [ 335.660402][T15031] fuse: Invalid group_id [ 335.737431][T15031] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 335.741973][T15031] overlayfs: workdir and upperdir must be separate subtrees [ 335.763677][T15038] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.536871104) [ 335.765661][T15039] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.536871104) [ 336.110480][T15013] vhci_hcd: connection reset by peer [ 336.122491][ T1148] vhci_hcd: stop threads [ 336.132414][ T1148] vhci_hcd: release socket [ 336.134578][ T1148] vhci_hcd: disconnect device [ 336.485758][ T4633] Bluetooth: hci0: command tx timeout [ 336.677229][T15072] vxcan1: tx drop: invalid sa for name 0xffffffffffffffff [ 337.089012][T15096] fuse: Unknown parameter 'Tg5ý"à«Œã_ÊæÙ…ÿ´Ü%<—¬¸YçªúÄX£0x0000000000000003' [ 337.427653][T15108] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 337.431062][T15108] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 337.434469][T15108] vhci_hcd vhci_hcd.0: Device attached [ 337.705700][ T8712] usb 13-1: new high-speed USB device number 15 using vhci_hcd [ 338.275694][ T4633] Bluetooth: hci0: unexpected event for opcode 0x200b [ 338.278288][T15109] vhci_hcd: connection reset by peer [ 338.288479][ T1148] vhci_hcd: stop threads [ 338.290472][ T1148] vhci_hcd: release socket [ 338.293526][ T1148] vhci_hcd: disconnect device [ 338.439562][T15130] binder: BINDER_SET_CONTEXT_MGR already set [ 338.442438][T15130] binder: 15128:15130 ioctl 4018620d 200001c0 returned -16 [ 339.143916][ T4633] Bluetooth: hci0: unexpected event for opcode 0x200b [ 339.306414][T15156] binder: BINDER_SET_CONTEXT_MGR already set [ 339.308574][T15156] binder: 15155:15156 ioctl 4018620d 200001c0 returned -16 [ 339.501364][T15162] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 339.503786][T15162] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 339.508265][T15162] vhci_hcd vhci_hcd.0: Device attached [ 339.521448][ T39] kauditd_printk_skb: 22 callbacks suppressed [ 339.521464][ T39] audit: type=1800 audit(1719776251.937:11999): pid=15162 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2844" name="bus" dev="sda1" ino=1983 res=0 errno=0 [ 339.785762][ T5257] usb 17-1: new high-speed USB device number 9 using vhci_hcd [ 340.068928][ T4633] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 340.112343][T15187] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 340.351669][T15163] vhci_hcd: connection reset by peer [ 340.353991][ T1095] vhci_hcd: stop threads [ 340.355484][ T1095] vhci_hcd: release socket [ 340.358134][ T1095] vhci_hcd: disconnect device [ 340.387942][ T4633] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 340.390898][ T39] audit: type=1400 audit(1719776252.807:12000): avc: denied { setattr } for pid=15195 comm="syz.1.2851" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.406954][ T39] audit: type=1400 audit(1719776252.827:12001): avc: denied { read } for pid=15195 comm="syz.1.2851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 340.448856][ T39] audit: type=1400 audit(1719776252.867:12002): avc: denied { read } for pid=15195 comm="syz.1.2851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 340.655872][ T825] vhci_hcd: vhci_device speed not set [ 340.860764][ T4633] Bluetooth: hci2: unexpected event for opcode 0x200b [ 340.910843][ T39] audit: type=1400 audit(1719776253.327:12003): avc: denied { write } for pid=15221 comm="syz.2.2859" lport=50900 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 340.920914][ T39] audit: type=1400 audit(1719776253.337:12004): avc: denied { setopt } for pid=15221 comm="syz.2.2859" lport=50900 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 340.929408][ T39] audit: type=1400 audit(1719776253.347:12005): avc: denied { connect } for pid=15221 comm="syz.2.2859" lport=50900 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 341.020984][ T39] audit: type=1400 audit(1719776253.437:12006): avc: denied { getopt } for pid=15225 comm="syz.1.2862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 341.034243][ T39] audit: type=1400 audit(1719776253.447:12007): avc: denied { mount } for pid=15230 comm="syz.2.2861" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 341.146000][T15232] syzkaller1: entered promiscuous mode [ 341.148631][T15232] syzkaller1: entered allmulticast mode [ 341.164158][T15236] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 341.189774][T15245] futex_wake_op: syz.1.2866 tries to shift op by 32; fix this program [ 341.202296][T15245] bridge0: port 3(vlan2) entered blocking state [ 341.205265][T15245] bridge0: port 3(vlan2) entered disabled state [ 341.208288][T15245] vlan2: entered allmulticast mode [ 341.213089][T15245] vlan2: left allmulticast mode [ 341.471814][T15249] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 341.474791][T15249] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 341.484507][T15249] vhci_hcd vhci_hcd.0: Device attached [ 341.498382][ T39] audit: type=1800 audit(1719776253.917:12008): pid=15249 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2867" name="bus" dev="sda1" ino=1979 res=0 errno=0 [ 341.755743][ T5258] usb 19-1: new high-speed USB device number 10 using vhci_hcd [ 342.130310][T15273] binder: 15272:15273 ioctl c0306201 20002300 returned -14 [ 342.173482][ T4633] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 342.312251][T15250] vhci_hcd: connection reset by peer [ 342.314473][ T63] vhci_hcd: stop threads [ 342.316107][ T63] vhci_hcd: release socket [ 342.317697][ T63] vhci_hcd: disconnect device [ 342.325898][ T4633] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 342.330188][ T4633] Bluetooth: hci0: Injecting HCI hardware error event [ 342.334331][ T4633] Bluetooth: hci0: hardware error 0x00 [ 342.816151][ T8712] vhci_hcd: vhci_device speed not set [ 342.940200][T15306] fuse: Bad value for 'group_id' [ 343.003177][T15306] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 343.008402][T15306] overlayfs: workdir and upperdir must be separate subtrees [ 343.262511][T15328] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 343.264829][T15328] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 343.268112][T15328] vhci_hcd vhci_hcd.0: Device attached [ 343.665723][ T8712] usb 13-1: device descriptor read/64, error -110 [ 343.935732][ T8712] usb 13-1: new high-speed USB device number 16 using vhci_hcd [ 344.108346][T15329] vhci_hcd: connection reset by peer [ 344.110829][ T82] vhci_hcd: stop threads [ 344.112397][ T82] vhci_hcd: release socket [ 344.114055][ T82] vhci_hcd: disconnect device [ 344.225744][ T8] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 344.372240][ T5205] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 344.405732][ T4633] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 344.415819][ T8] usb 8-1: Using ep0 maxpacket: 8 [ 344.420294][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 344.424832][ T8] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 344.428502][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.433891][ T8] usb 8-1: config 0 descriptor?? [ 344.644350][ T8] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 344.724864][T15369] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2901'. [ 344.885821][ T5257] vhci_hcd: vhci_device speed not set [ 344.888551][ T4633] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 344.891674][ T4633] Bluetooth: hci2: Injecting HCI hardware error event [ 344.896648][ T4633] Bluetooth: hci2: hardware error 0x00 [ 345.349294][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 345.349306][ T39] audit: type=1400 audit(1719776257.767:12018): avc: denied { read write } for pid=15392 comm="syz.2.2912" name="nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 345.354939][T15393] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15393 comm=syz.2.2912 [ 345.360349][ T39] audit: type=1400 audit(1719776257.767:12019): avc: denied { open } for pid=15392 comm="syz.2.2912" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 345.360380][ T39] audit: type=1400 audit(1719776257.767:12020): avc: denied { ioctl } for pid=15392 comm="syz.2.2912" path="/dev/nullb0" dev="devtmpfs" ino=691 ioctlcmd=0x70cd scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 345.399976][ T2680] usb 8-1: USB disconnect, device number 5 [ 345.405200][ T2680] iowarrior 8-1:0.0: I/O-Warror #0 now disconnected [ 345.412941][T15396] binder: BINDER_SET_CONTEXT_MGR already set [ 345.418011][T15396] binder: 15394:15396 ioctl 4018620d 200001c0 returned -16 [ 345.501586][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.613284][T15413] fuse: Bad value for 'group_id' [ 345.680224][T15413] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 345.682225][T15413] overlayfs: workdir and upperdir must be separate subtrees [ 345.900553][T15428] netlink: 'syz.2.2922': attribute type 4 has an invalid length. [ 345.908544][T15428] netlink: 'syz.2.2922': attribute type 4 has an invalid length. [ 346.228021][T15444] fuse: Bad value for 'group_id' [ 346.299355][T15444] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 346.302594][T15444] overlayfs: workdir and upperdir must be separate subtrees [ 346.873894][T15467] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2935'. [ 346.895710][ T5258] vhci_hcd: vhci_device speed not set [ 346.963194][T15474] fuse: Bad value for 'group_id' [ 346.965966][ T4633] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 347.032528][T15474] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 347.039883][T15474] overlayfs: workdir and upperdir must be separate subtrees [ 347.098852][T15482] syz.2.2940: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 347.103885][T15482] CPU: 1 PID: 15482 Comm: syz.2.2940 Not tainted 6.10.0-rc5-syzkaller-00282-g8282d5af7be8 #0 [ 347.108049][T15482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.111649][T15482] Call Trace: [ 347.112934][T15482] [ 347.113925][T15482] dump_stack_lvl+0x16c/0x1f0 [ 347.115562][T15482] warn_alloc+0x24d/0x3a0 [ 347.117058][T15482] ? __pfx_warn_alloc+0x10/0x10 [ 347.118700][T15482] ? stack_depot_save_flags+0x28/0x8f0 [ 347.120550][T15482] ? kasan_save_stack+0x42/0x60 [ 347.122195][T15482] ? kasan_save_stack+0x33/0x60 [ 347.123861][T15482] ? kasan_save_track+0x14/0x30 [ 347.125520][T15482] ? __kasan_kmalloc+0xaa/0xb0 [ 347.127173][T15482] ? xskq_create+0x52/0x1d0 [ 347.128837][T15482] ? xsk_setsockopt+0x757/0xa10 [ 347.130521][T15482] ? __sys_setsockopt+0x1a4/0x270 [ 347.132323][T15482] ? __x64_sys_setsockopt+0xbd/0x160 [ 347.134122][T15482] ? do_syscall_64+0xcd/0x250 [ 347.135719][T15482] __vmalloc_node_range_noprof+0x10b8/0x1520 [ 347.137737][T15482] ? xskq_create+0xfb/0x1d0 [ 347.139312][T15482] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 347.141409][T15482] ? xskq_create+0xfb/0x1d0 [ 347.142987][T15482] vmalloc_user_noprof+0x6b/0x90 [ 347.144665][T15482] ? xskq_create+0xfb/0x1d0 [ 347.146225][T15482] xskq_create+0xfb/0x1d0 [ 347.147815][T15482] xsk_setsockopt+0x757/0xa10 [ 347.149538][T15482] ? __pfx_xsk_setsockopt+0x10/0x10 [ 347.151556][T15482] ? find_held_lock+0x2d/0x110 [ 347.153710][T15482] ? selinux_socket_setsockopt+0x6a/0x80 [ 347.155874][T15482] ? __pfx_xsk_setsockopt+0x10/0x10 [ 347.157689][T15482] do_sock_setsockopt+0x222/0x480 [ 347.159432][T15482] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 347.161318][T15482] ? __fget_light+0x173/0x210 [ 347.162930][T15482] __sys_setsockopt+0x1a4/0x270 [ 347.164603][T15482] ? __pfx___sys_setsockopt+0x10/0x10 [ 347.166391][T15482] ? xfd_validate_state+0x5d/0x180 [ 347.168137][T15482] __x64_sys_setsockopt+0xbd/0x160 [ 347.169886][T15482] ? syscall_trace_enter+0x8b/0x240 [ 347.171696][T15482] do_syscall_64+0xcd/0x250 [ 347.173336][T15482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.175388][T15482] RIP: 0033:0x7f8a08b75b99 [ 347.177008][T15482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.183894][T15482] RSP: 002b:00007f8a09878048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 347.186896][T15482] RAX: ffffffffffffffda RBX: 00007f8a08d03fa0 RCX: 00007f8a08b75b99 [ 347.189618][T15482] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000c [ 347.192326][T15482] RBP: 00007f8a08bf677e R08: 0000000000000020 R09: 0000000000000000 [ 347.194988][T15482] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 347.197651][T15482] R13: 000000000000000b R14: 00007f8a08d03fa0 R15: 00007ffea6116598 [ 347.200357][T15482] [ 347.204259][T15482] Mem-Info: [ 347.205493][T15482] active_anon:7362 inactive_anon:0 isolated_anon:0 [ 347.205493][T15482] active_file:1494 inactive_file:57554 isolated_file:0 [ 347.205493][T15482] unevictable:1000 dirty:1759 writeback:0 [ 347.205493][T15482] slab_reclaimable:7655 slab_unreclaimable:69183 [ 347.205493][T15482] mapped:12872 shmem:4333 pagetables:730 [ 347.205493][T15482] sec_pagetables:344 bounce:0 [ 347.205493][T15482] kernel_misc_reclaimable:0 [ 347.205493][T15482] free:525404 free_pcp:6847 free_cma:0 [ 347.221230][T15482] Node 0 active_anon:27800kB inactive_anon:0kB active_file:5976kB inactive_file:227360kB unevictable:2000kB isolated(anon):0kB isolated(file):0kB mapped:51676kB dirty:4368kB writeback:0kB shmem:13796kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11056kB pagetables:2840kB sec_pagetables:1376kB all_unreclaimable? no [ 347.233039][T15482] Node 1 active_anon:1536kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:2000kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 347.243335][T15482] Node 0 DMA free:15360kB boost:0kB min:328kB low:408kB high:488kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 347.252777][T15482] lowmem_reserve[]: 0 1317 0 0 0 [ 347.254532][T15482] Node 0 DMA32 free:467396kB boost:0kB min:28984kB low:36228kB high:43472kB reserved_highatomic:0KB active_anon:27912kB inactive_anon:0kB active_file:5976kB inactive_file:223848kB unevictable:2000kB writepending:772kB present:2080628kB managed:1377260kB mlocked:0kB bounce:0kB free_pcp:14384kB local_pcp:1080kB free_cma:0kB [ 347.265204][T15482] lowmem_reserve[]: 0 0 0 0 0 [ 347.267055][T15482] Node 1 Normal free:1627876kB boost:0kB min:38268kB low:47832kB high:57396kB reserved_highatomic:0KB active_anon:1536kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:2000kB writepending:4kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:10240kB local_pcp:6144kB free_cma:0kB [ 347.276908][T15482] lowmem_reserve[]: 0 0 0 0 0 [ 347.278677][T15482] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 347.282916][T15482] Node 0 DMA32: 569*4kB (UM) 1314*8kB (UME) 524*16kB (UME) 305*32kB (UME) 451*64kB (UME) 118*128kB (UME) 56*256kB (UME) 38*512kB (UME) 26*1024kB (UME) 10*2048kB (UME) 76*4096kB (UM) = 467092kB [ 347.289297][T15482] Node 1 Normal: 5*4kB (U) 22*8kB (UM) 42*16kB (UM) 40*32kB (UM) 30*64kB (UM) 18*128kB (UM) 6*256kB (U) 10*512kB (UM) 5*1024kB (U) 2*2048kB (UM) 392*4096kB (M) = 1627876kB [ 347.295068][T15482] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 347.298296][T15482] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 347.301393][T15482] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 347.304541][T15482] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 347.307695][T15482] 61816 total pagecache pages [ 347.309288][T15482] 0 pages in swap cache [ 347.310689][T15482] Free swap = 124112kB [ 347.312095][T15482] Total swap = 124996kB [ 347.313536][T15482] 1048443 pages RAM [ 347.314875][T15482] 0 pages HighMem/MovableOnly [ 347.316550][T15482] 254807 pages reserved [ 347.317938][T15482] 0 pages cma reserved [ 347.634045][T15509] input: syz1 as /devices/virtual/input/input17 [ 347.713135][T15511] fuse: Bad value for 'group_id' [ 347.790272][T15511] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 347.799854][T15511] overlayfs: workdir and upperdir must be separate subtrees [ 347.805372][T15517] binder: BINDER_SET_CONTEXT_MGR already set [ 347.809176][T15517] binder: 15516:15517 ioctl 4018620d 200001c0 returned -16 [ 347.874487][T15521] input: syz1 as /devices/virtual/input/input18 [ 347.943092][ T39] audit: type=1800 audit(1719776260.357:12021): pid=15523 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.2952" name="file0" dev="sda1" ino=1979 res=0 errno=0 [ 348.098955][ T4633] Bluetooth: hci1: Ignoring connect complete event for invalid link type [ 348.172641][T15544] fuse: Bad value for 'group_id' [ 348.221111][T15551] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 348.252411][T15544] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 348.262774][T15544] overlayfs: workdir and upperdir must be separate subtrees [ 348.380864][T15560] cgroup: none used incorrectly [ 348.397211][T15564] xt_CT: You must specify a L4 protocol and not use inversions on it [ 348.399599][T15563] netlink: 'syz.1.2965': attribute type 8 has an invalid length. [ 348.403382][T15564] netlink: 'syz.2.2966': attribute type 8 has an invalid length. [ 348.607322][T15575] fuse: Bad value for 'group_id' [ 348.684514][T15575] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 348.707261][T15575] overlayfs: workdir and upperdir must be separate subtrees [ 348.759897][T15583] overlayfs: cannot append lower layer [ 349.055710][ T8712] vhci_hcd: vhci_device speed not set [ 349.260464][T15597] SELinux: Context system_u:object_r:newrole_exec_t:s0 is not valid (left unmapped). [ 349.266550][ T39] audit: type=1400 audit(1719776261.677:12022): avc: denied { relabelto } for pid=15596 comm="syz.0.2977" name="control" dev="sda1" ino=1978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:newrole_exec_t:s0" [ 349.698450][ T39] audit: type=1400 audit(1719776262.107:12023): avc: denied { rmdir } for pid=14343 comm="syz-executor" name="control" dev="sda1" ino=1978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:newrole_exec_t:s0" [ 349.800101][T15606] overlayfs: cannot append lower layer [ 349.836323][T15604] fuse: Bad value for 'group_id' [ 349.913011][T15604] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 349.927614][T15604] overlayfs: workdir and upperdir must be separate subtrees [ 350.149116][T15633] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 350.152076][T15633] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 350.156949][T15633] vhci_hcd vhci_hcd.0: Device attached [ 350.165941][ T4633] Bluetooth: hci1: command tx timeout [ 350.174192][ T39] audit: type=1800 audit(1719776262.587:12024): pid=15633 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2980" name="bus" dev="sda1" ino=1976 res=0 errno=0 [ 350.425701][ T25] usb 17-1: new high-speed USB device number 10 using vhci_hcd [ 350.981820][T15634] vhci_hcd: connection reset by peer [ 350.993221][ T1092] vhci_hcd: stop threads [ 350.994763][ T1092] vhci_hcd: release socket [ 350.996473][ T1092] vhci_hcd: disconnect device [ 351.176168][T15650] fuse: Bad value for 'user_id' [ 351.177094][ T4633] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 351.194161][ T39] audit: type=1804 audit(1719776263.607:12025): pid=15650 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.2993" name="/syzkaller.jW5AXB/85/file0" dev="sda1" ino=1981 res=1 errno=0 [ 351.261458][T15651] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 351.272502][T15660] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 351.528905][ T39] audit: type=1400 audit(1719776263.947:12026): avc: denied { write } for pid=15673 comm="syz.2.2998" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 352.438858][T15702] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 352.441210][T15702] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 352.444003][T15702] vhci_hcd vhci_hcd.0: Device attached [ 352.472654][ T39] audit: type=1800 audit(1719776264.887:12027): pid=15702 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3007" name="bus" dev="sda1" ino=1986 res=0 errno=0 [ 352.532305][T15706] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 352.536562][T15706] overlayfs: workdir and upperdir must be separate subtrees [ 352.686043][T15723] sctp: [Deprecated]: syz.1.3010 (pid 15723) Use of int in maxseg socket option. [ 352.686043][T15723] Use struct sctp_assoc_value instead [ 353.278977][T15704] vhci_hcd: connection closed [ 353.279221][ T1090] vhci_hcd: stop threads [ 353.283206][ T1090] vhci_hcd: release socket [ 353.287022][ T1090] vhci_hcd: disconnect device [ 353.572028][T15743] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 353.576708][T15743] overlayfs: workdir and upperdir must be separate subtrees [ 353.633206][T15752] overlayfs: failed to resolve './file1': -2 [ 353.644132][ T39] audit: type=1400 audit(1719776266.057:12028): avc: denied { listen } for pid=15751 comm="syz.1.3018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 353.650427][ T39] audit: type=1400 audit(1719776266.057:12029): avc: denied { connect } for pid=15751 comm="syz.1.3018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 354.229972][T15774] binder: 15773:15774 ioctl 5000940a 20000700 returned -22 [ 354.254866][T15774] binder: 15773:15774 ioctl c0306201 20000380 returned -14 [ 354.311395][T15785] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 354.314172][T15785] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 354.320404][T15785] vhci_hcd vhci_hcd.0: Device attached [ 354.336869][ T39] audit: type=1800 audit(1719776266.757:12030): pid=15785 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3028" name="bus" dev="sda1" ino=1985 res=0 errno=0 [ 354.352333][T15776] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 354.373585][T15776] overlayfs: workdir and upperdir must be separate subtrees [ 355.157973][T15786] vhci_hcd: connection closed [ 355.158300][ T63] vhci_hcd: stop threads [ 355.164085][ T63] vhci_hcd: release socket [ 355.167026][ T63] vhci_hcd: disconnect device [ 355.526000][ T25] vhci_hcd: vhci_device speed not set [ 355.561019][T15822] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 355.564816][T15822] overlayfs: workdir and upperdir must be separate subtrees [ 355.781119][ T4633] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 355.831341][T15843] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 355.854148][ T39] audit: type=1400 audit(1719776268.267:12031): avc: denied { create } for pid=15846 comm="syz.2.3044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 355.900965][ T39] audit: type=1804 audit(1719776268.317:12032): pid=15851 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.3045" name="/syzkaller.cbSyA6/327/file0" dev="sda1" ino=1980 res=1 errno=0 [ 356.203146][ T39] audit: type=1400 audit(1719776268.617:12033): avc: denied { getopt } for pid=15855 comm="syz.0.3046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 356.235806][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 356.441858][T15866] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 356.444802][T15866] overlayfs: workdir and upperdir must be separate subtrees [ 356.495419][T15878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3051'. [ 356.548601][T15878] bridge0: port 3(gretap0) entered blocking state [ 356.553295][T15878] bridge0: port 3(gretap0) entered disabled state [ 356.558550][T15878] gretap0: entered allmulticast mode [ 356.564254][T15878] gretap0: entered promiscuous mode [ 356.567965][T15878] bridge0: port 3(gretap0) entered blocking state [ 356.571297][T15878] bridge0: port 3(gretap0) entered forwarding state [ 356.591328][T15878] x_tables: duplicate underflow at hook 1 [ 357.053857][T15906] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3060'. [ 357.147899][T15901] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 357.151275][T15901] overlayfs: workdir and upperdir must be separate subtrees [ 357.253959][T15914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3062'. [ 357.303010][T15914] bridge0: port 3(gretap0) entered blocking state [ 357.306455][T15914] bridge0: port 3(gretap0) entered disabled state [ 357.311351][T15914] gretap0: entered allmulticast mode [ 357.315515][T15914] gretap0: entered promiscuous mode [ 357.323286][T15914] bridge0: port 3(gretap0) entered blocking state [ 357.326398][T15914] bridge0: port 3(gretap0) entered forwarding state [ 357.345792][ T8712] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 357.353080][T15914] x_tables: duplicate underflow at hook 1 [ 357.420909][ T39] audit: type=1400 audit(1719776269.837:12034): avc: denied { map } for pid=15919 comm="syz.3.3065" path="socket:[96749]" dev="sockfs" ino=96749 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 357.441489][T15918] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 357.535772][ T8712] usb 5-1: Using ep0 maxpacket: 16 [ 357.542634][ T8712] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 357.547324][ T8712] usb 5-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 357.552692][ T8712] usb 5-1: config 0 interface 0 has no altsetting 0 [ 357.558304][ T8712] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 357.562135][ T8712] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.565457][ T8712] usb 5-1: Product: syz [ 357.567378][ T8712] usb 5-1: Manufacturer: syz [ 357.569470][ T8712] usb 5-1: SerialNumber: syz [ 357.574169][ T8712] usb 5-1: config 0 descriptor?? [ 357.582715][ T8712] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input19 [ 358.301671][ T5257] usb 5-1: USB disconnect, device number 12 [ 358.439781][T15934] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 358.443379][T15934] overlayfs: workdir and upperdir must be separate subtrees [ 358.504791][ T39] audit: type=1400 audit(1719776270.917:12035): avc: denied { create } for pid=15944 comm="syz.3.3072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 358.515470][ T39] audit: type=1400 audit(1719776270.927:12036): avc: denied { write } for pid=15944 comm="syz.3.3072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 358.555857][ T4633] Bluetooth: hci1: unknown advertising packet type: 0x65 [ 358.555970][ T4633] Bluetooth: hci1: Malformed LE Event: 0x02 [ 358.610887][ T39] audit: type=1400 audit(1719776271.027:12037): avc: denied { accept } for pid=15944 comm="syz.3.3072" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 358.619637][ T39] audit: type=1400 audit(1719776271.027:12038): avc: denied { write } for pid=15944 comm="syz.3.3072" laddr=fe80::b lport=52364 faddr=::1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 358.894372][T15956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3075'. [ 358.931148][T15956] bridge0: port 3(gretap0) entered blocking state [ 358.934770][T15956] bridge0: port 3(gretap0) entered disabled state [ 358.939179][T15956] gretap0: entered allmulticast mode [ 358.943757][T15956] gretap0: entered promiscuous mode [ 358.947512][T15956] bridge0: port 3(gretap0) entered blocking state [ 358.950888][T15956] bridge0: port 3(gretap0) entered forwarding state [ 358.976977][T15956] x_tables: duplicate underflow at hook 1 [ 359.328921][T15963] netlink: 304 bytes leftover after parsing attributes in process `syz.0.3078'. [ 359.344296][T15963] netlink: 'syz.0.3078': attribute type 11 has an invalid length. [ 359.354962][T15963] netlink: 'syz.0.3078': attribute type 11 has an invalid length. [ 359.361345][T15963] debugfs: Directory 'netdev:' with parent 'phy26' already present! [ 359.482600][T15974] netlink: 'syz.0.3080': attribute type 10 has an invalid length. [ 359.499231][T15974] bridge0: port 3(gretap0) entered disabled state [ 359.502375][T15974] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.507569][T15974] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.527760][T15974] bridge0: port 3(gretap0) entered blocking state [ 359.530204][T15974] bridge0: port 3(gretap0) entered forwarding state [ 359.533064][T15974] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.536044][T15974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.538960][T15974] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.541630][T15974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.555293][T15974] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 359.572043][T15969] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15969 comm=syz.0.3080 [ 359.583795][T15974] syz.0.3080 (15974) used greatest stack depth: 20608 bytes left [ 359.605821][ T39] audit: type=1400 audit(1719776272.017:12039): avc: denied { create } for pid=15980 comm="syz.3.3082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 359.675258][T15987] binder: 15984:15987 ioctl 4018620d 0 returned -22 [ 359.721167][ T39] audit: type=1400 audit(1719776272.137:12040): avc: denied { mounton } for pid=15988 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 359.731671][ T5205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 359.740512][ T5205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 359.746220][ T5205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 359.751136][ T5205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 359.755441][ T5205] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 359.759557][ T5205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 359.960011][T15988] chnl_net:caif_netlink_parms(): no params data found [ 359.994730][T16001] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 360.079656][T16009] program syz.3.3088 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 360.112296][T16009] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3088'. [ 360.166992][T15988] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.170389][T15988] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.173843][T15988] bridge_slave_0: entered allmulticast mode [ 360.180728][T15988] bridge_slave_0: entered promiscuous mode [ 360.186950][T15988] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.189753][T15988] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.192940][T15988] bridge_slave_1: entered allmulticast mode [ 360.200337][T15988] bridge_slave_1: entered promiscuous mode [ 360.288147][T15988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.295489][T15988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.314847][T16014] program syz.0.3090 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 360.361742][T15988] team0: Port device team_slave_0 added [ 360.373160][T15988] team0: Port device team_slave_1 added [ 360.434797][T15988] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.437906][T15988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.450230][T15988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.458052][T15988] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.461102][T15988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.472057][T15988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.518167][T15988] hsr_slave_0: entered promiscuous mode [ 360.525936][T15988] hsr_slave_1: entered promiscuous mode [ 360.529401][T15988] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 360.533972][T15988] Cannot create hsr debugfs directory [ 360.677823][T16023] netlink: 'syz.1.3092': attribute type 10 has an invalid length. [ 360.681253][T16023] bridge0: port 3(gretap0) entered disabled state [ 360.683647][T16023] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.686683][T16023] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.698591][T16023] bridge0: port 3(gretap0) entered blocking state [ 360.700918][T16023] bridge0: port 3(gretap0) entered forwarding state [ 360.703550][T16023] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.706261][T16023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.709149][T16023] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.711570][T16023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.721334][T16023] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 360.746972][T16022] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16022 comm=syz.1.3092 [ 360.837922][T15988] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.014223][T15988] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.232814][T15988] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.359329][T15988] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.400113][T16028] binder: 16027:16028 ioctl 4018620d 0 returned -22 [ 361.675225][T16036] xt_TCPMSS: Only works on TCP SYN packets [ 361.720804][T15988] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 361.760782][T15988] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 361.779453][T15988] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 361.804070][T15988] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 361.850951][ T5205] Bluetooth: hci0: command tx timeout [ 361.936366][T16043] fuse: Bad value for 'group_id' [ 362.015236][T16043] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 362.026764][T16043] overlayfs: workdir and upperdir must be separate subtrees [ 362.070355][T15988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.090658][T15988] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.104144][ T5257] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.108093][ T5257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.122032][ T5257] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.125606][ T5257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.193782][T15988] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 362.337796][T15988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 362.391096][T15988] veth0_vlan: entered promiscuous mode [ 362.401793][T15988] veth1_vlan: entered promiscuous mode [ 362.449170][T15988] veth0_macvtap: entered promiscuous mode [ 362.459345][ T4633] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 362.466336][ T4633] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 362.469199][T15988] veth1_macvtap: entered promiscuous mode [ 362.471346][ T4633] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 362.477032][ T4633] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 362.481681][ T4633] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 362.482691][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.484873][ T4633] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 362.488441][T16069] binder: 16068:16069 ioctl 4018620d 0 returned -22 [ 362.489276][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.499460][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.504755][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.510651][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.517083][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.521507][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.526141][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.532507][T15988] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 362.549336][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.554098][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.558583][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.563145][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.568938][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.573376][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.579015][T15988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.583732][T15988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.590205][T15988] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.602476][T15988] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.606891][T15988] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.611004][T15988] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.614879][T15988] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.788072][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.791554][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.825384][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.826930][T16066] chnl_net:caif_netlink_parms(): no params data found [ 362.830846][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.897578][T16079] fuse: Bad value for 'group_id' [ 362.972354][T16079] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 362.975491][T16079] overlayfs: workdir and upperdir must be separate subtrees [ 363.033801][T16066] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.038677][T16066] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.041873][T16066] bridge_slave_0: entered allmulticast mode [ 363.045812][T16066] bridge_slave_0: entered promiscuous mode [ 363.051518][T16066] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.055227][T16066] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.063622][T16066] bridge_slave_1: entered allmulticast mode [ 363.063797][T16090] fuse: Bad value for 'group_id' [ 363.073682][T16066] bridge_slave_1: entered promiscuous mode [ 363.102930][T16089] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 363.147126][T16090] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 363.159334][T16090] overlayfs: workdir and upperdir must be separate subtrees [ 363.164057][T16066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 363.176930][T16066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 363.284690][T16066] team0: Port device team_slave_0 added [ 363.299928][T16066] team0: Port device team_slave_1 added [ 363.339182][T16066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.342554][T16066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.354700][T16066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.360382][T16066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 363.363155][T16066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.374534][T16066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 363.424900][T16066] hsr_slave_0: entered promiscuous mode [ 363.431582][T16066] hsr_slave_1: entered promiscuous mode [ 363.434651][T16066] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 363.438487][T16066] Cannot create hsr debugfs directory [ 363.616707][T16066] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.616738][ T39] audit: type=1400 audit(1719776276.027:12041): avc: denied { getopt } for pid=16102 comm="syz.1.3111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 363.784090][T16066] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.930131][T16066] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.027456][T16066] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.173608][ T39] audit: type=1400 audit(1719776276.587:12042): avc: denied { bind } for pid=16114 comm="syz.3.3115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 364.204822][T16066] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 364.212924][T16066] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 364.219912][T16066] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 364.227128][T16066] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 364.241647][T16118] fuse: Bad value for 'group_id' [ 364.320220][T16118] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 364.325853][T16118] overlayfs: workdir and upperdir must be separate subtrees [ 364.330467][T16066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.349349][T16066] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.355750][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.358307][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.368508][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.371789][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.503257][T16066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 364.547769][T16066] veth0_vlan: entered promiscuous mode [ 364.558230][T16066] veth1_vlan: entered promiscuous mode [ 364.575899][ T4633] Bluetooth: hci2: command tx timeout [ 364.592433][T16066] veth0_macvtap: entered promiscuous mode [ 364.600237][T16066] veth1_macvtap: entered promiscuous mode [ 364.620596][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.625225][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.629590][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.634415][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.639893][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.644499][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.649952][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.654848][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.659390][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.664286][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.671362][T16066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.684031][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.688894][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.693187][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.697791][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.702058][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.706863][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.711490][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.719973][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.724367][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.729995][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.735201][T16066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.744957][T16066] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.749254][T16066] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.753142][T16066] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.757383][T16066] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.829387][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.833067][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.862786][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.867619][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.872896][T16134] binder: BINDER_SET_CONTEXT_MGR already set [ 364.875491][T16134] binder: 16133:16134 ioctl 4018620d 200001c0 returned -16 [ 365.441077][T16152] fuse: Bad value for 'group_id' [ 365.522952][T16152] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 365.535917][T16152] overlayfs: workdir and upperdir must be separate subtrees [ 365.665743][T16166] binder: BINDER_SET_CONTEXT_MGR already set [ 365.668742][T16166] binder: 16165:16166 ioctl 4018620d 200001c0 returned -16 [ 365.702270][ T1095] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.983259][ T5205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 365.990532][ T5205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 366.000744][ T5205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 366.005020][ T5205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 366.010320][ T5205] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 366.014117][ T5205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 366.352649][T16182] chnl_net:caif_netlink_parms(): no params data found [ 366.508350][T16182] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.512471][T16182] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.516052][T16182] bridge_slave_0: entered allmulticast mode [ 366.519194][T16182] bridge_slave_0: entered promiscuous mode [ 366.540197][T16182] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.542929][T16182] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.547132][T16182] bridge_slave_1: entered allmulticast mode [ 366.553545][T16182] bridge_slave_1: entered promiscuous mode [ 366.605451][ T39] audit: type=1400 audit(1719776279.017:12043): avc: denied { mounton } for pid=16193 comm="syz.0.3134" path=2F73797A6B616C6C65722E426A386E52672F322FE91F7189591E9233614B dev="sda1" ino=1978 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=sock_file permissive=1 [ 366.646502][ T4633] Bluetooth: hci2: command tx timeout [ 366.690433][T16182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 366.699264][T16182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.724098][T16206] fuse: Bad value for 'group_id' [ 366.771226][T16182] team0: Port device team_slave_0 added [ 366.777189][T16182] team0: Port device team_slave_1 added [ 366.798015][T16206] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 366.803239][T16206] overlayfs: workdir and upperdir must be separate subtrees [ 366.851933][T16219] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3136'. [ 366.859184][T16182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 366.862348][T16182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.870013][ T39] audit: type=1400 audit(1719776279.277:12044): avc: denied { name_bind } for pid=16218 comm="syz.1.3136" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 366.874653][T16182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 366.892516][T16182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 366.896662][T16182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.907737][T16224] binder: BINDER_SET_CONTEXT_MGR already set [ 366.908679][T16182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 366.916440][T16224] binder: 16223:16224 ioctl 4018620d 200001c0 returned -16 [ 366.993017][T16182] hsr_slave_0: entered promiscuous mode [ 366.998074][T16182] hsr_slave_1: entered promiscuous mode [ 367.000794][T16182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 367.003500][T16182] Cannot create hsr debugfs directory [ 367.168382][ T4633] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 367.196498][T16245] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 367.612602][ T39] audit: type=1800 audit(1719776280.027:12045): pid=16254 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3144" name="file0" dev="sda1" ino=1973 res=0 errno=0 [ 367.623626][ T39] audit: type=1804 audit(1719776280.037:12046): pid=16254 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3144" name="/syzkaller.Qisz7r/558/file0" dev="sda1" ino=1973 res=1 errno=0 [ 367.802496][T16256] fuse: Bad value for 'group_id' [ 367.875918][T16256] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 367.879032][T16256] overlayfs: workdir and upperdir must be separate subtrees [ 367.960221][T16262] IPv6: NLM_F_REPLACE set, but no existing node found! [ 367.964469][ T82] Bluetooth: hci4: Frame reassembly failed (-84) [ 367.965017][ T39] audit: type=1400 audit(1719776280.377:12047): avc: denied { setopt } for pid=16261 comm="syz.1.3146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 368.086523][ T5205] Bluetooth: hci0: command tx timeout [ 368.115768][ T25] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 368.119608][ T1095] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.196136][ T1095] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.269987][ T1095] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.310210][ T25] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 368.313911][ T25] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 368.318186][ T25] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 368.321571][ T25] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.322707][T16264] binder: BINDER_SET_CONTEXT_MGR already set [ 368.329657][T16264] binder: 16263:16264 ioctl 4018620d 200001c0 returned -16 [ 368.330965][ T25] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 368.336740][ T25] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 368.340424][ T25] usb 8-1: Product: syz [ 368.342277][ T25] usb 8-1: Manufacturer: syz [ 368.352452][ T25] cdc_wdm 8-1:1.0: skipping garbage [ 368.354845][ T25] cdc_wdm 8-1:1.0: skipping garbage [ 368.367257][ T25] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 368.369906][ T25] cdc_wdm 8-1:1.0: Unknown control protocol [ 368.434207][ T1095] bridge_slave_1: left allmulticast mode [ 368.436811][ T1095] bridge_slave_1: left promiscuous mode [ 368.439502][ T1095] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.452957][ T1095] bridge_slave_0: left allmulticast mode [ 368.456358][ T1095] bridge_slave_0: left promiscuous mode [ 368.458906][ T1095] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.586875][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 368.589503][ C3] cdc_wdm 8-1:1.0: Cannot schedule work [ 368.594378][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 368.597115][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 368.599882][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 368.602724][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 368.605878][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 368.608695][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 368.613603][ T5258] usb 8-1: USB disconnect, device number 6 [ 368.735939][ T5205] Bluetooth: hci2: command tx timeout [ 368.902178][ T1095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 368.908746][ T1095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 368.914273][ T1095] bond0 (unregistering): Released all slaves [ 369.231107][ T5205] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 369.277392][T16292] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 369.369392][ T1095] hsr_slave_0: left promiscuous mode [ 369.378935][ T1095] hsr_slave_1: left promiscuous mode [ 369.388767][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.392186][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 369.415785][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 369.419349][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 369.464917][ T1095] veth1_macvtap: left promiscuous mode [ 369.468786][ T1095] veth0_macvtap: left promiscuous mode [ 369.471271][ T1095] veth1_vlan: left promiscuous mode [ 369.473944][ T1095] veth0_vlan: left promiscuous mode [ 370.007116][ T5205] Bluetooth: hci4: command 0x1003 tx timeout [ 370.011145][ T4633] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 370.165737][ T4633] Bluetooth: hci0: command tx timeout [ 370.293014][T16305] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 370.295254][T16305] overlayfs: workdir and upperdir must be separate subtrees [ 370.437098][T16314] binder: BINDER_SET_CONTEXT_MGR already set [ 370.439242][T16314] binder: 16312:16314 ioctl 4018620d 200001c0 returned -16 [ 370.589499][ T1095] team0 (unregistering): Port device team_slave_1 removed [ 370.661486][ T39] audit: type=1800 audit(1719776283.077:12048): pid=16316 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3157" name="bus" dev="sda1" ino=1973 res=0 errno=0 [ 370.703038][ T1095] team0 (unregistering): Port device team_slave_0 removed [ 370.815694][ T4633] Bluetooth: hci2: command tx timeout [ 371.441677][T16317] netlink: 'syz.3.3157': attribute type 4 has an invalid length. [ 371.449624][T16318] netlink: 'syz.3.3157': attribute type 4 has an invalid length. [ 371.578105][T16182] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 371.583402][T16182] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 371.590697][T16182] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 371.597052][T16182] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 371.607049][ T39] audit: type=1800 audit(1719776284.017:12049): pid=16332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.3161" name="file0" dev="sda1" ino=1978 res=0 errno=0 [ 371.624113][ T39] audit: type=1804 audit(1719776284.027:12050): pid=16332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3161" name="/syzkaller.N0jcIn/254/file0" dev="sda1" ino=1978 res=1 errno=0 [ 371.662778][T16335] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3162'. [ 371.684110][T16182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.723617][T16182] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.731704][ T5258] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.735097][ T5258] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.748429][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.751238][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 371.831389][T16339] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 371.839896][T16339] overlayfs: workdir and upperdir must be separate subtrees [ 371.947421][T16358] binder: BINDER_SET_CONTEXT_MGR already set [ 371.950087][T16358] binder: 16357:16358 ioctl 4018620d 200001c0 returned -16 [ 371.960679][T16182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 372.013553][T16182] veth0_vlan: entered promiscuous mode [ 372.023818][T16182] veth1_vlan: entered promiscuous mode [ 372.034964][ T4633] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 372.052876][T16182] veth0_macvtap: entered promiscuous mode [ 372.064123][T16182] veth1_macvtap: entered promiscuous mode [ 372.074078][T16368] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 372.080831][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.085240][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.090852][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.095491][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.100096][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.104625][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.108704][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.113047][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.115736][ T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 372.117226][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.125053][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.131185][T16182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 372.141989][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.146457][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.150588][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.155083][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.159825][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.164176][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.168331][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.172669][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.176813][T16182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.181176][T16182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.187404][T16182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 372.196907][T16182] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.200661][T16182] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.204374][T16182] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.208828][T16182] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.245837][ T4633] Bluetooth: hci0: command tx timeout [ 372.279933][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.283565][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.299345][ T25] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 372.303344][ T25] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 372.308046][ T25] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 372.310197][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.313020][ T25] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.315341][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.325352][ T25] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 372.329679][ T25] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 372.333238][ T25] usb 6-1: Product: syz [ 372.335428][ T25] usb 6-1: Manufacturer: syz [ 372.342583][ T25] cdc_wdm 6-1:1.0: skipping garbage [ 372.350916][ T25] cdc_wdm 6-1:1.0: skipping garbage [ 372.354825][ T25] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 372.357795][ T25] cdc_wdm 6-1:1.0: Unknown control protocol [ 372.530062][ T39] audit: type=1804 audit(1719776284.947:12051): pid=16375 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3169" name="/syzkaller.Qisz7r/569/bus" dev="sda1" ino=1980 res=1 errno=0 [ 372.562504][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 372.565482][ C2] cdc_wdm 6-1:1.0: Cannot schedule work [ 372.568344][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 372.571066][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 372.574777][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 372.577477][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 372.580201][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 372.582786][ C2] cdc_wdm 6-1:1.0: Cannot schedule work [ 372.585566][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 372.597260][ C2] cdc_wdm 6-1:1.0: Unexpected error -71 [ 372.599086][ T825] usb 6-1: USB disconnect, device number 7 [ 372.746677][T16378] netlink: 'syz.1.3170': attribute type 21 has an invalid length. [ 372.750146][T16378] netlink: 'syz.1.3170': attribute type 6 has an invalid length. [ 372.941058][T16382] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 372.949864][T16382] overlayfs: workdir and upperdir must be separate subtrees [ 372.962300][T16390] binder: BINDER_SET_CONTEXT_MGR already set [ 372.964808][T16390] binder: 16389:16390 ioctl 4018620d 200001c0 returned -16 [ 373.015640][ T39] audit: type=1400 audit(1719776285.427:12052): avc: denied { append } for pid=16391 comm="syz.0.3176" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 373.019626][T16392] IPVS: set_ctl: invalid protocol: 4 172.20.20.42:20003 [ 373.077060][T16394] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 373.127953][ T39] audit: type=1400 audit(1719776285.547:12053): avc: denied { ioctl } for pid=16398 comm="syz.0.3178" path="socket:[100323]" dev="sockfs" ino=100323 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 373.173431][ T39] audit: type=1800 audit(1719776285.587:12054): pid=16399 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3178" name="file0" dev="sda1" ino=1978 res=0 errno=0 [ 373.509908][ T39] audit: type=1800 audit(1719776285.927:12055): pid=16411 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.3179" name="file0" dev="sda1" ino=1973 res=0 errno=0 [ 373.519228][ T39] audit: type=1804 audit(1719776285.927:12056): pid=16411 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3179" name="/syzkaller.N0jcIn/259/file0" dev="sda1" ino=1973 res=1 errno=0 [ 374.005944][ T825] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 374.198014][ T825] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 374.201926][ T825] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 374.206590][ T825] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 374.210662][ T825] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.217233][ T825] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 374.221098][ T825] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 374.224749][ T825] usb 6-1: Product: syz [ 374.225740][ T975] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 374.226790][ T825] usb 6-1: Manufacturer: syz [ 374.236164][ T825] cdc_wdm 6-1:1.0: skipping garbage [ 374.238408][ T825] cdc_wdm 6-1:1.0: skipping garbage [ 374.244254][ T825] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 374.247279][ T825] cdc_wdm 6-1:1.0: Unknown control protocol [ 374.425772][ T975] usb 8-1: Using ep0 maxpacket: 8 [ 374.430081][ T975] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 374.434171][ T975] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 374.438581][ T975] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 374.442805][ T975] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 374.447228][ T975] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 374.453114][ T975] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 374.454789][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 374.457004][ T975] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.458857][ C0] cdc_wdm 6-1:1.0: Cannot schedule work [ 374.464459][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 374.466609][ C0] cdc_wdm 6-1:1.0: Cannot schedule work [ 374.468718][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 374.471905][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 374.474340][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -EPIPE [ 374.477660][ T25] usb 6-1: USB disconnect, device number 8 [ 374.671068][ T975] usb 8-1: usb_control_msg returned -32 [ 374.673407][ T975] usbtmc 8-1:16.0: can't read capabilities [ 374.806533][ T39] audit: type=1804 audit(1719776287.227:12057): pid=16419 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3182" name="/syzkaller.Bj8nRg/15/bus" dev="sda1" ino=1979 res=1 errno=0 [ 375.023641][T16420] usbtmc 8-1:16.0: usb_control_msg returned -32 [ 375.030715][ T5258] usb 8-1: USB disconnect, device number 7 [ 375.113108][T16422] binder: BINDER_SET_CONTEXT_MGR already set [ 375.116406][T16422] binder: 16421:16422 ioctl 4018620d 200001c0 returned -16 [ 375.197395][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3183'. [ 375.201612][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3183'. [ 375.206947][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3183'. [ 375.307008][T16432] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 375.603004][ T1095] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.866906][ T5205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 375.870948][ T5205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 375.875120][ T5205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 375.881303][ T5205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 375.885152][ T5205] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 375.889024][ T5205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 376.029902][T16454] chnl_net:caif_netlink_parms(): no params data found [ 376.070870][ T39] audit: type=1804 audit(1719776288.487:12058): pid=16460 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3191" name="/syzkaller.Bj8nRg/19/bus" dev="sda1" ino=1980 res=1 errno=0 [ 376.138107][T16454] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.141423][T16454] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.144827][T16454] bridge_slave_0: entered allmulticast mode [ 376.149138][T16454] bridge_slave_0: entered promiscuous mode [ 376.154286][T16454] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.156909][T16454] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.159614][T16454] bridge_slave_1: entered allmulticast mode [ 376.162567][T16454] bridge_slave_1: entered promiscuous mode [ 376.228859][T16454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.238118][T16454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.307933][T16454] team0: Port device team_slave_0 added [ 376.313835][T16454] team0: Port device team_slave_1 added [ 376.370821][T16454] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 376.373494][T16454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.383406][T16454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 376.388508][T16454] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 376.390966][T16454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.399909][T16454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 376.456078][T16454] hsr_slave_0: entered promiscuous mode [ 376.459129][T16454] hsr_slave_1: entered promiscuous mode [ 376.461882][T16454] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 376.464813][T16454] Cannot create hsr debugfs directory [ 376.544269][T16470] binder: BINDER_SET_CONTEXT_MGR already set [ 376.547830][T16470] binder: 16469:16470 ioctl 4018620d 200001c0 returned -16 [ 376.601032][ T39] audit: type=1800 audit(1719776289.017:12059): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.3194" name="file0" dev="sda1" ino=1977 res=0 errno=0 [ 376.612498][ T39] audit: type=1804 audit(1719776289.017:12060): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3194" name="/syzkaller.N0jcIn/265/file0" dev="sda1" ino=1977 res=1 errno=0 [ 377.060709][ T39] audit: type=1400 audit(1719776289.477:12061): avc: denied { getopt } for pid=16474 comm="syz.0.3195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 377.075706][ T975] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 377.268328][ T975] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 377.272371][ T975] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 377.277821][ T975] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 377.281863][ T975] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.289504][ T975] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 377.294271][ T975] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 377.297670][ T975] usb 6-1: Product: syz [ 377.299318][ T975] usb 6-1: Manufacturer: syz [ 377.315453][ T975] cdc_wdm 6-1:1.0: skipping garbage [ 377.319616][ T975] cdc_wdm 6-1:1.0: skipping garbage [ 377.328095][ T975] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 377.330974][ T975] cdc_wdm 6-1:1.0: Unknown control protocol [ 377.352915][ T4633] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 377.395055][T16481] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 377.416090][T16486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3200'. [ 377.435115][T16486] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=16486 comm=syz.0.3200 [ 377.444910][ T39] audit: type=1400 audit(1719776289.857:12062): avc: denied { remount } for pid=16485 comm="syz.0.3200" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 377.530157][ C2] cdc_wdm 6-1:1.0: Stall on int endpoint [ 377.532209][ C2] cdc_wdm 6-1:1.0: Cannot schedule work [ 377.534155][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 377.544669][ T975] usb 6-1: USB disconnect, device number 9 [ 377.649183][T16492] binder: BINDER_SET_CONTEXT_MGR already set [ 377.651927][T16492] binder: 16491:16492 ioctl 4018620d 200001c0 returned -16 [ 377.707134][ T39] audit: type=1804 audit(1719776290.127:12063): pid=16496 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3203" name="/syzkaller.N0jcIn/267/file1/bus" dev="sda1" ino=1980 res=1 errno=0 [ 377.923014][T16505] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 377.926298][ T4633] Bluetooth: hci0: command tx timeout [ 379.958474][ T1095] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.976254][T16509] team_slave_0: entered allmulticast mode [ 380.006017][ T5205] Bluetooth: hci0: command 0x041b tx timeout [ 380.071319][ T1095] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.104414][T16520] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3207'. [ 380.109377][T16520] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3207'. [ 380.145325][T16520] ptrace attach of "/syz-executor exec"[8525] was attempted by ""[16520] [ 380.190748][ T1095] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.236712][T16523] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3209'. [ 380.241435][T16523] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3209'. [ 380.345940][T16528] binder: BINDER_SET_CONTEXT_MGR already set [ 380.348841][T16528] binder: 16527:16528 ioctl 4018620d 200001c0 returned -16 [ 380.352466][ T5205] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 380.382921][ T1095] bridge_slave_1: left allmulticast mode [ 380.389049][ T1095] bridge_slave_1: left promiscuous mode [ 380.391601][ T1095] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.403089][ T1095] bridge_slave_0: left allmulticast mode [ 380.406809][ T1095] bridge_slave_0: left promiscuous mode [ 380.409694][ T1095] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.436322][T16530] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 380.453774][ T39] audit: type=1804 audit(1719776292.867:12064): pid=16533 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3213" name="/syzkaller.N0jcIn/271/file1/bus" dev="sda1" ino=1979 res=1 errno=0 [ 380.961440][ T1095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 380.967548][ T1095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 380.976796][ T1095] bond0 (unregistering): Released all slaves [ 381.131690][ T5205] Bluetooth: hci3: command 0x0406 tx timeout [ 381.501991][ T1095] hsr_slave_0: left promiscuous mode [ 381.505403][ T1095] hsr_slave_1: left promiscuous mode [ 381.511659][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 381.515357][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 381.519640][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 381.523005][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 381.606561][ T1095] veth1_macvtap: left promiscuous mode [ 381.608823][ T1095] veth0_macvtap: left promiscuous mode [ 381.611428][ T1095] veth1_vlan: left promiscuous mode [ 381.613673][ T1095] veth0_vlan: left promiscuous mode [ 382.086172][ T4633] Bluetooth: hci0: command 0x041b tx timeout [ 382.539075][T16541] syz.3.3215 (16541): drop_caches: 1 [ 383.146997][ T1095] team0 (unregistering): Port device team_slave_1 removed [ 383.280234][ T1095] team0 (unregistering): Port device team_slave_0 removed [ 384.167086][ T4633] Bluetooth: hci0: command 0x041b tx timeout [ 384.190373][ T1357] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.193278][ T1357] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.359589][T16574] team_slave_0: entered allmulticast mode [ 384.440685][T16454] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 384.467026][T16454] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 384.502384][T16454] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 384.510656][ T4633] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 384.511976][T16576] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3222'. [ 384.520869][T16576] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3222'. [ 384.528149][T16454] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 384.534552][T16576] ptrace attach of "/syz-executor exec"[8525] was attempted by ""[16576] [ 384.623300][T16581] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 384.642474][T16585] team_slave_0: left allmulticast mode [ 384.649571][ T39] audit: type=1804 audit(1719776297.067:12065): pid=16587 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3225" name="/syzkaller.Qisz7r/582/file1/bus" dev="sda1" ino=1979 res=1 errno=0 [ 384.706492][T16454] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.736027][T16454] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.752942][ T5239] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.756512][ T5239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 384.775785][ T5239] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.780166][ T5239] bridge0: port 2(bridge_slave_1) entered forwarding state [ 385.130870][T16454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 385.198919][T16454] veth0_vlan: entered promiscuous mode [ 385.212997][T16454] veth1_vlan: entered promiscuous mode [ 385.248486][T16454] veth0_macvtap: entered promiscuous mode [ 385.256918][T16454] veth1_macvtap: entered promiscuous mode [ 385.277174][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.282457][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.288522][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.293353][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.298302][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.302827][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.307048][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.312360][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.316395][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.320683][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.328263][T16454] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 385.342433][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.347240][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.352443][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.357240][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.361729][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.366397][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.370789][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.375769][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.380019][T16454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.384719][T16454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.392210][T16454] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 385.402443][T16454] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.407342][T16454] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.411757][T16454] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.415472][T16454] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.494804][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.498650][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.525424][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.530980][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.787966][ T39] audit: type=1400 audit(1719776298.207:12066): avc: denied { getopt } for pid=16620 comm="syz.3.3231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 385.889053][ T4633] Bluetooth: hci1: unexpected event for opcode 0x203c [ 385.998071][T16626] syz.0.3229 (16626): drop_caches: 1 [ 386.034733][T16626] syz.0.3229 (16626): drop_caches: 1 [ 386.180281][T16633] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3234'. [ 386.183408][T16633] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3234'. [ 386.191446][T16633] ptrace attach of "/syz-executor exec"[12304] was attempted by ""[16633] [ 386.238488][ T4633] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 386.266852][T16637] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 386.313923][ T39] audit: type=1804 audit(1719776298.727:12067): pid=16641 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3236" name="/syzkaller.Qisz7r/587/bus" dev="sda1" ino=1978 res=1 errno=0 [ 386.751175][T16651] ecryptfs_parse_options: eCryptfs: unrecognized option [&@] [ 386.754633][T16651] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 386.762337][T16651] Error parsing options; rc = [-22] [ 387.182983][T16662] syz.1.3242 (16662): drop_caches: 1 [ 387.227275][T16662] syz.1.3242 (16662): drop_caches: 1 [ 388.362856][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.898105][ T39] audit: type=1800 audit(1719776301.317:12068): pid=16699 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3253" name="bus" dev="sda1" ino=1977 res=0 errno=0 [ 388.933214][T16695] syz.1.3251 (16695): drop_caches: 1 [ 389.019126][T16695] syz.1.3251 (16695): drop_caches: 1 [ 389.035500][ T5205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 389.041046][T16706] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3254'. [ 389.043483][ T5205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 389.052990][ T5205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 389.058229][ T5205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 389.062254][ T5205] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 389.065856][ T5205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 389.264809][T16707] chnl_net:caif_netlink_parms(): no params data found [ 389.542598][T16707] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.547591][T16707] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.551408][T16707] bridge_slave_0: entered allmulticast mode [ 389.554792][T16707] bridge_slave_0: entered promiscuous mode [ 389.561688][T16707] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.564681][T16707] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.569438][T16707] bridge_slave_1: entered allmulticast mode [ 389.573661][T16707] bridge_slave_1: entered promiscuous mode [ 389.724911][T16707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.746452][T16707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.825417][T16707] team0: Port device team_slave_0 added [ 389.846422][ T39] audit: type=1400 audit(1719776302.257:12069): avc: denied { map } for pid=16725 comm="syz.3.3258" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 389.854234][ T39] audit: type=1400 audit(1719776302.257:12070): avc: denied { execute } for pid=16725 comm="syz.3.3258" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 389.859406][T16707] team0: Port device team_slave_1 added [ 389.861697][T16725] Trying to write to read-only block-device nullb0 [ 390.067351][T16707] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 390.072295][T16707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.089347][T16707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 390.094715][T16707] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 390.098348][T16707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.115693][T16707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.151652][T16736] fuse: Unknown parameter 'group_id00000000000037777777777' [ 390.222461][T16707] hsr_slave_0: entered promiscuous mode [ 390.226691][T16736] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 390.229863][T16736] overlayfs: workdir and upperdir must be separate subtrees [ 390.250041][T16707] hsr_slave_1: entered promiscuous mode [ 390.260013][T16707] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 390.271860][T16707] Cannot create hsr debugfs directory [ 390.852149][ T39] audit: type=1804 audit(1719776303.267:12071): pid=16756 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3265" name="/syzkaller.Qisz7r/598/bus" dev="sda1" ino=1979 res=1 errno=0 [ 390.874985][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.959291][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.128771][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.145819][ T5205] Bluetooth: hci0: command tx timeout [ 391.298715][ T13] bridge_slave_1: left allmulticast mode [ 391.300750][ T13] bridge_slave_1: left promiscuous mode [ 391.303280][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.308933][ T13] bridge_slave_0: left allmulticast mode [ 391.311810][ T13] bridge_slave_0: left promiscuous mode [ 391.314138][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.426197][ T39] audit: type=1800 audit(1719776303.847:12072): pid=16770 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3269" name="file0" dev="sda1" ino=1980 res=0 errno=0 [ 391.444210][ T39] audit: type=1804 audit(1719776303.847:12073): pid=16770 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3269" name="/syzkaller.Bj8nRg/51/file0" dev="sda1" ino=1980 res=1 errno=0 [ 391.567025][T16772] fuse: Unknown parameter 'group_id00000000000037777777777' [ 391.648913][T16772] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 391.650448][T16772] overlayfs: workdir and upperdir must be separate subtrees [ 391.758250][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.765249][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 391.771732][ T13] bond0 (unregistering): Released all slaves [ 391.925955][ T5258] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 392.130951][ T5258] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 392.134953][ T5258] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 392.144971][ T5258] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 392.152312][ T5258] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 392.164625][ T5258] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 392.171862][ T5258] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 392.177745][ T5258] usb 5-1: Product: syz [ 392.179454][ T5258] usb 5-1: Manufacturer: syz [ 392.217081][ T5258] cdc_wdm 5-1:1.0: skipping garbage [ 392.219409][ T5258] cdc_wdm 5-1:1.0: skipping garbage [ 392.232590][ T5258] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 392.235309][ T5258] cdc_wdm 5-1:1.0: Unknown control protocol [ 392.263368][ T13] hsr_slave_0: left promiscuous mode [ 392.274406][ T13] hsr_slave_1: left promiscuous mode [ 392.306284][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 392.309632][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 392.321824][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 392.325406][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 392.417785][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.420188][ C1] cdc_wdm 5-1:1.0: Cannot schedule work [ 392.422781][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.425525][ C1] cdc_wdm 5-1:1.0: Cannot schedule work [ 392.428417][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.431312][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.434006][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.436708][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.438605][ T13] veth1_macvtap: left promiscuous mode [ 392.439045][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.441343][ T13] veth0_macvtap: left promiscuous mode [ 392.443277][ C1] cdc_wdm 5-1:1.0: Cannot schedule work [ 392.448569][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.451228][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.453463][ T13] veth1_vlan: left promiscuous mode [ 392.453828][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.459240][ C1] cdc_wdm 5-1:1.0: Cannot schedule work [ 392.459672][ T13] veth0_vlan: left promiscuous mode [ 392.462225][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.467226][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.469893][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.472605][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.475178][ C1] cdc_wdm 5-1:1.0: Cannot schedule work [ 392.478266][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.481033][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.483276][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.485452][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.487531][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.489441][ C1] cdc_wdm 5-1:1.0: Cannot schedule work [ 392.491492][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.493619][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.495769][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.497904][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.500079][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.502235][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.504381][ C1] cdc_wdm 5-1:1.0: Stall on int endpoint [ 392.506440][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 392.511710][ T10] usb 5-1: USB disconnect, device number 13 [ 392.516378][ C1] cdc_wdm 5-1:1.0: Unexpected error -71 [ 392.826881][T16808] tipc: Can't bind to reserved service type 1 [ 393.156724][T16819] fuse: Unknown parameter 'group_id00000000000037777777777' [ 393.205823][ T5205] Bluetooth: hci0: command 0x041b tx timeout [ 393.252986][T16819] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 393.254560][T16819] overlayfs: workdir and upperdir must be separate subtrees [ 393.763557][ T13] team0 (unregistering): Port device team_slave_1 removed [ 393.902975][ T13] team0 (unregistering): Port device team_slave_0 removed [ 394.765369][T16707] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 394.785354][T16707] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 394.811266][T16707] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 394.844427][T16707] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 394.961048][T16707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.984435][T16707] 8021q: adding VLAN 0 to HW filter on device team0 [ 395.004730][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.008075][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 395.030309][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.033638][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.197225][T16707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 395.235585][T16707] veth0_vlan: entered promiscuous mode [ 395.244812][T16707] veth1_vlan: entered promiscuous mode [ 395.269318][T16707] veth0_macvtap: entered promiscuous mode [ 395.274517][T16707] veth1_macvtap: entered promiscuous mode [ 395.288611][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.293199][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.295694][ T5205] Bluetooth: hci0: command 0x041b tx timeout [ 395.300661][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.304421][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.308821][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.312570][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.319616][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.325987][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.329721][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.333680][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.339070][T16707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.348643][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.353800][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.358029][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.362572][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.366333][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.369929][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.373435][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.377762][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.381171][T16707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.385947][T16707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.390945][T16707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.399824][T16707] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.404651][T16707] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.409849][T16707] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.414054][T16707] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.501723][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.505401][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.537965][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.540802][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.644528][T16853] binder: BINDER_SET_CONTEXT_MGR already set [ 395.646747][T16853] binder: 16852:16853 ioctl 4018620d 200001c0 returned -16 [ 395.865919][ T39] audit: type=1800 audit(1719776308.287:12074): pid=16858 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3286" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 395.876123][ T39] audit: type=1804 audit(1719776308.287:12075): pid=16858 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3286" name="/syzkaller.Qisz7r/602/file0" dev="sda1" ino=1954 res=1 errno=0 [ 396.365759][ T825] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 396.569762][ T825] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 396.572910][ T825] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 396.582760][ T825] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 396.587290][ T825] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.593069][ T825] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 396.597611][ T825] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 396.603349][ T825] usb 8-1: Product: syz [ 396.605772][ T825] usb 8-1: Manufacturer: syz [ 396.611188][ T825] cdc_wdm 8-1:1.0: skipping garbage [ 396.614703][ T825] cdc_wdm 8-1:1.0: skipping garbage [ 396.620253][ T825] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 396.622627][ T825] cdc_wdm 8-1:1.0: Unknown control protocol [ 396.831571][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 396.834321][ C3] cdc_wdm 8-1:1.0: Cannot schedule work [ 396.837026][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 396.839737][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 396.842426][ C3] cdc_wdm 8-1:1.0: Stall on int endpoint [ 396.845350][ C3] cdc_wdm 8-1:1.0: Cannot schedule work [ 396.848101][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 396.859163][ C3] cdc_wdm 8-1:1.0: Unexpected error -71 [ 396.862129][ T825] usb 8-1: USB disconnect, device number 8 [ 397.434603][T16892] binder: BINDER_SET_CONTEXT_MGR already set [ 397.438228][T16892] binder: 16891:16892 ioctl 4018620d 200001c0 returned -16 [ 397.441849][ T39] audit: type=1804 audit(1719776309.857:12076): pid=16894 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3296" name="/syzkaller.Bj8nRg/61/file1/bus" dev="sda1" ino=1980 res=1 errno=0 [ 398.682002][ T39] audit: type=1800 audit(1719776311.097:12077): pid=16927 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.3303" name="file0" dev="sda1" ino=1977 res=0 errno=0 [ 398.690672][ T39] audit: type=1804 audit(1719776311.097:12078): pid=16927 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3303" name="/syzkaller.N0jcIn/298/file0" dev="sda1" ino=1977 res=1 errno=0 [ 398.741438][ T1148] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.155684][ T56] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 399.330383][ T39] audit: type=1800 audit(1719776311.747:12079): pid=16931 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3304" name="file0" dev="sda1" ino=1976 res=0 errno=0 [ 399.340031][ T39] audit: type=1804 audit(1719776311.747:12080): pid=16931 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3304" name="/syzkaller.Bj8nRg/64/file0" dev="sda1" ino=1976 res=1 errno=0 [ 399.357845][ T56] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 399.361590][ T56] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 399.366269][ T56] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 399.370236][ T56] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.377021][ T56] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 399.381707][ T56] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 399.385320][ T56] usb 6-1: Product: syz [ 399.387371][ T56] usb 6-1: Manufacturer: syz [ 399.393460][ T56] cdc_wdm 6-1:1.0: skipping garbage [ 399.396172][ T56] cdc_wdm 6-1:1.0: skipping garbage [ 399.399878][ T56] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 399.402492][ T56] cdc_wdm 6-1:1.0: Unknown control protocol [ 399.449140][ T4633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 399.453928][ T4633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 399.460396][ T4633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 399.467246][ T4633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 399.471296][ T4633] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 399.474858][ T4633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 399.603054][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 399.605051][ C0] cdc_wdm 6-1:1.0: Cannot schedule work [ 399.607105][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 399.609197][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 399.611125][ C0] cdc_wdm 6-1:1.0: Cannot schedule work [ 399.613174][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 399.615340][ C0] cdc_wdm 6-1:1.0: Cannot schedule work [ 399.617434][ C0] cdc_wdm 6-1:1.0: Stall on int endpoint [ 399.621921][ T8] usb 6-1: USB disconnect, device number 10 [ 399.638618][T16935] chnl_net:caif_netlink_parms(): no params data found [ 399.719767][T16935] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.722887][T16935] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.726231][T16935] bridge_slave_0: entered allmulticast mode [ 399.729760][T16935] bridge_slave_0: entered promiscuous mode [ 399.734539][T16935] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.738676][T16935] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.741187][T16935] bridge_slave_1: entered allmulticast mode [ 399.743988][T16935] bridge_slave_1: entered promiscuous mode [ 399.780332][T16935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.786096][T16935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.815798][ T56] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 399.831193][T16935] team0: Port device team_slave_0 added [ 399.836131][T16935] team0: Port device team_slave_1 added [ 399.869862][T16935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 399.872320][T16935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.883988][T16935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 399.891937][T16935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 399.894864][T16935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.905327][T16935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 399.947654][T16935] hsr_slave_0: entered promiscuous mode [ 399.950339][T16935] hsr_slave_1: entered promiscuous mode [ 399.952760][T16935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 399.955344][T16935] Cannot create hsr debugfs directory [ 400.000038][ T56] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 400.003699][ T56] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.008130][ T56] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 400.011328][ T56] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.016824][ T56] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 400.023451][ T56] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 400.027123][ T56] usb 5-1: Product: syz [ 400.029074][ T56] usb 5-1: Manufacturer: syz [ 400.037104][ T56] cdc_wdm 5-1:1.0: skipping garbage [ 400.039617][ T56] cdc_wdm 5-1:1.0: skipping garbage [ 400.042958][ T56] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 400.045509][ T56] cdc_wdm 5-1:1.0: Unknown control protocol [ 400.176725][T16944] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3306'. [ 400.204951][ T4633] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 400.215862][T16948] erofs: (device loop1): erofs_read_superblock: cannot find valid erofs superblock [ 400.266624][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.269383][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.272194][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.274752][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.277464][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.279968][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.281984][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.284049][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.286733][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.289646][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.292592][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.295389][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.297865][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.300438][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.303212][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.306200][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.309185][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.311954][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.314702][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.317443][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.320207][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.323128][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.325948][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.328826][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.331439][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.334306][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.337154][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.340184][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.343152][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.345945][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.348695][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.351493][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.354635][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.357657][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.360497][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.363261][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.366023][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.369057][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.372382][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.375030][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.377236][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 400.379600][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.381985][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.384211][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.386342][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.388624][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.391182][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.393641][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 400.395684][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 400.406034][ T5239] usb 5-1: USB disconnect, device number 14 [ 401.406256][ T1148] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.508659][ T1148] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.525941][ T4633] Bluetooth: hci0: command tx timeout [ 401.596493][T16980] fuse: Unknown parameter '00000000000000000000' [ 401.604347][ T39] audit: type=1800 audit(1719776314.017:12081): pid=16985 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3315" name="file0" dev="sda1" ino=1978 res=0 errno=0 [ 401.614536][ T39] audit: type=1804 audit(1719776314.027:12082): pid=16985 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3315" name="/syzkaller.Bj8nRg/66/file0" dev="sda1" ino=1978 res=1 errno=0 [ 401.655487][ T1148] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.665284][T16980] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 401.672652][T16986] overlayfs: workdir and upperdir must be separate subtrees [ 401.804049][ T1148] bridge_slave_1: left allmulticast mode [ 401.806979][ T1148] bridge_slave_1: left promiscuous mode [ 401.809633][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.818101][ T1148] bridge_slave_0: left allmulticast mode [ 401.820929][ T1148] bridge_slave_0: left promiscuous mode [ 401.823119][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.077676][ T39] audit: type=1804 audit(1719776314.497:12083): pid=16996 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.3318" name="/syzkaller.N0jcIn/303/file1/bus" dev="sda1" ino=1979 res=1 errno=0 [ 402.125868][ T8] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 402.228784][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 402.236375][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 402.242340][ T1148] bond0 (unregistering): Released all slaves [ 402.336974][ T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 402.346109][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 402.351949][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 402.355526][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.392433][ T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 402.396289][ T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 402.405958][ T8] usb 5-1: Product: syz [ 402.407934][ T8] usb 5-1: Manufacturer: syz [ 402.413314][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 402.415719][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 402.421985][ T8] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 402.424072][ T8] cdc_wdm 5-1:1.0: Unknown control protocol [ 402.617958][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 402.620058][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 402.622206][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 402.624968][ C2] cdc_wdm 5-1:1.0: Stall on int endpoint [ 402.627170][ C2] cdc_wdm 5-1:1.0: Cannot schedule work [ 402.629171][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 402.638963][ T975] ------------[ cut here ]------------ [ 402.641344][ C2] cdc_wdm 5-1:1.0: Unexpected error -71 [ 402.643342][ T975] URB ffff888042308c00 submitted while active [ 402.648679][ T1148] hsr_slave_0: left promiscuous mode [ 402.649429][ T975] WARNING: CPU: 2 PID: 975 at drivers/usb/core/urb.c:379 usb_submit_urb+0x14da/0x1730 [ 402.656062][ T975] Modules linked in: [ 402.658891][ T975] CPU: 2 PID: 975 Comm: kworker/2:2 Not tainted 6.10.0-rc5-syzkaller-00282-g8282d5af7be8 #0 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 402.665173][ T975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 402.669843][ T975] Workqueue: events wdm_rxwork [ 402.671640][ T975] RIP: 0010:usb_submit_urb+0x14da/0x1730 [ 402.673670][ T975] Code: fd eb cb bb fe ff ff ff e9 c1 f3 ff ff e8 1e 36 d1 fa c6 05 c1 20 11 09 01 90 48 c7 c7 00 e3 e8 8b 48 89 de e8 e7 4e 93 fa 90 <0f> 0b 90 90 e9 b6 fe ff ff bb f8 ff ff ff e9 91 f3 ff ff 48 89 ef [ 402.682554][ T975] RSP: 0018:ffffc900034bfc18 EFLAGS: 00010282 [ 402.684715][ T975] RAX: 0000000000000000 RBX: ffff888042308c00 RCX: ffffffff81500069 [ 402.688095][ T975] RDX: ffff8880226e8000 RSI: ffffffff81500076 RDI: 0000000000000001 [ 402.690884][ T975] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 402.693582][ T975] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000293 [ 402.696395][ T975] R13: ffff88803a31e890 R14: ffff88803a31e850 R15: ffff8880154a0800 [ 402.699570][ T975] FS: 0000000000000000(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 [ 402.703847][ T975] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 402.708288][ T975] CR2: 0000001b2fe1cff8 CR3: 000000002a52a000 CR4: 0000000000352ef0 [ 402.712351][ T975] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 402.716587][ T975] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 402.720132][ T975] Call Trace: [ 402.721645][ T975] [ 402.722989][ T975] ? show_regs+0x8c/0xa0 [ 402.724907][ T975] ? __warn+0xe5/0x3c0 [ 402.727119][ T975] ? preempt_schedule_notrace+0x62/0xe0 [ 402.729513][ T975] ? usb_submit_urb+0x14da/0x1730 [ 402.731877][ T975] ? report_bug+0x3c0/0x580 [ 402.734763][ T975] ? handle_bug+0x3d/0x70 [ 402.737289][ T975] ? exc_invalid_op+0x17/0x50 [ 402.739282][ T975] ? asm_exc_invalid_op+0x1a/0x20 [ 402.741506][ T975] ? __warn_printk+0x199/0x350 [ 402.743551][ T975] ? __warn_printk+0x1a6/0x350 [ 402.745667][ T975] ? usb_submit_urb+0x14da/0x1730 [ 402.747731][ T975] ? usb_submit_urb+0x14d9/0x1730 [ 402.749644][ T975] ? mark_held_locks+0x9f/0xe0 [ 402.751648][ T975] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 402.753871][ T975] wdm_rxwork+0xf3/0x200 [ 402.756043][ T975] process_one_work+0x9c5/0x1b40 [ 402.758076][ T975] ? __pfx_wdm_rxwork+0x10/0x10 [ 402.759868][ T975] ? __pfx_process_one_work+0x10/0x10 [ 402.761819][ T975] ? assign_work+0x1a0/0x250 [ 402.763533][ T975] worker_thread+0x6c8/0xf30 [ 402.765111][ T975] ? __kthread_parkme+0x148/0x220 [ 402.767387][ T975] ? __pfx_worker_thread+0x10/0x10 [ 402.769141][ T975] kthread+0x2c1/0x3a0 [ 402.770619][ T975] ? _raw_spin_unlock_irq+0x23/0x50 [ 402.772626][ T975] ? __pfx_kthread+0x10/0x10 [ 402.774366][ T975] ret_from_fork+0x45/0x80 [ 402.776108][ T975] ? __pfx_kthread+0x10/0x10 [ 402.777689][ T975] ret_from_fork_asm+0x1a/0x30 [ 402.779326][ T975] [ 402.780368][ T975] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 402.783221][ T975] CPU: 2 PID: 975 Comm: kworker/2:2 Not tainted 6.10.0-rc5-syzkaller-00282-g8282d5af7be8 #0 [ 402.787073][ T975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 402.790691][ T975] Workqueue: events wdm_rxwork [ 402.792396][ T975] Call Trace: [ 402.793523][ T975] [ 402.794530][ T975] dump_stack_lvl+0x3d/0x1f0 [ 402.796111][ T975] panic+0x6f5/0x7a0 [ 402.797436][ T975] ? __pfx_panic+0x10/0x10 [ 402.798953][ T975] ? show_trace_log_lvl+0x363/0x500 [ 402.800696][ T975] ? check_panic_on_warn+0x1f/0xb0 [ 402.802459][ T975] ? usb_submit_urb+0x14da/0x1730 [ 402.804174][ T975] check_panic_on_warn+0xab/0xb0 [ 402.805846][ T975] __warn+0xf1/0x3c0 [ 402.807215][ T975] ? preempt_schedule_notrace+0x62/0xe0 [ 402.809062][ T975] ? usb_submit_urb+0x14da/0x1730 [ 402.810773][ T975] report_bug+0x3c0/0x580 [ 402.812241][ T975] handle_bug+0x3d/0x70 [ 402.813653][ T975] exc_invalid_op+0x17/0x50 [ 402.815199][ T975] asm_exc_invalid_op+0x1a/0x20 [ 402.816880][ T975] RIP: 0010:usb_submit_urb+0x14da/0x1730 [ 402.818775][ T975] Code: fd eb cb bb fe ff ff ff e9 c1 f3 ff ff e8 1e 36 d1 fa c6 05 c1 20 11 09 01 90 48 c7 c7 00 e3 e8 8b 48 89 de e8 e7 4e 93 fa 90 <0f> 0b 90 90 e9 b6 fe ff ff bb f8 ff ff ff e9 91 f3 ff ff 48 89 ef [ 402.825131][ T975] RSP: 0018:ffffc900034bfc18 EFLAGS: 00010282 [ 402.827207][ T975] RAX: 0000000000000000 RBX: ffff888042308c00 RCX: ffffffff81500069 [ 402.829939][ T975] RDX: ffff8880226e8000 RSI: ffffffff81500076 RDI: 0000000000000001 [ 402.832604][ T975] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 402.835233][ T975] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000293 [ 402.838003][ T975] R13: ffff88803a31e890 R14: ffff88803a31e850 R15: ffff8880154a0800 [ 402.840688][ T975] ? __warn_printk+0x199/0x350 [ 402.842443][ T975] ? __warn_printk+0x1a6/0x350 [ 402.844088][ T975] ? usb_submit_urb+0x14d9/0x1730 [ 402.845806][ T975] ? mark_held_locks+0x9f/0xe0 [ 402.847541][ T975] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 402.849683][ T975] wdm_rxwork+0xf3/0x200 [ 402.851403][ T975] process_one_work+0x9c5/0x1b40 [ 402.853310][ T975] ? __pfx_wdm_rxwork+0x10/0x10 [ 402.855197][ T975] ? __pfx_process_one_work+0x10/0x10 [ 402.857008][ T975] ? assign_work+0x1a0/0x250 [ 402.858564][ T975] worker_thread+0x6c8/0xf30 [ 402.860115][ T975] ? __kthread_parkme+0x148/0x220 [ 402.861808][ T975] ? __pfx_worker_thread+0x10/0x10 [ 402.863529][ T975] kthread+0x2c1/0x3a0 [ 402.864902][ T975] ? _raw_spin_unlock_irq+0x23/0x50 [ 402.866790][ T975] ? __pfx_kthread+0x10/0x10 [ 402.868380][ T975] ret_from_fork+0x45/0x80 [ 402.869964][ T975] ? __pfx_kthread+0x10/0x10 [ 402.871933][ T975] ret_from_fork_asm+0x1a/0x30 [ 402.873628][ T975] [ 402.875355][ T975] Kernel Offset: disabled [ 402.876946][ T975] Rebooting in 86400 seconds.. KVM: injection failed, MSI lost (Operation not permitted) VM DIAGNOSIS: 19:38:35 Registers: info registers vcpu 0 CPU#0 RAX=0000000000357d23 RBX=0000000000000000 RCX=ffffffff8ae758d9 RDX=0000000000000000 RSI=ffffffff8b2caf00 RDI=ffffffff8b8ff880 RBP=fffffbfff1b12af8 RSP=ffffffff8d807e20 R8 =0000000000000001 R9 =ffffed100d606fdd R10=ffff88806b037eeb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8d8957c0 R14=ffffffff8fe44850 R15=0000000000000000 RIP=ffffffff8ae76ccf RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3dd9f4 CR3=000000000d97a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffce64a67a0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe7899e4256 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe7899e4263 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe7899e425d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe7899e4271 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe7899e42f7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe7899e43d5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000005 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001e0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000005 0000000000000000 0000000000000000 00000000000001e0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff813cddc1 RDX=ffff888028858000 RSI=0000000000000002 RDI=0000000000000001 RBP=ffffffff8b29cba0 RSP=ffffc9000195f0a8 R8 =0000000000000001 R9 =0000000000000002 R10=0000000000000005 R11=0000000000000001 R12=0000000000000005 R13=0000000000000001 R14=0000000000000008 R15=ffffc9000195f195 RIP=ffffffff818ddfad RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000000d97a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000005010404 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=000000003c0f0000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f62feed46a3 00007f62feed46a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffe14e1ca0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555555ffd1e4 0000555555ffd1e0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555555ff7688 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555600c99a 000055555600c3b0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555555ffd534 0000555555ffd530 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555556047630 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f62fee075d8 0000002000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2070616d6d007025 20746f67202c7025 20746e6177005647 4553474953000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0555444848005500 05514a4205095500 05514b4452005647 4553474953000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000608060601458a 1402000986032021 2301ffffffffffff fffff90809800300 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0120c78996100009 8004010000060806 0601458a14020009 860320212301ffff ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffffffffffff908 098003001000019d b4100001800401c7 0800080629f40073 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 657479625f6e695f 65676173752e424d 322e626c74656775 6801ffffffffffff ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffc90801800303 ffffffff04138004 0010000008000801 42b809c4da801000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 eefc0b08000cbf33 2e2e31fc11041214 bfefefefeff2bf33 322e272b20222e2b ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf c924bfbfbfbfbfbf bfbfdf2422bfbf33 322e272b20222e2b ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 2 CPU#2 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fd33f5 RDI=ffffffff94ddb3e0 RBP=ffffffff94ddb3a0 RSP=ffffc900034bf600 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=0000000000000038 R14=ffffffff84fd3390 R15=0000000000000000 RIP=ffffffff84fd341f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2fe1cff8 CR3=000000002a52a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0104100080810010 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff2d16c410 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c431d1c1a141601 5c43000611171d5c ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 34336d697377682f 6d697377685f3131 32303863616d2f6c 6175747269762f73 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f6d697377685f31 3132303863616d2f 6c6175747269762f 736563697665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000051 0000000000000000 000000000034336d 697377682f6d6973 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000454d414e 5f4344555f425355 0000000000000021 0000000000000030 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 325c9a99944ed924 0000000556902e6f 0000000000000171 0000000000007974 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 49383a3a2648383a 3a2633383a3a2632 383a3a263d383a3a 263c383a3a263f38 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 3 CPU#3 RAX=0000000080000000 RBX=ffff88802661c880 RCX=1ffffffff1fc80b9 RDX=1ffff11004cc3a6b RSI=ffffffff8b2cb200 RDI=ffffffff81e9baca RBP=ffffffff81e9baca RSP=ffffc900033dfc38 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff8fe44857 R11=0000000000000000 R12=ffff8880166c2dc0 R13=0000000000000200 R14=ffffea00008c4140 R15=0000000000000000 RIP=ffffffff8ae745ff RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f3d0bd5c440 CR3=000000000d97a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000080001 Opmask01=0000000000000001 Opmask02=00000000bffffffb Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01010100ffffffff ffffffffffffffff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c5f5f0045544156 4952505f4342494c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000042494c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692074616d726f66 2064616200707865 6765722073756f69 76657270206f6e00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 450c584d415e434a 0c484d4e005c5449 4b495e0c5f594345 5a495e5c0c434200 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000