last executing test programs: 45.899517807s ago: executing program 3 (id=1192): bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0) (async) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r2, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4}) ioctl$sock_netdev_private(r2, 0x89f0, &(0x7f0000000000)) (async, rerun: 64) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) (rerun: 64) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r4) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)={0x3c, r5, 0x1, 0x0, 0x0, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (rerun: 64) 45.799577725s ago: executing program 3 (id=1194): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x48, r1, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x48}, 0x4, 0x700000000000000}, 0x0) 45.701754056s ago: executing program 3 (id=1196): r0 = socket(0x10, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080), 0x4) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) keyctl$chown(0x4, r2, 0xee01, 0x0) keyctl$setperm(0x5, r2, 0x21062437) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) capset(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400)) creat(&(0x7f00000002c0)='./file0\x00', 0x0) keyctl$get_security(0x11, r2, 0x0, 0x0) ptrace(0x10, 0x1) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f00000001c0)={0x9}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@ipv6_getaddrlabel={0x24, 0x4a, 0x1, 0x0, 0x0, {}, [@IFAL_LABEL={0x8}]}, 0x24}}, 0x0) getdents64(r3, &(0x7f00000000c0)=""/58, 0x3a) setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x8, 0x6, 0x3, @vifc_lcl_addr=@broadcast, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) getdents64(r3, 0x0, 0x0) keyctl$unlink(0x9, r2, r2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a6c000000060a0104000000000000000002000000400004803c0001800a0001006d617463680000002c00028014000300f4f03b02ffffffffff0008116b61979e090001006c3274700000000008000240000000000900010073797a30000000000900020073797a32"], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1d, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}]}}]}, 0x38}}, 0x0) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd700048128c18d718688d0900010073797a30e54d7c2be480ce0073797a3000200000"], 0x2c}}, 0x0) 45.701204637s ago: executing program 3 (id=1198): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000480)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x5, 0x7fffffff}]}) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x4, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r1 = creat(&(0x7f0000000000)='./bus\x00', 0x181) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00') write$UHID_INPUT(r1, &(0x7f0000000c40)={0x8, {"69ef7ca846fa201622ad9c8595380f54d6f3ee1a487c85f0ba5f82483e4a0f3d5a43d86217176e8e7794b233a8c5439c6df70cb48c537282d4cb98e3c35d572e7732abd4612b6ca622c66a8bc8378f8471deb059c6268263588fed8740df7c3f8f6160178988861a460a734448c19c2f58a199693f5e9b85e4d39601acc9d74b8d5015a96d9a997e23667e9d45b4902251ab41dabb186e19690f84419e85d365a404945e8ecb06f89187e2b776dfe50dcd6511d7617b678c3a66304880c6b1c43e7e20ccf4a01c401bf2e6bfdeeb31304c0f9f3318978fe6dcfbc3e8b64dd58dc2bb33da54b731ff091b2edabc32035469150b7e67aa02c0a84fe19b752e2724de941e229b451e01584b417dfe3f38f26fa8af0658c0d2cce4ea56e3f990e6c68fae2c0497aca58178be5e73de2a0481606343142c3192ca34359be6a2f44f7fef7f5b755e89592a9f7a0e722f25901274a1a6d7e82edf9957585c7c310d7fd245dbe043c51ff9ac81ee39d92f09af4b95b393f7735e1bf6298ce197ba14609cc66c3fd242d16a6d6715254c099f3002293c5a22f2e44b210f242b13c29732654c0ecfac0c1286bcb6e6cad2fc461990c6fd362a9827f80f5ff3d7bb4c8fe608b1a07d9e0f9a1aa5869866d7d29da0873edf1314d26340051eac60e41ede1520e894418655d74fcbe07142460bb3c3f302a5ebb9d4ad45a4294b998110f9719029f97c0ab07c07c288ebc61fded772548b61265528f89cf6ec2c2b65fd8bdbbceeb47fce3498426af151e92f9c91813894df9bac3af6064b8e1d48a896c227e23a62e9f21aaeb4ee461e12d01a6724b3e4c550e4a1e3bc2b98b4bff4c728e3fa02f14aecd209440246f3ddf1b5416255c533f628c04b10b30b043778233e470a8f6e16aa0fe2ed938bdcbf8a5cfdb1cd94d321cb25b5543e3900f9e8a960cea835d410bb4d5f8a6de87ab0f34b521ba443fc6795d28f76df4ca36d0bb27986a8f12715c0b21f413f19d337207de8bf3fa94b09bdfdab1fff781c9a13a0a9e82dd7548880ae6ce2646b9c4aa598af0067cb296efd9ec3f1b9da64b2e0cbde1967f796037984daa6d72b0c021060f5063ff63bd1de8617094128b93346e58f9cb1d2ac2e1af64538b7e8d3ec09502fbb28cc8ee79865c37f1f65b53aa07d721e44f3c7baf0646cf61066bcf704da9a1691f745e1519d1d6f5c3e28ba87fe428c034802e8ec2ac0e51577d931bd34001b53a2b2f7a2ada5d529ec9cd7d6829c07f104f2388ed465cd88716a7716a227bfa76dd28243dca1ac21c826c2627eac7da14def4880557fe0f3b94872290e3a734349dbacf8e92df8e1c544f7e101ca24608024402db4cb3cf8ce857d9d1561c51c5c851e891fce166bcbfb6af134de8485ace91d4c8e671887159d69a3b2d1ab116a32767b64f98ef28896b00c3ccb144d759ad57b102580a79fa437af27e56edf652ec09ba07cea06ca03c74e9f47fdb7e073dae178a0bc90da8f9105e38617da90e5c0017e374a566448b70be7664fa3bc0e143d70b58e5f90a8fc4553406620e9df818e9ea9111f5bff3d08fd4c2b408a745091cda4dff7480447985f719617646e5811e4c6b6d242a23e2f4810bc090722802b3bef0fc77bd6cb746703d49bd19f9f7384dbb05ba5b9120ed8ca09fa0a57c49df19190f240dbf6dccaa26061679ed4e96312ab79a8783c3a52f134753493c87e012e2f3ed5a336ac226320ea94764d0078c47e47fc05fea0db5c6b548a72302e6b0c61a1478a85c7efe6ab1859cdb44302e2a651870e851204817ae0e67aedc3daef67766c398afb5e586f584add30a70a8604cc4b0db0e928ad8d60067aee73bbe2bb04d9022345375f87a703ea30d78c989f34ad74a231aeccb3ef2e19666f6d609bb5f3afee4fbae8cd1bcd2b0bb300616e69c44388c8236ca85eb7ed59056945813d2c5d109efd048c217b5b52d6a9d7e608b17b4b2d28fb2268c392894f561d7e9fa52eab8f5e04388997efbbe5efbb0f747cb67648e68648c7638b8f04e07aeb17189dbeeca8ee5b0140eba862ba60edce1bfa63f51f56a6a8644f8afeaa49272253da36703a6d45d7272b367523d6581cdbac7ab8482a5524ddcd052265454df0b2741ba1c89b04d9270cb50ccf172e2ac70aed04746c88f908a14d0ac2e3d66099fa38944c77c4c3bb9372d6f1d2d02dbb631a8bc583b8ef7c8a0be473467ed252c8aac54aedc9eae625040d42d14e86ff43f45823bbe533902037bf3fa51fb5d21618550359de1d21a494cb68fb52244ca3bb2b1acf3543b6a2a61bd980090d0dfbf2afad924c0e8c7889f982534b4b40f4acafe5fbbc6c95553cca776667c09742812fb33fd6b34e84930786a074e3e75c3a93f5aea8f597ac2c2b9a7d1a9f1d79fbca894ca731a7e41a2eadf29a471656a5bc39d32fe676917d7606995836d36293c366b56e0a16bd616fc5601b6ac491097f81f7774df9a7577265329ed3f2a720e1bc1dc526c47d408afe16a1f3aac482f36bd2950e30eca9a79d600a6f06bee7b8a7d4ceef98dd8bb11c6d5c7ed9d6358b8680edf857831174042111a5d0f10f3defe66e4c66c98b84a9f28e7bd850698522b642535c16536f1aa4739611850be33ecfd43e00456339a2e6f7a7c458281dd77d3ac4980e686fbacf72bf5dd79f1a838a277f20e64ab0a2dd4d541abee51b5d3bf353897bec44dc3e58244e6339e30f6da3bf56c62dc963179b14353a7430fb672e04ccb5f3016821566792d6acf57bc2c97520a3602d8d09e7dfe3a5411f3732aa5e1e00ea83732f2fc6a526f4a3c0c5f5ab41c868274deca10ab21e8fbbbf881e319d9f0cb78d4400c0996f216884b9810f3cb58d472d74a71a8969f0076804e528b254812104ea2db99069b12be2c6d4d6fad84e64088b2f266a69b4060e4d7c323f23db35fb4490af5810476ff9cb5715248ef9354b5c3ded514aaa5867440b4c1a6cecf1c9f7e240eff3f13120269069601223238748cf3ba0ff897f50c7c8dddf4e50251c794690a2fcec74959b41f5570be559428bfd2d227863659e3b7aa30a2bcbbef720b09f1dc48330082625d9798d882e162bc5576842bc5c9ff4a034df8e866d6e83cc6d2a4d907889d98550a861805bfdbb45a30b4e01c7c4b1057f18c6be39ae9616f4dbd555eeb1844137d7a7fa6cd7be7b70ba51d6da9f7d328a007e93df8db4ad394c334e42fb953b6cb630a792580227e81dd30316172dae18bc69e028c54813c49485337a540f368c0dcc822f139f3144103625eaff11ac4a67784e54fe61c20388fd2d1abb7c5893f0a092a19616ae54416290c867701851bd7c005e68e9303094722c66752c6bcfc95af6ea076bea8d0571e65c03b635c05509bac18491b7d5f987b730531eb661ba6a006c9379f72067d78872f582949979697fea7a5330cd1f32b5524b0c88e16d96b074b0869c88ef864aa5e64b7a82f0ccfca3d289c1d6dd7325fb2b7332a17a42c72853652a90c5536b67f6c49e1d5f11d13b2b6f7aa27aaa688451eb31266663776017fbeb31b2c0f0b32aa5d8cab2c4ecd6aa2fe2c9d4f335e547423c88502e47f6f628c8e274c16349aa2a9a0821a9320fb3af6ababecac87ed9e0a3cebb1c976d31ac27f66ad5a46bacff6e548cf750f55e4366d66b04dae6b0f4bcee12cf9f9b419f6b742118b9eca3d9aef532fc5820e596d747c462cb1482e88055064ac32dd20f04ba998479946b5a551d234a7cfbd434257bf6b69dc923d78d3098a36ec34db3b8213fad8ec67ed051f684969ffbb123285030af47813e4d98b927729fcb47b8408218c98a1d965658a24d59877a6b93c78b7be0b76bcc76b4da9513f083eba1c461d666f376c2f45111efca68e4a19af6cd8db1c8000337b9f628446a13c6289d9c1add0f07bfcb8f3c5231216e81c79a09f636f0f9d94f7e51573bf202026f864b0b9050d4d9e7771c16d69bb679c395f3300539ed222f7a426aa2052fcaf9527508bf918d30df60bb957a56450448a102ccc0c456efee3646fc866427b4d9b3202841df7963e27ebd6da6af2c50eed9b8a76f5bb481df466526da8eb1220d7ef51bc779e24130013cbfe7738875e5d4983fccfecda3a1e663eaa67a909a057935b21ca19cdad021f5a8e7f86c240fb6401f6cc84a43d6634197173735125f7869b3c077aef2569f553527d007b478e8d5f44430ff4a012622fd43438ee55621cdfd623dbb2202370ae44fd47415a377bde98d97479478550b7cf037fc5d99bb5ea51524bd8298d1335fa82fe566f7f6bcced0305b1348adfcd202a5d2f51d508a8f40dcd74454d26e1e54dec58bc34663bf318b7b480c89f15fdeffef1ba4545a469b6d2fb1c14cd9543bdd319e449bcd207144e2786105c61f0cdb6d41f07953c3bc73eefbc7b8e90ae85d0f5696a387145d2727bca06acfebb59da65419d14e790ab905de1be7680e58e942608cc73cbfe44652c3e4ffbc595655a5359ddc3f6ee437abcc12f6735b3a9cd8d300dbe43a8c02519097bf34c44883390c9083d859d8596b24f2cb963eef371dcceaa73ccc7ed5fa9772aba6a0f955a217b83281596ed99c5a9f1f496d793e18c30ad117839a2b6192af33d0ad52132228cdc5b66b77531518e66ed9a11cebe82086eaeb0dec96620b1a51f9a6fe73769ea7790f8659edc7b16ceafa565a7c1165bda9cc6b47aca94ef92e67820ed8ca674f241ccab2a74d6f991e78bbc8c3a0891272e10c0f9b70676bb7751ebf4ea3593ce1b6ab307804ae079e58f7417b5d35dcf96f8ab3b64d3e79181024fcea5f7fdce1ae186432010e33bc81a6876b1669e90c0253b2f8dc34595e520a1388b43bb301d0fc5071763123a09437b09c5aedd6a0a9ff323a27990358f3f9bf6150b286210326190666330f542cdb7374d328e5482a48b48ddb4a6a57f270cda1592a4adfc2034560172a98af6b8d1382ca88ec51724e583b7d3e400309f0e70ad91d3c40833425360631b4a4dcb7a6bf3731de0ee52333c196ec7b2705f1d852fe4898ef9dac849b89b9aa708720760627ee867c6e53b75937c8d78fe83e9ae86267878aa62fa802cfab850313b75783ee6ede0d0daa62fa3cc6c5a59a69f2c4213a447017f730cd1e09389e171d4da4b59a50f8b087db8b8c4c5b04705a9d13707b866688b0668afba111e8376502c27522c640a0e0a3e07b0d98251b60a57687bbbd44539dc0e1a99d8133b38de74426f9d78122414033e9d837eac0a0121edd4a662a6366732135ee52ec62db57cfb7e7550e35614e40c3069edf40e17819c8ecfa33c13501ba6bf732d2654b5a0f02e6f1879ea64a9723fc2a5509c1e3b8b768652bbf568603088f35b35e448cc0ddd9f9217a103777c79df0e969243ae0cbc7b4b768be7c9ee689b81265f528f51ee8efd5bc1c827f33fb6550108075191de02108d6dc2d54b3d7e821fc627db2ac6d399e0d415a09957fdf55b166ca79abbc33957885fe781222359f46b755dae5a724307d038e93d8395a31441691c4435d145f7f0a75a23df837565acad7af792d2452d1d05d0fd8f4d0796b463dcc29c547e20b5387f14f152b11e0e3244600992d9f51623931481554f65172dc8b9e62db8e2d52ba44e1f1768fe2011b7053b943d6b4171cc060af0763105fc6b64e94c904269a934f4ff7c32085c84d8e83b2f8fc86732dddefc55584dd79d30e4bb6e8c183ef18c0c9479dbf8db95d3da58d080e2bf291ad9d0be828ad1da5dd7364fafd4794169daad6f21dc4", 0x1000}}, 0x1006) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x4048080) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x4c2d, &(0x7f0000000100)={0x0, 0x6e21, 0x8, 0x2, 0x2ec}) r5 = socket(0xa, 0x5, 0x0) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r6, 0x8983, &(0x7f00000001c0)={0x3, 'vlan1\x00', {0x6}, 0x5}) ptrace(0x10, r4) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r4, 0x0, 0x0) 45.637202598s ago: executing program 3 (id=1201): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000280)=""/184, &(0x7f0000000180)=0xb8) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) r7 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r7, 0x6, 0x5, &(0x7f0000000140), 0x4) sendmmsg$unix(r1, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r8, 0x0, 0x400000, 0x3) 45.439864301s ago: executing program 3 (id=1205): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_dev$evdev(&(0x7f0000000080), 0x5, 0x198042) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r4}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x18}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x8, 0x0, 0x4, 0x8, 0xc, 0x7}, {0x1, 0x0, 0x9, 0x401, 0x0, 0x7fffffff}, 0x2000001, 0x1000, 0x575}}, @TCA_TBF_RATE64={0xc, 0x4, 0x274bdcb7db3981e2}, @TCA_TBF_PRATE64={0xc, 0x5, 0xe1e31d5aa9748ab8}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c404}, 0x0) 45.392728535s ago: executing program 32 (id=1205): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_dev$evdev(&(0x7f0000000080), 0x5, 0x198042) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r4}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x18}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x8, 0x0, 0x4, 0x8, 0xc, 0x7}, {0x1, 0x0, 0x9, 0x401, 0x0, 0x7fffffff}, 0x2000001, 0x1000, 0x575}}, @TCA_TBF_RATE64={0xc, 0x4, 0x274bdcb7db3981e2}, @TCA_TBF_PRATE64={0xc, 0x5, 0xe1e31d5aa9748ab8}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c404}, 0x0) 3.720411438s ago: executing program 0 (id=1703): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) shutdown(r0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000010d90472a000000000000109022400010000000009040100020300000009210000000122040009058103"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$lock(r4, 0x25, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x7}) fcntl$lock(r4, 0x25, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\"R'], 0x0}, 0x0) socket$netlink(0x10, 0x3, 0x0) 2.689133319s ago: executing program 2 (id=1711): r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r1 = inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000007) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='hrtimer_init\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x42000000) write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r2, 0x1000) r3 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) close(0x3) dup(r3) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0xd0f, 0x203, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES8, @ANYRESOCT=r1], 0x69) 2.401995004s ago: executing program 2 (id=1714): bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@ip={@local, @local, 0x0, 0x0, 'veth0_to_team\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r0 = socket$inet(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000e80)={@link_local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x2, 0x0, 0xfe, 0x11, 0x0, @local, @multicast1}, {0x0, 0x4e22, 0x8}}}}}, 0x0) 2.290073199s ago: executing program 2 (id=1715): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r2 = dup(r1) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$FUSE_BMAP(r2, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r3 = getpid() sched_setscheduler(r3, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r4, 0x0, 0x0) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) 2.039506771s ago: executing program 0 (id=1717): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000180)=0xa2, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@private2, @in=@dev}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000480)=0xe8) 1.299291041s ago: executing program 4 (id=1722): r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r1 = inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000007) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='hrtimer_init\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x42000000) write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r2, 0x1000) r3 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) close(0x3) dup(r3) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0xd0f, 0x203, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES8, @ANYRESOCT=r1], 0x69) 1.070205963s ago: executing program 0 (id=1723): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) 1.07000297s ago: executing program 1 (id=1724): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cubic', 0x5) 987.693087ms ago: executing program 4 (id=1725): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffe1d, 0x0}, 0x40000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000040)={0xffffffff}) 987.476524ms ago: executing program 1 (id=1726): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ff01000000000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_ethernet(0x12, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaac7aabbffffffffffff810000"], 0x0) 985.851714ms ago: executing program 4 (id=1727): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20) 930.1922ms ago: executing program 1 (id=1728): prlimit64(0x0, 0x5, &(0x7f0000000140)={0x6, 0xfffffffffffffff9}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) syz_emit_ethernet(0x36, &(0x7f0000000140)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @remote}, @timestamp_reply}}}}, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x10) pwritev2(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) readlinkat(r2, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)=""/96, 0x60) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, &(0x7f0000000cc0)={0x2020}, 0x2020) write$P9_RGETLOCK(r4, &(0x7f00000002c0)=ANY=[], 0x200002e6) 929.961519ms ago: executing program 4 (id=1729): socket$tipc(0x1e, 0x4, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x20000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var={0x0, 0x0, 0x0, 0xe, 0x0, 0x1}, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0x0, 0x100}, {}, {0x6}, {}, {}, {}]}, @func, @volatile={0xffffffff}, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96, 0x0, 0x0, 0xfffffffc}, 0x28) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) 883.722529ms ago: executing program 0 (id=1730): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001800)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfff3, 0x9}, {}, {0xc, 0x5}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x20000000, 0xffffffff, 0xf761, 0x10000, {0xff, 0x2, 0x6f83, 0x57e, 0x5}, {0x1, 0x1, 0x1000, 0x280, 0x8, 0x2}, 0x2, 0xfffffdde, 0x7}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x200008e2) 639.745028ms ago: executing program 0 (id=1731): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103603, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000080)="66b9200001c00f01cb4f3066b9800000c00f326635008000000f300f01442e363e0f01ca0fbb9d0e0066b9820000c00f324466350d000000440f02c03e3e0f01c4c1ef00", 0x44}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 588.222928ms ago: executing program 4 (id=1732): getpid() r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000300)={@link_local, @random="2059249b3790", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) 587.907193ms ago: executing program 2 (id=1733): r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r1 = inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000007) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='hrtimer_init\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x42000000) write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r2, 0x1000) r3 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) close(0x3) dup(r3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0xd0f, 0x203, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x2}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES8, @ANYRESOCT=r1], 0x69) 587.67386ms ago: executing program 4 (id=1734): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_usb_connect(0x0, 0x81, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000a7420040ab050103000101020301090224000100"], 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x5) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 516.96452ms ago: executing program 0 (id=1735): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf7473000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) io_setup(0x8f0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000340)=[0x0]) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) 86.279996ms ago: executing program 1 (id=1736): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffe1d, 0x0}, 0x40000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000040)={0xffffffff}) 86.090176ms ago: executing program 2 (id=1737): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$selinux_access(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56) 223.745µs ago: executing program 1 (id=1738): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) 105.056µs ago: executing program 2 (id=1739): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001800)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfff3, 0x9}, {}, {0xc, 0x5}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x20000000, 0xffffffff, 0xf761, 0x10000, {0xff, 0x2, 0x6f83, 0x57e, 0x5}, {0x1, 0x1, 0x1000, 0x280, 0x8, 0x2}, 0x2, 0xfffffdde, 0x7}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x200008e2) 0s ago: executing program 1 (id=1740): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) 0s ago: executing program 2 (id=1741): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in=@broadcast, 0x4e24, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0xfffffffffffffffc, 0x200000000000, 0x101}, 0x800, 0x0, 0x1, 0x0, 0x6}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210106, @local, {[@ssrr={0x89, 0x7, 0xe9, [@multicast2]}, @generic={0x7, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x20, 0x8000}}}}}}, 0x0) kernel console output (not intermixed with test programs): 29.569225][ T6055] usb 8-1: Manufacturer: syz [ 129.569237][ T6055] usb 8-1: SerialNumber: syz [ 130.032361][ T9784] 9pnet_fd: Insufficient options for proto=fd [ 130.056155][ T40] audit: type=1400 audit(1758541723.302:627): avc: denied { setopt } for pid=9799 comm="syz.1.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 130.063373][ T40] audit: type=1400 audit(1758541723.302:628): avc: denied { bind } for pid=9799 comm="syz.1.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 130.158198][ T9809] o2cb: This node has not been configured. [ 130.160768][ T9809] o2cb: Cluster check failed. Fix errors before retrying. [ 130.163483][ T9809] (syz.1.875,9809,1):user_dlm_register:674 ERROR: status = -22 [ 130.167025][ T9809] (syz.1.875,9809,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 130.211562][ T9809] netlink: 'syz.1.875': attribute type 16 has an invalid length. [ 130.467338][ T9822] overlayfs: failed to clone lowerpath [ 130.735169][ T9833] tmpfs: Unknown parameter '|uge' [ 131.066174][ T6054] usb 5-1: USB disconnect, device number 21 [ 131.069268][ T6055] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 131.078061][ T6055] usb 8-1: USB disconnect, device number 21 [ 131.082101][ T40] audit: type=1400 audit(1758541724.322:629): avc: denied { getopt } for pid=9843 comm="syz.0.883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 131.315069][ T9865] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13) [ 131.317238][ T9865] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 131.319765][ T9865] vhci_hcd vhci_hcd.0: Device attached [ 131.555651][ T6054] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 131.731119][ T9893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.894'. [ 131.736473][ T9893] Invalid logical block size (8193) [ 132.024180][ T6224] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 132.083968][ T9866] vhci_hcd: connection reset by peer [ 132.086944][ T6668] vhci_hcd: stop threads [ 132.088321][ T6668] vhci_hcd: release socket [ 132.090575][ T6668] vhci_hcd: disconnect device [ 132.127399][ T9922] netlink: 36 bytes leftover after parsing attributes in process `syz.1.900'. [ 132.164702][ T839] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 132.194153][ T6224] usb 7-1: Using ep0 maxpacket: 8 [ 132.198064][ T6224] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 132.201209][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 132.206179][ T6224] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.211422][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.216103][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.221362][ T6224] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 132.224757][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 132.229440][ T6224] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.234925][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.239571][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.244849][ T6224] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 132.248128][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 132.252729][ T6224] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.257536][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.262300][ T6224] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.269622][ T6224] usb 7-1: string descriptor 0 read error: -22 [ 132.272068][ T6224] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 132.275244][ T6224] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.283541][ T6224] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 132.334403][ T839] usb 8-1: Using ep0 maxpacket: 8 [ 132.338202][ T839] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 132.340902][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 132.346117][ T839] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.350292][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.354946][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.359748][ T839] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 132.362831][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 132.368183][ T839] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.372773][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.377723][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.382930][ T839] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 132.386323][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 132.391473][ T839] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.396951][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.401314][ T839] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.406947][ T839] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 132.410653][ T839] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.413916][ T839] usb 8-1: Product: syz [ 132.415748][ T839] usb 8-1: Manufacturer: syz [ 132.417626][ T839] usb 8-1: SerialNumber: syz [ 132.487942][ T72] usb 7-1: USB disconnect, device number 19 [ 132.607918][ T9947] overlayfs: missing 'lowerdir' [ 132.632002][ T839] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 132.638845][ T839] usb 8-1: USB disconnect, device number 22 [ 132.673700][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.677301][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.677316][ T9965] netlink: 'syz.1.906': attribute type 27 has an invalid length. [ 132.714827][ T9965] sit0: left allmulticast mode [ 132.771870][ T40] audit: type=1400 audit(1758541726.012:630): avc: denied { read } for pid=9971 comm="syz.0.907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 132.892817][ T9965] veth0_macvtap: left allmulticast mode [ 132.894840][ T9965] macvtap0: left allmulticast mode [ 132.918648][ T9965] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 132.960124][ T9965] veth3: left promiscuous mode [ 132.970332][ T6667] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.973365][ T6667] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.976546][ T6667] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.979662][ T6667] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.982925][ T6667] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.986583][ T6667] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.990030][ T6667] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.993316][ T6667] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.036646][ T9991] netlink: 12 bytes leftover after parsing attributes in process `syz.0.913'. [ 133.255044][T10000] netlink: 20 bytes leftover after parsing attributes in process `syz.1.915'. [ 133.258885][T10002] netlink: 20 bytes leftover after parsing attributes in process `syz.1.915'. [ 133.540225][T10034] binder: 10033:10034 ioctl c0306201 200000000080 returned -14 [ 133.588118][T10036] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.923'. [ 133.599940][T10036] bridge1: entered promiscuous mode [ 133.679975][T10054] netlink: 24 bytes leftover after parsing attributes in process `syz.3.927'. [ 133.694797][ T840] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 133.854319][ T840] usb 7-1: Using ep0 maxpacket: 8 [ 133.858968][ T840] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 133.862342][ T840] usb 7-1: config 0 has no interface number 0 [ 133.865462][ T840] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 133.870335][ T840] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 133.876117][ T840] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 133.880429][ T840] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 133.885873][ T840] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 133.889653][ T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.893742][T10131] netlink: 'syz.3.931': attribute type 27 has an invalid length. [ 133.896592][ T840] usb 7-1: config 0 descriptor?? [ 133.900566][T10131] lo: left promiscuous mode [ 133.902155][T10131] tunl0: left promiscuous mode [ 133.902198][ T840] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 133.903819][T10131] gre0: left promiscuous mode [ 133.908931][T10131] gretap0: left promiscuous mode [ 133.911451][T10131] erspan0: left promiscuous mode [ 133.916616][T10131] ip_vti0: left promiscuous mode [ 133.925476][T10131] ip6_vti0: left promiscuous mode [ 133.930251][T10131] sit0: left promiscuous mode [ 133.938335][T10131] ip6tnl0: left promiscuous mode [ 133.943950][T10131] ip6gre0: left promiscuous mode [ 133.951467][T10131] syz_tun: left promiscuous mode [ 133.958047][T10131] ip6gretap0: left promiscuous mode [ 133.962884][T10131] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.966366][T10131] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.972316][T10131] bridge0: left promiscuous mode [ 134.088087][T10131] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.103185][T10131] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.108045][T10131] batadv_slave_1: left promiscuous mode [ 134.108536][ T40] audit: type=1400 audit(1758541727.362:631): avc: denied { write } for pid=10027 comm="syz.2.922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 134.108639][T10028] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.110310][T10131] batadv_slave_1: left allmulticast mode [ 134.272678][T10137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.277059][T10137] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.282018][T10137] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 134.290840][ T1235] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.293631][ T1235] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.297089][ T1235] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.300561][ T1235] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.543808][ T40] audit: type=1400 audit(1758541727.782:632): avc: denied { nlmsg_read } for pid=10158 comm="syz.3.934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 134.552691][ T40] audit: type=1400 audit(1758541727.792:633): avc: granted { setsecparam } for pid=10158 comm="syz.3.934" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 134.588163][ T40] audit: type=1400 audit(1758541727.832:634): avc: denied { ioctl } for pid=10162 comm="syz.3.935" path="socket:[29723]" dev="sockfs" ino=29723 ioctlcmd=0x6629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 134.964015][ T5985] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 135.008069][ T40] audit: type=1400 audit(1758541728.252:635): avc: denied { append } for pid=10184 comm="syz.3.942" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 135.194338][ T40] audit: type=1400 audit(1758541728.432:636): avc: denied { setattr } for pid=10203 comm="syz.3.947" path="socket:[31788]" dev="sockfs" ino=31788 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 135.313577][ T40] audit: type=1400 audit(1758541728.552:637): avc: denied { bind } for pid=10228 comm="syz.1.955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 135.544198][ T29] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 135.705766][ T29] usb 8-1: Using ep0 maxpacket: 8 [ 135.709232][ T29] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 135.712270][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 135.716398][ T29] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 135.720792][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 135.724662][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 135.729519][ T29] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 135.732633][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 135.737346][ T29] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 135.742052][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 135.746782][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 135.751617][ T29] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 135.754682][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 135.758809][ T29] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 135.763517][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 135.768411][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 135.775042][ T29] usb 8-1: string descriptor 0 read error: -22 [ 135.777675][ T29] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 135.780975][ T29] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.795950][ T29] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 136.043967][ T72] usb 8-1: USB disconnect, device number 23 [ 136.186765][ T1028] usb 7-1: USB disconnect, device number 20 [ 136.188675][ C3] ldusb 7-1:0.55: usb_submit_urb failed (-19) [ 136.193365][ T1028] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 136.211973][T10237] 9pnet_fd: p9_fd_create_tcp (10237): problem connecting socket to 127.0.0.1 [ 136.313388][T10265] netlink: 'syz.0.959': attribute type 7 has an invalid length. [ 136.421166][ T40] audit: type=1326 audit(1758541729.662:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10262 comm="syz.1.958" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa41018ec29 code=0x7fc00000 [ 136.463173][T10284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.961'. [ 136.512451][T10286] gtp0: entered promiscuous mode [ 136.654249][ T6054] vhci_hcd: vhci_device speed not set [ 136.789075][ T40] audit: type=1400 audit(1758541730.032:639): avc: denied { connect } for pid=10306 comm="syz.3.968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 136.798024][ T40] audit: type=1400 audit(1758541730.032:640): avc: denied { read } for pid=10306 comm="syz.3.968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 136.817052][T10313] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.966'. [ 137.064875][ T24] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 137.216408][ T24] usb 7-1: config 1 has an invalid interface number: 7 but max is 0 [ 137.219811][ T24] usb 7-1: config 1 has no interface number 0 [ 137.222300][ T24] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 137.227272][ T24] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 137.231145][ T24] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 64 [ 137.235150][ T24] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.241984][ T24] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 137.245807][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.249010][ T24] usb 7-1: Product: syz [ 137.251410][ T24] usb 7-1: Manufacturer: syz [ 137.253359][ T24] usb 7-1: SerialNumber: syz [ 137.255408][ T840] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 137.261618][T10317] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 137.264690][T10317] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 137.434125][ T840] usb 5-1: Using ep0 maxpacket: 8 [ 137.438599][ T840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 137.441614][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 137.446310][ T840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 137.451417][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 137.456789][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 137.462393][ T840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 137.465625][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 137.470025][ T840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 137.474867][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 137.479801][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 137.485648][ T840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 137.488610][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 137.493201][ T840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 137.498179][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 137.502718][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 137.510838][ T840] usb 5-1: string descriptor 0 read error: -22 [ 137.513431][ T840] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 137.518181][ T840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.531871][ T840] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 137.671817][ T24] usb 7-1: Error in usbnet_get_endpoints (-71) [ 137.680132][ T24] usb 7-1: USB disconnect, device number 21 [ 137.728604][ T29] usb 5-1: USB disconnect, device number 22 [ 137.984580][T10367] netlink: 24 bytes leftover after parsing attributes in process `syz.1.975'. [ 138.014317][ T24] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 138.017237][T10367] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=10367 comm=syz.1.975 [ 138.022924][T10367] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10367 comm=syz.1.975 [ 138.032440][T10367] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 138.131776][T10433] netlink: 'syz.1.978': attribute type 1 has an invalid length. [ 138.165444][T10433] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 138.169352][T10433] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 138.196682][ T24] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 138.200047][ T24] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 138.203073][ T24] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 138.206187][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.211490][T10317] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 138.213305][T10475] gretap1: entered promiscuous mode [ 138.216478][ T24] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 138.290621][T10494] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.980'. [ 138.417190][ T24] usb 7-1: USB disconnect, device number 22 [ 138.423958][T10510] netlink: 8 bytes leftover after parsing attributes in process `syz.1.985'. [ 138.584155][ T29] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 138.728696][T10551] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 138.731143][T10551] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 138.735346][T10551] vhci_hcd vhci_hcd.0: Device attached [ 138.738479][T10552] vhci_hcd: connection closed [ 138.738689][ T6668] vhci_hcd: stop threads [ 138.741725][ T6668] vhci_hcd: release socket [ 138.743186][ T6668] vhci_hcd: disconnect device [ 138.754676][ T29] usb 5-1: Using ep0 maxpacket: 8 [ 138.757513][ T29] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 138.759829][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 138.763285][ T29] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 138.767025][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 138.770499][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 138.774407][ T29] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 138.776754][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 138.780216][ T29] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 138.783867][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 138.787791][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 138.791681][ T29] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 138.794026][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 138.797473][ T29] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 138.800955][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 138.804960][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 138.809913][ T29] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 138.812905][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.815943][ T29] usb 5-1: Product: syz [ 138.817508][ T29] usb 5-1: Manufacturer: syz [ 138.819468][ T29] usb 5-1: SerialNumber: syz [ 139.031303][ T29] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 139.036446][ T29] usb 5-1: USB disconnect, device number 23 [ 139.239495][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 139.239506][ T40] audit: type=1800 audit(1758541732.482:643): pid=10500 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.982" name="bus" dev="9p" ino=73924721 res=0 errno=0 [ 139.248847][ T40] audit: type=1400 audit(1758541732.482:644): avc: denied { mount } for pid=10573 comm="syz.1.997" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 139.269768][T10579] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 139.315205][T10584] netlink: 'syz.1.1000': attribute type 1 has an invalid length. [ 139.398812][ T40] audit: type=1400 audit(1758541732.642:645): avc: denied { read } for pid=10598 comm="syz.3.1005" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 139.407121][ T40] audit: type=1400 audit(1758541732.642:646): avc: denied { open } for pid=10598 comm="syz.3.1005" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 139.407829][T10599] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1005'. [ 139.465999][T10604] kAFS: Can only specify source 'none' with -o dyn [ 139.731650][T10635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1013'. [ 139.743228][T10634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1013'. [ 140.000165][T10674] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10674 comm=syz.3.1017 [ 140.040983][T10678] Option 'Í'M•O§±' to dns_resolver key: bad/missing value [ 140.163684][T10696] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1025'. [ 140.335210][ T34] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 140.444198][ T6054] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 140.494207][ T34] usb 7-1: Using ep0 maxpacket: 8 [ 140.500984][ T34] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 140.504164][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 140.509523][ T34] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.515074][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.519527][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.524822][ T34] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 140.528038][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 140.532647][ T34] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.538101][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.542616][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.548354][ T34] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 140.551333][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 140.555938][ T34] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.560344][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.563705][ T34] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.568538][ T34] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 140.571507][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.574005][ T34] usb 7-1: Product: syz [ 140.575677][ T34] usb 7-1: Manufacturer: syz [ 140.577088][ T34] usb 7-1: SerialNumber: syz [ 140.604313][ T6054] usb 5-1: Using ep0 maxpacket: 8 [ 140.609210][ T6054] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 140.612571][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 140.617418][ T6054] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.622331][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.627350][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.632553][ T6054] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 140.635630][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 140.640022][ T6054] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.645281][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.649648][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.654646][ T6054] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 140.657747][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 140.662404][ T6054] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.667700][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.672076][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.679025][ T6054] usb 5-1: string descriptor 0 read error: -22 [ 140.681764][ T6054] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 140.685722][ T6054] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.695630][ T6054] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 140.760104][T10735] syzkaller0: entered promiscuous mode [ 140.762333][T10735] syzkaller0: entered allmulticast mode [ 140.787143][ T34] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 140.794879][ T34] usb 7-1: USB disconnect, device number 23 [ 140.894224][ T6054] usb 5-1: USB disconnect, device number 24 [ 140.955750][T10763] netlink: 'syz.3.1032': attribute type 27 has an invalid length. [ 140.958344][T10763] netlink: 'syz.3.1032': attribute type 4 has an invalid length. [ 140.961002][T10763] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1032'. [ 141.456423][ T40] audit: type=1400 audit(1758541734.702:647): avc: denied { accept } for pid=10771 comm="syz.0.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 141.637938][T10795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1040'. [ 141.640834][T10795] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1040'. [ 141.643790][T10795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1040'. [ 141.647073][T10795] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1040'. [ 142.004261][ T6054] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 142.018843][ T40] audit: type=1400 audit(1758541735.262:648): avc: denied { accept } for pid=10838 comm="syz.2.1056" path="socket:[30023]" dev="sockfs" ino=30023 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 142.164234][ T6054] usb 8-1: Using ep0 maxpacket: 8 [ 142.168079][ T6054] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 142.171183][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 142.176347][ T6054] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.181528][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.186200][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 142.192113][ T6054] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 142.196395][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 142.200981][ T6054] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.206046][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.210863][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 142.216206][ T6054] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 142.219342][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 142.223990][ T6054] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.229299][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.233816][ T6054] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 142.238958][ T6054] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 142.241774][ T6054] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.244557][ T6054] usb 8-1: Product: syz [ 142.245933][ T6054] usb 8-1: Manufacturer: syz [ 142.247478][ T6054] usb 8-1: SerialNumber: syz [ 142.276871][ T40] audit: type=1400 audit(1758541735.522:649): avc: denied { bind } for pid=10864 comm="syz.2.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 142.286039][ T40] audit: type=1400 audit(1758541735.522:650): avc: denied { setopt } for pid=10864 comm="syz.2.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 142.328660][T10876] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1065'. [ 142.457946][ T6054] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 142.468985][ T6054] usb 8-1: USB disconnect, device number 24 [ 142.530787][T10913] overlay: filesystem on ./bus not supported as upperdir [ 142.568175][ T40] audit: type=1400 audit(1758541735.812:651): avc: denied { unmount } for pid=7188 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 142.752740][T10917] kvm: kvm [10916]: vcpu0, guest rIP: 0x9139 Unhandled WRMSR(0xc1) = 0x1 [ 142.756003][T10917] kvm: kvm [10916]: vcpu0, guest rIP: 0x9139 Unhandled WRMSR(0xc2) = 0x1 [ 142.795386][T10917] kvm: kvm [10916]: vcpu0, guest rIP: 0x9139 Unhandled WRMSR(0x11e) = 0x1 [ 142.807168][T10926] netlink: 'syz.1.1073': attribute type 3 has an invalid length. [ 142.839637][T10917] kvm: kvm [10916]: vcpu0, guest rIP: 0x9139 Unhandled WRMSR(0x186) = 0x1 [ 142.843737][T10917] kvm: kvm [10916]: vcpu0, guest rIP: 0x9139 Unhandled WRMSR(0x187) = 0x1 [ 142.879799][T10917] kvm_intel: kvm [10916]: vcpu0, guest rIP: 0x9139 Unhandled WRMSR(0x1d9) = 0x1 [ 142.921307][ T40] audit: type=1400 audit(1758541736.162:652): avc: denied { name_bind } for pid=10934 comm="syz.1.1076" path="socket:[30159]" dev="sockfs" ino=30159 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 142.982123][T10942] overlayfs: failed to clone upperpath [ 142.990813][T10942] overlayfs: failed to clone upperpath [ 142.993630][T10942] overlayfs: failed to clone upperpath [ 142.997414][T10942] overlayfs: failed to clone upperpath [ 143.001097][T10942] overlayfs: failed to clone upperpath [ 143.001985][T10942] overlayfs: failed to clone upperpath [ 143.002765][T10942] overlayfs: failed to clone upperpath [ 143.003542][T10942] overlayfs: failed to clone upperpath [ 143.009060][T10942] overlayfs: failed to clone upperpath [ 143.020855][T10942] overlayfs: failed to clone upperpath [ 143.023187][T10942] overlayfs: failed to clone upperpath [ 143.028537][T10942] overlayfs: failed to clone upperpath [ 143.032548][T10942] overlayfs: failed to clone upperpath [ 143.033789][T10942] overlayfs: failed to clone upperpath [ 143.361352][T10987] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.741841][T11047] FAULT_INJECTION: forcing a failure. [ 143.741841][T11047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.748251][T11047] CPU: 2 UID: 0 PID: 11047 Comm: syz.3.1108 Not tainted syzkaller #0 PREEMPT(full) [ 143.748276][T11047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.748287][T11047] Call Trace: [ 143.748293][T11047] [ 143.748301][T11047] dump_stack_lvl+0x16c/0x1f0 [ 143.748327][T11047] should_fail_ex+0x512/0x640 [ 143.748364][T11047] _copy_from_user+0x2e/0xd0 [ 143.748390][T11047] copy_msghdr_from_user+0x98/0x160 [ 143.748414][T11047] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 143.748448][T11047] ___sys_sendmsg+0xfe/0x1d0 [ 143.748470][T11047] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.748522][T11047] __sys_sendmsg+0x16d/0x220 [ 143.748544][T11047] ? __pfx___sys_sendmsg+0x10/0x10 [ 143.748597][T11047] do_syscall_64+0xcd/0x4e0 [ 143.748638][T11047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.748657][T11047] RIP: 0033:0x7f3aef38ec29 [ 143.748671][T11047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.748688][T11047] RSP: 002b:00007f3af022e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.748706][T11047] RAX: ffffffffffffffda RBX: 00007f3aef5d5fa0 RCX: 00007f3aef38ec29 [ 143.748718][T11047] RDX: 0000000000000804 RSI: 00002000000002c0 RDI: 0000000000000003 [ 143.748730][T11047] RBP: 00007f3af022e090 R08: 0000000000000000 R09: 0000000000000000 [ 143.748741][T11047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.748752][T11047] R13: 00007f3aef5d6038 R14: 00007f3aef5d5fa0 R15: 00007fffc5508388 [ 143.748776][T11047] [ 143.812222][ C2] vkms_vblank_simulate: vblank timer overrun [ 144.290633][ T40] kauditd_printk_skb: 61 callbacks suppressed [ 144.290644][ T40] audit: type=1400 audit(1758541737.532:714): avc: denied { module_request } for pid=11085 comm="syz.1.1116" kmod="net-pf-2-proto-132-type-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 144.299454][T11094] FAULT_INJECTION: forcing a failure. [ 144.299454][T11094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.304310][ T40] audit: type=1400 audit(1758541737.552:715): avc: denied { read } for pid=5684 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 144.306658][T11080] mkiss: ax0: crc mode is auto. [ 144.313148][T11094] CPU: 1 UID: 0 PID: 11094 Comm: syz.0.1118 Not tainted syzkaller #0 PREEMPT(full) [ 144.313170][T11094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.313179][T11094] Call Trace: [ 144.313185][T11094] [ 144.313191][T11094] dump_stack_lvl+0x16c/0x1f0 [ 144.313216][T11094] should_fail_ex+0x512/0x640 [ 144.313240][T11094] _copy_from_user+0x2e/0xd0 [ 144.313263][T11094] move_addr_to_kernel+0x65/0x170 [ 144.313289][T11094] __copy_msghdr+0x386/0x470 [ 144.313309][T11094] copy_msghdr_from_user+0xc1/0x160 [ 144.313328][T11094] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 144.313358][T11094] ___sys_sendmsg+0xfe/0x1d0 [ 144.313379][T11094] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.313425][T11094] __sys_sendmsg+0x16d/0x220 [ 144.313444][T11094] ? __pfx___sys_sendmsg+0x10/0x10 [ 144.313478][T11094] do_syscall_64+0xcd/0x4e0 [ 144.313500][T11094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.313516][T11094] RIP: 0033:0x7fd9d558ec29 [ 144.313529][T11094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.313544][T11094] RSP: 002b:00007fd9d633f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.313559][T11094] RAX: ffffffffffffffda RBX: 00007fd9d57d5fa0 RCX: 00007fd9d558ec29 [ 144.313569][T11094] RDX: 0000000000000804 RSI: 00002000000002c0 RDI: 0000000000000003 [ 144.313579][T11094] RBP: 00007fd9d633f090 R08: 0000000000000000 R09: 0000000000000000 [ 144.313588][T11094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.313597][T11094] R13: 00007fd9d57d6038 R14: 00007fd9d57d5fa0 R15: 00007ffe55676b78 [ 144.313619][T11094] [ 144.343053][ T40] audit: type=1400 audit(1758541737.582:716): avc: denied { write } for pid=11085 comm="syz.1.1116" laddr=::ffff:172.20.20.170 lport=20000 faddr=::ffff:172.20.20.170 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 144.384661][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 144.389488][ T40] audit: type=1400 audit(1758541737.582:717): avc: denied { mounton } for pid=11099 comm="syz.0.1119" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 144.401934][ T40] audit: type=1400 audit(1758541737.582:718): avc: denied { mount } for pid=11099 comm="syz.0.1119" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 144.410803][ T40] audit: type=1400 audit(1758541737.602:719): avc: denied { search } for pid=5684 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 144.421559][ T40] audit: type=1400 audit(1758541737.602:720): avc: denied { search } for pid=5684 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 144.429801][ T40] audit: type=1400 audit(1758541737.602:721): avc: denied { search } for pid=5684 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 144.436580][ T40] audit: type=1400 audit(1758541737.602:722): avc: denied { read } for pid=5684 comm="dhcpcd" name="n115" dev="tmpfs" ino=5683 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 144.443149][ T40] audit: type=1400 audit(1758541737.602:723): avc: denied { open } for pid=5684 comm="dhcpcd" path="/run/udev/data/n115" dev="tmpfs" ino=5683 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 144.502092][T11110] nbd: device at index 0 is going down [ 144.508320][T11110] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 144.511869][T11110] overlayfs: missing 'lowerdir' [ 144.864141][ T840] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 144.900390][T11142] FAULT_INJECTION: forcing a failure. [ 144.900390][T11142] name failslab, interval 1, probability 0, space 0, times 0 [ 144.905092][T11142] CPU: 0 UID: 0 PID: 11142 Comm: syz.2.1129 Not tainted syzkaller #0 PREEMPT(full) [ 144.905108][T11142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.905114][T11142] Call Trace: [ 144.905119][T11142] [ 144.905123][T11142] dump_stack_lvl+0x16c/0x1f0 [ 144.905141][T11142] should_fail_ex+0x512/0x640 [ 144.905155][T11142] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 144.905169][T11142] should_failslab+0xc2/0x120 [ 144.905182][T11142] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 144.905193][T11142] ? __alloc_skb+0x2b2/0x380 [ 144.905208][T11142] __alloc_skb+0x2b2/0x380 [ 144.905220][T11142] ? __pfx___alloc_skb+0x10/0x10 [ 144.905233][T11142] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 144.905251][T11142] netlink_alloc_large_skb+0x69/0x130 [ 144.905266][T11142] netlink_sendmsg+0x6a1/0xdd0 [ 144.905283][T11142] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.905302][T11142] ____sys_sendmsg+0xa95/0xc70 [ 144.905327][T11142] ? copy_msghdr_from_user+0x10a/0x160 [ 144.905348][T11142] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.905385][T11142] ___sys_sendmsg+0x134/0x1d0 [ 144.905409][T11142] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.905458][T11142] __sys_sendmsg+0x16d/0x220 [ 144.905482][T11142] ? __pfx___sys_sendmsg+0x10/0x10 [ 144.905509][T11142] ? fput+0x9b/0xd0 [ 144.905536][T11142] do_syscall_64+0xcd/0x4e0 [ 144.905564][T11142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.905584][T11142] RIP: 0033:0x7fb4e6f8ec29 [ 144.905606][T11142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.905622][T11142] RSP: 002b:00007fb4e7ee1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.905638][T11142] RAX: ffffffffffffffda RBX: 00007fb4e71d5fa0 RCX: 00007fb4e6f8ec29 [ 144.905650][T11142] RDX: 0000000000000804 RSI: 00002000000002c0 RDI: 0000000000000003 [ 144.905660][T11142] RBP: 00007fb4e7ee1090 R08: 0000000000000000 R09: 0000000000000000 [ 144.905669][T11142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.905677][T11142] R13: 00007fb4e71d6038 R14: 00007fb4e71d5fa0 R15: 00007ffdfc53b718 [ 144.905702][T11142] [ 145.015529][ T840] usb 5-1: Using ep0 maxpacket: 8 [ 145.019897][ T840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 145.022757][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 145.027377][ T840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 145.032553][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 145.040582][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 145.049319][ T840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 145.053058][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 145.059713][ T840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 145.064913][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 145.069739][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 145.079871][ T840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 145.083212][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 145.093407][ T840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 145.097814][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 145.101541][ T840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 145.109065][ T840] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 145.112112][ T840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.114800][ T840] usb 5-1: Product: syz [ 145.116079][ T840] usb 5-1: Manufacturer: syz [ 145.117509][ T840] usb 5-1: SerialNumber: syz [ 145.297958][T11198] netlink: 'syz.3.1144': attribute type 5 has an invalid length. [ 145.330075][ T840] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 145.334450][ T840] usb 5-1: USB disconnect, device number 25 [ 145.612883][T11243] FAULT_INJECTION: forcing a failure. [ 145.612883][T11243] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.618291][T11243] CPU: 3 UID: 0 PID: 11243 Comm: syz.3.1152 Not tainted syzkaller #0 PREEMPT(full) [ 145.618314][T11243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.618325][T11243] Call Trace: [ 145.618332][T11243] [ 145.618339][T11243] dump_stack_lvl+0x16c/0x1f0 [ 145.618366][T11243] should_fail_ex+0x512/0x640 [ 145.618393][T11243] _copy_from_iter+0x29f/0x1720 [ 145.618422][T11243] ? __alloc_skb+0x200/0x380 [ 145.618444][T11243] ? __pfx__copy_from_iter+0x10/0x10 [ 145.618471][T11243] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 145.618503][T11243] netlink_sendmsg+0x829/0xdd0 [ 145.618531][T11243] ? __pfx_netlink_sendmsg+0x10/0x10 [ 145.618565][T11243] ____sys_sendmsg+0xa95/0xc70 [ 145.618592][T11243] ? copy_msghdr_from_user+0x10a/0x160 [ 145.618622][T11243] ? __pfx_____sys_sendmsg+0x10/0x10 [ 145.618661][T11243] ___sys_sendmsg+0x134/0x1d0 [ 145.618684][T11243] ? __pfx____sys_sendmsg+0x10/0x10 [ 145.618734][T11243] __sys_sendmsg+0x16d/0x220 [ 145.618757][T11243] ? __pfx___sys_sendmsg+0x10/0x10 [ 145.618794][T11243] do_syscall_64+0xcd/0x4e0 [ 145.618818][T11243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.618836][T11243] RIP: 0033:0x7f3aef38ec29 [ 145.618851][T11243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.618867][T11243] RSP: 002b:00007f3af022e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 145.618885][T11243] RAX: ffffffffffffffda RBX: 00007f3aef5d5fa0 RCX: 00007f3aef38ec29 [ 145.618896][T11243] RDX: 0000000000000804 RSI: 00002000000002c0 RDI: 0000000000000003 [ 145.618907][T11243] RBP: 00007f3af022e090 R08: 0000000000000000 R09: 0000000000000000 [ 145.618917][T11243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.618926][T11243] R13: 00007f3aef5d6038 R14: 00007f3aef5d5fa0 R15: 00007fffc5508388 [ 145.618950][T11243] [ 145.816148][T11260] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.992843][T11316] FAULT_INJECTION: forcing a failure. [ 145.992843][T11316] name failslab, interval 1, probability 0, space 0, times 0 [ 145.997162][T11316] CPU: 1 UID: 0 PID: 11316 Comm: syz.2.1162 Not tainted syzkaller #0 PREEMPT(full) [ 145.997178][T11316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.997185][T11316] Call Trace: [ 145.997189][T11316] [ 145.997193][T11316] dump_stack_lvl+0x16c/0x1f0 [ 145.997211][T11316] should_fail_ex+0x512/0x640 [ 145.997228][T11316] should_failslab+0xc2/0x120 [ 145.997243][T11316] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 145.997256][T11316] ? skb_clone+0x190/0x3f0 [ 145.997272][T11316] skb_clone+0x190/0x3f0 [ 145.997287][T11316] netlink_deliver_tap+0xabd/0xd30 [ 145.997304][T11316] netlink_unicast+0x64c/0x870 [ 145.997321][T11316] ? __pfx_netlink_unicast+0x10/0x10 [ 145.997342][T11316] netlink_sendmsg+0x8d1/0xdd0 [ 145.997359][T11316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 145.997380][T11316] ____sys_sendmsg+0xa95/0xc70 [ 145.997397][T11316] ? copy_msghdr_from_user+0x10a/0x160 [ 145.997411][T11316] ? __pfx_____sys_sendmsg+0x10/0x10 [ 145.997435][T11316] ___sys_sendmsg+0x134/0x1d0 [ 145.997450][T11316] ? __pfx____sys_sendmsg+0x10/0x10 [ 145.997481][T11316] __sys_sendmsg+0x16d/0x220 [ 145.997495][T11316] ? __pfx___sys_sendmsg+0x10/0x10 [ 145.997518][T11316] do_syscall_64+0xcd/0x4e0 [ 145.997535][T11316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.997546][T11316] RIP: 0033:0x7fb4e6f8ec29 [ 145.997556][T11316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.997567][T11316] RSP: 002b:00007fb4e7ee1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 145.997578][T11316] RAX: ffffffffffffffda RBX: 00007fb4e71d5fa0 RCX: 00007fb4e6f8ec29 [ 145.997585][T11316] RDX: 0000000000000804 RSI: 00002000000002c0 RDI: 0000000000000003 [ 145.997592][T11316] RBP: 00007fb4e7ee1090 R08: 0000000000000000 R09: 0000000000000000 [ 145.997599][T11316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.997605][T11316] R13: 00007fb4e71d6038 R14: 00007fb4e71d5fa0 R15: 00007ffdfc53b718 [ 145.997619][T11316] [ 146.025458][ T5332] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.196042][T11347] syz.0.1170 (11347): attempted to duplicate a private mapping with mremap. This is not supported. [ 146.222614][T11346] netlink: 'syz.3.1168': attribute type 10 has an invalid length. [ 146.227464][T11346] team0: Cannot enslave team device to itself [ 146.246804][T11347] sctp: Trying to GSO but underlying device doesn't support it. [ 146.514599][ T839] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 146.684626][ T839] usb 7-1: Using ep0 maxpacket: 8 [ 146.688387][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 146.691486][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.696304][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.701043][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.707810][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 146.712900][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 146.720360][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.725084][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.729667][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.733309][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 146.738361][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 146.740735][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.744817][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.749223][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.752670][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 146.758128][ T839] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 146.760888][ T839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.761460][ T5985] Bluetooth: hci3: unexpected event for opcode 0x0c47 [ 146.763191][ T839] usb 7-1: Product: syz [ 146.763201][ T839] usb 7-1: Manufacturer: syz [ 146.763209][ T839] usb 7-1: SerialNumber: syz [ 146.802498][T11422] __nla_validate_parse: 4 callbacks suppressed [ 146.802551][T11422] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1189'. [ 146.808570][T11422] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1189'. [ 146.842123][T11427] netlink: 37 bytes leftover after parsing attributes in process `syz.1.1191'. [ 146.846952][T11427] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 146.849378][T11427] IPv6: NLM_F_CREATE should be set when creating new route [ 146.852364][T11427] IPv6: NLM_F_CREATE should be set when creating new route [ 146.962485][T11442] batman_adv: batadv0: Adding interface: dummy0 [ 146.968846][T11442] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.978580][ T839] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 146.982785][T11442] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 146.993498][ T839] usb 7-1: USB disconnect, device number 24 [ 147.057823][T11460] netfs: Couldn't get user pages (rc=-14) [ 147.216880][T11488] nfs4: Unknown parameter 'grpquota' [ 147.548909][ T5332] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 147.552802][ T5332] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 147.558278][ T5332] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 147.561616][ T5332] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 147.565030][ T5332] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 147.644016][ T6664] bridge_slave_1: left allmulticast mode [ 147.647219][ T6664] bridge_slave_1: left promiscuous mode [ 147.651413][ T6664] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.657558][ T6664] bridge_slave_0: left allmulticast mode [ 147.659600][ T6664] bridge_slave_0: left promiscuous mode [ 147.661519][ T6664] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.827687][T11535] 9pnet_fd: Insufficient options for proto=fd [ 147.966840][ T6664] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.973417][ T6664] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.978290][ T6664] bond0 (unregistering): Released all slaves [ 147.990332][ T6664] bond1 (unregistering): Released all slaves [ 148.033650][T11539] SELinux: failed to load policy [ 148.137443][T11506] chnl_net:caif_netlink_parms(): no params data found [ 148.320237][T11506] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.322495][T11506] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.325595][T11506] bridge_slave_0: entered allmulticast mode [ 148.328335][T11506] bridge_slave_0: entered promiscuous mode [ 148.332138][T11506] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.334626][T11506] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.337190][T11506] bridge_slave_1: entered allmulticast mode [ 148.341211][T11506] bridge_slave_1: entered promiscuous mode [ 148.416585][T11506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.423199][T11506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.491697][T11506] team0: Port device team_slave_0 added [ 148.497655][T11506] team0: Port device team_slave_1 added [ 148.557971][ T6664] hsr_slave_0: left promiscuous mode [ 148.560960][ T6664] hsr_slave_1: left promiscuous mode [ 148.563611][ T6664] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.634121][ T6054] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 148.794244][ T6054] usb 5-1: Using ep0 maxpacket: 8 [ 148.797700][ T6054] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 148.800130][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 148.803603][ T6054] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.809978][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 148.813378][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 148.818039][ T6054] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 148.820832][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 148.827021][ T6054] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.830830][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 148.834470][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 148.838531][ T6054] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 148.840828][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 148.845824][ T6054] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.849475][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 148.852856][ T6054] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 148.857738][ T6054] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 148.860842][ T6054] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.863309][ T6054] usb 5-1: Product: syz [ 148.866349][ T6054] usb 5-1: Manufacturer: syz [ 148.867833][ T6054] usb 5-1: SerialNumber: syz [ 149.080394][ T6054] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 149.085188][ T6664] team0 (unregistering): Port device team_slave_1 removed [ 149.090776][ T6054] usb 5-1: USB disconnect, device number 26 [ 149.163532][ T6664] team0 (unregistering): Port device team_slave_0 removed [ 149.625149][ T5985] Bluetooth: hci2: command tx timeout [ 149.672430][T11506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.676854][T11506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.687181][T11506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.704897][T11506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.707847][T11506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.721656][T11506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.790682][ T40] kauditd_printk_skb: 133 callbacks suppressed [ 149.790698][ T40] audit: type=1400 audit(1758541743.042:857): avc: denied { module_load } for pid=12356 comm="syz.1.1222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 149.790802][T12364] Invalid ELF header type: 0 != 1 [ 149.831090][T11506] hsr_slave_0: entered promiscuous mode [ 149.834443][T11506] hsr_slave_1: entered promiscuous mode [ 149.866242][ T40] audit: type=1400 audit(1758541743.102:858): avc: denied { name_bind } for pid=12356 comm="syz.1.1222" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 150.103980][T11506] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 150.108437][T11506] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 150.113071][T11506] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 150.120914][T11506] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 150.162566][T11506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.185626][T11506] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.191900][ T6664] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.194970][ T6664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.203544][ T6668] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.205885][ T6668] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.328673][T11506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.399693][ T40] audit: type=1400 audit(1758541743.642:859): avc: denied { bind } for pid=12687 comm="syz.0.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.404265][ T839] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 150.405833][ T40] audit: type=1400 audit(1758541743.642:860): avc: denied { listen } for pid=12687 comm="syz.0.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.416283][ T40] audit: type=1400 audit(1758541743.642:861): avc: denied { write } for pid=12687 comm="syz.0.1233" path="socket:[33243]" dev="sockfs" ino=33243 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.423574][ T40] audit: type=1400 audit(1758541743.642:862): avc: denied { accept } for pid=12687 comm="syz.0.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.500021][T11506] veth0_vlan: entered promiscuous mode [ 150.508459][T11506] veth1_vlan: entered promiscuous mode [ 150.526460][T11506] veth0_macvtap: entered promiscuous mode [ 150.530956][T11506] veth1_macvtap: entered promiscuous mode [ 150.541193][T11506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.548119][T11506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.553977][ T60] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.558153][ T60] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.561623][ T60] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.564852][ T60] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.589263][ T839] usb 7-1: Using ep0 maxpacket: 8 [ 150.595493][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 150.598483][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 150.603388][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 150.608148][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 150.612381][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 150.614865][ T6668] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.618983][ T6668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.620762][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 150.627387][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 150.631162][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 150.635771][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 150.640035][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 150.640762][ T6664] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.645285][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 150.646780][ T6664] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.649687][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 150.657697][ T40] audit: type=1400 audit(1758541743.902:863): avc: denied { mounton } for pid=11506 comm="syz-executor" path="/syzkaller.5XYz9b/syz-tmp" dev="sda1" ino=2039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 150.657777][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 150.667397][ T40] audit: type=1400 audit(1758541743.902:864): avc: denied { mount } for pid=11506 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 150.668336][T12716] trusted_key: encrypted_key: keylen parameter is missing [ 150.670699][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 150.677523][ T40] audit: type=1400 audit(1758541743.902:865): avc: denied { mounton } for pid=11506 comm="syz-executor" path="/syzkaller.5XYz9b/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 150.677550][ T40] audit: type=1400 audit(1758541743.902:866): avc: denied { mounton } for pid=11506 comm="syz-executor" path="/syzkaller.5XYz9b/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=35202 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 150.708207][ T29] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 150.711763][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 150.718639][ T839] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 150.722266][ T839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.727363][ T839] usb 7-1: Product: syz [ 150.729018][ T839] usb 7-1: Manufacturer: syz [ 150.730871][ T839] usb 7-1: SerialNumber: syz [ 150.761030][T12728] netlink: 'syz.1.1237': attribute type 3 has an invalid length. [ 150.764668][T12728] netlink: 'syz.1.1237': attribute type 1 has an invalid length. [ 150.768888][T12728] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.1237'. [ 150.885929][ T29] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 150.889018][ T29] usb 5-1: config 1 has no interface number 0 [ 150.891149][ T29] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 150.892088][T12738] 8021q: VLANs not supported on ip_vti0 [ 150.895832][ T29] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 150.895850][ T29] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 64 [ 150.895864][ T29] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.897831][ T29] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 150.899120][T12739] 8021q: VLANs not supported on ip_vti0 [ 150.901545][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.918890][ T29] usb 5-1: Product: syz [ 150.920898][ T29] usb 5-1: Manufacturer: syz [ 150.922773][ T29] usb 5-1: SerialNumber: syz [ 150.927106][T12697] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 150.929573][T12697] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 150.944850][ T839] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 150.950004][ T839] usb 7-1: USB disconnect, device number 25 [ 151.012470][T12760] No control pipe specified [ 151.334581][T12696] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 151.337761][T12696] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 151.683865][ T29] usb 5-1: Incompatible driver and firmware versions [ 151.694608][ T29] usb 5-1: USB disconnect, device number 27 [ 151.719292][ T5985] Bluetooth: hci2: command tx timeout [ 151.910862][T12811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1259'. [ 151.916167][T12811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1259'. [ 152.053435][T12829] tipc: MTU too low for tipc bearer [ 152.124166][ T24] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 152.274130][ T24] usb 9-1: Using ep0 maxpacket: 8 [ 152.277603][ T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 152.280319][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 152.285270][ T24] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 152.290141][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 152.295537][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 152.301080][ T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 152.305339][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 152.310028][ T24] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 152.315418][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 152.320102][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 152.325736][ T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 152.332402][T12871] gfs2: path_lookup on ™6(ï+‰d‹QÌnB´!eU‚çVè!š`:Ñ 8×DSEíÄðÃÄèÎ Áy|YT¢®{-€íê°”,mb/ returned error -2 [ 152.332565][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 152.346178][ T24] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 152.351424][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 152.356408][ T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 152.363531][ T24] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 152.368404][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.371623][ T24] usb 9-1: Product: syz [ 152.373543][ T24] usb 9-1: Manufacturer: syz [ 152.376527][ T24] usb 9-1: SerialNumber: syz [ 152.597298][ T24] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 152.603664][ T24] usb 9-1: USB disconnect, device number 2 [ 152.617958][T13016] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1278'. [ 152.661763][T13022] xt_l2tp: v2 tid > 0xffff: 16462212 [ 152.865804][T13020] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1279'. [ 152.869178][T13020] netlink: 'syz.2.1279': attribute type 1 has an invalid length. [ 152.872012][T13020] netlink: 'syz.2.1279': attribute type 2 has an invalid length. [ 153.324235][ T10] usb 7-1: new full-speed USB device number 26 using dummy_hcd [ 153.385963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 153.388861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 153.392116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 153.486797][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 153.492987][ T10] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 153.493203][T13094] vxcan1: tx address claim with different name [ 153.496895][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.501579][ T10] usb 7-1: Product: syz [ 153.503228][ T10] usb 7-1: Manufacturer: syz [ 153.509188][ T10] usb 7-1: SerialNumber: syz [ 153.514487][ T10] usb 7-1: config 0 descriptor?? [ 153.793596][T13112] input: syz0 as /devices/virtual/input/input13 [ 153.794743][ T5985] Bluetooth: hci2: command tx timeout [ 153.981640][T13065] veth0: entered promiscuous mode [ 153.984967][ T10] usb 7-1: USB disconnect, device number 26 [ 153.992028][T13063] veth0: left promiscuous mode [ 154.054522][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 154.094938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 154.115865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 154.143724][T13160] bridge1: entered promiscuous mode [ 154.147365][T13160] bridge1: entered allmulticast mode [ 154.254238][ T840] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 154.424258][ T840] usb 5-1: Using ep0 maxpacket: 16 [ 154.434824][ T840] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 154.435123][ T6036] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 154.438788][ T840] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 154.451031][ T840] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 154.455263][ T840] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 154.458635][ T840] usb 5-1: Manufacturer: syz [ 154.467167][ T840] usb 5-1: config 0 descriptor?? [ 154.616947][ T6036] usb 9-1: unable to get BOS descriptor or descriptor too short [ 154.620553][ T6036] usb 9-1: not running at top speed; connect to a high speed hub [ 154.625668][ T6036] usb 9-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 154.630896][ T6036] usb 9-1: config 1 interface 0 has no altsetting 0 [ 154.635475][ T6036] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 154.639076][ T6036] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.642470][ T6036] usb 9-1: Product: syz [ 154.646856][ T6036] usb 9-1: Manufacturer: syz [ 154.648780][ T6036] usb 9-1: SerialNumber: syz [ 154.710511][T13208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1308'. [ 154.711747][T13207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1308'. [ 154.720418][T13208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1308'. [ 154.731651][T13207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.736563][T13207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.869855][ T40] kauditd_printk_skb: 36 callbacks suppressed [ 154.869873][ T40] audit: type=1400 audit(1758541748.112:903): avc: denied { setopt } for pid=13168 comm="syz.4.1302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 154.892590][ T40] audit: type=1400 audit(1758541748.132:904): avc: denied { create } for pid=13141 comm="syz.0.1299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 154.901171][ T40] audit: type=1400 audit(1758541748.132:905): avc: denied { ioctl } for pid=13141 comm="syz.0.1299" path="socket:[33438]" dev="sockfs" ino=33438 ioctlcmd=0x8924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 154.909061][T13169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.913910][T13169] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.984350][ T29] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 154.990630][ T40] audit: type=1400 audit(1758541748.232:906): avc: denied { mount } for pid=13233 comm="syz.1.1310" name="/" dev="hugetlbfs" ino=35585 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 154.997920][ T40] audit: type=1400 audit(1758541748.232:907): avc: denied { create } for pid=13235 comm="syz.0.1311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 155.003946][ T40] audit: type=1400 audit(1758541748.232:908): avc: denied { create } for pid=13233 comm="syz.1.1310" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=blk_file permissive=1 [ 155.028696][ T40] audit: type=1400 audit(1758541748.272:909): avc: denied { mount } for pid=13240 comm="syz.0.1312" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 155.029691][T13241] random: crng reseeded on system resumption [ 155.035886][ T40] audit: type=1400 audit(1758541748.272:910): avc: denied { append } for pid=13240 comm="syz.0.1312" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 155.048904][ T40] audit: type=1400 audit(1758541748.272:911): avc: denied { open } for pid=13240 comm="syz.0.1312" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 155.058432][ T6036] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -71 [ 155.060196][ T40] audit: type=1400 audit(1758541748.312:912): avc: denied { ioctl } for pid=13240 comm="syz.0.1312" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 155.065230][ T6036] usb 9-1: USB disconnect, device number 3 [ 155.144720][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 155.148356][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 155.151371][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 155.156680][ T29] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 155.161171][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 155.165964][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 155.167916][ T1028] usb 5-1: USB disconnect, device number 28 [ 155.175650][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 155.178601][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 155.182645][ T29] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 155.188263][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 155.193794][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 155.204652][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 155.207743][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 155.212599][ T29] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 155.217660][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 155.221411][ T29] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 155.228775][ T29] usb 7-1: string descriptor 0 read error: -22 [ 155.231440][ T29] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 155.235231][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.248061][ T29] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 155.281716][T13288] /dev/nbd1: Can't lookup blockdev [ 155.448631][ T10] usb 7-1: USB disconnect, device number 27 [ 155.564645][ T6036] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 155.663796][T13342] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 155.666588][T13341] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1326'. [ 155.725226][ T6036] usb 9-1: Using ep0 maxpacket: 8 [ 155.729027][ T6036] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 155.732637][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 155.738132][ T6036] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 155.742123][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 155.750231][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 155.755612][ T6036] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 155.758378][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 155.762701][ T6036] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 155.767652][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 155.771941][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 155.777666][ T6036] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 155.780642][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 155.789091][ T6036] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 155.793306][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 155.798405][ T6036] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 155.803744][ T6036] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 155.807454][ T6036] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.810299][ T6036] usb 9-1: Product: syz [ 155.811984][ T6036] usb 9-1: Manufacturer: syz [ 155.813560][ T6036] usb 9-1: SerialNumber: syz [ 155.864656][ T34] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 155.866846][ T34] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 155.874459][ T5985] Bluetooth: hci2: command tx timeout [ 156.064860][ T6036] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 156.076512][ T6036] usb 9-1: USB disconnect, device number 4 [ 156.079539][T13389] netlink: 'syz.2.1337': attribute type 5 has an invalid length. [ 156.088006][T13389] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1886807396 (3773614792 ns) > initial count (3538469592 ns). Using initial count to start timer. [ 156.088367][T13396] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 156.209452][T13415] 9pnet_virtio: no channels available for device syz [ 156.496301][T13423] syzkaller1: entered promiscuous mode [ 156.498286][T13423] syzkaller1: entered allmulticast mode [ 156.570790][T13430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1343'. [ 156.574176][T13430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1343'. [ 156.611545][T13429] syz.2.1343 (13429): drop_caches: 2 [ 157.114152][ T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 157.228479][T13480] tmpfs: Bad value for 'huge' [ 157.271928][T13483] nbd: must specify at least one socket [ 157.284178][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 157.290933][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 157.294686][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.299026][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 157.302920][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 157.308182][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 157.314603][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 157.316963][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.320426][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 157.327651][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 157.331054][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 157.336487][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 157.340402][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.344768][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 157.348975][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 157.355593][T13490] netlink: 'syz.4.1363': attribute type 3 has an invalid length. [ 157.357598][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 157.358158][T13490] netlink: 'syz.4.1363': attribute type 1 has an invalid length. [ 157.364584][T13490] __nla_validate_parse: 1 callbacks suppressed [ 157.364592][T13490] netlink: 220 bytes leftover after parsing attributes in process `syz.4.1363'. [ 157.365951][ T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 157.373237][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.377397][ T10] usb 5-1: Product: syz [ 157.378777][ T10] usb 5-1: Manufacturer: syz [ 157.380288][ T10] usb 5-1: SerialNumber: syz [ 157.381440][T13484] futex_wake_op: syz.1.1355 tries to shift op by -1; fix this program [ 157.633396][ T10] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 157.637937][ T10] usb 5-1: USB disconnect, device number 29 [ 157.659609][T13514] netlink: 'syz.4.1368': attribute type 4 has an invalid length. [ 157.671218][T13514] netlink: 'syz.4.1368': attribute type 4 has an invalid length. [ 157.680223][T13514] netlink: 'syz.4.1368': attribute type 1 has an invalid length. [ 157.683263][T13514] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1368'. [ 157.686958][T13514] netlink: 'syz.4.1368': attribute type 1 has an invalid length. [ 157.689463][T13514] netlink: 'syz.4.1368': attribute type 2 has an invalid length. [ 157.738704][T13523] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 157.771281][T13526] netlink: 'syz.1.1372': attribute type 27 has an invalid length. [ 157.775747][T13526] gretap1: left promiscuous mode [ 157.781681][T13526] netlink: 'syz.1.1372': attribute type 27 has an invalid length. [ 157.944167][ T5985] Bluetooth: hci3: command 0x0c1a tx timeout [ 157.944308][ T34] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 157.948145][ T34] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 158.301191][T13582] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 158.391298][T13591] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 158.391298][T13591] The task syz.0.1377 (13591) triggered the difference, watch for misbehavior. [ 158.544178][ T840] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 158.700334][ T840] usb 9-1: Using ep0 maxpacket: 32 [ 158.704234][ T840] usb 9-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 158.708417][ T840] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.717271][ T840] usb 9-1: config 0 descriptor?? [ 158.748139][T13615] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=13615 comm=syz.2.1382 [ 158.753855][T13611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1382'. [ 158.757864][T13611] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1382'. [ 158.760304][ T840] as10x_usb: device has been detected [ 158.763899][ T840] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 158.789176][ T840] usb 9-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 158.832754][ T840] as10x_usb: error during firmware upload part1 [ 158.835992][ T840] Registered device nBox DVB-T Dongle [ 158.923873][T13582] binder: 13581:13582 unknown command 0 [ 158.928947][T13582] binder: 13581:13582 ioctl c0306201 200000000080 returned -22 [ 158.933263][T13582] binder: 13581:13582 ioctl 5408 2000000000c0 returned -22 [ 158.937188][T13582] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1379'. [ 158.942981][ T1028] usb 9-1: USB disconnect, device number 5 [ 158.967385][ T1028] Unregistered device nBox DVB-T Dongle [ 158.970714][ T1028] as10x_usb: device has been disconnected [ 159.143379][T13672] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1391'. [ 159.330031][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1393'. [ 159.578019][T13698] syz_tun (unregistering): left allmulticast mode [ 160.104338][ T5332] Bluetooth: hci2: command 0x0c1a tx timeout [ 160.106827][ T34] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 160.109163][ T34] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 160.172875][ T40] kauditd_printk_skb: 2560 callbacks suppressed [ 160.172891][ T40] audit: type=1401 audit(1758541753.412:3473): op=fscreate invalid_context=0701FE80070200002E0100000000010041010000FF7F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [ 160.202634][T13713] bridge2: entered promiscuous mode [ 160.205581][T13713] bridge2: entered allmulticast mode [ 160.215217][T13713] mkiss: ax0: crc mode is auto. [ 160.235467][T13725] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1402'. [ 160.238732][T13725] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1402'. [ 160.242188][T13725] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1402'. [ 160.268788][T13726] syzkaller1: entered promiscuous mode [ 160.271182][T13726] syzkaller1: entered allmulticast mode [ 160.370996][T13744] trusted_key: encrypted_key: key user:syz not found [ 160.374194][ T40] audit: type=1400 audit(1758541753.612:3474): avc: denied { listen } for pid=13743 comm="syz.4.1407" lport=56692 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 160.385428][ T40] audit: type=1400 audit(1758541753.622:3475): avc: denied { accept } for pid=13743 comm="syz.4.1407" lport=56692 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 160.393584][ T40] audit: type=1400 audit(1758541753.622:3476): avc: denied { getopt } for pid=13743 comm="syz.4.1407" lport=56692 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 160.402857][ T40] audit: type=1400 audit(1758541753.622:3477): avc: denied { write } for pid=13743 comm="syz.4.1407" lport=56692 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 160.413941][ T40] audit: type=1400 audit(1758541753.622:3478): avc: denied { connect } for pid=13739 comm="syz.2.1406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 160.431722][T13750] afs: Unknown parameter '' [ 160.443201][T13754] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 160.571682][ T40] audit: type=1400 audit(1758541753.812:3479): avc: denied { mount } for pid=13766 comm="syz.1.1413" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 160.573997][T13767] IPVS: rr: FWM 3 0x00000003 - no destination available [ 160.584166][ T10] IPVS: starting estimator thread 0... [ 160.589471][T13767] overlayfs: missing 'workdir' [ 160.597619][ T40] audit: type=1400 audit(1758541753.842:3480): avc: denied { connect } for pid=13771 comm="syz.4.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 160.606439][ T40] audit: type=1400 audit(1758541753.852:3481): avc: denied { bind } for pid=13771 comm="syz.4.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 160.614567][ T40] audit: type=1400 audit(1758541753.852:3482): avc: denied { write } for pid=13771 comm="syz.4.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 160.694190][T13770] IPVS: using max 28 ests per chain, 67200 per kthread [ 160.728256][T13791] openvswitch: netlink: Unknown key attributes 2 [ 160.848199][T13801] 9pnet_fd: Insufficient options for proto=fd [ 161.124641][T13830] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 161.127413][T13830] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 161.131443][T13830] vhci_hcd vhci_hcd.0: Device attached [ 161.140354][T13831] vhci_hcd: connection closed [ 161.141951][ T6664] vhci_hcd: stop threads [ 161.152454][ T6664] vhci_hcd: release socket [ 161.155745][ T6664] vhci_hcd: disconnect device [ 161.268034][T13886] netlink: 'syz.1.1440': attribute type 8 has an invalid length. [ 161.358590][T13897] netlink: 'syz.1.1444': attribute type 10 has an invalid length. [ 161.374545][T13897] batman_adv: batadv0: Removing interface: dummy0 [ 161.438016][T13904] dummy0: entered promiscuous mode [ 161.557437][T13923] xt_bpf: check failed: parse error [ 161.759578][T13951] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 161.763698][T13951] block device autoloading is deprecated and will be removed. [ 162.906862][T14042] __nla_validate_parse: 9 callbacks suppressed [ 162.906873][T14042] netlink: 360 bytes leftover after parsing attributes in process `syz.4.1475'. [ 162.931956][T14045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1476'. [ 162.960879][T14044] nvme_fabrics: missing parameter 'transport=%s' [ 162.964008][T14044] nvme_fabrics: missing parameter 'nqn=%s' [ 163.031601][T14053] Bluetooth: MGMT ver 1.23 [ 163.233508][T14064] 8021q: adding VLAN 0 to HW filter on device bond1 [ 163.241554][T14077] netlink: 'syz.1.1483': attribute type 7 has an invalid length. [ 163.258937][T14077] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14077 comm=syz.1.1483 [ 163.439681][T14109] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached [ 163.686915][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.690670][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.696835][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.700710][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.706032][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.713598][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.723919][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.729443][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.735510][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.738731][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.743637][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.748057][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.752417][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.755416][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.759435][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 163.762367][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.767565][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.772901][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.778451][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.783830][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.790152][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.794801][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.801405][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.806128][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.810097][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.814348][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.819102][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.824338][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.829376][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.833453][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.839499][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.844887][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.850275][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.855924][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.861046][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.866240][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.870535][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.875526][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.880047][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.885208][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 163.889478][T14132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 164.024200][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.038239][T14173] netlink: 'syz.0.1503': attribute type 1 has an invalid length. [ 164.062509][T14173] 8021q: adding VLAN 0 to HW filter on device bond1 [ 164.089069][T14173] bond1: (slave ip6erspan0): making interface the new active one [ 164.093516][T14173] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 165.387215][T14257] bridge: RTM_NEWNEIGH with invalid ether address [ 165.594461][T14267] tipc: Enabled bearer , priority 0 [ 165.616146][T14267] tipc: Disabling bearer [ 166.076003][ T40] kauditd_printk_skb: 1273 callbacks suppressed [ 166.076014][ T40] audit: type=1400 audit(1758541759.322:4756): avc: denied { unmount } for pid=5969 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 166.511932][ T40] audit: type=1326 audit(1758541759.752:4757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.521024][ T40] audit: type=1326 audit(1758541759.762:4758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.536768][ T40] audit: type=1326 audit(1758541759.762:4759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.546398][ T40] audit: type=1326 audit(1758541759.762:4760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.558391][ T40] audit: type=1326 audit(1758541759.762:4761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.567523][ T40] audit: type=1326 audit(1758541759.762:4762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.574735][ T40] audit: type=1326 audit(1758541759.762:4763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.581678][ T40] audit: type=1326 audit(1758541759.762:4764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 166.589490][ T40] audit: type=1326 audit(1758541759.762:4765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14294 comm="syz.4.1531" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa52458ec29 code=0x7ffc0000 [ 167.114347][ T10] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 167.264216][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 167.267783][ T10] usb 7-1: unable to get BOS descriptor or descriptor too short [ 167.271086][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.274897][ T10] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 167.278545][ T10] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 167.283618][ T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 167.287121][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.289646][ T10] usb 7-1: Product: syz [ 167.290942][ T10] usb 7-1: Manufacturer: syz [ 167.292382][ T10] usb 7-1: SerialNumber: syz [ 167.495768][ T6054] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 167.516187][ T6054] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 168.664539][T14348] __nla_validate_parse: 27 callbacks suppressed [ 168.666842][T14348] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1543'. [ 169.461198][ T10] cdc_ncm 7-1:1.0: bind() failure [ 169.466703][ T10] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 169.468888][ T10] cdc_ncm 7-1:1.1: bind() failure [ 169.475774][ T10] usb 7-1: USB disconnect, device number 28 [ 170.589428][T14404] bridge: RTM_NEWNEIGH with invalid ether address [ 170.674271][ T6023] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 170.824168][ T6023] usb 7-1: Using ep0 maxpacket: 16 [ 170.827689][ T6023] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 170.832051][ T6023] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 170.835024][ T6023] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.837563][ T6023] usb 7-1: Product: syz [ 170.838978][ T6023] usb 7-1: Manufacturer: syz [ 170.841227][ T6023] usb 7-1: SerialNumber: syz [ 170.917834][ T6023] usb 7-1: config 0 descriptor?? [ 170.921256][ T6023] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 170.926490][ T6023] usb 7-1: Detected FT232R [ 171.139270][ T6023] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 171.393077][ T6023] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 171.429657][ T10] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 171.440879][ T10] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 171.575600][ T6036] usb 7-1: USB disconnect, device number 29 [ 171.587773][ T6036] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 171.593603][ T6036] ftdi_sio 7-1:0.0: device disconnected [ 172.955225][T14499] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1568'. [ 173.237584][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 173.237600][ T40] audit: type=1400 audit(1758541766.482:4780): avc: denied { mount } for pid=14496 comm="syz.0.1567" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1 [ 173.634561][ T6023] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 174.484301][ T6023] usb 9-1: Using ep0 maxpacket: 16 [ 174.492257][T14596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14596 comm=syz.2.1584 [ 174.492969][ T6023] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.500739][ T6023] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.505468][ T6023] usb 9-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 174.508477][ T6023] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.512696][ T6023] usb 9-1: config 0 descriptor?? [ 174.924976][ T6023] hid-multitouch 0003:1FD2:6007.0006: unknown main item tag 0x1 [ 174.932612][ T6023] hid-multitouch 0003:1FD2:6007.0006: hidraw1: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 175.028731][ T6023] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 175.034784][ T6023] hid-generic 0000:0000:0000.0007: hidraw2: HID v0.00 Device [syz1] on syz0 [ 175.128168][ T6054] usb 9-1: USB disconnect, device number 6 [ 175.203784][T14658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1589'. [ 175.699486][ T72] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 175.709520][ T72] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz1] on syz0 [ 176.032243][T14682] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1594'. [ 176.259897][ T40] audit: type=1326 audit(1758541769.502:4781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14687 comm="syz.0.1598" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd9d558ec29 code=0x0 [ 176.443476][ T6054] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 176.447097][T14694] SELinux: failed to load policy [ 176.450356][ T6054] hid-generic 0000:0000:0000.0009: hidraw2: HID v0.00 Device [syz1] on syz0 [ 176.764212][ T24] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 176.894172][ T24] usb 5-1: device descriptor read/64, error -71 [ 177.314171][ T24] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 177.454160][ T24] usb 5-1: device descriptor read/64, error -71 [ 177.564376][ T24] usb usb5-port1: attempt power cycle [ 177.924219][ T24] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 177.946275][ T24] usb 5-1: device descriptor read/8, error -71 [ 178.206067][ T24] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 178.226530][ T24] usb 5-1: device descriptor read/8, error -71 [ 178.410455][ T24] usb usb5-port1: unable to enumerate USB device [ 178.519876][T14772] mac80211_hwsim hwsim7 wlan0: left promiscuous mode [ 178.571410][T14774] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1612'. [ 178.755261][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.890104][T14791] syz.4.1619 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 178.896161][ T840] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 178.900293][ T840] hid-generic 0000:0000:0000.000A: hidraw1: HID v0.00 Device [syz1] on syz0 [ 180.234157][ T840] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 180.348557][ T40] audit: type=1400 audit(1758541773.592:4782): avc: denied { getopt } for pid=14825 comm="syz.4.1625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 180.395775][ T840] usb 7-1: Using ep0 maxpacket: 16 [ 180.399287][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.403728][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.406957][ T840] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 180.411006][ T840] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 180.413907][ T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.420366][ T840] usb 7-1: config 0 descriptor?? [ 180.844447][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.847450][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.850244][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.853189][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.856479][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.859534][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.862362][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.865733][ T840] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 180.875391][ T840] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:045E:07DA.000B/input/input16 [ 180.889631][ T840] microsoft 0003:045E:07DA.000B: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 181.003709][ T40] audit: type=1400 audit(1758541774.242:4783): avc: denied { ioctl } for pid=14854 comm="syz.1.1632" path="socket:[41294]" dev="sockfs" ino=41294 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 181.041481][ T840] usb 7-1: USB disconnect, device number 30 [ 181.425606][T14890] netlink: 'syz.4.1639': attribute type 12 has an invalid length. [ 181.428139][T14890] netlink: 'syz.4.1639': attribute type 29 has an invalid length. [ 181.430543][T14890] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1639'. [ 181.617451][ T40] audit: type=1400 audit(1758541774.862:4784): avc: denied { getopt } for pid=14900 comm="syz.2.1643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 181.631156][ T40] audit: type=1400 audit(1758541774.872:4785): avc: denied { bind } for pid=14900 comm="syz.2.1643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 181.684277][ T6913] usb 5-1: new full-speed USB device number 34 using dummy_hcd [ 181.845699][ T6913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 181.850058][ T6913] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 181.855053][ T6913] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 181.858044][ T6913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.862538][ T6913] usb 5-1: config 0 descriptor?? [ 181.865167][T14892] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 182.149535][ T40] audit: type=1400 audit(1758541775.392:4786): avc: denied { name_bind } for pid=14909 comm="syz.1.1644" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 182.344019][ T6913] hkems 0003:2006:0118.000C: unbalanced collection at end of report description [ 182.348890][ T6913] hkems 0003:2006:0118.000C: parse failed [ 182.351076][ T6913] hkems 0003:2006:0118.000C: probe with driver hkems failed with error -22 [ 182.455191][T14920] netlink: 'syz.4.1647': attribute type 4 has an invalid length. [ 182.457975][T14920] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1647'. [ 182.483939][ T9] usb 5-1: USB disconnect, device number 34 [ 182.704142][ T6054] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 182.864149][ T6054] usb 9-1: Using ep0 maxpacket: 16 [ 182.868661][ T6054] usb 9-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 182.877382][ T6054] usb 9-1: New USB device found, idVendor=0586, idProduct=401a, bcdDevice= 5.2b [ 182.881089][ T6054] usb 9-1: New USB device strings: Mfr=1, Product=199, SerialNumber=3 [ 182.884478][ T6054] usb 9-1: Product: syz [ 182.886183][ T6054] usb 9-1: Manufacturer: syz [ 182.888192][ T6054] usb 9-1: SerialNumber: syz [ 182.897302][ T6054] rtl8150 9-1:2.0: couldn't find required endpoints [ 182.900246][ T6054] rtl8150 9-1:2.0: probe with driver rtl8150 failed with error -5 [ 183.759827][T14970] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1661'. [ 183.877489][T14976] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14976 comm=syz.1.1664 [ 185.010365][T15000] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1667'. [ 185.436042][T15010] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1674'. [ 185.534460][ T6036] usb 9-1: USB disconnect, device number 7 [ 186.664155][ T9] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 186.822991][ T40] audit: type=1400 audit(1758541780.062:4787): avc: denied { write } for pid=15049 comm="syz.2.1684" name="rtc0" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 186.845308][ T9] usb 9-1: config 7 has an invalid interface number: 227 but max is 0 [ 186.852511][ T9] usb 9-1: config 7 has no interface number 0 [ 186.855804][ T9] usb 9-1: config 7 interface 227 has no altsetting 0 [ 186.862238][ T9] usb 9-1: New USB device found, idVendor=79ee, idProduct=ea27, bcdDevice=e1.44 [ 186.865613][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.868875][ T9] usb 9-1: Product: syz [ 186.870539][ T9] usb 9-1: Manufacturer: syz [ 186.872452][ T9] usb 9-1: SerialNumber: syz [ 187.087907][ T9] cdc_wdm 9-1:7.227: More than one union descriptor, skipping ... [ 187.090397][ T9] cdc_wdm 9-1:7.227: probe with driver cdc_wdm failed with error -22 [ 187.095146][ T9] usb 9-1: USB disconnect, device number 8 [ 187.929981][ T40] audit: type=1400 audit(1758541781.172:4788): avc: denied { nlmsg_read } for pid=15077 comm="syz.4.1691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 187.946834][ T40] audit: type=1400 audit(1758541781.192:4789): avc: denied { audit_write } for pid=15077 comm="syz.4.1691" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 187.957422][ T40] audit: type=1107 audit(1758541781.202:4790): pid=15077 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 188.831787][T15102] binder: 15101:15102 ioctl c018620c 200000000040 returned -22 [ 189.017979][ T40] audit: type=1400 audit(1758541782.262:4791): avc: denied { call } for pid=15107 comm="syz.4.1700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 189.152510][T15121] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.156073][T15121] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.240495][T15121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.250166][T15121] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.284167][ T840] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 189.327354][T15121] bridge1: left promiscuous mode [ 189.329017][T15121] bridge1: left allmulticast mode [ 189.339075][ T6667] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.342161][ T6667] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.345323][ T6667] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.348171][ T6667] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.444154][ T840] usb 5-1: Using ep0 maxpacket: 16 [ 189.448485][ T840] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 189.451670][ T840] usb 5-1: config 0 has no interface number 0 [ 189.455210][ T840] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.459483][ T840] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.463189][ T840] usb 5-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 189.469242][ T840] usb 5-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00 [ 189.473017][ T840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.482288][ T840] usb 5-1: config 0 descriptor?? [ 189.757603][ T6023] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 189.761179][ T6023] hid-generic 0000:0000:0000.000D: hidraw1: HID v0.00 Device [syz1] on syz0 [ 190.108021][ T840] holtek_mouse 0003:04D9:A072.000E: unknown main item tag 0x0 [ 190.110409][ T840] holtek_mouse 0003:04D9:A072.000E: unknown main item tag 0x0 [ 190.112766][ T840] holtek_mouse 0003:04D9:A072.000E: item fetching failed at offset 2/4 [ 190.115798][ T840] holtek_mouse 0003:04D9:A072.000E: hid parse failed: -22 [ 190.119280][ T840] holtek_mouse 0003:04D9:A072.000E: probe with driver holtek_mouse failed with error -22 [ 190.125322][ T840] usb 5-1: USB disconnect, device number 35 [ 190.144228][ T29] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 190.148925][ T29] hid-generic 0000:0000:0000.000F: hidraw1: HID v0.00 Device [syz1] on syz0 [ 190.781741][ T840] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 190.944387][ T840] usb 7-1: Using ep0 maxpacket: 8 [ 190.949391][ T840] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 190.953996][ T840] usb 7-1: config 179 has no interface number 0 [ 190.957807][ T840] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 190.963035][ T840] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 190.970453][ T840] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 190.977783][ T840] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 190.983513][ T840] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 190.990035][ T840] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 190.994309][ T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.005049][T15232] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 191.259319][ T840] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input17 [ 191.479799][ T29] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 191.490639][ T29] hid-generic 0000:0000:0000.0010: hidraw1: HID v0.00 Device [syz1] on syz0 [ 191.636454][ T24] usb 7-1: USB disconnect, device number 31 [ 191.638453][ C2] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 191.638479][ C2] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 191.749176][T15309] binder: 15308:15309 ioctl c018620c 200000000040 returned -22 [ 192.243932][ T6913] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 192.253398][ T6913] hid-generic 0000:0000:0000.0011: hidraw1: HID v0.00 Device [syz1] on syz0 [ 192.434780][ T6054] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 192.608238][ T6054] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.612324][ T6054] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 192.618227][ T6054] usb 9-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 192.622089][ T6054] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.625619][ T6054] usb 9-1: Product: syz [ 192.627331][ T6054] usb 9-1: Manufacturer: syz [ 192.629296][ T6054] usb 9-1: SerialNumber: syz [ 192.633370][ T6054] usb 9-1: config 0 descriptor?? [ 192.692618][ T40] audit: type=1400 audit(1758541785.932:4792): avc: denied { compute_member } for pid=15377 comm="syz.2.1737" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 192.818909][T15390] ------------[ cut here ]------------ [ 192.821644][T15390] WARNING: CPU: 0 PID: 15390 at net/ipv4/route.c:1269 ip_rt_bug+0x2b/0x120 [ 192.825382][T15390] Modules linked in: [ 192.827448][T15390] CPU: 0 UID: 0 PID: 15390 Comm: syz.2.1741 Not tainted syzkaller #0 PREEMPT(full) [ 192.832649][T15390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 192.837245][T15390] RIP: 0010:ip_rt_bug+0x2b/0x120 [ 192.839451][T15390] Code: 0f 1e fa 41 54 55 53 48 89 d3 48 83 ec 08 e8 9c 08 c3 f7 66 90 e8 95 08 c3 f7 ba 02 00 00 00 48 89 de 31 ff e8 06 69 70 ff 90 <0f> 0b 90 48 83 c4 08 31 c0 5b 5d 41 5c e9 53 2b 9f 01 e8 6e 08 c3 [ 192.847568][T15390] RSP: 0018:ffffc9000743f3d8 EFLAGS: 00010287 [ 192.850079][T15390] RAX: 0000000000000cf3 RBX: ffff8880550f5180 RCX: ffffc90004a91000 [ 192.853212][T15390] RDX: 0000000000080000 RSI: ffffffff89f894fa RDI: ffffffff8c163400 [ 192.856510][T15390] RBP: ffff8880550f5180 R08: 0000000000000001 R09: 0000000000000001 [ 192.859722][T15390] R10: ffffffff90ab7597 R11: 0000000000000000 R12: ffff88803777a440 [ 192.862877][T15390] R13: ffff8881013af000 R14: ffff888047545700 R15: ffff8880550f51d8 [ 192.866193][T15390] FS: 00007fb4e7ee16c0(0000) GS:ffff8880d66b2000(0000) knlGS:0000000000000000 [ 192.869827][T15390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.872569][T15390] CR2: 000000110c327647 CR3: 0000000026774000 CR4: 0000000000352ef0 [ 192.875800][T15390] Call Trace: [ 192.877157][T15390] [ 192.878428][T15390] ip_push_pending_frames+0x419/0x5d0 [ 192.880655][T15390] icmp_push_reply+0x308/0x440 [ 192.882643][T15390] __icmp_send+0xcdf/0x1960 [ 192.884578][T15390] ? __pfx___icmp_send+0x10/0x10 [ 192.886692][T15390] ? fib_multipath_hash+0x16d1/0x1700 [ 192.889004][T15390] ? __lock_acquire+0x62e/0x1ce0 [ 192.891140][T15390] ? __lock_acquire+0x62e/0x1ce0 [ 192.893247][T15390] ? __ip_options_compile+0x873/0x1670 [ 192.895652][T15390] ? ip_route_input_noref+0x15d/0x2e0 [ 192.897945][T15390] ip_options_compile+0xb6/0x100 [ 192.899753][T15390] ? __pfx_ip_options_compile+0x10/0x10 [ 192.901468][T15390] ? tcp_v4_early_demux+0x484/0xbf0 [ 192.903104][T15390] ? tcp_v4_early_demux+0xc6/0xbf0 [ 192.904794][T15390] ip_rcv_finish_core+0x6e1/0x22a0 [ 192.906418][T15390] ip_rcv+0x1c0/0x600 [ 192.907702][T15390] ? __pfx_ip_rcv+0x10/0x10 [ 192.909122][T15390] __netif_receive_skb_one_core+0x197/0x1e0 [ 192.910968][T15390] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 192.912955][T15390] ? lock_acquire+0x179/0x350 [ 192.914643][T15390] ? __phys_addr+0xe8/0x180 [ 192.916142][T15390] __netif_receive_skb+0x1d/0x160 [ 192.917750][T15390] netif_receive_skb+0x137/0x7b0 [ 192.919350][T15390] ? __pfx_netif_receive_skb+0x10/0x10 [ 192.921085][T15390] tun_rx_batched.isra.0+0x3ee/0x740 [ 192.922784][T15390] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 192.924710][T15390] ? tun_get_user+0x1d8a/0x3ce0 [ 192.926233][T15390] ? rcu_is_watching+0x12/0xc0 [ 192.927789][T15390] tun_get_user+0x28e4/0x3ce0 [ 192.929260][T15390] ? __pfx_tun_get_user+0x10/0x10 [ 192.930820][T15390] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 192.932513][T15390] ? find_held_lock+0x2b/0x80 [ 192.933986][T15390] ? tun_get+0x191/0x370 [ 192.935412][T15390] tun_chr_write_iter+0xdc/0x210 [ 192.937019][T15390] vfs_write+0x7d3/0x11d0 [ 192.938403][T15390] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 192.940168][T15390] ? __pfx_vfs_write+0x10/0x10 [ 192.941686][T15390] ? find_held_lock+0x2b/0x80 [ 192.943196][T15390] ksys_write+0x12a/0x250 [ 192.944637][T15390] ? __pfx_ksys_write+0x10/0x10 [ 192.946204][T15390] do_syscall_64+0xcd/0x4e0 [ 192.947609][T15390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.949411][T15390] RIP: 0033:0x7fb4e6f8d6df [ 192.950811][T15390] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 192.956745][T15390] RSP: 002b:00007fb4e7ee1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 192.959325][T15390] RAX: ffffffffffffffda RBX: 00007fb4e71d5fa0 RCX: 00007fb4e6f8d6df [ 192.961822][T15390] RDX: 0000000000000042 RSI: 0000200000000000 RDI: 00000000000000c8 [ 192.964381][T15390] RBP: 00007fb4e7011e41 R08: 0000000000000000 R09: 0000000000000000 [ 192.966898][T15390] R10: 0000000000000042 R11: 0000000000000293 R12: 0000000000000000 [ 192.969345][T15390] R13: 00007fb4e71d6038 R14: 00007fb4e71d5fa0 R15: 00007ffdfc53b718 [ 192.971838][T15390] [ 192.972817][T15390] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 192.975057][T15390] CPU: 0 UID: 0 PID: 15390 Comm: syz.2.1741 Not tainted syzkaller #0 PREEMPT(full) [ 192.977985][T15390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 192.981335][T15390] Call Trace: [ 192.982406][T15390] [ 192.983364][T15390] dump_stack_lvl+0x3d/0x1f0 [ 192.984842][T15390] vpanic+0x6e8/0x7a0 [ 192.986095][T15390] ? __pfx_vpanic+0x10/0x10 [ 192.987542][T15390] ? ip_rt_bug+0x2b/0x120 [ 192.988904][T15390] panic+0xca/0xd0 [ 192.990073][T15390] ? __pfx_panic+0x10/0x10 [ 192.991479][T15390] check_panic_on_warn+0xab/0xb0 [ 192.992853][T15390] __warn+0xf6/0x3c0 [ 192.994026][T15390] ? ip_rt_bug+0x2b/0x120 [ 192.995389][T15390] report_bug+0x3c3/0x580 [ 192.996764][T15390] ? ip_rt_bug+0x2b/0x120 [ 192.998138][T15390] handle_bug+0x184/0x210 [ 192.999539][T15390] exc_invalid_op+0x17/0x50 [ 193.000988][T15390] asm_exc_invalid_op+0x1a/0x20 [ 193.002527][T15390] RIP: 0010:ip_rt_bug+0x2b/0x120 [ 193.004108][T15390] Code: 0f 1e fa 41 54 55 53 48 89 d3 48 83 ec 08 e8 9c 08 c3 f7 66 90 e8 95 08 c3 f7 ba 02 00 00 00 48 89 de 31 ff e8 06 69 70 ff 90 <0f> 0b 90 48 83 c4 08 31 c0 5b 5d 41 5c e9 53 2b 9f 01 e8 6e 08 c3 [ 193.010123][T15390] RSP: 0018:ffffc9000743f3d8 EFLAGS: 00010287 [ 193.012042][T15390] RAX: 0000000000000cf3 RBX: ffff8880550f5180 RCX: ffffc90004a91000 [ 193.014512][T15390] RDX: 0000000000080000 RSI: ffffffff89f894fa RDI: ffffffff8c163400 [ 193.017067][T15390] RBP: ffff8880550f5180 R08: 0000000000000001 R09: 0000000000000001 [ 193.019520][T15390] R10: ffffffff90ab7597 R11: 0000000000000000 R12: ffff88803777a440 [ 193.021964][T15390] R13: ffff8881013af000 R14: ffff888047545700 R15: ffff8880550f51d8 [ 193.024414][T15390] ? ip_rt_bug+0x2a/0x120 [ 193.025791][T15390] ? ip_rt_bug+0x2a/0x120 [ 193.027272][T15390] ip_push_pending_frames+0x419/0x5d0 [ 193.028971][T15390] icmp_push_reply+0x308/0x440 [ 193.030486][T15390] __icmp_send+0xcdf/0x1960 [ 193.031926][T15390] ? __pfx___icmp_send+0x10/0x10 [ 193.033426][T15390] ? fib_multipath_hash+0x16d1/0x1700 [ 193.035088][T15390] ? __lock_acquire+0x62e/0x1ce0 [ 193.036607][T15390] ? __lock_acquire+0x62e/0x1ce0 [ 193.038130][T15390] ? __ip_options_compile+0x873/0x1670 [ 193.039842][T15390] ? ip_route_input_noref+0x15d/0x2e0 [ 193.041493][T15390] ip_options_compile+0xb6/0x100 [ 193.043030][T15390] ? __pfx_ip_options_compile+0x10/0x10 [ 193.044723][T15390] ? tcp_v4_early_demux+0x484/0xbf0 [ 193.046329][T15390] ? tcp_v4_early_demux+0xc6/0xbf0 [ 193.047961][T15390] ip_rcv_finish_core+0x6e1/0x22a0 [ 193.049498][T15390] ip_rcv+0x1c0/0x600 [ 193.050728][T15390] ? __pfx_ip_rcv+0x10/0x10 [ 193.052166][T15390] __netif_receive_skb_one_core+0x197/0x1e0 [ 193.053982][T15390] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 193.055964][T15390] ? lock_acquire+0x179/0x350 [ 193.057452][T15390] ? __phys_addr+0xe8/0x180 [ 193.058882][T15390] __netif_receive_skb+0x1d/0x160 [ 193.060419][T15390] netif_receive_skb+0x137/0x7b0 [ 193.061970][T15390] ? __pfx_netif_receive_skb+0x10/0x10 [ 193.063681][T15390] tun_rx_batched.isra.0+0x3ee/0x740 [ 193.065371][T15390] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 193.067259][T15390] ? tun_get_user+0x1d8a/0x3ce0 [ 193.068786][T15390] ? rcu_is_watching+0x12/0xc0 [ 193.070289][T15390] tun_get_user+0x28e4/0x3ce0 [ 193.071784][T15390] ? __pfx_tun_get_user+0x10/0x10 [ 193.073459][T15390] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 193.075191][T15390] ? find_held_lock+0x2b/0x80 [ 193.076673][T15390] ? tun_get+0x191/0x370 [ 193.078026][T15390] tun_chr_write_iter+0xdc/0x210 [ 193.079602][T15390] vfs_write+0x7d3/0x11d0 [ 193.080973][T15390] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 193.082713][T15390] ? __pfx_vfs_write+0x10/0x10 [ 193.084243][T15390] ? find_held_lock+0x2b/0x80 [ 193.085734][T15390] ksys_write+0x12a/0x250 [ 193.087227][T15390] ? __pfx_ksys_write+0x10/0x10 [ 193.088759][T15390] do_syscall_64+0xcd/0x4e0 [ 193.090190][T15390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.092034][T15390] RIP: 0033:0x7fb4e6f8d6df [ 193.093430][T15390] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 193.099324][T15390] RSP: 002b:00007fb4e7ee1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 193.101839][T15390] RAX: ffffffffffffffda RBX: 00007fb4e71d5fa0 RCX: 00007fb4e6f8d6df [ 193.104192][T15390] RDX: 0000000000000042 RSI: 0000200000000000 RDI: 00000000000000c8 [ 193.106515][T15390] RBP: 00007fb4e7011e41 R08: 0000000000000000 R09: 0000000000000000 [ 193.108837][T15390] R10: 0000000000000042 R11: 0000000000000293 R12: 0000000000000000 [ 193.111232][T15390] R13: 00007fb4e71d6038 R14: 00007fb4e71d5fa0 R15: 00007ffdfc53b718 [ 193.113599][T15390] [ 193.115211][T15390] Kernel Offset: disabled [ 193.116520][T15390] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:49:46 Registers: info registers vcpu 0 CPU#0 RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8564c215 RDI=ffffffff9b118120 RBP=ffffffff9b1180e0 RSP=ffffc9000743ed40 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000005d R14=ffffffff9b1180e0 R15=ffffffff8564c1b0 RIP=ffffffff8564c23f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fb4e7ee16c0 ffffffff 00c00000 GS =0000 ffff8880d66b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c327647 CR3=0000000026774000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=00000000ffffffff Opmask02=0000000002fefefe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfc53bc26 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfc53bc26 00007ffdfc53bc2c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e6e ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e7b ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e75 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e89 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012f0f ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012fed ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e71a74a8 00007fb4e71a74a0 00007fb4e71a7498 00007fb4e71a7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7d0d100 00007fb4e71a7460 00007fb4e71a7478 00007fb4e71a74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e71a74b8 00007fb4e71a74b0 00007fb4e71a74a8 00007fb4e71a74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000359151 RBX=0000000000000001 RCX=ffffffff8b94cb49 RDX=0000000000000000 RSI=ffffffff8de52cd1 RDI=ffffffff8c163400 RBP=ffffed1003bd7488 RSP=ffffc90000177df8 R8 =0000000000000001 R9 =ffffed100d4a6655 R10=ffff88806a5332ab R11=0000000000000000 R12=0000000000000001 R13=ffff88801deba440 R14=ffffffff90ab7590 R15=0000000000000000 RIP=ffffffff8b94b68f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb4e71d7dac CR3=000000004f3e0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd1c648fd0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd1c649156 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd1c649156 00007ffd1c64915c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa524612e6e ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa524612e7b ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa524612e75 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa524612e89 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa524612f0f ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa524612fed ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffff88801d7aaf58 RBX=ffffffff8e5c15a0 RCX=ffffc90006da722c RDX=0000000000000002 RSI=ffffffff8e5c15a0 RDI=ffff88801d7aaf58 RBP=0000000000000001 RSP=ffffc90006da7220 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000011475 R12=ffffffff816af8a4 R13=0000000000000202 R14=ffff88801d7aa440 R15=0000000000000002 RIP=ffffffff8197d354 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fa410f8e6c0 ffffffff 00c00000 GS =0000 ffff8880d68b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000045ec1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555571f9020 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555571f7948 00005555571f7670 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555571fa919 00005555571fa690 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030008000490030f ffffffffffff0404 80030c0800061000 201000060071a406 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04840030030c0200 2e030002002c0300 0484002803000484 0024036804840020 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d402004203280200 40032802003e0302 d802003c0301a288 848c048800340300 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 020052031c808080 840488004a0303d2 020048030e020046 0302920200440302 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8808006c03089492 8d88080064030004 8400600300048400 5c0304020054030e ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010fffffffffffff 0400040184100006 0172dc401c000200 040a3003285c0004 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5080020418800208 3c000834000a0004 0a7c030004840001 8003000484007c03 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0480800484007803 40020076030a40a0 80820074030c3088 8082007403001080 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8082007403089492 8d8808006c030894 928d880800640300 0484006003000484 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000017c401 RBX=0000000000000003 RCX=ffffffff8b94cb49 RDX=0000000000000000 RSI=ffffffff8de52cd1 RDI=ffffffff8c163400 RBP=ffffed1003bda000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e6655 R10=ffff88806a7332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801ded0000 R14=ffffffff90ab7590 R15=0000000000000000 RIP=ffffffff8b94b68f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000025016c64 CR3=0000000045ec1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=00000000ffffffff Opmask02=0000000002fefefe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfc53baa0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfc53bc26 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfc53bc26 00007ffdfc53bc2c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e6e ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e7b ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e75 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012e89 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012f0f ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4e7012fed ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000