last executing test programs: 28.193085692s ago: executing program 1 (id=300): r0 = io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r1, 0x5760, 0x5e) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)) 28.19292903s ago: executing program 1 (id=301): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x0, 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) 28.141491335s ago: executing program 1 (id=303): r0 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000200)="1d", 0x1, 0xfffffffffffffffe) (async) r1 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, &(0x7f0000000740)="69bf05d40ff7e03db3ddca537c6c5612321b25d32064e9ed643d462211406432e87c4d40383939ab8276bfc0294ba021d1ccf9b6b32d1b6c9e8c9737ca2d08305301693ef20a414ca24bed3736d182271d197fc2146a9f55070f3f31155b9081ecbd0fcc0296c88eac143394a776955e8a075194717757c9e085976cac66fd4c5bc83183df2db8205863d7f803e302420e7fc5315861803024f921932a49a4283f6a7d8ab2cbd629e984582467fd6ca63598d554677517903644dc2ef01f8dec", 0xc0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r1, r0}, &(0x7f00000002c0)=""/113, 0x71, &(0x7f0000000180)={&(0x7f0000000400)={'xxhash64-generic\x00'}, &(0x7f00000005c0)="0900a9351a47", 0x6}) (async) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0x29) (async) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xff) (async, rerun: 64) ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f0000000540)={0xfffffff7, 0x200401, 0xfffffffd, 0xc6cf, 0x91, "0000080100000000150000000100", 0x240000, 0x1fd}) (async, rerun: 64) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0x8) (async) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0xa) ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f0000000100)={{0x9, 0xfffffffa}, {0x9, 0x1003ff}, 0xffffffff, 0x7}) 28.073142186s ago: executing program 1 (id=304): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') (async) chdir(&(0x7f0000000140)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) syz_clone(0xc0080, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 28.072942466s ago: executing program 1 (id=305): socket$packet(0x11, 0xa, 0x300) (async) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') getdents64(r0, &(0x7f0000000100)=""/83, 0x53) (async) getdents64(r0, 0x0, 0x0) (async) r1 = syz_io_uring_setup(0x5c26, &(0x7f0000000240)={0x0, 0x85b0, 0x13a91, 0x4, 0x0, 0x0, r0}, &(0x7f0000000440), &(0x7f0000000000)) io_uring_enter(r1, 0x1, 0x0, 0x1, 0x0, 0x1000000) (async) r2 = openat$ttyprintk(0xffffff9c, &(0x7f0000001b40), 0x101000, 0x0) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000001b80)) r3 = socket(0x1e, 0x4, 0x4) sendmsg$tipc(r3, &(0x7f0000000200)={&(0x7f0000000c00)=@name={0x1e, 0x2, 0x2, {{0x43, 0x3}, 0x7}}, 0x10, 0x0}, 0x0) 27.783108966s ago: executing program 1 (id=310): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, 0xffffffffffffffff) 27.715146804s ago: executing program 32 (id=310): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, 0xffffffffffffffff) 3.531331091s ago: executing program 4 (id=493): syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0xfffffffffffffffd, 0x183003) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1494c0, 0x189) socket$key(0xf, 0x3, 0x2) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) syz_open_dev$tty1(0xc, 0x4, 0x2) socket$nl_audit(0x10, 0x3, 0x9) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000080)) pipe(&(0x7f0000000000)) pipe2(&(0x7f0000001040), 0x0) pipe2(&(0x7f0000000240), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 2.332473652s ago: executing program 4 (id=507): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000600)='team_slave_0\x00', 0x10) syz_emit_ethernet(0x2a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 2.282745643s ago: executing program 4 (id=508): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="b91701811a1e42b5ba4375aa85a84e4f9c95a6c555a1f5c9a528732192fc2f922cad1ab69dcd8fe6992886e8a95d7a0869644c5e1fd07d9e2867458a5d5b13c9e077ce1b8df3c8827af7b4f1f325f69f92ee22e5a8f58df2959db69d163a50f24485ecba1927b9eb6c227224ad5720a2d097fe61894aec1d383ed10e1b29006a82cd282b002c4b719584521d4d36f5be684cc81c0d8953d890bba2eb57b8f4816437e2af2415b7601bb0", 0xaa}], 0x1}, 0x4000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.282438028s ago: executing program 4 (id=509): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0x4, 0x7, 0x2, 0xffffffffffffffff, 0x0, 0x80000004000000, 0x200000000c], 0x80a0000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.221038707s ago: executing program 2 (id=511): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x80) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) sendfile(r2, r1, 0x0, 0x4000000053d2) 2.142097291s ago: executing program 2 (id=512): syz_io_uring_setup(0x5b52, &(0x7f00000000c0)={0x0, 0xafcc, 0x190, 0x83, 0x102}, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="05000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c0064"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c00", @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a", 0x2, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.141167831s ago: executing program 4 (id=513): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x4, [@var={0x3, 0x0, 0x0, 0x11, 0x3}]}, {0x0, [0x0, 0x0]}}, 0x0, 0x2c}, 0x28) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00') readlinkat(r0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4112, 0x1010) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) syz_open_dev$video4linux(&(0x7f00000000c0), 0x102000007, 0x1e3002) socket(0x10, 0x3, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r2, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x0, 0xfffffffffffffffd}) 1.752551415s ago: executing program 2 (id=514): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3, 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000002080)=0xa) poll(&(0x7f00000000c0)=[{r4}], 0x1, 0x7) 1.67170658s ago: executing program 2 (id=515): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRES8=0x0, @ANYRES16], 0x18}}, {{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=[@rthdrdstopts={{0x40, 0x29, 0x37, {0x5c, 0x4, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x7d, 0x6, [0x10000]}}]}}}], 0x40}}], 0x2, 0x810) mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800eb58807a40c5e77fb570e73ce84643ade9bd61334c3db831aa9838138efc968d22a37602fe9fb"]) r0 = socket$unix(0x1, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.422656962s ago: executing program 3 (id=518): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="b91701811a1e42b5ba4375aa85a84e4f9c95a6c555a1f5c9a528732192fc2f922cad1ab69dcd8fe6992886e8a95d7a0869644c5e1fd07d9e2867458a5d5b13c9e077ce1b8df3c8827af7b4f1f325f69f92ee22e5a8f58df2959db69d163a50f24485ecba1927b9eb6c227224ad5720a2d097fe61894aec1d383ed10e1b29006a82cd282b002c4b719584521d4d36f5be684cc81c0d8953d890bba2eb57b8f4816437e2af2415b7601bb0", 0xaa}], 0x1}, 0x4000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.241614801s ago: executing program 3 (id=519): openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x880, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r0, 0xae80, 0x0) 1.241334776s ago: executing program 4 (id=520): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x20, 0xa, 0x2, {0x2, 0x5}}, 0x0}, 0x0) 1.241264894s ago: executing program 3 (id=521): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x1, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x9d3354bba4295a8d, {{0x41}}}, 0x10) 1.17268757s ago: executing program 3 (id=522): socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x1c, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x5, 0x0, 0x0, 0xffffffff, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x6, 0x3, 0x0, 0x0, 0x0, 0x4000000000000, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x6, 0x800000, 0x0, 0x101, 0x0, 0xd721, 0x0, 0x4, 0x0, 0x0, 0x1, 0xfffffffffffff000, 0x0, 0x0, 0x0, 0x0, 0x9b, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1]}) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000300)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000100)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000880)=""/99, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000340)=0xfffffffe) 732.71771ms ago: executing program 2 (id=523): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0xfffffffffffffe76, {0x4, 0x1}}}) 732.37956ms ago: executing program 2 (id=524): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000019240)='net/igmp6\x00') pread64(r3, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 252.381529ms ago: executing program 3 (id=528): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x40000, 0x0, 0xfffffffc, 0x238}, &(0x7f0000000380), 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b) 182.22331ms ago: executing program 0 (id=529): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x24, r1, 0xb97534d5fe9704cf, 0x70bd2b, 0x25dfdbfe, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x24}}, 0x0) 110.998101ms ago: executing program 0 (id=530): openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x880, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r0, 0xae80, 0x0) 110.868073ms ago: executing program 0 (id=531): syz_emit_ethernet(0x76, &(0x7f0000000200)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x81, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x15, 0x10, 0xca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x80000000, 0xfbc}, @nop, @exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa, 0x1, 0x8a}, @fastopen={0x22, 0x4, "5881"}, @exp_fastopen={0xfe, 0x4}, @fastopen={0x22, 0xe, "da0647316a11c8a7db0e3a3b"}, @mptcp=@capable={0x1e, 0xc, 0x4, 0x1, 0x40, 0x1}]}}}}}}}, 0x0) 53.956357ms ago: executing program 3 (id=532): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_pid(r1, &(0x7f0000000000), 0xffffff98) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffb}]}) close_range(r2, 0xffffffffffffffff, 0x0) 53.491693ms ago: executing program 0 (id=533): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3, 0xffffffffffffffff}) poll(&(0x7f00000000c0)=[{r4}], 0x1, 0x7) 253.997µs ago: executing program 0 (id=534): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 0 (id=535): socket$inet6_icmp(0xa, 0x2, 0x3a) syz_open_dev$dri(0x0, 0x1, 0x40000) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4) connect$unix(0xffffffffffffffff, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8000007, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000300)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}) kernel console output (not intermixed with test programs): [ 38.281405][ T40] audit: type=1400 audit(1760797211.545:60): avc: denied { rlimitinh } for pid=5834 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.289557][ T40] audit: type=1400 audit(1760797211.545:61): avc: denied { siginh } for pid=5834 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:16665' (ED25519) to the list of known hosts. [ 39.214196][ T40] audit: type=1400 audit(1760797212.505:62): avc: denied { name_bind } for pid=5845 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.231013][ T40] audit: type=1400 audit(1760797212.525:63): avc: denied { write } for pid=5846 comm="sh" path="pipe:[1943]" dev="pipefs" ino=1943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 39.242131][ T40] audit: type=1400 audit(1760797212.535:64): avc: denied { execute } for pid=5846 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 39.250304][ T40] audit: type=1400 audit(1760797212.535:65): avc: denied { execute_no_trans } for pid=5846 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 41.232705][ T40] audit: type=1400 audit(1760797214.525:66): avc: denied { mounton } for pid=5846 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 41.242612][ T5846] cgroup: Unknown subsys name 'net' [ 41.366078][ T5846] cgroup: Unknown subsys name 'cpuset' [ 41.370178][ T5846] cgroup: Unknown subsys name 'rlimit' [ 41.575107][ T5851] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.295416][ T5846] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.525250][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 45.525260][ T40] audit: type=1400 audit(1760797218.815:80): avc: denied { execmem } for pid=5925 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.817163][ T40] audit: type=1400 audit(1760797219.105:81): avc: denied { create } for pid=5929 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.827421][ T40] audit: type=1400 audit(1760797219.105:82): avc: denied { read write } for pid=5929 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.857461][ T40] audit: type=1400 audit(1760797219.105:83): avc: denied { open } for pid=5930 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.868280][ T5932] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.869773][ T40] audit: type=1400 audit(1760797219.115:84): avc: denied { ioctl } for pid=5930 comm="syz-executor" path="socket:[6503]" dev="sockfs" ino=6503 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.881363][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.884345][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.886847][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.889777][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.892444][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.895251][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.899671][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.900137][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.900656][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.901008][ T40] audit: type=1400 audit(1760797219.185:85): avc: denied { read } for pid=5938 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.901075][ T40] audit: type=1400 audit(1760797219.185:86): avc: denied { open } for pid=5938 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.901942][ T40] audit: type=1400 audit(1760797219.185:87): avc: denied { mounton } for pid=5938 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.903149][ T5933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.903758][ T5948] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.904147][ T5948] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.904869][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.905445][ T5946] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.905614][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.912342][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.912862][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.919500][ T5933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.972783][ T5933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 46.108432][ T40] audit: type=1400 audit(1760797219.395:88): avc: denied { module_request } for pid=5938 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 46.178797][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 46.236625][ T5930] chnl_net:caif_netlink_parms(): no params data found [ 46.248691][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 46.343950][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.346638][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.349035][ T5938] bridge_slave_0: entered allmulticast mode [ 46.351921][ T5938] bridge_slave_0: entered promiscuous mode [ 46.387462][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.389663][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.392600][ T5938] bridge_slave_1: entered allmulticast mode [ 46.395207][ T5938] bridge_slave_1: entered promiscuous mode [ 46.479881][ T5930] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.482287][ T5930] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.484848][ T5930] bridge_slave_0: entered allmulticast mode [ 46.487712][ T5930] bridge_slave_0: entered promiscuous mode [ 46.509395][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.529704][ T5930] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.532705][ T5930] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.535003][ T5930] bridge_slave_1: entered allmulticast mode [ 46.537480][ T5930] bridge_slave_1: entered promiscuous mode [ 46.540123][ T5929] chnl_net:caif_netlink_parms(): no params data found [ 46.546770][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.624239][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.626457][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.628703][ T5939] bridge_slave_0: entered allmulticast mode [ 46.631886][ T5939] bridge_slave_0: entered promiscuous mode [ 46.636399][ T5930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.644556][ T5930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.648447][ T5938] team0: Port device team_slave_0 added [ 46.650428][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.652734][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.654807][ T5939] bridge_slave_1: entered allmulticast mode [ 46.657254][ T5939] bridge_slave_1: entered promiscuous mode [ 46.688320][ T5938] team0: Port device team_slave_1 added [ 46.730022][ T5930] team0: Port device team_slave_0 added [ 46.808498][ T5930] team0: Port device team_slave_1 added [ 46.814607][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.817075][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 46.825267][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.830727][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.836456][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.905942][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.908160][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 46.916342][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.938872][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.941239][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 46.949116][ T5930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.954844][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.957037][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 46.966019][ T5930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.969636][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.972973][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.975332][ T5929] bridge_slave_0: entered allmulticast mode [ 46.978020][ T5929] bridge_slave_0: entered promiscuous mode [ 47.003304][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.006041][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.008780][ T5929] bridge_slave_1: entered allmulticast mode [ 47.012084][ T5929] bridge_slave_1: entered promiscuous mode [ 47.056390][ T5939] team0: Port device team_slave_0 added [ 47.060427][ T5939] team0: Port device team_slave_1 added [ 47.117991][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.135679][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.137961][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 47.146081][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.177140][ T5938] hsr_slave_0: entered promiscuous mode [ 47.179496][ T5938] hsr_slave_1: entered promiscuous mode [ 47.183236][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.199628][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.202967][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 47.213515][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.244922][ T5930] hsr_slave_0: entered promiscuous mode [ 47.247244][ T5930] hsr_slave_1: entered promiscuous mode [ 47.249507][ T5930] debugfs: 'hsr0' already exists in 'hsr' [ 47.251416][ T5930] Cannot create hsr debugfs directory [ 47.331455][ T5929] team0: Port device team_slave_0 added [ 47.390654][ T5929] team0: Port device team_slave_1 added [ 47.425811][ T5939] hsr_slave_0: entered promiscuous mode [ 47.429027][ T5939] hsr_slave_1: entered promiscuous mode [ 47.432113][ T5939] debugfs: 'hsr0' already exists in 'hsr' [ 47.434549][ T5939] Cannot create hsr debugfs directory [ 47.495427][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.498383][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 47.508752][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.516866][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.519436][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 47.530059][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.684622][ T5929] hsr_slave_0: entered promiscuous mode [ 47.686828][ T5929] hsr_slave_1: entered promiscuous mode [ 47.688778][ T5929] debugfs: 'hsr0' already exists in 'hsr' [ 47.690488][ T5929] Cannot create hsr debugfs directory [ 47.870218][ T5930] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.880079][ T5930] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.890025][ T5930] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.904791][ T5930] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.947194][ T5938] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.951764][ T5297] Bluetooth: hci2: command tx timeout [ 47.951815][ T5933] Bluetooth: hci3: command tx timeout [ 47.952108][ T5946] Bluetooth: hci1: command tx timeout [ 47.954246][ T5938] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.975007][ T5938] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.980340][ T5938] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.027937][ T5939] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.031220][ T5933] Bluetooth: hci0: command tx timeout [ 48.044269][ T5939] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.048521][ T5939] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.064466][ T5939] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.104100][ T5930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.112334][ T5929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 48.122753][ T5929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 48.135187][ T5929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.142931][ T5930] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.148249][ T5929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.158945][ T1252] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.161434][ T1252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.187229][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.189502][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.218189][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.242904][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.256563][ T102] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.259214][ T102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.277956][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.289618][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.290033][ T40] audit: type=1400 audit(1760797221.575:89): avc: denied { sys_module } for pid=5930 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 48.292570][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.317537][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.328696][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.331885][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.344525][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.346818][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.370689][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.404751][ T5939] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.419190][ T5929] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.425344][ T5930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.442775][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.445180][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.455874][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.458371][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.484698][ T5930] veth0_vlan: entered promiscuous mode [ 48.509089][ T5930] veth1_vlan: entered promiscuous mode [ 48.520449][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.527707][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.544683][ T5930] veth0_macvtap: entered promiscuous mode [ 48.550021][ T5930] veth1_macvtap: entered promiscuous mode [ 48.569109][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.581766][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.595000][ T5939] veth0_vlan: entered promiscuous mode [ 48.597400][ T102] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.600268][ T102] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.611642][ T102] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.617760][ T5938] veth0_vlan: entered promiscuous mode [ 48.621681][ T102] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.635733][ T5939] veth1_vlan: entered promiscuous mode [ 48.642742][ T5938] veth1_vlan: entered promiscuous mode [ 48.669642][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.682274][ T5939] veth0_macvtap: entered promiscuous mode [ 48.686609][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.689172][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.694832][ T5938] veth0_macvtap: entered promiscuous mode [ 48.702034][ T5939] veth1_macvtap: entered promiscuous mode [ 48.725859][ T5938] veth1_macvtap: entered promiscuous mode [ 48.730283][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.735445][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.735488][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.739946][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.750790][ T102] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.754415][ T102] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.762282][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.764667][ T102] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.767441][ T102] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.788127][ T5930] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.788408][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.802510][ T5929] veth0_vlan: entered promiscuous mode [ 48.805263][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.808067][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.820268][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.823697][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.837467][ T5929] veth1_vlan: entered promiscuous mode [ 48.853029][ T6020] IPv6: NLM_F_CREATE should be specified when creating new route [ 48.860498][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.865414][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.888186][ T5929] veth0_macvtap: entered promiscuous mode [ 48.895866][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.898389][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.919839][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.919859][ T5929] veth1_macvtap: entered promiscuous mode [ 48.924474][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.962787][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.966734][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.974437][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.982153][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.999264][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.013132][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.022953][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.025718][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.065471][ T6039] capability: warning: `syz.0.1' uses 32-bit capabilities (legacy support in use) [ 49.065906][ T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.077503][ T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.107621][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.110389][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.112940][ T6046] overlay: ./file1 is not a directory [ 49.138612][ T6051] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 49.249826][ T5943] libceph: connect (1)[c::]:6789 error -101 [ 49.252212][ T5943] libceph: mon0 (1)[c::]:6789 connect error [ 49.379888][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16'. [ 49.422270][ T6076] netlink: 24 bytes leftover after parsing attributes in process `syz.1.17'. [ 49.429820][ T6076] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6076 comm=syz.1.17 [ 49.475261][ T6078] FAT-fs (loop1): unable to read boot sector [ 49.512779][ T5943] libceph: connect (1)[c::]:6789 error -101 [ 49.514999][ T5943] libceph: mon0 (1)[c::]:6789 connect error [ 49.521297][ T6080] Bluetooth: MGMT ver 1.23 [ 49.577408][ T6084] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.581444][ T29] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 49.733080][ T29] usb 5-1: Using ep0 maxpacket: 8 [ 49.738634][ T29] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 49.743499][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 49.748235][ T29] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 49.754304][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 49.758278][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 49.763125][ T29] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 49.765506][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 49.768979][ T29] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 49.774005][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 49.777580][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 49.782457][ T29] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 49.784786][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 49.788292][ T29] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 49.792623][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 49.796793][ T29] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 49.804037][ T29] usb 5-1: string descriptor 0 read error: -22 [ 49.806756][ T29] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 49.810348][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.831507][ T29] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 50.021768][ T6015] libceph: connect (1)[c::]:6789 error -101 [ 50.023807][ T6015] libceph: mon0 (1)[c::]:6789 connect error [ 50.031351][ T5933] Bluetooth: hci1: command tx timeout [ 50.031714][ T5297] Bluetooth: hci3: command tx timeout [ 50.033148][ T5933] Bluetooth: hci2: command tx timeout [ 50.059307][ T6059] ceph: No mds server is up or the cluster is laggy [ 50.112088][ T5943] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 50.128345][ T29] usb 5-1: USB disconnect, device number 2 [ 50.271514][ T5943] usb 8-1: Using ep0 maxpacket: 8 [ 50.274425][ T5943] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 50.277906][ T5943] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 50.281320][ T5943] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 50.285211][ T5943] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 50.290482][ T5943] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 50.294598][ T5943] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.504187][ T5943] usb 8-1: GET_CAPABILITIES returned 0 [ 50.506267][ T5943] usbtmc 8-1:16.0: can't read capabilities [ 50.598241][ T40] kauditd_printk_skb: 97 callbacks suppressed [ 50.598251][ T40] audit: type=1400 audit(1760797223.885:187): avc: denied { append } for pid=6126 comm="syz.2.33" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 50.607438][ T40] audit: type=1400 audit(1760797223.885:188): avc: denied { ioctl } for pid=6126 comm="syz.2.33" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 50.659082][ T40] audit: type=1400 audit(1760797223.945:189): avc: denied { name_bind } for pid=6129 comm="syz.0.35" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 50.666957][ T40] audit: type=1400 audit(1760797223.945:190): avc: denied { sys_module } for pid=6128 comm="syz.2.34" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 50.674417][ T40] audit: type=1400 audit(1760797223.945:191): avc: denied { module_load } for pid=6128 comm="syz.2.34" path="/11/bus" dev="tmpfs" ino=76 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 50.681922][ T40] audit: type=1400 audit(1760797223.955:192): avc: denied { mount } for pid=6128 comm="syz.2.34" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 50.689954][ T40] audit: type=1400 audit(1760797223.955:193): avc: denied { remount } for pid=6128 comm="syz.2.34" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 50.698449][ T40] audit: type=1400 audit(1760797223.955:194): avc: denied { read } for pid=6128 comm="syz.2.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.706090][ T40] audit: type=1400 audit(1760797223.995:195): avc: denied { write } for pid=6129 comm="syz.0.35" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 50.713533][ T5943] usb 8-1: USB disconnect, device number 2 [ 50.715851][ T40] audit: type=1400 audit(1760797224.005:196): avc: denied { setopt } for pid=6128 comm="syz.2.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.794896][ T6137] netlink: 'syz.2.36': attribute type 21 has an invalid length. [ 51.157993][ T6194] uprobe: syz.2.42:6194 failed to unregister, leaking uprobe [ 51.331021][ T6205] Zero length message leads to an empty skb [ 51.610936][ T6016] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 51.760931][ T6016] usb 8-1: Using ep0 maxpacket: 8 [ 51.763821][ T6016] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 51.766400][ T6016] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 51.769696][ T6016] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 51.772856][ T6016] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 51.775894][ T6016] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 51.779923][ T6016] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 51.783093][ T6016] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.907898][ T6220] vlan2: entered allmulticast mode [ 51.910117][ T6220] bond0: entered allmulticast mode [ 51.912568][ T6220] bond_slave_0: entered allmulticast mode [ 51.914851][ T6220] bond_slave_1: entered allmulticast mode [ 51.990435][ T6016] usb 8-1: usb_control_msg returned -32 [ 51.992376][ T6016] usbtmc 8-1:16.0: can't read capabilities [ 52.111249][ T5946] Bluetooth: hci2: command tx timeout [ 52.111632][ T5297] Bluetooth: hci1: command tx timeout [ 52.113355][ T5933] Bluetooth: hci3: command tx timeout [ 52.403497][ T6252] overlayfs: failed lookup in lower (newroot/27, name='bus', err=-40): overlapping layers [ 52.406979][ T6252] overlayfs: failed lookup in lower (newroot/27, name='bus', err=-40): overlapping layers [ 52.411285][ T6252] overlayfs: failed lookup in lower (newroot/27, name='file0', err=-40): overlapping layers [ 52.415072][ T6253] overlayfs: failed lookup in lower (newroot/27, name='file0', err=-40): overlapping layers [ 52.660922][ T53] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 52.698741][ T6254] usbtmc 8-1:16.0: INITIATE_ABORT_BULK_OUT returned 0 [ 52.756643][ T6222] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 52.812322][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 52.816722][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 52.820038][ T53] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 52.823177][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.829736][ T53] usb 7-1: config 0 descriptor?? [ 53.020916][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 53.039590][ T53] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 53.042941][ T53] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 53.045730][ T53] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 53.048123][ T53] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 53.051089][ T53] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 53.060419][ T53] cm6533_jd 0003:0D8C:0022.0002: hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 53.201206][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 53.204032][ T24] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.207778][ T24] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.211469][ T24] usb 5-1: config 0 interface 0 has no altsetting 0 [ 53.213666][ T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 53.216651][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.221871][ T24] usb 5-1: config 0 descriptor?? [ 53.244526][ T5942] usb 7-1: USB disconnect, device number 2 [ 53.415160][ T6278] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.483726][ T6278] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.580602][ T6278] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.629031][ T24] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 53.631439][ T24] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 53.633720][ T24] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 53.635912][ T24] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 53.638134][ T24] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 53.640638][ T24] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 53.653627][ T6278] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.774135][ T6178] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.782546][ T102] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.791853][ T102] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.798178][ T102] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.814245][ T6281] gfs2: not a GFS2 filesystem [ 53.872008][ T5933] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 53.874993][ T5933] Bluetooth: hci0: Injecting HCI hardware error event [ 53.877821][ T5933] Bluetooth: hci0: hardware error 0x00 [ 54.191776][ T5297] Bluetooth: hci1: command tx timeout [ 54.193150][ T5946] Bluetooth: hci3: command tx timeout [ 54.193164][ T5937] Bluetooth: hci2: command tx timeout [ 54.242513][ T6298] ALSA: mixer_oss: invalid OSS volume 'PHONEX0IN' [ 54.376566][ T24] usb 8-1: USB disconnect, device number 3 [ 54.391964][ T6304] kvm: MWAIT instruction emulated as NOP! [ 54.823010][ T6350] netlink: 24 bytes leftover after parsing attributes in process `syz.3.82'. [ 54.849685][ T6350] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6350 comm=syz.3.82 [ 54.856343][ T6350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.82'. [ 54.859196][ T6350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.885970][ T24] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 54.890562][ T6350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 54.990925][ T5943] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 55.008148][ T6352] netlink: 40 bytes leftover after parsing attributes in process `syz.3.83'. [ 55.163394][ T5943] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 55.167973][ T5943] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 55.172974][ T5943] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 55.176756][ T5943] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.188791][ T6348] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 55.197744][ T5943] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 55.401911][ T5942] usb 6-1: USB disconnect, device number 2 [ 55.404906][ T6358] syz.2.85 uses obsolete (PF_INET,SOCK_PACKET) [ 55.417759][ T6358] netdevsim netdevsim2: Direct firmware load for . [ 55.417759][ T6358] failed with error -2 [ 55.427017][ T6358] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 55.427017][ T6358] [ 55.848908][ T6361] QAT: Device 4 not found [ 55.851560][ T40] kauditd_printk_skb: 55 callbacks suppressed [ 55.851569][ T40] audit: type=1400 audit(1760797229.145:252): avc: denied { nlmsg_write } for pid=6360 comm="syz.0.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 55.851971][ T6361] QAT: Invalid ioctl 1074550219 [ 55.862937][ T6361] QAT: Invalid ioctl 35092 [ 55.894209][ T40] audit: type=1400 audit(1760797229.185:253): avc: denied { connect } for pid=6362 comm="syz.0.87" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 55.901036][ T40] audit: type=1400 audit(1760797229.185:254): avc: denied { write } for pid=6362 comm="syz.0.87" laddr=fe80::4448:7dff:fe1c:5f4c lport=58 faddr=ff02::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 55.941234][ T40] audit: type=1400 audit(1760797229.225:255): avc: denied { mount } for pid=6367 comm="syz.3.90" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 55.950295][ T40] audit: type=1400 audit(1760797229.225:256): avc: denied { remount } for pid=6367 comm="syz.3.90" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 55.951399][ T5933] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 55.958170][ T40] audit: type=1400 audit(1760797229.225:257): avc: denied { write } for pid=6367 comm="syz.3.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 55.971503][ T40] audit: type=1400 audit(1760797229.235:258): avc: denied { mounton } for pid=6367 comm="syz.3.90" path="/18/bus" dev="tmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 55.978541][ T40] audit: type=1400 audit(1760797229.235:259): avc: denied { create } for pid=6367 comm="syz.3.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 55.985760][ T40] audit: type=1400 audit(1760797229.255:260): avc: denied { create } for pid=6362 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 55.992928][ T40] audit: type=1400 audit(1760797229.255:261): avc: denied { setopt } for pid=6362 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 56.048396][ T6373] input: syz1 as /devices/virtual/input/input6 [ 56.051405][ T6378] syzkaller1: entered promiscuous mode [ 56.053201][ T6378] syzkaller1: entered allmulticast mode [ 56.057884][ T6378] vxcan1: entered allmulticast mode [ 56.100574][ T6381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.94'. [ 56.108780][ T6381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.94'. [ 56.158821][ T5942] hid-generic 0005:00B6:0009.0004: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1 [ 56.187525][ T6382] fido_id[6382]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 56.473485][ T897] usb 5-1: USB disconnect, device number 3 [ 56.611037][ T897] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 56.763075][ T897] usb 5-1: unable to get BOS descriptor or descriptor too short [ 56.766588][ T897] usb 5-1: config 1 has an invalid descriptor of length 174, skipping remainder of the config [ 56.770484][ T897] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 56.774698][ T897] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 56.781851][ T897] usb 5-1: string descriptor 0 read error: -22 [ 56.784610][ T897] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 56.788203][ T897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.795083][ T6377] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 56.799608][ T897] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 56.802383][ T897] cdc_ncm 5-1:1.0: bind() failure [ 57.000365][ T6377] netlink: 14436 bytes leftover after parsing attributes in process `syz.0.93'. [ 57.003465][ T6377] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 57.008716][ T6377] binder_alloc: 6375: binder_alloc_buf, no vma [ 57.112754][ T6402] tmpfs: Bad value for 'mpol' [ 57.120342][ T6402] process 'syz.3.99' launched './file2' with NULL argv: empty string added [ 57.380723][ T6417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.104'. [ 57.384280][ T6417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.104'. [ 57.410941][ T6015] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 57.580974][ T6015] usb 6-1: Using ep0 maxpacket: 32 [ 57.583821][ T6015] usb 6-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 57.587260][ T6015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.589327][ T897] usb 5-1: USB disconnect, device number 4 [ 57.605270][ T6015] usb 6-1: config 0 descriptor?? [ 57.812138][ T6404] IPv6: NLM_F_CREATE should be specified when creating new route [ 57.815763][ T6404] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 57.819425][ T6404] IPv6: NLM_F_CREATE should be set when creating new route [ 57.822631][ T6404] IPv6: NLM_F_CREATE should be set when creating new route [ 57.939696][ T6435] loop3: detected capacity change from 0 to 7 [ 57.945163][ T6435] Dev loop3: unable to read RDB block 7 [ 57.947388][ T6435] loop3: unable to read partition table [ 57.949420][ T6435] loop3: partition table beyond EOD, truncated [ 57.952118][ T6435] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 58.034165][ T6015] chicony 0003:04F2:1123.0005: unbalanced collection at end of report description [ 58.039738][ T6015] chicony 0003:04F2:1123.0005: Chicony hid parse failed: -22 [ 58.042312][ T6015] chicony 0003:04F2:1123.0005: probe with driver chicony failed with error -22 [ 58.234285][ T897] usb 6-1: USB disconnect, device number 3 [ 58.308645][ T6461] ======================================================= [ 58.308645][ T6461] WARNING: The mand mount option has been deprecated and [ 58.308645][ T6461] and is ignored by this kernel. Remove the mand [ 58.308645][ T6461] option from the mount to silence this warning. [ 58.308645][ T6461] ======================================================= [ 58.332646][ T6461] syz_tun: refused to change device tx_queue_len [ 58.377396][ T6469] openvswitch: netlink: Unknown key attributes 1 [ 58.383784][ T6015] hid_parser_main: 4091 callbacks suppressed [ 58.383796][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.388851][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.393593][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.395972][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.398387][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.400767][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.403937][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.406918][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.409517][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.412099][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 58.416245][ T6015] hid-generic 0000:0000:0000.0006: hidraw1: HID v0.00 Device [] on 3z۲^|ބ 1JJgm!v';۝J=a)g_Bl%D [ 58.495160][ T6474] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.665906][ T6483] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6483 comm=syz.2.124 [ 58.670274][ T6483] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2560 sclass=netlink_tcpdiag_socket pid=6483 comm=syz.2.124 [ 58.674438][ T6483] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2563 sclass=netlink_tcpdiag_socket pid=6483 comm=syz.2.124 [ 58.678667][ T6483] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=6483 comm=syz.2.124 [ 58.683183][ T6483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.124'. [ 58.856565][ T6506] No control pipe specified [ 58.858324][ T6506] No control pipe specified [ 58.860075][ T6506] No control pipe specified [ 58.863236][ T6506] No control pipe specified [ 58.864981][ T6506] No control pipe specified [ 58.866560][ T6506] No control pipe specified [ 58.868126][ T6506] No control pipe specified [ 59.154097][ T6530] evm: overlay not supported [ 59.390768][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888046c84c00: rx timeout, send abort [ 59.393133][ T6541] netlink: 'syz.3.142': attribute type 3 has an invalid length. [ 59.395177][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888046c84c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 59.398308][ T6541] netlink: 'syz.3.142': attribute type 3 has an invalid length. [ 59.439993][ T6545] loop3: detected capacity change from 0 to 7 [ 59.443416][ T6545] Dev loop3: unable to read RDB block 7 [ 59.445917][ T6545] loop3: unable to read partition table [ 59.448899][ T6545] loop3: partition table beyond EOD, truncated [ 59.451941][ T6545] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 59.634419][ T6566] netlink: 'syz.3.151': attribute type 1 has an invalid length. [ 59.663008][ T6566] binder: 6565:6566 ioctl c018620c 200000000000 returned -1 [ 59.782815][ T6573] ip6t_srh: unknown srh match flags 4000 [ 59.972087][ T6585] netlink: 12 bytes leftover after parsing attributes in process `syz.3.155'. [ 60.012394][ T6587] netlink: 24 bytes leftover after parsing attributes in process `syz.3.156'. [ 60.049494][ T6587] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 60.099143][ T6587] netlink: 'syz.3.156': attribute type 58 has an invalid length. [ 60.103127][ T6587] netlink: 64 bytes leftover after parsing attributes in process `syz.3.156'. [ 60.165772][ T6604] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6604 comm=syz.2.162 [ 60.187900][ T6606] netlink: 'syz.1.163': attribute type 1 has an invalid length. [ 60.196874][ T6606] netlink: 'syz.1.163': attribute type 3 has an invalid length. [ 60.203410][ T6606] netlink: 224 bytes leftover after parsing attributes in process `syz.1.163'. [ 60.209446][ T6606] NCSI netlink: No device for ifindex 0 [ 60.248916][ T6602] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.251816][ T6602] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.396590][ T6602] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 60.550104][ T6179] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.553553][ T6620] warning: `syz.1.167' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 60.559001][ T6179] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.563918][ T6620] cgroup: Invalid name [ 60.566534][ T6179] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.570676][ T6179] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.638265][ T6630] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 60.638590][ T6632] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 60.714621][ T6636] nbd: socks must be embedded in a SOCK_ITEM attr [ 60.861874][ T6643] netlink: 24 bytes leftover after parsing attributes in process `syz.0.174'. [ 61.001201][ T6653] loop3: detected capacity change from 0 to 7 [ 61.006345][ T5945] Dev loop3: unable to read RDB block 7 [ 61.008242][ T5945] loop3: unable to read partition table [ 61.010245][ T5945] loop3: partition table beyond EOD, truncated [ 61.014611][ T6653] Dev loop3: unable to read RDB block 7 [ 61.017119][ T6653] loop3: unable to read partition table [ 61.019184][ T6653] loop3: partition table beyond EOD, truncated [ 61.021413][ T6653] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 61.092267][ T40] kauditd_printk_skb: 72 callbacks suppressed [ 61.092283][ T40] audit: type=1400 audit(1760797234.385:334): avc: denied { create } for pid=6656 comm="syz.3.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 61.186649][ T6662] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 61.187126][ T6662] qnx6: wrong signature (magic) in superblock #1. [ 61.187136][ T6662] qnx6: unable to read the first superblock [ 61.248844][ T6664] netlink: 120 bytes leftover after parsing attributes in process `syz.2.182'. [ 61.370980][ T897] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 61.473146][ T40] audit: type=1400 audit(1760797234.765:335): avc: denied { unmount } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 61.520907][ T897] usb 8-1: Using ep0 maxpacket: 8 [ 61.524973][ T897] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 61.528217][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 61.532979][ T897] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 61.537764][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 61.542393][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 61.552620][ T897] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 61.557001][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 61.562149][ T897] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 61.567088][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 61.571876][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 61.577701][ T897] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 61.580629][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 61.585436][ T897] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 61.590529][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 61.595061][ T897] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 61.606102][ T897] usb 8-1: string descriptor 0 read error: -22 [ 61.609080][ T897] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 61.610137][ T6671] netlink: 24 bytes leftover after parsing attributes in process `syz.2.183'. [ 61.613229][ T897] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.630746][ T897] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 61.644635][ T6673] netlink: 12 bytes leftover after parsing attributes in process `syz.1.185'. [ 61.708003][ T6673] veth3: entered promiscuous mode [ 61.709743][ T6673] veth3: entered allmulticast mode [ 61.713950][ T6673] bridge2: port 1(veth3) entered blocking state [ 61.716533][ T6673] bridge2: port 1(veth3) entered disabled state [ 61.716604][ T6682] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6682 comm=syz.1.185 [ 61.721620][ T6673] bridge2: port 1(veth3) entered blocking state [ 61.724789][ T6673] bridge2: port 1(veth3) entered forwarding state [ 61.737769][ T6677] can0: slcan on ttyS3. [ 61.753003][ T6682] veth5: entered promiscuous mode [ 61.754658][ T6682] veth5: entered allmulticast mode [ 61.756742][ T6682] bridge2: port 2(veth5) entered blocking state [ 61.758763][ T6682] bridge2: port 2(veth5) entered disabled state [ 61.762972][ T6682] bridge2: port 2(veth5) entered blocking state [ 61.765158][ T6682] bridge2: port 2(veth5) entered forwarding state [ 61.828229][ T40] audit: type=1400 audit(1760797235.115:336): avc: denied { append } for pid=6658 comm="syz.3.180" name="dlm-monitor" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 61.829257][ T6688] netlink: 16 bytes leftover after parsing attributes in process `syz.2.190'. [ 61.830960][ T6687] netlink: 16 bytes leftover after parsing attributes in process `syz.2.190'. [ 61.843090][ T6677] can0 (unregistered): slcan off ttyS3. [ 61.853590][ T40] audit: type=1400 audit(1760797235.145:337): avc: denied { read } for pid=6676 comm="syz.0.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 61.893055][ T40] audit: type=1400 audit(1760797235.185:338): avc: denied { create } for pid=6692 comm="syz.2.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 61.898982][ T40] audit: type=1400 audit(1760797235.185:339): avc: denied { write } for pid=6692 comm="syz.2.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 61.905301][ T40] audit: type=1400 audit(1760797235.185:340): avc: denied { read } for pid=6692 comm="syz.2.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 62.062989][ T1252] bridge2: port 1(veth3) entered disabled state [ 62.066754][ T1252] bridge2: port 2(veth5) entered disabled state [ 62.154830][ T40] audit: type=1400 audit(1760797235.445:341): avc: denied { watch watch_reads } for pid=6698 comm="syz.0.192" path="pipe:[12934]" dev="pipefs" ino=12934 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 62.209712][ T6700] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 62.210173][ T6699] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 62.680281][ T6718] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 62.728396][ T40] audit: type=1400 audit(1760797236.015:342): avc: denied { ioctl } for pid=6719 comm="syz.2.195" path="socket:[14162]" dev="sockfs" ino=14162 ioctlcmd=0x9425 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 62.743421][ T40] audit: type=1400 audit(1760797236.035:343): avc: denied { getopt } for pid=6719 comm="syz.2.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 63.343483][ T6736] SELinux: Context system_u:object_r:unconfined_execmem_exec_t:s0 is not valid (left unmapped). [ 63.710440][ T6742] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 63.902172][ T6754] loop3: detected capacity change from 0 to 7 [ 63.905906][ T6754] Dev loop3: unable to read RDB block 7 [ 63.908242][ T6754] loop3: unable to read partition table [ 63.910397][ T6754] loop3: partition table beyond EOD, truncated [ 63.914755][ T6754] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 64.049532][ T6776] capability: warning: `syz.0.216' uses deprecated v2 capabilities in a way that may be insecure [ 64.194705][ T6785] loop3: detected capacity change from 0 to 7 [ 64.197596][ T5945] Dev loop3: unable to read RDB block 7 [ 64.199376][ T5945] loop3: unable to read partition table [ 64.202435][ T5945] loop3: partition table beyond EOD, truncated [ 64.206203][ T6785] Dev loop3: unable to read RDB block 7 [ 64.208028][ T6785] loop3: unable to read partition table [ 64.209980][ T6785] loop3: partition table beyond EOD, truncated [ 64.212371][ T6785] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 64.272181][ T5933] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 64.275813][ T5933] Bluetooth: hci2: Injecting HCI hardware error event [ 64.278650][ T5946] Bluetooth: hci2: hardware error 0x00 [ 64.280397][ T6793] tipc: Started in network mode [ 64.283201][ T6793] tipc: Node identity 7f000001, cluster identity 4711 [ 64.287967][ T6793] tipc: Enabled bearer , priority 10 [ 64.295818][ T6796] macvlan2: entered allmulticast mode [ 64.297669][ T6796] veth1_vlan: entered allmulticast mode [ 64.300281][ T6793] tipc: Enabled bearer , priority 10 [ 64.303391][ T6794] tipc: Enabling of bearer rejected, already enabled [ 64.345261][ T6800] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6800 comm=syz.2.225 [ 64.546181][ T6812] loop3: detected capacity change from 0 to 7 [ 64.549595][ T6812] Dev loop3: unable to read RDB block 7 [ 64.552614][ T6812] loop3: unable to read partition table [ 64.554585][ T6812] loop3: partition table beyond EOD, truncated [ 64.557103][ T6812] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 64.644376][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.648087][ T6819] batadv_slave_0: entered promiscuous mode [ 64.650067][ T6819] batadv_slave_0: entered allmulticast mode [ 64.656203][ T6819] SELinux: Context system_u:object_r:mount_tmp_t:s0 is not valid (left unmapped). [ 64.660280][ T6819] program syz.0.232 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 65.059375][ T6848] openvswitch: netlink: Missing key (keys=40, expected=100) [ 65.165726][ T6861] netlink: 'syz.0.245': attribute type 10 has an invalid length. [ 65.172547][ T6861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.176028][ T6861] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 65.180203][ T6861] netlink: 'syz.0.245': attribute type 10 has an invalid length. [ 65.183108][ T6861] __nla_validate_parse: 4 callbacks suppressed [ 65.183117][ T6861] netlink: 40 bytes leftover after parsing attributes in process `syz.0.245'. [ 65.188146][ T6861] batadv0: entered promiscuous mode [ 65.189828][ T6861] batadv0: entered allmulticast mode [ 65.193593][ T6861] bond0: (slave batadv0): Releasing backup interface [ 65.197652][ T6861] bridge0: port 3(batadv0) entered blocking state [ 65.200232][ T6861] bridge0: port 3(batadv0) entered disabled state [ 65.246436][ T6867] loop3: detected capacity change from 0 to 7 [ 65.251071][ T5945] Dev loop3: unable to read RDB block 7 [ 65.252845][ T5945] loop3: unable to read partition table [ 65.254745][ T5945] loop3: partition table beyond EOD, truncated [ 65.259669][ T6867] Dev loop3: unable to read RDB block 7 [ 65.261939][ T6867] loop3: unable to read partition table [ 65.264310][ T6867] loop3: partition table beyond EOD, truncated [ 65.266928][ T6867] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 65.325619][ T6883] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 65.330260][ T6878] syzkaller0: entered promiscuous mode [ 65.333565][ T6878] syzkaller0: entered allmulticast mode [ 65.336830][ T6884] SELinux: policydb magic number 0x2c0 does not match expected magic number 0xf97cff8c [ 65.340326][ T6884] SELinux: failed to load policy [ 65.406068][ T29] tipc: Node number set to 2130706433 [ 65.660976][ T1252] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 65.666083][ T1252] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 65.962324][ T29] usb 8-1: USB disconnect, device number 4 [ 66.050101][ T6911] loop3: detected capacity change from 0 to 7 [ 66.057801][ T6911] Dev loop3: unable to read RDB block 7 [ 66.060092][ T6911] loop3: unable to read partition table [ 66.062185][ T6911] loop3: partition table beyond EOD, truncated [ 66.065637][ T6911] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 66.267112][ T6912] geneve2: entered promiscuous mode [ 66.269358][ T6912] geneve2: entered allmulticast mode [ 66.272693][ T6178] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 66.276159][ T6178] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 66.279133][ T6178] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 66.288097][ T1252] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 66.346398][ T6926] QAT: Invalid ioctl -1072655340 [ 66.349158][ T40] kauditd_printk_skb: 49 callbacks suppressed [ 66.349167][ T40] audit: type=1400 audit(1760797239.635:393): avc: denied { connect } for pid=6928 comm="syz.2.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 66.352113][ T5946] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 66.394077][ T40] audit: type=1400 audit(1760797239.685:394): avc: denied { getopt } for pid=6932 comm="syz.2.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 66.402948][ T40] audit: type=1400 audit(1760797239.695:395): avc: denied { setopt } for pid=6932 comm="syz.2.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 66.550904][ T40] audit: type=1400 audit(1760797239.835:396): avc: denied { shutdown } for pid=6941 comm="syz.0.269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 66.561481][ T6944] netlink: 4 bytes leftover after parsing attributes in process `syz.2.270'. [ 66.593936][ T40] audit: type=1400 audit(1760797239.885:397): avc: denied { connect } for pid=6949 comm="syz.2.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 66.600147][ T40] audit: type=1400 audit(1760797239.885:398): avc: denied { map } for pid=6949 comm="syz.2.271" path="socket:[13272]" dev="sockfs" ino=13272 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 66.637293][ T6955] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 66.730301][ T40] audit: type=1400 audit(1760797240.015:399): avc: denied { setattr } for pid=6959 comm="syz.2.273" path="/proc/312/net/xfrm_stat" dev="proc" ino=4026533180 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 66.769105][ T6960] ptrace attach of "/syz-executor exec"[6964] was attempted by "/syz-executor exec"[6960] [ 67.201331][ T897] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 67.312768][ T6977] [U] v3f"S/4:XTzWtlW= [ 67.314937][ T6977] [U] [ 67.315843][ T6977] [U] [ 67.316761][ T6977] [U] [ 67.317789][ T6977] [U] [ 67.318677][ T6977] [U] [ 67.319560][ T6977] [U] [ 67.320445][ T6977] [U] [ 67.323106][ T6977] [U] [ 67.324370][ T6977] [U] [ 67.325574][ T6977] [U] [ 67.326801][ T6977] [U] [ 67.327978][ T6977] [U] [ 67.329500][ T6977] [U] [ 67.330743][ T6977] [U] [ 67.332097][ T6977] [U] [ 67.333238][ T6977] [U] [ 67.335406][ T6977] [U] [ 67.336301][ T6977] [U] [ 67.337226][ T6977] [U] [ 67.338114][ T6977] [U] [ 67.339122][ T6977] [U] [ 67.340142][ T6977] [U] [ 67.341064][ T6977] [U] [ 67.341089][ T897] usb 7-1: device descriptor read/64, error -71 [ 67.341965][ T6977] [U] [ 67.345154][ T6977] [U] [ 67.346059][ T6977] [U] [ 67.346958][ T6977] [U] [ 67.347845][ T6977] [U] [ 67.348880][ T6977] [U] [ 67.349784][ T6977] [U] [ 67.350682][ T6977] [U] [ 67.351583][ T6977] [U] [ 67.353307][ T6977] [U] [ 67.354257][ T6977] [U] [ 67.355148][ T6977] [U] [ 67.356041][ T6977] [U] [ 67.357147][ T6977] [U] [ 67.358041][ T6977] [U] [ 67.358939][ T6977] [U] [ 67.359830][ T6977] [U] [ 67.360890][ T6977] [U] [ 67.361835][ T6977] [U] [ 67.362720][ T6977] [U] [ 67.363603][ T6977] [U] [ 67.364623][ T6977] [U] [ 67.365536][ T6977] [U] [ 67.366440][ T6977] [U] [ 67.367324][ T6977] [U] [ 67.368381][ T6977] [U] [ 67.369285][ T6977] [U] [ 67.370189][ T6977] [U] [ 67.371099][ T6977] [U] [ 67.372960][ T6977] [U] [ 67.373905][ T6977] [U] [ 67.374796][ T6977] [U] [ 67.375688][ T6977] [U] [ 67.376674][ T6977] [U] [ 67.377578][ T6977] [U] [ 67.378486][ T6977] [U] [ 67.379413][ T6977] [U] [ 67.380455][ T6977] [U] [ 67.381424][ T6977] [U] [ 67.382329][ T6977] [U] [ 67.383222][ T6977] [U] [ 67.384375][ T6977] [U] [ 67.385297][ T6977] [U] [ 67.386193][ T6977] [U] [ 67.387090][ T6977] [U] [ 67.388080][ T6977] [U] [ 67.389000][ T6977] [U] [ 67.390044][ T6977] [U] [ 67.390973][ T6977] [U] [ 67.392091][ T6977] [U] [ 67.393004][ T6977] [U] [ 67.393915][ T6977] [U] [ 67.394801][ T6977] [U] [ 67.395786][ T6977] [U] [ 67.396700][ T6977] [U] [ 67.397586][ T6977] [U] [ 67.398451][ T6977] [U] [ 67.399390][ T6977] [U] [ 67.400225][ T6977] [U] [ 67.401089][ T6977] [U] [ 67.401955][ T6977] [U] [ 67.403102][ T6977] [U] [ 67.403969][ T6977] [U] [ 67.404832][ T6977] [U] [ 67.405699][ T6977] [U] [ 67.407304][ T6977] [U] [ 67.408198][ T6977] [U] [ 67.409100][ T6977] [U] [ 67.409991][ T6977] [U] [ 67.411199][ T6977] [U] [ 67.412111][ T6977] [U] [ 67.413010][ T6977] [U] [ 67.413895][ T6977] [U] [ 67.414852][ T6977] [U] [ 67.415728][ T6977] [U] [ 67.416628][ T6977] [U] [ 67.417512][ T6977] [U] [ 67.418461][ T6977] [U] [ 67.419352][ T6977] [U] [ 67.420251][ T6977] [U] [ 67.421161][ T6977] [U] [ 67.422874][ T6977] [U] [ 67.423773][ T6977] [U] [ 67.424663][ T6977] [U] [ 67.425539][ T6977] [U] [ 67.426531][ T6977] [U] [ 67.427411][ T6977] [U] [ 67.428301][ T6977] [U] [ 67.429195][ T6977] [U] [ 67.430192][ T6977] [U] [ 67.431090][ T6977] [U] [ 67.431976][ T6977] [U] [ 67.432953][ T6977] [U] [ 67.435274][ T6977] [U] [ 67.436301][ T6977] [U] [ 67.437206][ T6977] [U] [ 67.438064][ T6977] [U] [ 67.439024][ T6977] [U] [ 67.439917][ T6977] [U] [ 67.440817][ T6977] [U] [ 67.440889][ T40] audit: type=1326 audit(1760797240.725:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6941 comm="syz.0.269" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c66f8efc9 code=0x7fc00000 [ 67.441724][ T6977] [U] [ 67.448713][ T40] audit: type=1326 audit(1760797240.725:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6941 comm="syz.0.269" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9c66f8efc9 code=0x7fc00000 [ 67.450312][ T6977] [U] [ 67.457540][ T40] audit: type=1326 audit(1760797240.725:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6941 comm="syz.0.269" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c66f8efc9 code=0x7fc00000 [ 67.457588][ T6977] [U] [ 67.465569][ T6977] [U] [ 67.468963][ T6976] [U] [ 67.507834][ T6987] netlink: 'syz.3.281': attribute type 1 has an invalid length. [ 67.510273][ T6987] netlink: 224 bytes leftover after parsing attributes in process `syz.3.281'. [ 67.522576][ T6990] loop3: detected capacity change from 0 to 7 [ 67.525430][ T5945] Dev loop3: unable to read RDB block 7 [ 67.527315][ T5945] loop3: unable to read partition table [ 67.529238][ T5945] loop3: partition table beyond EOD, truncated [ 67.533879][ T6990] Dev loop3: unable to read RDB block 7 [ 67.535673][ T6990] loop3: unable to read partition table [ 67.537804][ T6990] loop3: partition table beyond EOD, truncated [ 67.539774][ T6990] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 67.562358][ T6993] netlink: 8 bytes leftover after parsing attributes in process `syz.3.284'. [ 67.565112][ T6993] netlink: 24 bytes leftover after parsing attributes in process `syz.3.284'. [ 67.602028][ T897] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 67.700862][ T7003] binder: 7002:7003 ioctl c0306201 0 returned -14 [ 67.704529][ T7003] tipc: Enabling of bearer rejected, failed to enable media [ 67.734527][ T7013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'. [ 67.741101][ T897] usb 7-1: device descriptor read/64, error -71 [ 67.790703][ T7016] netlink: 24 bytes leftover after parsing attributes in process `syz.1.290'. [ 67.797316][ T7017] tmpfs: Unknown parameter 'fsuuid' [ 67.799090][ T7017] program syz.3.291 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.851341][ T897] usb usb7-port1: attempt power cycle [ 68.090383][ T7031] loop3: detected capacity change from 0 to 7 [ 68.094220][ T7031] Dev loop3: unable to read RDB block 7 [ 68.096452][ T7031] loop3: unable to read partition table [ 68.098724][ T7031] loop3: partition table beyond EOD, truncated [ 68.100890][ T7031] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 68.161999][ T71] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 68.191178][ T897] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 68.221110][ T897] usb 7-1: device descriptor read/8, error -71 [ 68.325192][ T71] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 68.325211][ T71] usb 8-1: config 0 has no interface number 0 [ 68.325231][ T71] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 68.325245][ T71] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 68.325262][ T71] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 68.325273][ T71] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.326662][ T71] usb 8-1: config 0 descriptor?? [ 68.329630][ T71] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 68.460989][ T897] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 68.481955][ T897] usb 7-1: device descriptor read/8, error -71 [ 68.531582][ T7022] iowarrior 8-1:0.1: Error -90 while submitting URB [ 68.533304][ T7022] netlink: 'syz.3.292': attribute type 11 has an invalid length. [ 68.544075][ T5943] usb 8-1: USB disconnect, device number 5 [ 68.591093][ T897] usb usb7-port1: unable to enumerate USB device [ 69.080682][ T7043] SELinux: syz.3.298 (7043) set checkreqprot to 1. This is no longer supported. [ 69.094900][ T7043] netlink: 6068 bytes leftover after parsing attributes in process `syz.3.298'. [ 69.315461][ T7052] netlink: 36 bytes leftover after parsing attributes in process `syz.0.302'. [ 69.477864][ T7066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.308'. [ 69.646254][ T6176] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.721254][ T6176] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.782331][ T6176] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.789585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.914083][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.917224][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.920637][ T5933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.927591][ T5933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.928985][ T6176] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.932138][ T5933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.981661][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.985590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.166425][ T6176] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.172192][ T6176] bridge_slave_0: left allmulticast mode [ 70.174171][ T6176] bridge_slave_0: left promiscuous mode [ 70.176020][ T6176] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.189641][ T6176] bridge2: port 2(veth5) entered disabled state [ 70.196733][ T6176] bridge2: port 1(veth3) entered disabled state [ 70.610989][ T6017] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 70.645617][ T6176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 70.651601][ T6176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 70.657706][ T6176] bond0 (unregistering): Released all slaves [ 70.668643][ T6176] bond1 (unregistering): Released all slaves [ 70.685971][ T7071] chnl_net:caif_netlink_parms(): no params data found [ 70.789629][ T7071] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.792109][ T6017] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.792836][ T7071] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.795930][ T6017] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.799123][ T7071] bridge_slave_0: entered allmulticast mode [ 70.802155][ T6017] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 70.802180][ T6017] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 70.802192][ T6017] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.804393][ T6017] usb 7-1: config 0 descriptor?? [ 70.810284][ T7071] bridge_slave_0: entered promiscuous mode [ 70.821669][ T7071] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.823979][ T7071] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.826267][ T7071] bridge_slave_1: entered allmulticast mode [ 70.829032][ T7071] bridge_slave_1: entered promiscuous mode [ 70.891009][ T7071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.896559][ T7071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.947489][ T7071] team0: Port device team_slave_0 added [ 70.952175][ T7071] team0: Port device team_slave_1 added [ 71.076923][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.079777][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.222565][ T6017] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 71.294073][ T7071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.296298][ T7071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.305561][ T7071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.312879][ T7071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.315189][ T7071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.324278][ T7071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.367708][ T7071] hsr_slave_0: entered promiscuous mode [ 71.370149][ T7071] hsr_slave_1: entered promiscuous mode [ 71.372718][ T7071] debugfs: 'hsr0' already exists in 'hsr' [ 71.374648][ T7071] Cannot create hsr debugfs directory [ 71.416053][ T6176] hsr_slave_0: left promiscuous mode [ 71.419306][ T6176] hsr_slave_1: left promiscuous mode [ 71.422720][ T6176] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 71.426250][ T6176] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.430927][ T6176] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.434166][ T6176] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.467440][ T6176] veth1_macvtap: left promiscuous mode [ 71.469558][ T6176] veth0_macvtap: left promiscuous mode [ 71.472247][ T6176] veth1_vlan: left promiscuous mode [ 71.474216][ T6176] veth0_vlan: left promiscuous mode [ 71.522198][ T897] usb 7-1: USB disconnect, device number 7 [ 71.771047][ T7117] __nla_validate_parse: 3 callbacks suppressed [ 71.771059][ T7117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.320'. [ 71.960987][ T5933] Bluetooth: hci0: command tx timeout [ 72.090618][ T6176] team0 (unregistering): Port device team_slave_1 removed [ 72.147778][ T6176] team0 (unregistering): Port device team_slave_0 removed [ 72.623543][ T1252] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.721079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.743041][ T40] kauditd_printk_skb: 40 callbacks suppressed [ 72.743052][ T40] audit: type=1400 audit(1760797246.025:443): avc: denied { setopt } for pid=7128 comm="syz.2.325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 72.774985][ T40] audit: type=1400 audit(1760797246.065:444): avc: denied { create } for pid=7128 comm="syz.2.325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 72.783866][ T40] audit: type=1400 audit(1760797246.075:445): avc: denied { write } for pid=7128 comm="syz.2.325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 72.835974][ T7071] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 72.841983][ T7071] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 72.856751][ T7071] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 72.861600][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 72.869890][ T7071] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 72.971147][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.991881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.004953][ T7071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.066620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.077523][ T7071] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.099848][ T7071] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.103244][ T7071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.112503][ T102] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.114905][ T102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.121937][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.124268][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.215229][ T40] audit: type=1400 audit(1760797246.395:446): avc: denied { module_request } for pid=7071 comm="syz-executor" kmod="netdev-nicvf0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 73.262288][ T7071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.475944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 73.486042][ T7071] veth0_vlan: entered promiscuous mode [ 73.495232][ T7071] veth1_vlan: entered promiscuous mode [ 73.513899][ T7071] veth0_macvtap: entered promiscuous mode [ 73.518780][ T7071] veth1_macvtap: entered promiscuous mode [ 73.538750][ T7071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.547920][ T7071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.569013][ T1252] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.578263][ T1252] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.598315][ T1252] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.603556][ T1252] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.677346][ T6175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.684627][ T6175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.697446][ T1252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.700570][ T1252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.718790][ T40] audit: type=1400 audit(1760797247.005:447): avc: denied { mounton } for pid=7071 comm="syz-executor" path="/syzkaller.gcxgWK/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 73.951929][ T34] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 73.987999][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.031007][ T5933] Bluetooth: hci0: command tx timeout [ 74.330916][ T34] usb 8-1: Using ep0 maxpacket: 16 [ 74.342401][ T34] usb 8-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 74.346114][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.361133][ T34] usb 8-1: Product: syz [ 74.362910][ T34] usb 8-1: Manufacturer: syz [ 74.364859][ T34] usb 8-1: SerialNumber: syz [ 74.368890][ T34] usb 8-1: config 0 descriptor?? [ 74.377280][ T34] ssu100 8-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 74.384373][ T40] audit: type=1400 audit(1760797247.675:448): avc: denied { sqpoll } for pid=7212 comm="syz.4.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 74.877496][ T40] audit: type=1400 audit(1760797248.165:449): avc: denied { listen } for pid=7224 comm="syz.0.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 74.884045][ T40] audit: type=1400 audit(1760797248.165:450): avc: denied { accept } for pid=7224 comm="syz.0.343" lport=32944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 74.979715][ T34] ssu100 8-1:0.0: probe with driver ssu100 failed with error -71 [ 74.987214][ T34] usb 8-1: USB disconnect, device number 6 [ 75.771689][ T5943] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 75.930917][ T5943] usb 8-1: Using ep0 maxpacket: 32 [ 75.935436][ T5943] usb 8-1: config 65 has an invalid interface number: 138 but max is 2 [ 75.938915][ T5943] usb 8-1: config 65 has an invalid descriptor of length 0, skipping remainder of the config [ 75.958870][ T5943] usb 8-1: config 65 has 1 interface, different from the descriptor's value: 3 [ 75.962686][ T5943] usb 8-1: config 65 has no interface number 0 [ 75.965198][ T5943] usb 8-1: config 65 interface 138 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 75.969091][ T5943] usb 8-1: config 65 interface 138 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 75.976919][ T5943] usb 8-1: New USB device found, idVendor=595a, idProduct=0001, bcdDevice=7b.96 [ 75.980652][ T5943] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.984220][ T5943] usb 8-1: Product: syz [ 75.986000][ T5943] usb 8-1: Manufacturer: syz [ 75.988025][ T5943] usb 8-1: SerialNumber: syz [ 76.110914][ T5933] Bluetooth: hci0: command tx timeout [ 76.222561][ T5943] usb 8-1: USB disconnect, device number 7 [ 76.259284][ T7244] netlink: 'syz.4.348': attribute type 5 has an invalid length. [ 76.261902][ T7244] netlink: 24 bytes leftover after parsing attributes in process `syz.4.348'. [ 76.851597][ T40] audit: type=1400 audit(1760797250.135:451): avc: denied { append } for pid=7250 comm="syz.4.351" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.952185][ T40] audit: type=1400 audit(1760797250.245:452): avc: denied { ioctl } for pid=7254 comm="syz.4.353" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.803040][ T7277] netlink: 'syz.2.362': attribute type 10 has an invalid length. [ 77.818781][ T7277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.823324][ T7277] team0: Port device bond0 added [ 77.826808][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.362'. [ 77.897210][ T7277] team0 (unregistering): Port device team_slave_0 removed [ 77.906511][ T7277] team0 (unregistering): Port device team_slave_1 removed [ 77.927319][ T40] audit: type=1400 audit(1760797251.215:453): avc: denied { connect } for pid=7270 comm="syz.4.360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 78.017744][ T7277] team0 (unregistering): Port device bond0 removed [ 78.191175][ T5933] Bluetooth: hci0: command tx timeout [ 79.850548][ T7327] usb usb9: usbfs: process 7327 (syz.4.376) did not claim interface 33 before use [ 79.940616][ T7331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.377'. [ 80.009967][ T7331] team0 (unregistering): Port device team_slave_0 removed [ 80.014167][ T7331] team0 (unregistering): Port device team_slave_1 removed [ 80.041075][ T5942] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 80.191007][ T5942] usb 7-1: Using ep0 maxpacket: 32 [ 80.194350][ T5942] usb 7-1: config 0 has an invalid interface number: 89 but max is 0 [ 80.196943][ T5942] usb 7-1: config 0 has no interface number 0 [ 80.198876][ T5942] usb 7-1: config 0 interface 89 has no altsetting 0 [ 80.203688][ T5942] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 80.206723][ T5942] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.209224][ T5942] usb 7-1: Product: syz [ 80.210551][ T5942] usb 7-1: Manufacturer: syz [ 80.212478][ T5942] usb 7-1: SerialNumber: syz [ 80.216561][ T5942] usb 7-1: config 0 descriptor?? [ 80.223228][ T5942] em28xx 7-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 80.226286][ T5942] em28xx 7-1:0.89: Video interface 89 found: bulk [ 80.585473][ T7353] netlink: 'syz.4.388': attribute type 2 has an invalid length. [ 80.588063][ T7353] netlink: 8 bytes leftover after parsing attributes in process `syz.4.388'. [ 80.591559][ T40] audit: type=1400 audit(1760797253.885:454): avc: denied { append } for pid=7354 comm="syz.3.387" name="nbd3" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 80.599979][ T7353] netlink: 'syz.4.388': attribute type 2 has an invalid length. [ 80.602927][ T7353] netlink: 8 bytes leftover after parsing attributes in process `syz.4.388'. [ 80.841375][ T5942] em28xx 7-1:0.89: unknown em28xx chip ID (0) [ 80.892629][ T40] audit: type=1400 audit(1760797254.185:455): avc: denied { write } for pid=7372 comm="syz.0.397" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 80.899508][ T40] audit: type=1400 audit(1760797254.185:456): avc: denied { open } for pid=7372 comm="syz.0.397" path="/89/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 80.906705][ T40] audit: type=1400 audit(1760797254.185:457): avc: denied { ioctl } for pid=7372 comm="syz.0.397" path="/89/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d08 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 81.319440][ T841] cfg80211: failed to load regulatory.db [ 81.873135][ T7392] netlink: 20 bytes leftover after parsing attributes in process `syz.3.403'. [ 82.118524][ T5942] em28xx 7-1:0.89: failed to get i2c transfer status from bridge register (error=-5) [ 82.122541][ T5942] em28xx 7-1:0.89: board has no eeprom [ 82.191101][ T5942] em28xx 7-1:0.89: Identified as Terratec Grabby (card=67) [ 82.193496][ T5942] em28xx 7-1:0.89: analog set to bulk mode. [ 82.198216][ T6018] em28xx 7-1:0.89: Registering V4L2 extension [ 82.201497][ T5942] usb 7-1: USB disconnect, device number 8 [ 82.206081][ T5942] em28xx 7-1:0.89: Disconnecting em28xx [ 82.224017][ T6018] em28xx 7-1:0.89: Config register raw data: 0xffffffed [ 82.226525][ T6018] em28xx 7-1:0.89: AC97 chip type couldn't be determined [ 82.228816][ T6018] em28xx 7-1:0.89: No AC97 audio processor [ 82.234193][ T6018] usb 7-1: Decoder not found [ 82.235804][ T6018] em28xx 7-1:0.89: failed to create media graph [ 82.237882][ T6018] em28xx 7-1:0.89: V4L2 device video103 deregistered [ 82.242379][ T6018] em28xx 7-1:0.89: Registering snapshot button... [ 82.246206][ T6018] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.89/input/input11 [ 82.253928][ T6018] em28xx 7-1:0.89: Remote control support is not available for this card. [ 82.256732][ T5942] em28xx 7-1:0.89: Closing input extension [ 82.259232][ T5942] em28xx 7-1:0.89: Deregistering snapshot button [ 82.276699][ T5942] em28xx 7-1:0.89: Freeing device [ 82.300958][ T29] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 82.460941][ T29] usb 5-1: Using ep0 maxpacket: 32 [ 82.465327][ T29] usb 5-1: New USB device found, idVendor=2770, idProduct=9051, bcdDevice=d9.3e [ 82.468185][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.470647][ T29] usb 5-1: Product: syz [ 82.472099][ T29] usb 5-1: Manufacturer: syz [ 82.473621][ T29] usb 5-1: SerialNumber: syz [ 82.476537][ T29] usb 5-1: config 0 descriptor?? [ 82.537757][ T29] gspca_main: sq905c-2.14.0 probing 2770:9051 [ 83.287416][ T29] usb 5-1: USB disconnect, device number 5 [ 83.965771][ T40] audit: type=1400 audit(1760797257.255:458): avc: denied { name_connect } for pid=7432 comm="syz.0.415" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 83.993689][ T7433] sctp: [Deprecated]: syz.0.415 (pid 7433) Use of int in maxseg socket option. [ 83.993689][ T7433] Use struct sctp_assoc_value instead [ 84.128983][ T40] audit: type=1400 audit(1760797257.415:459): avc: denied { write } for pid=7440 comm="syz.4.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 84.215106][ T40] audit: type=1400 audit(1760797257.505:460): avc: denied { execmem } for pid=7447 comm="syz.0.417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 84.401365][ T5942] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 84.564571][ T5942] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 84.567813][ T5942] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.570577][ T5942] usb 9-1: Product: syz [ 84.573493][ T5942] usb 9-1: Manufacturer: syz [ 84.575164][ T5942] usb 9-1: SerialNumber: syz [ 84.588568][ T5942] usb 9-1: config 0 descriptor?? [ 84.814318][ T5942] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 85.191127][ T6016] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 85.340978][ T6016] usb 8-1: Using ep0 maxpacket: 16 [ 85.395702][ T6016] usb 8-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 85.398687][ T6016] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 85.401485][ T6016] usb 8-1: Product: syz [ 85.402832][ T6016] usb 8-1: Manufacturer: syz [ 85.404324][ T6016] usb 8-1: SerialNumber: syz [ 85.408574][ T6016] usb 8-1: config 0 descriptor?? [ 85.625860][ T40] audit: type=1400 audit(1760797258.915:461): avc: denied { create } for pid=7459 comm="syz.3.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 85.636651][ T7460] Bluetooth: MGMT ver 1.23 [ 85.651488][ T6018] usb 8-1: USB disconnect, device number 8 [ 85.975006][ T40] audit: type=1400 audit(1760797259.265:462): avc: denied { write } for pid=7506 comm="syz.2.432" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 86.131445][ T6016] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 86.242694][ T5942] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 86.249700][ T5942] usb 9-1: USB disconnect, device number 2 [ 86.301331][ T6016] usb 5-1: Using ep0 maxpacket: 16 [ 86.318737][ T6016] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 86.325679][ T6016] usb 5-1: config 1 has no interface number 1 [ 86.328551][ T6016] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 86.335480][ T6016] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 86.342813][ T6016] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 86.360282][ T6016] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 86.364381][ T6016] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.367723][ T6016] usb 5-1: Product: syz [ 86.369687][ T6016] usb 5-1: Manufacturer: syz [ 86.372727][ T6016] usb 5-1: SerialNumber: syz [ 86.871489][ T6016] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 87.743720][ T6016] usb 5-1: current rate 12582912 is different from the runtime rate 9338507 [ 87.990767][ T6016] usb 5-1: USB disconnect, device number 6 [ 88.097644][ T40] audit: type=1400 audit(1760797261.385:463): avc: denied { cmd } for pid=7553 comm="syz.4.451" path="socket:[19801]" dev="sockfs" ino=19801 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 88.104281][ T7558] udevd[7558]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 88.224458][ T40] audit: type=1400 audit(1760797261.515:464): avc: denied { create } for pid=7560 comm="syz.3.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 88.233176][ T40] audit: type=1400 audit(1760797261.515:465): avc: denied { connect } for pid=7560 comm="syz.3.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 89.817873][ T7600] usb usb9: usbfs: process 7600 (syz.4.467) did not claim interface 0 before use [ 89.970919][ T6017] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 90.134988][ T6017] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 90.139718][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.159774][ T6017] usb 5-1: config 0 descriptor?? [ 90.176224][ T6017] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 90.369327][ T6017] gp8psk: usb in 128 operation failed. [ 90.574130][ T6017] gp8psk: usb in 146 operation failed. [ 90.575915][ T6017] gp8psk: failed to get FW version [ 90.578151][ T6017] gp8psk: usb in 149 operation failed. [ 90.579880][ T6017] gp8psk: failed to get FPGA version [ 90.584162][ T6017] gp8psk: usb in 138 operation failed. [ 90.586064][ T6017] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 90.589269][ T6017] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 90.593508][ T6017] usb 5-1: USB disconnect, device number 7 [ 90.820470][ T40] audit: type=1400 audit(1760797264.105:466): avc: denied { create } for pid=7613 comm="syz.2.472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 90.828341][ T40] audit: type=1400 audit(1760797264.105:467): avc: denied { bind } for pid=7613 comm="syz.2.472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 91.385297][ T7626] usb usb9: usbfs: process 7626 (syz.3.476) did not claim interface 0 before use [ 91.660895][ T6016] usb 8-1: new full-speed USB device number 9 using dummy_hcd [ 92.112481][ T6016] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 92.126806][ T6016] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.135189][ T6016] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 92.147769][ T6016] usb 8-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 92.154748][ T6016] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.167504][ T6016] usb 8-1: config 0 descriptor?? [ 92.585400][ T6016] hid_parser_main: 15 callbacks suppressed [ 92.585417][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.591401][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.595492][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.598690][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.602130][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.605413][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.609967][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.613299][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.616545][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.619841][ T6016] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0 [ 92.626766][ T6016] hid-multitouch 0003:0457:07DA.0008: hidraw1: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.3-1/input0 [ 92.792779][ T29] usb 8-1: USB disconnect, device number 9 [ 93.310184][ T7623] syz.0.475: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 93.316890][ T7623] CPU: 2 UID: 0 PID: 7623 Comm: syz.0.475 Not tainted syzkaller #0 PREEMPT(full) [ 93.316922][ T7623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.316929][ T7623] Call Trace: [ 93.316934][ T7623] [ 93.316939][ T7623] dump_stack_lvl+0x16c/0x1f0 [ 93.316975][ T7623] warn_alloc+0x248/0x3a0 [ 93.316990][ T7623] ? __pfx_warn_alloc+0x10/0x10 [ 93.317008][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317026][ T7623] ? __vmalloc_node_noprof+0xad/0xf0 [ 93.317046][ T7623] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 93.317068][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317084][ T7623] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 93.317108][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317119][ T7623] __vmalloc_node_noprof+0xad/0xf0 [ 93.317137][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317150][ T7623] __vmalloc_node_range_noprof+0xb3b/0x1480 [ 93.317173][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317189][ T7623] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 93.317209][ T7623] ? ___kmalloc_large_node+0xed/0x160 [ 93.317229][ T7623] __kvmalloc_node_noprof+0x431/0x9c0 [ 93.317244][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317257][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317272][ T7623] ? hash_netiface_create+0x3ec/0x1250 [ 93.317284][ T7623] hash_netiface_create+0x3ec/0x1250 [ 93.317297][ T7623] ? __pfx___nla_validate+0xb/0x10 [ 93.317320][ T7623] ? __pfx_hash_netiface_create+0x10/0x10 [ 93.317339][ T7623] ip_set_create+0x7e4/0x14d0 [ 93.317362][ T7623] ? __pfx_ip_set_create+0x10/0x10 [ 93.317399][ T7623] ? find_held_lock+0x2b/0x80 [ 93.317423][ T7623] nfnetlink_rcv_msg+0x9fc/0x1200 [ 93.317451][ T7623] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 93.317473][ T7623] ? __lock_acquire+0x622/0x1c90 [ 93.317517][ T7623] ? avc_has_perm_noaudit+0x149/0x3b0 [ 93.317546][ T7623] netlink_rcv_skb+0x158/0x420 [ 93.317570][ T7623] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 93.317586][ T7623] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 93.317608][ T7623] ? ns_capable+0xd7/0x110 [ 93.317627][ T7623] nfnetlink_rcv+0x1b3/0x430 [ 93.317638][ T7623] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 93.317648][ T7623] ? netlink_deliver_tap+0x1ae/0xd30 [ 93.317665][ T7623] netlink_unicast+0x5aa/0x870 [ 93.317684][ T7623] ? __pfx_netlink_unicast+0x10/0x10 [ 93.317704][ T7623] netlink_sendmsg+0x8c8/0xdd0 [ 93.317721][ T7623] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.317742][ T7623] ____sys_sendmsg+0xa98/0xc70 [ 93.317760][ T7623] ? copy_msghdr_from_user+0x10a/0x160 [ 93.317773][ T7623] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.317793][ T7623] ? __pfx_futex_wake_mark+0x10/0x10 [ 93.317814][ T7623] ___sys_sendmsg+0x134/0x1d0 [ 93.317826][ T7623] ? futex_private_hash_put+0x176/0x300 [ 93.317840][ T7623] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.317852][ T7623] ? __lock_acquire+0x622/0x1c90 [ 93.317884][ T7623] __sys_sendmsg+0x16d/0x220 [ 93.317897][ T7623] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.317910][ T7623] ? __x64_sys_futex+0x1e0/0x4c0 [ 93.317939][ T7623] do_syscall_64+0xcd/0xfa0 [ 93.317955][ T7623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.317966][ T7623] RIP: 0033:0x7f9c66f8efc9 [ 93.317976][ T7623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.317988][ T7623] RSP: 002b:00007f9c67ea8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.317998][ T7623] RAX: ffffffffffffffda RBX: 00007f9c671e5fa0 RCX: 00007f9c66f8efc9 [ 93.318006][ T7623] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000009 [ 93.318012][ T7623] RBP: 00007f9c67011f91 R08: 0000000000000000 R09: 0000000000000000 [ 93.318019][ T7623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.318025][ T7623] R13: 00007f9c671e6038 R14: 00007f9c671e5fa0 R15: 00007ffce16cba68 [ 93.318040][ T7623] [ 93.318058][ T7623] Mem-Info: [ 93.448329][ T7623] active_anon:10048 inactive_anon:578 isolated_anon:0 [ 93.448329][ T7623] active_file:3411 inactive_file:51895 isolated_file:0 [ 93.448329][ T7623] unevictable:1768 dirty:10 writeback:0 [ 93.448329][ T7623] slab_reclaimable:9283 slab_unreclaimable:69867 [ 93.448329][ T7623] mapped:25128 shmem:2420 pagetables:1540 [ 93.448329][ T7623] sec_pagetables:309 bounce:0 [ 93.448329][ T7623] kernel_misc_reclaimable:0 [ 93.448329][ T7623] free:414113 free_pcp:23380 free_cma:0 [ 93.465847][ T7623] Node 0 active_anon:40192kB inactive_anon:2312kB active_file:13644kB inactive_file:207376kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100512kB dirty:40kB writeback:0kB shmem:6144kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:14544kB pagetables:5948kB sec_pagetables:1236kB all_unreclaimable? no Balloon:0kB [ 93.477755][ T7623] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:112kB pagetables:212kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 93.487140][ T7623] Node 0 DMA free:14940kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:300kB local_pcp:124kB free_cma:0kB [ 93.497067][ T7623] lowmem_reserve[]: 0 1236 1236 1236 1236 [ 93.499078][ T7623] Node 0 DMA32 free:70700kB boost:0kB min:27548kB low:34432kB high:41316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40272kB inactive_anon:2312kB active_file:13644kB inactive_file:207376kB unevictable:3536kB writepending:40kB zspages:852kB present:2080628kB managed:1265676kB mlocked:0kB bounce:0kB free_pcp:49196kB local_pcp:24188kB free_cma:0kB [ 93.509503][ T7623] lowmem_reserve[]: 0 0 0 0 0 [ 93.512606][ T7623] Node 1 Normal free:1572744kB boost:0kB min:39692kB low:49612kB high:59532kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:0kB zspages:0kB present:2097152kB managed:1781892kB mlocked:0kB bounce:0kB free_pcp:43044kB local_pcp:9356kB free_cma:0kB [ 93.524094][ T7623] lowmem_reserve[]: 0 0 0 0 0 [ 93.525689][ T7623] Node 0 DMA: 20*4kB (UM) 20*8kB (UM) 11*16kB (UM) 17*32kB (UM) 14*64kB (UM) 13*128kB (U) 7*256kB (UM) 5*512kB (UM) 5*1024kB (UM) 1*2048kB (U) 0*4096kB = 15040kB [ 93.531045][ T7623] Node 0 DMA32: 375*4kB (UME) 342*8kB (ME) 180*16kB (ME) 225*32kB (ME) 83*64kB (ME) 57*128kB (UME) 18*256kB (UME) 32*512kB (UME) 20*1024kB (UME) 1*2048kB (M) 0*4096kB = 70444kB [ 93.536555][ T7623] Node 1 Normal: 7*4kB (UE) 12*8kB (UE) 13*16kB (UE) 30*32kB (UME) 66*64kB (UE) 34*128kB (UME) 11*256kB (UE) 13*512kB (U) 9*1024kB (UE) 10*2048kB (UM) 372*4096kB (UM) = 1572748kB [ 93.542274][ T7623] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 93.545320][ T7623] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 93.548521][ T7623] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 93.551978][ T7623] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 93.555002][ T7623] 57737 total pagecache pages [ 93.556509][ T7623] 33 pages in swap cache [ 93.557876][ T7623] Free swap = 124432kB [ 93.559228][ T7623] Total swap = 124996kB [ 93.560547][ T7623] 1048443 pages RAM [ 93.562893][ T7623] 0 pages HighMem/MovableOnly [ 93.564358][ T7623] 282711 pages reserved [ 93.565699][ T7623] 0 pages cma reserved [ 93.674013][ T7623] syz.0.475 (7623) used greatest stack depth: 18808 bytes left [ 93.691020][ T6018] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 93.842520][ T6018] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.846171][ T6018] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.849244][ T6018] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 93.853715][ T6018] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 93.856537][ T6018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.870710][ T6018] usb 8-1: config 0 descriptor?? [ 94.191023][ T6017] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 94.278071][ T6018] plantronics 0003:047F:FFFF.0009: reserved main item tag 0xd [ 94.284154][ T6018] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 94.340906][ T6017] usb 9-1: Using ep0 maxpacket: 16 [ 94.346097][ T6017] usb 9-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 94.348922][ T6017] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 94.351824][ T6017] usb 9-1: Product: syz [ 94.353332][ T6017] usb 9-1: Manufacturer: syz [ 94.356112][ T6017] usb 9-1: SerialNumber: syz [ 94.363728][ T6017] usb 9-1: config 0 descriptor?? [ 94.569960][ T6018] usb 8-1: USB disconnect, device number 10 [ 94.602539][ T24] usb 9-1: USB disconnect, device number 3 [ 94.681305][ T7691] fido_id[7691]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb8/report_descriptor': No such file or directory [ 94.995500][ T40] audit: type=1400 audit(1760797268.285:468): avc: denied { setopt } for pid=7702 comm="syz.2.504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 95.225264][ T7719] usb usb9: usbfs: process 7719 (syz.2.510) did not claim interface 0 before use [ 96.130954][ T6016] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 96.291519][ T6016] usb 5-1: Using ep0 maxpacket: 16 [ 96.297623][ T6016] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 96.302535][ T6016] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 96.305870][ T6016] usb 5-1: Product: syz [ 96.307606][ T6016] usb 5-1: Manufacturer: syz [ 96.309488][ T6016] usb 5-1: SerialNumber: syz [ 96.314500][ T6016] usb 5-1: config 0 descriptor?? [ 96.480932][ T29] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 96.574164][ T841] usb 5-1: USB disconnect, device number 8 [ 96.651174][ T29] usb 9-1: Using ep0 maxpacket: 32 [ 96.654018][ T29] usb 9-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 96.656838][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.660484][ T29] usb 9-1: config 0 descriptor?? [ 96.664960][ T29] gspca_main: sunplus-2.14.0 probing 041e:400b [ 97.400857][ T40] audit: type=1400 audit(1760797270.685:469): avc: denied { map } for pid=7773 comm="syz.3.532" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 97.410685][ T40] audit: type=1400 audit(1760797270.695:470): avc: denied { execute } for pid=7773 comm="syz.3.532" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 97.473101][ T29] gspca_sunplus: reg_r err -71 [ 97.475401][ T29] sunplus 9-1:0.0: probe with driver sunplus failed with error -71 [ 97.479210][ T29] usb 9-1: USB disconnect, device number 4 [ 97.501857][ T7781] ================================================================== [ 97.504485][ T7781] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 SYZFAIL: failed to recv rpc [ 97.506829][ T7781] Read of size 8 at addr ffff888037293af8 by task syz.3.532/7781 [ 97.510694][ T7781] fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 97.511826][ T7781] CPU: 0 UID: 0 PID: 7781 Comm: syz.3.532 Not tainted syzkaller #0 PREEMPT(full) [ 97.511839][ T7781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.511846][ T7781] Call Trace: [ 97.511850][ T7781] [ 97.511854][ T7781] dump_stack_lvl+0x116/0x1f0 [ 97.511877][ T7781] print_report+0xcd/0x630 [ 97.511893][ T7781] ? __virt_addr_valid+0x81/0x610 [ 97.511905][ T7781] ? __phys_addr+0xe8/0x180 [ 97.511919][ T7781] ? __cpa_addr+0x1d3/0x220 [ 97.511932][ T7781] kasan_report+0xe0/0x110 [ 97.511947][ T7781] ? __cpa_addr+0x1d3/0x220 [ 97.511961][ T7781] __cpa_addr+0x1d3/0x220 [ 97.511975][ T7781] cpa_flush+0xec/0x8a0 [ 97.511990][ T7781] ? __pfx_cpa_flush+0x10/0x10 [ 97.512004][ T7781] ? pgprot2cachemode+0x9a/0x130 [ 97.512015][ T7781] ? __pfx_pgprot2cachemode+0x10/0x10 [ 97.512027][ T7781] set_pages_array_wb+0x238/0x280 [ 97.512043][ T7781] ? __pfx_set_pages_array_wb+0x10/0x10 [ 97.512062][ T7781] drm_gem_shmem_put_pages_locked+0x27e/0x300 [ 97.512082][ T7781] drm_gem_shmem_vm_close+0x63/0xc0 [ 97.512096][ T7781] ? __pfx_drm_gem_shmem_vm_close+0x10/0x10 [ 97.512110][ T7781] remove_vma+0x88/0x160 [ 97.512121][ T7781] exit_mmap+0x50a/0xb90 [ 97.512137][ T7781] ? __pfx_exit_mmap+0x10/0x10 [ 97.512157][ T7781] ? arch_uprobe_clear_state+0x16/0x150 [ 97.512172][ T7781] __mmput+0x12a/0x410 [ 97.512182][ T7781] mmput+0x62/0x70 [ 97.512190][ T7781] do_exit+0x7c7/0x2bf0 [ 97.512203][ T7781] ? __pfx_do_exit+0x10/0x10 [ 97.512215][ T7781] ? do_raw_spin_lock+0x12c/0x2b0 [ 97.512231][ T7781] ? find_held_lock+0x2b/0x80 [ 97.512241][ T7781] do_group_exit+0xd3/0x2a0 [ 97.512254][ T7781] get_signal+0x2671/0x26d0 [ 97.512266][ T7781] ? __pfx_get_signal+0x10/0x10 [ 97.512276][ T7781] ? do_futex+0x122/0x350 [ 97.512290][ T7781] ? __pfx_do_futex+0x10/0x10 [ 97.512304][ T7781] arch_do_signal_or_restart+0x8f/0x7c0 [ 97.512322][ T7781] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 97.512342][ T7781] exit_to_user_mode_loop+0x85/0x130 [ 97.512357][ T7781] do_syscall_64+0x426/0xfa0 [ 97.512371][ T7781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.512382][ T7781] RIP: 0033:0x7f03d418efc9 [ 97.512390][ T7781] Code: Unable to access opcode bytes at 0x7f03d418ef9f. [ 97.512396][ T7781] RSP: 002b:00007f03d4f450e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 97.512407][ T7781] RAX: fffffffffffffe00 RBX: 00007f03d43e6098 RCX: 00007f03d418efc9 [ 97.512414][ T7781] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03d43e6098 [ 97.512421][ T7781] RBP: 00007f03d43e6090 R08: 0000000000000000 R09: 0000000000000000 [ 97.512427][ T7781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.512433][ T7781] R13: 00007f03d43e6128 R14: 00007ffe1b760e90 R15: 00007ffe1b760f78 [ 97.512444][ T7781] [ 97.512447][ T7781] [ 97.597947][ T7781] Allocated by task 7774: [ 97.599285][ T7781] kasan_save_stack+0x33/0x60 [ 97.600753][ T7781] kasan_save_track+0x14/0x30 [ 97.602162][ T7781] __kasan_kmalloc+0xaa/0xb0 [ 97.603625][ T7781] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 97.605325][ T7781] drm_gem_get_pages+0x144/0xa10 [ 97.606921][ T7781] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 97.608855][ T7781] drm_gem_shmem_mmap+0xc9/0x550 [ 97.610420][ T7781] drm_gem_mmap_obj+0x1b5/0x560 [ 97.611969][ T7781] drm_gem_mmap+0x40b/0x620 [ 97.613435][ T7781] __mmap_region+0x1309/0x27a0 [ 97.614969][ T7781] mmap_region+0x1ab/0x3f0 [ 97.616413][ T7781] do_mmap+0xa3e/0x1210 [ 97.617732][ T7781] vm_mmap_pgoff+0x29e/0x470 [ 97.619173][ T7781] ksys_mmap_pgoff+0x32c/0x5c0 [ 97.620670][ T7781] __x64_sys_mmap+0x125/0x190 [ 97.622187][ T7781] do_syscall_64+0xcd/0xfa0 [ 97.623631][ T7781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.625499][ T7781] [ 97.626300][ T7781] The buggy address belongs to the object at ffff888037293a00 [ 97.626300][ T7781] which belongs to the cache kmalloc-256 of size 256 [ 97.630622][ T7781] The buggy address is located 0 bytes to the right of [ 97.630622][ T7781] allocated 248-byte region [ffff888037293a00, ffff888037293af8) [ 97.635095][ T7781] [ 97.635872][ T7781] The buggy address belongs to the physical page: [ 97.637919][ T7781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x37292 [ 97.640642][ T7781] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 97.643281][ T7781] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 97.645604][ T7781] page_type: f5(slab) [ 97.646724][ T7781] raw: 00fff00000000040 ffff88801b442b40 ffffea0000d0c500 0000000000000003 [ 97.649396][ T7781] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 97.652052][ T7781] head: 00fff00000000040 ffff88801b442b40 ffffea0000d0c500 0000000000000003 [ 97.654764][ T7781] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 97.657501][ T7781] head: 00fff00000000001 ffffea0000dca481 00000000ffffffff 00000000ffffffff [ 97.660193][ T7781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 97.662895][ T7781] page dumped because: kasan: bad access detected [ 97.664928][ T7781] page_owner tracks the page as allocated [ 97.666737][ T7781] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 7555, tgid 7553 (syz.4.451), ts 88335113386, free_ts 88332614681 [ 97.672275][ T7781] post_alloc_hook+0x1c0/0x230 [ 97.673818][ T7781] get_page_from_freelist+0x10a3/0x3a30 [ 97.675554][ T7781] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 97.677432][ T7781] new_slab+0xa5/0x360 [ 97.678731][ T7781] ___slab_alloc+0xdc4/0x1ae0 [ 97.680225][ T7781] __slab_alloc.constprop.0+0x63/0x110 [ 97.681957][ T7781] __kmalloc_node_noprof+0x4dd/0x8a0 [ 97.683624][ T7781] alloc_slab_obj_exts+0x3a/0xd0 [ 97.685204][ T7781] new_slab+0x283/0x360 [ 97.686554][ T7781] ___slab_alloc+0xdc4/0x1ae0 [ 97.688046][ T7781] __kmem_cache_alloc_bulk+0x225/0x770 [ 97.689817][ T7781] kmem_cache_alloc_bulk_noprof+0x23d/0x5a0 [ 97.691676][ T7781] __io_alloc_req_refill+0x9d/0x5e0 [ 97.693353][ T7781] io_submit_sqes+0xe07/0x2710 [ 97.694879][ T7781] __do_sys_io_uring_enter+0xd69/0x1630 [ 97.696646][ T7781] do_syscall_64+0xcd/0xfa0 [ 97.698115][ T7781] page last free pid 23 tgid 23 stack trace: [ 97.699998][ T7781] __free_frozen_pages+0x7df/0x1160 [ 97.701652][ T7781] rcu_core+0x79c/0x1530 [ 97.703004][ T7781] handle_softirqs+0x219/0x8e0 [ 97.704524][ T7781] run_ksoftirqd+0x3a/0x60 [ 97.705950][ T7781] smpboot_thread_fn+0x3f7/0xae0 [ 97.707524][ T7781] kthread+0x3c5/0x780 [ 97.708800][ T7781] ret_from_fork+0x675/0x7d0 [ 97.710257][ T7781] ret_from_fork_asm+0x1a/0x30 [ 97.711754][ T7781] [ 97.712504][ T7781] Memory state around the buggy address: [ 97.714227][ T7781] ffff888037293980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.716736][ T7781] ffff888037293a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 97.719207][ T7781] >ffff888037293a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 97.721705][ T7781] ^ [ 97.724170][ T7781] ffff888037293b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.726700][ T7781] ffff888037293b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.729229][ T7781] ================================================================== [ 97.737354][ T7781] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 97.739693][ T7781] CPU: 2 UID: 0 PID: 7781 Comm: syz.3.532 Not tainted syzkaller #0 PREEMPT(full) [ 97.742831][ T7781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.746175][ T7781] Call Trace: [ 97.747242][ T7781] [ 97.748203][ T7781] dump_stack_lvl+0x3d/0x1f0 [ 97.749918][ T7781] vpanic+0x640/0x6f0 [ 97.751283][ T7781] panic+0xca/0xd0 [ 97.752659][ T7781] ? __pfx_panic+0x10/0x10 [ 97.754260][ T7781] ? __cpa_addr+0x1d3/0x220 [ 97.755693][ T7781] ? preempt_schedule_common+0x44/0xc0 [ 97.757431][ T7781] ? preempt_schedule_thunk+0x16/0x30 [ 97.759244][ T7781] ? check_panic_on_warn+0x1f/0xb0 [ 97.760895][ T7781] check_panic_on_warn+0xab/0xb0 [ 97.762448][ T7781] end_report+0x107/0x170 [ 97.763832][ T7781] kasan_report+0xee/0x110 [ 97.765269][ T7781] ? __cpa_addr+0x1d3/0x220 [ 97.766741][ T7781] __cpa_addr+0x1d3/0x220 [ 97.768119][ T7781] cpa_flush+0xec/0x8a0 [ 97.769630][ T7781] ? __pfx_cpa_flush+0x10/0x10 [ 97.771161][ T7781] ? pgprot2cachemode+0x9a/0x130 [ 97.772726][ T7781] ? __pfx_pgprot2cachemode+0x10/0x10 [ 97.774427][ T7781] set_pages_array_wb+0x238/0x280 [ 97.776026][ T7781] ? __pfx_set_pages_array_wb+0x10/0x10 [ 97.777811][ T7781] drm_gem_shmem_put_pages_locked+0x27e/0x300 [ 97.779779][ T7781] drm_gem_shmem_vm_close+0x63/0xc0 [ 97.781432][ T7781] ? __pfx_drm_gem_shmem_vm_close+0x10/0x10 [ 97.783303][ T7781] remove_vma+0x88/0x160 [ 97.784643][ T7781] exit_mmap+0x50a/0xb90 [ 97.786010][ T7781] ? __pfx_exit_mmap+0x10/0x10 [ 97.787536][ T7781] ? arch_uprobe_clear_state+0x16/0x150 [ 97.789590][ T7781] __mmput+0x12a/0x410 [ 97.790904][ T7781] mmput+0x62/0x70 [ 97.792183][ T7781] do_exit+0x7c7/0x2bf0 [ 97.793496][ T7781] ? __pfx_do_exit+0x10/0x10 [ 97.794961][ T7781] ? do_raw_spin_lock+0x12c/0x2b0 [ 97.796574][ T7781] ? find_held_lock+0x2b/0x80 [ 97.798159][ T7781] do_group_exit+0xd3/0x2a0 [ 97.799915][ T7781] get_signal+0x2671/0x26d0 [ 97.801581][ T7781] ? __pfx_get_signal+0x10/0x10 [ 97.803265][ T7781] ? do_futex+0x122/0x350 [ 97.804625][ T7781] ? __pfx_do_futex+0x10/0x10 [ 97.806133][ T7781] arch_do_signal_or_restart+0x8f/0x7c0 [ 97.807865][ T7781] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 97.809950][ T7781] exit_to_user_mode_loop+0x85/0x130 [ 97.811817][ T7781] do_syscall_64+0x426/0xfa0 [ 97.813343][ T7781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.815732][ T7781] RIP: 0033:0x7f03d418efc9 [ 97.817433][ T7781] Code: Unable to access opcode bytes at 0x7f03d418ef9f. [ 97.820149][ T7781] RSP: 002b:00007f03d4f450e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 97.823629][ T7781] RAX: fffffffffffffe00 RBX: 00007f03d43e6098 RCX: 00007f03d418efc9 [ 97.826733][ T7781] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03d43e6098 [ 97.829461][ T7781] RBP: 00007f03d43e6090 R08: 0000000000000000 R09: 0000000000000000 [ 97.832107][ T7781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.834606][ T7781] R13: 00007f03d43e6128 R14: 00007ffe1b760e90 R15: 00007ffe1b760f78 [ 97.837079][ T7781] [ 97.838747][ T7781] Kernel Offset: disabled [ 97.840108][ T7781] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:21:10 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8530e555 RDI=ffffffff9ae0a820 RBP=ffffffff9ae0a7e0 RSP=ffffc9000360f1c0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000038 R14=ffffffff9ae0a7e0 R15=ffffffff8530e4f0 RIP=ffffffff8530e57f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69d6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f03d4f44f98 CR3=000000004e0c7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe1b761300 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03d4212fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03d4212fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03d4212fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03d4212ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03d421307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03d421315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88806a4426e0 RCX=ffffffff81b12c21 RDX=ffff888024364900 RSI=ffffffff81b12bfb RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000385f4c0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=ffffed100d4884dd R14=0000000000000001 R15=0000000000000000 RIP=ffffffff81b12bfd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6ad6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f26c5517d60 CR3=000000000e182000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26c49b76c3 00007f26c49b76c3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff58569050 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556d0bdc9e 000055556d0bd8c0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556d0b7de8 000055556d0b7ab0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010c80040880a2a3 9208000100000808 0606013cc2020800 0c90032002000c8a ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03aaaaaaaaaa01ff fffffffffffffff5 080c80030d800408 80a2a39008000100 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008080606013cc0 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000164bbb RBX=0000000000000002 RCX=ffffffff8b6692a9 RDX=0000000000000000 RSI=ffffffff8db03f74 RDI=ffffffff8bf1ea40 RBP=ffffed1003b52920 RSP=ffffc90000187de8 R8 =0000000000000001 R9 =ffffed100d4c6655 R10=ffff88806a6332ab R11=0000000000000001 R12=0000000000000002 R13=ffff88801da94900 R14=ffffffff908339d0 R15=0000000000000000 RIP=ffffffff8b667d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6bd6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000020000000f000 CR3=000000001216d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec41212fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec41212fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec41212fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec41212ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec4121307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec4121315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec413b74a8 00007fec413b74a0 00007fec413b7498 00007fec413b7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec41f1d100 00007fec413b7460 00007fec413b0004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fec413b74b8 00007fec413b74b0 00007fec413b74a8 00007fec413b74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000031b925f0 RBX=ffffffff93aad0c0 RCX=0000000000000003 RDX=000000000000003c RSI=ffffffff822fdf90 RDI=ffffffff93aad0c0 RBP=0000000000140cca RSP=ffffc900043fef30 R8 =0000000000001000 R9 =0000000000000000 R10=ffffed10026dcc00 R11=dffffc0000000000 R12=0000000000000004 R13=ffffea00004db9c0 R14=dffffc0000000000 R15=ffff88802d244900 RIP=ffffffff8b667d9a RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f9c67ea86c0 ffffffff 00c00000 GS =0000 ffff8880d6cd6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3e2506 CR3=0000000021be4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c67012fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c67012fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c67012fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c67012ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c6701307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c6701315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000