last executing test programs: 14.601204874s ago: executing program 3 (id=1239): mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010000000000b995000000000000", @ANYRES32=r1, @ANYBLOB="84110000040000001c0012800b0001006d616373656300000c00028005000a0001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a40)=@newtaction={0x78, 0x30, 0xb, 0x100, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x2, 0x0, 0x800}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x8890}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000380), 0x1000a) 14.522388818s ago: executing program 3 (id=1242): socket$can_raw(0x1d, 0x3, 0x1) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x7) r1 = socket$can_raw(0x1d, 0x3, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001200)={0x0, 0x0}) ioctl$sock_ifreq(r2, 0x8994, &(0x7f0000000200)={'bond0\x00', @ifru_data=&(0x7f0000000000)="efed7ca040a1110529deda82157cb31cb400000000000000000000002300"}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth0\x00', 0x0}) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="180100003500010000000000fcdbdf250701f2800c0004000bac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$can_raw(r1, &(0x7f0000000000)={&(0x7f0000000300)={0x1d, r3}, 0x10, &(0x7f0000000040)={0x0}}, 0x0) 14.357066685s ago: executing program 3 (id=1251): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8001000}, 0xc, &(0x7f0000000380)={&(0x7f0000000080)={0x2f0, r0, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_BEARER={0x100, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @empty}}, {0x14, 0x2, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffb0}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5f}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x6, 0x0}}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast1}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x36}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffff05}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xa}}}, {0x14, 0x2, @in={0x2, 0x4e22, @multicast2}}}}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10}]}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x70d}]}]}]}, 0x2f0}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xcc, r2, 0x800, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x58}, {0x8, 0x15, 0xbce}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x4}, {0x8, 0x15, 0x8ac0}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0x8000}, {0x8, 0x15, 0x9}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8000064}, 0x28000) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r1, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x38, r2, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}}]}, 0x38}, 0x1, 0x0, 0x0, 0x200409c0}, 0x4000000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), r1) sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000a80)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000780)={0x28c, r3, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc8}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5ff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x401}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9fe}]}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_NET={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffff001}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}]}, @TIPC_NLA_LINK={0x16c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2a5393ab}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xce5f}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x39ad}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffeff}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2e14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8c29}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9fe0}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}]}, 0x28c}, 0x1, 0x0, 0x0, 0x4}, 0x20008041) sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x10200800}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x2c, r0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24008085}, 0x4000) sendmsg$NL80211_CMD_START_NAN(r1, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x68, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x10000, 0x3f}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x9}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x81}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}]}, 0x68}, 0x1, 0x0, 0x0, 0x2000000}, 0x4040) r4 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000000d00), &(0x7f0000000d40)=0x30) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000d80)) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x48, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0xb}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x10) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000001100)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000010c0)={&(0x7f0000000f40)={0x15c, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x20b}, {0x6, 0x11, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x6}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x4}, 0x0) r6 = memfd_secret(0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001180), r1) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r6, &(0x7f0000001240)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001200)={&(0x7f00000011c0)={0x14, r7, 0x200, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000012c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_INTERFACE(r8, &(0x7f0000001380)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001340)={&(0x7f0000001300)={0x28, r7, 0x300, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xffc5, 0x49}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x800) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000001400)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000001440)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000001480)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000014c0)=0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r10, &(0x7f0000001580)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x3c, 0x0, 0x122, 0x70bd2c, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x4d0}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r13}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r14}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8810}, 0x91) syz_genetlink_get_family_id$tipc2(&(0x7f00000015c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000001700)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x1c, 0x0, 0x400, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x884}, 0x20000851) 14.292538552s ago: executing program 3 (id=1253): mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) write$sndseq(r1, &(0x7f00000006c0)=[{0x10, 0x0, 0x2, 0xfd, @tick, {}, {0xe}, @quote={{0x8, 0x6}, 0xf}}], 0x1c) write$binfmt_script(r0, &(0x7f0000000380), 0x1000a) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$poke(0x5, r2, &(0x7f0000000080), 0xffffffffffffffd) read$FUSE(r0, &(0x7f0000000700)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@RTM_NEWNSID={0x34, 0x58, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NETNSA_FD={0x8, 0x3, r0}, @NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_PID={0x8, 0x2, r2}, @NETNSA_PID={0x8, 0x2, r3}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x48000) 14.241136053s ago: executing program 3 (id=1256): r0 = fsopen(&(0x7f00000003c0)='proc\x00', 0x1) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r2}, 0x18) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f21df33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) bpf$ENABLE_STATS(0x20, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) r4 = fsmount(r0, 0x0, 0xa) fchdir(r4) (async) chroot(&(0x7f0000000300)='.\x00') (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_print_times', 0x202, 0x0) 13.862947113s ago: executing program 3 (id=1257): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x20, r4, 0x301, 0x70bd25, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40006) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r7, 0xc008aeba, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$x86(r9, &(0x7f0000000080)={0x0, &(0x7f0000000180)}) ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 13.799172978s ago: executing program 32 (id=1257): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x20, r4, 0x301, 0x70bd25, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40006) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r7, 0xc008aeba, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$x86(r9, &(0x7f0000000080)={0x0, &(0x7f0000000180)}) ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 6.890246242s ago: executing program 1 (id=1377): r0 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0) (async) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x6ef47000) 6.826010548s ago: executing program 1 (id=1378): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$hidraw(0x0, 0x0, 0x280) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={0x14, 0x0, 0x2, 0x801}, 0x14}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000100)={0x7, 0x7ff, 0x9, 0x1ff, 0x8000, 0x3}) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000080)={0x1, 0x9, 0x27f}) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) writev(r3, &(0x7f0000000440)=[{&(0x7f0000000000)='8', 0x1}], 0x1) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0xfa, 0x803}}}, 0x7) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001080)=ANY=[@ANYBLOB="5800000010001fff000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0918000000000000300012800b000100697036746e6c000020000280050009000400000014000200fe8000000000000000000000000000bb080004000005"], 0x58}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) 6.758397662s ago: executing program 1 (id=1380): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0), 0x2) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f00000000c0)="f5c89e1e", 0x4) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a1201, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f0000000140)) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0x5, @loopback, 0x6}, 0x1c) r2 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x2, &(0x7f0000000180)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}}) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) setsockopt$sock_int(r0, 0x1, 0x39, &(0x7f0000000040)=0x6931, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x4, &(0x7f0000000000)=[{0x4, 0x2}, {0x6, 0x0, 0x0, 0x2}]}) socket$inet6_tcp(0xa, 0x1, 0x0) (async) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0), 0x2) (async) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f00000000c0)="f5c89e1e", 0x4) (async) openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a1201, 0x0) (async) ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f0000000140)) (async) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) (async) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0x5, @loopback, 0x6}, 0x1c) (async) socket$inet6(0x10, 0x2, 0x4) (async) sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x2, &(0x7f0000000180)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) (async) setsockopt$sock_int(r0, 0x1, 0x39, &(0x7f0000000040)=0x6931, 0x4) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x4, &(0x7f0000000000)=[{0x4, 0x2}, {0x6, 0x0, 0x0, 0x2}]}) (async) 6.671650374s ago: executing program 1 (id=1382): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net\x00') ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000040)={0x1, 0x1, 0x6}) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000100)=0x1, 0x4) getdents64(r0, &(0x7f0000002080)=""/4108, 0x100c) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x50009405, &(0x7f00000000c0)={0xa5, 0x40, 0x5}) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000480)={0x3, 0x0, @pic={0x6, 0x9, 0x5, 0x1, 0x0, 0xb, 0x3, 0x8, 0x1, 0x8, 0x3, 0x2, 0x6, 0xd8, 0x9, 0x1}}) getdents64(r0, 0x0, 0x0) 6.612168729s ago: executing program 1 (id=1383): r0 = syz_open_dev$char_usb(0xc, 0xb4, 0xfffffffffffff958) write$char_usb(r0, &(0x7f0000000080)="a18f5f49d6ceebc89cedc573b65f9ad58a14dd27e4b6b0277bc0ca05ebf1678a76ae1948c5b6f808673acfb3dc51bfccf4e7994abb510463add056e3977121f343f2bc6b5c5b4dfbef6dcd1416fb5d73a90381201cd1373cd3f39a23b029822b3961ce052c17f6279fd2f02d635d939fd2e8709c8475e01f532bf76d9b1cdc846455b2e3469aa21a433206dad521843be808444509a6d861a3b901bb", 0x9c) r1 = syz_open_dev$vim2m(&(0x7f0000000240), 0x2000a54, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, r3, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}]}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x2000) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1, 0x0, 0xf8}) r4 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x140}}, 0x0) getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r4, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x50, r5, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x7fff}, {0x5}}]}, 0x50}}, 0x18000) ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000080)={0x0, 0x1, 0x1, 0x4880}) r6 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_ENCODER_CMD(r6, 0xc028564e, &(0x7f0000000040)={0x0, 0x0, [0xefe, 0x6, 0x9, 0x287, 0x9, 0x0, 0x8, 0x7]}) 6.520339482s ago: executing program 1 (id=1385): sync() sync() sync() sync() sync() sync() sync() sync() sync() sync() sync() sync() sync() sync() sync() pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) write$binfmt_register(r0, &(0x7f0000000040)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x2, 0x3a, '[%*-/', 0x3a, ',\\#,:.*&', 0x3a, './file0', 0x3a, [0x43, 0x46, 0x43, 0x46, 0x46]}, 0x39) sync() sync() sync() sync() r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mm_shrink_slab_end\x00', r0}, 0x18) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r2, 0x2, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x20, 0x33, @mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x292e}, @broadcast, @device_b, @initial, {0x3, 0x7}}, @sa_query_req={0x8, 0x0, 0x8000}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x10) sync() ioctl$F2FS_IOC_GET_PIN_FILE(r1, 0x8004f50e, &(0x7f0000000280)) sync() sync() sync() setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000340)={0x1ff, 0x5, 0xa3, 0x2}, 0x10) 1.77252554s ago: executing program 4 (id=1468): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448c9, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x300000d, 0x6031, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000100), 0x8, 0x40082) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f0000000400)={0x2, @win={{0x7, 0x2, 0x6d, 0x1}, 0x3, 0x6, 0x0, 0xed, 0x0, 0x8}}) r4 = syz_open_dev$video4linux(&(0x7f0000000480), 0x0, 0x40000) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000000)) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0xc0, 0x11cfa, 0x0, 0x8000008, 0x2, 0x4, 0x1, 0x0, 0x2}) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x3, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x40505330, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0xc000, 0x19) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) ioctl$sock_bt_hci(r0, 0x400448c9, 0x0) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58) (async) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x300000d, 0x6031, 0xffffffffffffffff, 0x0) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) syz_open_dev$video(&(0x7f0000000100), 0x8, 0x40082) (async) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f0000000400)={0x2, @win={{0x7, 0x2, 0x6d, 0x1}, 0x3, 0x6, 0x0, 0xed, 0x0, 0x8}}) (async) syz_open_dev$video4linux(&(0x7f0000000480), 0x0, 0x40000) (async) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000000)) (async) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) (async) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) (async) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0xc0, 0x11cfa, 0x0, 0x8000008, 0x2, 0x4, 0x1, 0x0, 0x2}) (async) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x3, 0x0) (async) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x40505330, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0xc000, 0x19) (async) 1.512436833s ago: executing program 4 (id=1469): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2400, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/ip6_mr_vif\x00') pread64(r1, &(0x7f0000003700)=""/119, 0x77, 0x8) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r2, 0xc018aec0, &(0x7f00000000c0)={0x1}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xce) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@newsa={0x158, 0x10, 0x1, 0x0, 0x25dfdbfc, {{@in6=@remote, @in6=@loopback}, {@in=@empty, 0x0, 0x32}, @in6=@loopback, {0x0, 0x0, 0x0, 0x0, 0x6, 0x9}, {0x0, 0x6}, {0x0, 0x0, 0x4}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xad}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}]}, 0x158}}, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) write$cgroup_int(r6, 0x0, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000080)={0x0, @reserved}) getsockopt$ax25_int(r4, 0x101, 0x6, &(0x7f0000000200), &(0x7f00000002c0)=0x4) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4048004) ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00') 1.287900903s ago: executing program 4 (id=1472): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="3800000040000701feffffff0000000001780000040042800c00018006000600800a0000140002800d001480040005"], 0x38}, 0x1, 0x0, 0x0, 0x488d5}, 0xc000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000140)=ANY=[@ANYRES32=r4], 0x9) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a70000000060a0b04000000000000000002000000440004802c0001800b0001006e756d67656e00001c000280080002400000000208000340000000000800014000000015140001800b00010072656a6563740000040002800900010073797a30000000000900020073797a32"], 0x98}}, 0x0) 1.287703109s ago: executing program 4 (id=1473): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r1 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001000370400"/20, @ANYRES32=r3, @ANYBLOB="83040500010000003000128008000100677265002400028008000700ac"], 0x50}}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x9801}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc811}, 0x8000) (async) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) (async) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r4, 0x40000000af01, 0x0) (async) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) (async) r5 = socket$packet(0x11, 0x3, 0x300) (async) r6 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) (async) ioctl$vim2m_VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000040)={0x2}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000340)) r7 = dup(r5) ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000000)={0x1, r7}) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async, rerun: 64) r8 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (async, rerun: 64) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64) splice(r10, 0x0, r9, 0x0, 0x5, 0x0) (async) ioctl$int_in(r9, 0x5452, &(0x7f0000000100)=0x3ff) (async) fcntl$setstatus(r9, 0x4, 0x7c00) (async) dup3(r10, r9, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x0) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) (rerun: 64) 1.21252921s ago: executing program 4 (id=1474): syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185) unshare(0x66000080) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'pcl711\x00', [0x4f27, 0x5, 0x4, 0x4, 0x5, 0x6, 0x1, 0x7, 0xa, 0x100, 0x2, 0x0, 0x1, 0x8, 0x1e, 0x1, 0x0, 0xa449, 0x3, 0x5, 0x81, 0xcaa7, 0x0, 0x1658, 0xb, 0x3, 0x3c, 0x8, 0x6, 0x0, 0x5, 0x4]}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174"], 0xcc}}, 0x20000000) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 640.76712ms ago: executing program 2 (id=1477): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000280)={0x1, 0x0, 0x5, 0x9, 0x49, &(0x7f00000005c0)}) r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'hsr0\x00', 0x4}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f00000003c0)={0x1, 'batadv_slave_0\x00', 0x2}, 0x18) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14c, 0x300}}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x54, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "9f2b"}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x0, 0xf9b}, 0x8) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r5, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r7, 0x89f0, &(0x7f0000000300)={'bond0\x00', @ifru_names='wg0\x00'}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x20048051}, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="01d049cff7dcf53fc93d2f297f887bcb6f63ecf5ff00000087841724d29188a95d6a300000880c014bfa37727e001b"], 0x0) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="58010000100013070000000000000000fc020008000000000000000000000001fe8000000000000000000000000000dcc1a0f50000e85b73bf435a8af2000000f03caa4472740be43f4c09dec4d3fcf5ac9231071e61368e50539b17f5aba16b49df68564719e43c98716840aabb59f14fb43abd7bb60a7a0cd69240d783b404e92d8239449f90410a0d34194fdd97e4715736319420aee3a1a99fa7d08511ce006a62da9aad7942b1609537a7fcbb405993653d593a2ddd89629a586405d9e866e811ddc22899981b6bfcc22644b5f11c4bbe53750d41fe417b95db34de8f7826282292f2933bb9784e15e75bc736001dd8a6a386a3aa58f78098", @ANYRESOCT=r5, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=0x0, @ANYRES64], 0x158}, 0x1, 0x0, 0x0, 0x48010}, 0x40040) r9 = syz_open_dev$evdev(&(0x7f0000000240), 0x4fe2, 0x68000) r10 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r10, 0x6, 0x0, 0x0, 0x0) r11 = fsmount(r10, 0x0, 0x2) r12 = openat$cgroup_subtree(r11, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r12, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) r13 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r13, 0xc02064b2, &(0x7f0000000080)={0x8efd, 0xf, 0x20}) ioctl$EVIOCGBITSW(r9, 0x80404525, &(0x7f0000000140)=""/97) 640.477101ms ago: executing program 2 (id=1478): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18) mmap(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x3000002, 0x4c831, r0, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x380}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x1b, &(0x7f0000000880)=ANY=[@ANYBLOB="00000000fc1ccaf300000000b7080000ce0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200", @ANYBLOB="0000000000000000b703"], &(0x7f0000000300)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcfb, 0x0, 0x0, 0x10, 0x3}, 0x94) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000700)={&(0x7f0000000900)=ANY=[@ANYBLOB='\t\x00F\x00', @ANYRESOCT=r2, @ANYBLOB="000826bd7000fddbdf250c0000000c000180080008000700000038000280080003000100000006000e004e24000006000f000300000014000100ff02000000000000000000000000000108000500b90b"], 0x58}, 0x1, 0x0, 0x0, 0x20000080}, 0x4) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000340), 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000540)=[{0x6, 0x0, 0x0, 0x7fff7ffc}, {0x7, 0x62, 0x80, 0x76}, {0x7, 0x8, 0xf5, 0x6}]}) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000a40)=""/93, 0x5d}], 0x2}, 0x10040) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 402.74005ms ago: executing program 0 (id=1480): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x44, r1, 0x607, 0x270bd07, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x6}]}, 0x44}}, 0x4008400) mount(&(0x7f00000001c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x4418, 0x0) 401.282038ms ago: executing program 0 (id=1481): socket$vsock_stream(0x28, 0x1, 0x0) (async) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500, 0x0, 0x352}, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0xaa}, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0xaa}, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') listen(r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000e5000000000000000000f7840000009e0000009500200000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$kcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) (async) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x28001}, 0x8000002) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x28001}, 0x8000002) socket$key(0xf, 0x3, 0x2) (async) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="02180000100000000000000000000000030005000000000002000010e000000100000000000000000800120000000000000000000000000010000000000000000000000000000000ac1414bb000000000000000000000000fc010000000000000000000000000000030006000000000002"], 0x80}}, 0x0) 302.629847ms ago: executing program 2 (id=1482): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x20c010, 0x0) (async, rerun: 64) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async, rerun: 64) chdir(&(0x7f0000000100)='./file0\x00') (async) bpf$MAP_CREATE(0x0, 0x0, 0x48) (async, rerun: 64) unlink(&(0x7f0000000040)='./file0\x00') (async, rerun: 64) mknod(&(0x7f0000000080)='./file0\x00', 0x8000, 0x8) 301.721852ms ago: executing program 0 (id=1483): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_lsm={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000700000061114c000000000085000000cf00000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100}, 0x94) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r3 = socket(0x2d, 0x2, 0x0) connect$qrtr(r3, &(0x7f0000000300)={0x2d, 0x0, 0x4000}, 0xc) bind$802154_dgram(r0, &(0x7f0000000000)={0x24, @none={0x0, 0xffff}}, 0x14) 231.3987ms ago: executing program 0 (id=1484): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff00", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00000000000000000000000000001100", "90be8b1c55080000000c547d03d8a0f4bd00", [0x0, 0x6]}}) 182.669957ms ago: executing program 0 (id=1485): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20020009, 0x0, &(0x7f0000000240)={0x20, 0x0, 0xfffc, 0x360, 0x7}, 0x1a, 0x7, 0x60000000, 0x0, 0x4, 0x101, 0x0}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) 182.529087ms ago: executing program 2 (id=1486): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f0000000cc0)) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x12e, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3f}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}]}}}]}, 0x40}}, 0x4000010) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100), &(0x7f0000000140)=0x4) creat(&(0x7f0000000040)='./file0\x00', 0x1) 182.032096ms ago: executing program 0 (id=1487): r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000006c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000000340)={0x24, r2, 0x503, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040040}, 0x4000850) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r3) sendmsg$NFC_CMD_DEP_LINK_DOWN(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x40000) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r8, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60) getsockopt$inet_buf(r8, 0x118, 0x1, 0x0, &(0x7f00000003c0)) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r10], 0x1c}}, 0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000001280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001240)={&(0x7f0000000180)={0x44, r4, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x8}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x357}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x14a}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x3}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0xcb}]}, 0x44}, 0x1, 0x0, 0x0, 0x3000}, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000045ae5e685ae86585b6da2952bfd095503b01db1db5143fc263c387b57e0f06197ae40016cae1cab57129c16752acc32fe710e2a5276e7501ec3c0d5abe674a88a6a214a38724e8dd544c1b22704f92652e645ca2d539ab8628a1b69669cec39150e90f32a1b0e2ef3d88acf57001cf783c2b6ef7d642fd1f9876f0584c00e8293e77d023723f2aceb3049805cca1a2d10eed9d26c99b4d0a18de24cf79"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYRESDEC=r0], &(0x7f0000000200)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000240)=""/4096, 0x0, 0x8}, 0x94) 1.277925ms ago: executing program 2 (id=1488): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000140)={0x1, 0x1, 0x1000, 0x91, &(0x7f0000000000)="abd6f498c6e6d826d4cf0c3738a38e6337e2aecfd2f9c6b83a9347b38d1bbee07e16adbfb835d1b5469cb08e4dd1b4c1f9aef9856b68c4128b73cd4475456f83d6721dba2197669529a18b5d34ce4ba1b7e05eb4ad9bbeecaaf3f8c41c8dd4463b207c8aace13c92f0060d6ab9583d2d58e9fbf14020c007346516dc05cd9596d8048212b00d474dc87d4e5a5ed7da1b97", 0x5c, 0x0, &(0x7f00000000c0)="f19f7fea7eccaf72b52acf9257339bd675e746331dea70e95881fda2b41885ea36c749f0c6de9fabe40bc460da62748b19e4113d5190cf79b5d800dec7ca4f0d83517884b4f563aada2512966cafe69cce4441f5e66af79f28f0e5b1"}) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0), 0x2be000, 0x0) r2 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x4000000) inotify_rm_watch(r1, r2) getdents64(r1, &(0x7f0000000240)=""/125, 0x7d) read$FUSE(r1, &(0x7f00000002c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r3, {0x7, 0x2b, 0x6, 0x4008c0, 0x4, 0x7ff, 0x10001, 0xe, 0x0, 0x0, 0x8, 0x4}}, 0x50) ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000002380)) ioctl$sock_ifreq(r1, 0x8951, &(0x7f0000002400)={'xfrm0\x00', @ifru_data=&(0x7f00000023c0)="0d2605b942fd1a00be24952c894430320539eae46e8e2e3209da19e761b1015c"}) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000002440), 0x80040, 0x0) r7 = syz_open_dev$mouse(&(0x7f0000002480), 0x2, 0x420d43) setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000002e00)=@broute={'broute\x00', 0x20, 0x5, 0x8fe, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000002500], 0x0, &(0x7f00000024c0), &(0x7f0000002500)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x11, 0x50, 0x8035, 'veth1\x00', 'ip6tnl0\x00', 'wlan0\x00', 'batadv0\x00', @local, [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], @random="e12f13c0e4d4", [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], 0x9e, 0x21e, 0x24e, [@pkttype={{'pkttype\x00', 0x0, 0x8}}], [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0xffffff14, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00'}}}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x2, 'syz0\x00', {0xffffffffffffc97a}}}}], @common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{0x3, 0x1, 0x9000, 'vlan0\x00', 'bond0\x00', 'ip6_vti0\x00', 'dummy0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0xff, 0x0, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, [0x0, 0xff, 0x0, 0xff], 0xde, 0x146, 0x176, [@stp={{'stp\x00', 0x0, 0x48}, {{0xf, {0x0, 0x2, 0x6, @local, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0xfc, 0x5, 0x3, 0x1, @random="c9835bd4a97f", [0x0, 0xff, 0xff, 0x0, 0xff], 0x4e23, 0x4e21, 0x7, 0x3, 0x4e33, 0xc99a, 0x400, 0x5, 0x3e3, 0x4f19}, 0x80, 0x200}}}], [@common=@dnat={'dnat\x00', 0x10, {{@multicast}}}, @common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffd}}], @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x3}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{0x5, 0x4, 0x8863, 'xfrm0\x00', 'veth0_to_bond\x00', 'vxcan1\x00', 'ipvlan0\x00', @broadcast, [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, [0xff, 0x0, 0xff, 0xff, 0xff], 0xae, 0x10e, 0x146, [@devgroup={{'devgroup\x00', 0x0, 0x18}, {{0x4, 0x100, 0x0, 0x6, 0x3ff}}}], [@common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffb}}, @common=@AUDIT={'AUDIT\x00', 0x8, {{0x1}}}], @common=@mark={'mark\x00', 0x10, {{0xffffffd0}}}}]}, {0x0, '\x00', 0x3, 0x610887b312e5c608, 0x2, [{0x3, 0x50, 0x88b5, 'gre0\x00', 'caif0\x00', 'nr0\x00', 'vxcan1\x00', @multicast, [0xff, 0xff, 0x0, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0xff, 0xff, 0x0, 0xff, 0xff, 0xff], 0x1de, 0x1de, 0x216, [@comment={{'comment\x00', 0x0, 0x100}}, @ip={{'ip\x00', 0x0, 0x20}, {{@remote, @dev={0xac, 0x14, 0x14, 0x21}, 0x0, 0x0, 0xeb, 0x2e, 0x20, 0x69, 0x4e21, 0x4e24, 0x4e20, 0x4e23}}}], [], @common=@dnat={'dnat\x00', 0x10, {{@remote, 0xfffffffffffffffc}}}}, {0x3, 0x40, 0x9300, 'bridge0\x00', 'nr0\x00', 'netpci0\x00', 'caif0\x00', @multicast, [0xff, 0x0, 0x0, 0x0, 0x0, 0xff], @random="59bc23cac6d0", [0xff, 0xff, 0x0, 0xff], 0x6e, 0xee, 0x11e, [], [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x4, 'syz1\x00', {0x1000}}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x3}}}], @common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffe}}}}]}]}, 0x976) sendmsg$unix(r1, &(0x7f0000003100)={&(0x7f0000002e80)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000003040)=[{&(0x7f0000002f00)="7b12520f4e651a50b202394fdcac1ac010cca74c25eb4303ebeb6791624f41566cca2c0a42f6095bfbc97ce1da", 0x2d}, {&(0x7f0000002f40)="e5d36338d93d86215c88ea86faae6a2b55c9cdacbb4e084ea497a9cc313ab2abbb196fe1e468772a6b4c2feca0d5d2bf2d36d31aceb947", 0x37}, {&(0x7f0000002f80)="72baf467d00abf549f488c4fb5846c4219e947d2231849e87e12155d2ad09b245eeee010da32e539d5827c2e37df4383cc9b5146568650d3b28f32fc7cd1049891919d6506bcbcae4a9e3274250bf9c9774afce0cb7fde23d6c1d1a241723014d7116d47ec0205c512b698acdcb9d7998a7566715ec361adeb8ac77e7af01c785f18c5ae3ff8eed64ab1a4263d7f09d3135f49ded71ce573d667", 0x9a}], 0x3, &(0x7f0000003080)=[@cred={{0x1c, 0x1, 0x2, {r5, r4, 0xee00}}}, @rights={{0x24, 0x1, 0x1, [r7, r1, r1, r7, r0]}}, @rights={{0x14, 0x1, 0x1, [r0]}}], 0x60, 0x4000}, 0x40080) fchdir(r6) getsockopt$IP_VS_SO_GET_SERVICES(r7, 0x0, 0x482, &(0x7f0000003140)=""/6, &(0x7f0000003180)=0x6) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f00000031c0)) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r7, 0xc0189379, &(0x7f0000003200)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r9 = openat$vsock(0xffffffffffffff9c, &(0x7f0000003240), 0x500, 0x0) ppoll(&(0x7f0000003280)=[{r1, 0x1}, {r6, 0xe28d}, {r8, 0x8}, {r9, 0x4e8}, {r8, 0x48}], 0x5, &(0x7f00000032c0), &(0x7f0000003300), 0x8) r10 = socket$inet_udp(0x2, 0x2, 0x0) r11 = accept4(r9, &(0x7f0000003340)=@l2tp={0x2, 0x0, @dev}, &(0x7f00000033c0)=0x80, 0x80800) ioctl$sock_TIOCINQ(r10, 0x541b, &(0x7f0000003400)) capset(&(0x7f0000003440)={0x20071026, r5}, &(0x7f0000003480)={0xa, 0x2, 0x2, 0x2, 0x401, 0x5}) setsockopt$MRT6_DEL_MFC_PROXY(r8, 0x29, 0xd3, &(0x7f00000034c0)={{0xa, 0x4e20, 0xfff, @private1, 0xfff}, {0xa, 0x4e23, 0x2, @remote, 0x1ff}, 0xffffffffffffffff, {[0x3, 0x4, 0x80, 0x9, 0x2, 0x1c, 0x2, 0x800]}}, 0x5c) close$binfmt(r10) unshare(0x2000600) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000003540)={0x10000, 0xf000, 0x0, r7, 0x1}) pwritev2(r11, &(0x7f00000037c0)=[{&(0x7f0000003580)="8368f967097865e715736c44097170cc7c999aa32f0264c51ec31415f1350e7ba55be57114cf26ba3bb09a37e9d4e1cfdc053f4fee7273ffcd126eb78c2062234d0958a5623fa960aa935301a8fb7ddf43f465267d12781cb569f3103f611d7f971513baf63280ad21d942280fb3b1de93d748532f4af0af18d480e562b7f9149b588a6f3ef8f8e23b991f016fc13cf4033fdb764a56996d37d17e2d5be03f8090ffe6c9c3787e186aa6904efbaefd5cf43bbfb09ad145decd9587d76263a16d5fc327b14591668def708ae9aa6dd908a637794b96cc5e8860295e9db8a651ebdb778440fda4", 0xe6}, {&(0x7f0000003680)="551c9295bcbb35928ba4f590c1a1fc40966062acd4af4fb900c2517cf5df4d93af22015ce4bece9462c8c0277798b7b3e3be2519f1eb7695f576e7be91eb5a4d847eb49f840418677ec75ea604bb6275bf21cbde97ef956e480b1220b35675b260c63af8b0431c322a4b51915938a36dd7d816337d89402e357f414dc227671d6c114a479f21048ea1696c50b2d3cfb144dd1e96903a73c443d2c26a163294afd59e85569f202f49bf80a52337db9f56e8bf5a6a66d207c5dd8f65b81ec288341a11f169358fbcacbd4241fa82b6dc1ca6f4ebb805e3ea79979f72b04c659f34efd596ac0f83", 0xe6}, {&(0x7f0000003780)="4b3fee9f876a", 0x6}], 0x3, 0x5f, 0x1, 0x2) sendmsg$NL80211_CMD_START_AP(r11, &(0x7f00000039c0)={&(0x7f0000003800)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000003980)={&(0x7f0000003880)={0xf8, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x24}}}}, [@NL80211_ATTR_SSID={0x1b, 0x34, @random="04791c66d7b30854004373480f0e206aaa90cc321211f0"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x81}, @NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_PRIVACY={0x4}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88be}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x34, 0x115, "790393c035dd1600a61d8d2ba6b8c36e38a265e3e5cc978633a9ea6856e84615fb2b040c77313a77f2272b505287b527"}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xd}, @NL80211_ATTR_SAE_PASSWORD={0x4f, 0x115, "77c2c1eacfbda1fc7d73b4d5374da6231e758d768937e681c303f5d99853038dc614774602158b73d4a5ed2245a684610045377bc55939b128b7efc7ac6ff5fad07cbd421602cd8ee4582e"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}]]}, 0xf8}, 0x1, 0x0, 0x0, 0x20}, 0x24008011) 922.95µs ago: executing program 2 (id=1489): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040), 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@updsa={0xf0, 0x1a, 0x1, 0x70bd2c, 0x0, {{@in6=@private1, @in6=@dev={0xfe, 0x80, '\x00', 0x3b}, 0x0, 0x0, 0x0, 0x75c, 0x0, 0x60, 0x0, 0x32}, {@in6=@dev={0xfe, 0x80, '\x00', 0x37}, 0x0, 0x3c}, @in=@loopback, {0x0, 0x7ff}, {}, {}, 0x1, 0x0, 0x2, 0x4, 0x4, 0x60}}, 0xf0}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}}) syz_open_dev$radio(&(0x7f0000000e40), 0x3, 0x2) (async) r3 = syz_open_dev$radio(&(0x7f0000000e40), 0x3, 0x2) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000000c0)={0xffffffd9, 0x103, 0x0, 0x7fffffff, 0x3, "03f03f0900000000000000000007000000fbff", 0x2, 0x203}) (async) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000000c0)={0xffffffd9, 0x103, 0x0, 0x7fffffff, 0x3, "03f03f0900000000000000000007000000fbff", 0x2, 0x203}) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000100)=0x9) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c0009"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) ppoll(&(0x7f0000000e80)=[{r3, 0x1000}], 0x1, &(0x7f0000000ec0)={0x0, 0x989680}, 0x0, 0x0) (async) ppoll(&(0x7f0000000e80)=[{r3, 0x1000}], 0x1, &(0x7f0000000ec0)={0x0, 0x989680}, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="38000000120005fff3ccacfe4f6d4818f9ff0000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e00010077697265677561726400000004000280"], 0x38}}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0) (async) ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000001680)) (async) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000001680)) eventfd2(0x1, 0x1) (async) r9 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r8, 0x4008af22, &(0x7f00000001c0)={0x0, r9}) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000240)={0x0, 0x1, 0x0, &(0x7f0000001ac0)=""/191, 0x0, 0xffff1000}) ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f00000000c0)=0x1) (async) ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r8, 0x4008af60, &(0x7f0000000140)={@my=0x1}) socket$vsock_stream(0x28, 0x1, 0x0) (async) r10 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) connect$vsock_stream(r10, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f000000c3c0)={0x2020}, 0x2020) 0s ago: executing program 4 (id=1490): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000140)={@private0, 0x0}, &(0x7f0000000180)=0x14) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x5, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0xfb}}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x72, 0x0, 0x11, 0x4}, @float={0x10, 0x0, 0x0, 0x10, 0x4}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x2b, 0x0, 0x66, 0x2}]}, {0x0, [0x2e, 0x0, 0x2e]}}, &(0x7f00000003c0)=""/100, 0x61, 0x64, 0x0, 0x1}, 0x28) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', r1, 0x25, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) mkdir(&(0x7f00000001c0)='./bus\x00', 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f3, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0xab00, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @empty}}}}) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='ntfs3\x00', 0x400080, &(0x7f0000000000)='discard') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) r6 = open(&(0x7f0000000440)='./bus\x00', 0x40, 0x120) write$P9_RREADDIR(r6, &(0x7f0000000480)={0x62, 0x29, 0x1, {0x5, [{{0x2, 0x1, 0x5}, 0x5, 0x81, 0x5, './bus'}, {{0x20, 0x0, 0x2}, 0xfffffffffffffff7, 0x81, 0x5, './bus'}, {{0x10, 0x3, 0x5}, 0xe0, 0x4, 0x5, './bus'}]}}, 0x62) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r3, r5, 0x25, 0x0, @val=@netfilter}, 0x40) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0xffffffff, 0x0, {0x0, 0x0, 0x74, r5, {0x0, 0x7}, {0x0, 0x4}, {0xc}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) kernel console output (not intermixed with test programs): r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 104.079015][ T6310] hid (null): unknown global tag 0xe [ 104.088213][ T6310] hid (null): bogus close delimiter [ 104.091346][ T6310] hid (null): report_id 479974011 is invalid [ 104.094513][ T6310] hid (null): report_id 2926862909 is invalid [ 104.096517][ T6310] hid (null): report_id 1974137657 is invalid [ 104.098840][ T6310] hid (null): unknown global tag 0xd [ 104.100834][ T6310] hid (null): unknown global tag 0xe [ 104.102758][ T6310] hid (null): report_id 0 is invalid [ 104.104535][ T6310] hid (null): bogus close delimiter [ 104.106296][ T6310] hid (null): invalid report_count 59511 [ 104.108687][ T6310] hid (null): unknown global tag 0xe [ 104.110681][ T6310] hid (null): unknown global tag 0xd [ 104.112444][ T6310] hid (null): report_id 0 is invalid [ 104.114296][ T6310] hid (null): report_id 45263 is invalid [ 104.116185][ T6310] hid (null): unknown global tag 0xe3 [ 104.118635][ T6310] hid (null): unknown global tag 0xc [ 104.120330][ T6310] hid (null): unknown global tag 0xe [ 104.122122][ T6310] hid (null): report_id 30218 is invalid [ 104.123911][ T6310] hid (null): bogus close delimiter [ 104.127565][ T6310] hid-generic 000C:FFFF8000:0005.0008: unexpected long global item [ 104.130391][ T6310] hid-generic 000C:FFFF8000:0005.0008: probe with driver hid-generic failed with error -22 [ 104.268009][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.279175][ T8359] netlink: 12 bytes leftover after parsing attributes in process `syz.0.692'. [ 104.283040][ T8359] bridge: RTM_NEWNEIGH with invalid ether address [ 104.287211][ T8359] netem: change failed [ 104.677853][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.748032][ T5977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.708107][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.269399][ T9] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 106.748456][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.308820][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.798358][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.827976][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 109.868060][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.348626][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.907973][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.947972][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.987909][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.069197][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.387898][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 114.027892][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.078116][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.108051][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.428070][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.737090][ T40] audit: type=1400 audit(1764833677.364:545): avc: denied { read } for pid=8404 comm="syz.3.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 116.782282][ T40] audit: type=1326 audit(1764833677.414:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8413 comm="syz.1.698" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef1c98f7c9 code=0x0 [ 116.854961][ T8412] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 116.897491][ T40] audit: type=1400 audit(1764833677.524:547): avc: denied { map } for pid=8421 comm="syz.0.699" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 116.942296][ T40] audit: type=1400 audit(1764833677.574:548): avc: denied { bind } for pid=8421 comm="syz.0.699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 116.945624][ T8422] tipc: Failed to remove unknown binding: 66,1,1/2130706433:3055341820/3055341822 [ 116.950142][ T40] audit: type=1400 audit(1764833677.574:549): avc: denied { setopt } for pid=8421 comm="syz.0.699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 116.952340][ T8422] tipc: Failed to remove unknown binding: 66,1,1/2130706433:3055341820/3055341822 [ 116.962328][ T34] hid (null): unknown global tag 0x4e [ 116.964161][ T34] hid (null): unknown global tag 0xc [ 116.965985][ T34] hid (null): unknown global tag 0xc [ 116.968405][ T34] hid (null): invalid report_count -252024535 [ 116.970691][ T34] hid (null): invalid report_size 45376 [ 116.972703][ T34] hid (null): bogus close delimiter [ 116.974653][ T34] hid (null): unknown global tag 0x84 [ 116.976580][ T34] hid (null): report_id 0 is invalid [ 116.980149][ T34] hid (null): unknown global tag 0xc [ 116.982186][ T34] hid (null): unknown global tag 0xf9 [ 116.984169][ T34] hid (null): invalid report_count -983136302 [ 116.986439][ T34] hid (null): global environment stack underflow [ 116.988023][ T5977] usb 8-1: new full-speed USB device number 16 using dummy_hcd [ 116.989199][ T34] hid (null): global environment stack underflow [ 116.993275][ T34] hid (null): unknown global tag 0x80 [ 116.994938][ T34] hid (null): unknown global tag 0xe [ 116.996597][ T34] hid (null): bogus close delimiter [ 116.998464][ T34] hid (null): report_id 479974011 is invalid [ 117.001128][ T34] hid (null): report_id 2926862909 is invalid [ 117.003362][ T34] hid (null): report_id 1974137657 is invalid [ 117.006086][ T34] hid (null): unknown global tag 0xd [ 117.008107][ T34] hid (null): unknown global tag 0xe [ 117.010104][ T34] hid (null): report_id 0 is invalid [ 117.011990][ T34] hid (null): bogus close delimiter [ 117.014369][ T34] hid (null): invalid report_count 59511 [ 117.016422][ T34] hid (null): unknown global tag 0xe [ 117.018513][ T34] hid (null): unknown global tag 0xd [ 117.020359][ T34] hid (null): report_id 0 is invalid [ 117.022505][ T34] hid (null): report_id 45263 is invalid [ 117.024850][ T34] hid (null): unknown global tag 0xe3 [ 117.027311][ T34] hid (null): unknown global tag 0xc [ 117.029383][ T34] hid (null): unknown global tag 0xe [ 117.031277][ T34] hid (null): report_id 30218 is invalid [ 117.033435][ T34] hid (null): bogus close delimiter [ 117.036848][ T34] hid-generic 000C:FFFF8000:0005.0009: unexpected long global item [ 117.040106][ T34] hid-generic 000C:FFFF8000:0005.0009: probe with driver hid-generic failed with error -22 [ 117.092800][ T8434] MINIX-fs: unable to read superblock [ 117.147948][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 117.149312][ T5977] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 117.155532][ T5977] usb 8-1: config 0 interface 0 has no altsetting 0 [ 117.164916][ T5977] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 117.171305][ T5977] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 117.175064][ T5977] usb 8-1: Product: syz [ 117.176481][ T5977] usb 8-1: Manufacturer: syz [ 117.178458][ T5977] usb 8-1: SerialNumber: syz [ 117.187951][ T5977] usb 8-1: config 0 descriptor?? [ 117.203702][ T5977] usb 8-1: selecting invalid altsetting 0 [ 117.404237][ T54] usb 8-1: USB disconnect, device number 16 [ 117.408840][ T8408] netlink: 28 bytes leftover after parsing attributes in process `syz.3.696'. [ 117.418188][ T8406] netlink: 28 bytes leftover after parsing attributes in process `syz.3.696'. [ 117.418428][ T8408] fuse: Unknown parameter 'G0x0000000000000003' [ 117.426549][ T8448] fuse: Unknown parameter 'G0x0000000000000003' [ 117.550490][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 117.728729][ T5977] hid (null): unknown global tag 0x4e [ 117.731027][ T5977] hid (null): unknown global tag 0xc [ 117.733122][ T5977] hid (null): unknown global tag 0xc [ 117.735030][ T5977] hid (null): invalid report_count -252024535 [ 117.738728][ T5977] hid (null): invalid report_size 45376 [ 117.741493][ T5977] hid (null): bogus close delimiter [ 117.743859][ T5977] hid (null): unknown global tag 0x84 [ 117.745803][ T5977] hid (null): report_id 0 is invalid [ 117.748463][ T5977] hid (null): unknown global tag 0xc [ 117.750571][ T5977] hid (null): unknown global tag 0xf9 [ 117.752619][ T5977] hid (null): invalid report_count -983136302 [ 117.754807][ T5977] hid (null): global environment stack underflow [ 117.757891][ T5977] hid (null): global environment stack underflow [ 117.760159][ T5977] hid (null): unknown global tag 0x80 [ 117.762102][ T5977] hid (null): unknown global tag 0xe [ 117.764438][ T5977] hid (null): bogus close delimiter [ 117.766339][ T5977] hid (null): report_id 479974011 is invalid [ 117.769396][ T5977] hid (null): report_id 2926862909 is invalid [ 117.771521][ T5977] hid (null): report_id 1974137657 is invalid [ 117.773688][ T5977] hid (null): unknown global tag 0xd [ 117.775631][ T5977] hid (null): unknown global tag 0xe [ 117.777495][ T5977] hid (null): report_id 0 is invalid [ 117.779967][ T5977] hid (null): bogus close delimiter [ 117.781874][ T5977] hid (null): invalid report_count 59511 [ 117.784068][ T5977] hid (null): unknown global tag 0xe [ 117.787449][ T5977] hid (null): unknown global tag 0xd [ 117.789728][ T5977] hid (null): report_id 0 is invalid [ 117.791572][ T5977] hid (null): report_id 45263 is invalid [ 117.793605][ T5977] hid (null): unknown global tag 0xe3 [ 117.796683][ T5977] hid (null): unknown global tag 0xc [ 117.799501][ T5977] hid (null): unknown global tag 0xe [ 117.801352][ T5977] hid (null): report_id 30218 is invalid [ 117.803427][ T5977] hid (null): bogus close delimiter [ 117.808466][ T5977] hid-generic 000C:FFFF8000:0005.000A: unexpected long global item [ 117.811478][ T5977] hid-generic 000C:FFFF8000:0005.000A: probe with driver hid-generic failed with error -22 [ 117.971178][ T8464] smc: net device bond0 applied user defined pnetid SYZ0 [ 118.124809][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.127745][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.131289][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.196303][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.277368][ T40] audit: type=1400 audit(1764833678.904:550): avc: denied { setattr } for pid=8492 comm="syz.2.723" name="NETLINK" dev="sockfs" ino=23991 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 118.277702][ T8493] x_tables: ip6_tables: CT target: only valid in raw table, not syz1 [ 118.317655][ T40] audit: type=1400 audit(1764833678.944:551): avc: denied { lock } for pid=8494 comm="syz.2.724" path="socket:[23997]" dev="sockfs" ino=23997 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 118.360738][ T8499] input: syz1 as /devices/virtual/input/input12 [ 118.416294][ T40] audit: type=1400 audit(1764833679.044:552): avc: denied { create } for pid=8500 comm="syz.3.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 118.425768][ T40] audit: type=1400 audit(1764833679.044:553): avc: denied { write } for pid=8500 comm="syz.3.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 118.490967][ T8506] overlayfs: upper fs does not support file handles, falling back to index=off. [ 118.822186][ T40] audit: type=1400 audit(1764833679.454:554): avc: denied { nlmsg_read } for pid=8516 comm="syz.2.733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 118.951013][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.954926][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.959054][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.963155][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.967229][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.971542][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.975561][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.980054][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.985107][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 118.991801][ T8525] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 119.045586][ T8529] 9pnet_virtio: no channels available for device 127.0.0.1 [ 119.228090][ T71] net_ratelimit: 1 callbacks suppressed [ 119.228103][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.086344][ T34] xfrm0 speed is unknown, defaulting to 1000 [ 120.287952][ T8593] IPVS: stopping backup sync thread 8594 ... [ 120.288051][ T8594] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 0, id = 0 [ 120.542372][ T8615] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 120.547284][ T8615] netlink: 'syz.1.763': attribute type 1 has an invalid length. [ 120.592585][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.832337][ T8639] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.836552][ T8639] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.855308][ T8642] overlayfs: failed to resolve './file1': -2 [ 120.910547][ T8645] program syz.0.774 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.978122][ T8659] netlink: 'syz.0.777': attribute type 1 has an invalid length. [ 121.004690][ T8659] 8021q: adding VLAN 0 to HW filter on device bond1 [ 121.028710][ T8668] xt_hashlimit: max too large, truncated to 1048576 [ 121.032899][ T8668] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 121.038919][ T8670] xt_hashlimit: max too large, truncated to 1048576 [ 121.041548][ T8670] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 121.183767][ T8684] bond3: invalid ARP target 0.0.0.0 specified for addition [ 121.186321][ T8684] bond3: option arp_ip_target: invalid value (0) [ 121.196443][ T8684] bond3 (unregistering): Released all slaves [ 121.307874][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 121.354301][ T8687] block device autoloading is deprecated and will be removed. [ 121.410197][ T8693] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 121.473164][ T8697] netlink: 'syz.0.790': attribute type 1 has an invalid length. [ 121.631724][ T5943] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 121.635072][ T5943] CPU: 2 UID: 0 PID: 5943 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 121.635089][ T5943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.635098][ T5943] Workqueue: hci1 hci_rx_work [ 121.635128][ T5943] Call Trace: [ 121.635133][ T5943] [ 121.635138][ T5943] dump_stack_lvl+0x16c/0x1f0 [ 121.635156][ T5943] sysfs_warn_dup+0x7f/0xa0 [ 121.635233][ T5943] sysfs_create_dir_ns+0x24b/0x2b0 [ 121.635250][ T5943] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 121.635300][ T5943] ? find_held_lock+0x2b/0x80 [ 121.635317][ T5943] ? do_raw_spin_unlock+0x172/0x230 [ 121.635337][ T5943] kobject_add_internal+0x2c4/0x9b0 [ 121.635357][ T5943] kobject_add+0x16e/0x240 [ 121.635375][ T5943] ? __pfx_kobject_add+0x10/0x10 [ 121.635393][ T5943] ? do_raw_spin_unlock+0x172/0x230 [ 121.635411][ T5943] ? kobject_put+0xab/0x590 [ 121.635440][ T5943] device_add+0x288/0x1950 [ 121.635456][ T5943] ? __pfx_dev_set_name+0x10/0x10 [ 121.635473][ T5943] ? __pfx_device_add+0x10/0x10 [ 121.635488][ T5943] ? mgmt_send_event_skb+0x2fb/0x460 [ 121.635505][ T5943] hci_conn_add_sysfs+0x17e/0x230 [ 121.635534][ T5943] le_conn_complete_evt+0x11ed/0x1f20 [ 121.635551][ T5943] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 121.635567][ T5943] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 121.635580][ T5943] ? skb_pull_data+0x166/0x210 [ 121.635599][ T5943] hci_le_meta_evt+0x357/0x5e0 [ 121.635613][ T5943] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 121.635628][ T5943] hci_event_packet+0x685/0x11c0 [ 121.635640][ T5943] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 121.635654][ T5943] ? __pfx_hci_event_packet+0x10/0x10 [ 121.635667][ T5943] ? kcov_remote_start+0x384/0x670 [ 121.635681][ T5943] ? lockdep_hardirqs_on+0x7c/0x110 [ 121.635702][ T5943] hci_rx_work+0x2c9/0xeb0 [ 121.635721][ T5943] process_one_work+0x9ba/0x1b20 [ 121.635742][ T5943] ? __pfx_process_one_work+0x10/0x10 [ 121.635761][ T5943] ? assign_work+0x1a0/0x250 [ 121.635776][ T5943] worker_thread+0x6c8/0xf10 [ 121.635798][ T5943] ? __pfx_worker_thread+0x10/0x10 [ 121.635813][ T5943] kthread+0x3c5/0x780 [ 121.635829][ T5943] ? __pfx_kthread+0x10/0x10 [ 121.635845][ T5943] ? rcu_is_watching+0x12/0xc0 [ 121.635858][ T5943] ? __pfx_kthread+0x10/0x10 [ 121.635872][ T5943] ret_from_fork+0x983/0xb10 [ 121.635884][ T5943] ? __pfx_ret_from_fork+0x10/0x10 [ 121.635896][ T5943] ? rcu_is_watching+0x12/0xc0 [ 121.635954][ T5943] ? __switch_to+0x7af/0x10d0 [ 121.636025][ T5943] ? __pfx_kthread+0x10/0x10 [ 121.636057][ T5943] ret_from_fork_asm+0x1a/0x30 [ 121.636081][ T5943] [ 121.636096][ T5943] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 121.656640][ T8710] SELinux: Context system_u:object_r:unconfined_execmem_exec_t:s0 is not valid (left unmapped). [ 121.658384][ T5943] Bluetooth: hci1: failed to register connection device [ 121.765185][ T8718] futex_wake_op: syz.1.799 tries to shift op by -1; fix this program [ 121.873513][ T40] kauditd_printk_skb: 16 callbacks suppressed [ 121.873528][ T40] audit: type=1400 audit(1764833682.504:571): avc: denied { mount } for pid=8727 comm="syz.1.803" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 121.874725][ T8728] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 121.901017][ T8728] fuse: Unknown parameter 'ftüúË¡váäé' [ 121.914498][ T40] audit: type=1400 audit(1764833682.544:572): avc: denied { unmount } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 121.929931][ T40] audit: type=1400 audit(1764833682.564:573): avc: denied { name_bind } for pid=8735 comm="syz.1.805" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 121.930628][ T8736] veth1_macvtap: left promiscuous mode [ 121.941140][ T8736] macsec0: entered promiscuous mode [ 121.943003][ T8736] macsec0: entered allmulticast mode [ 121.953656][ T8736] BIDI support in bsg has been removed. [ 122.028081][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.174432][ T40] audit: type=1400 audit(1764833682.804:574): avc: denied { nlmsg_read } for pid=8754 comm="syz.0.812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 122.313750][ T8775] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 122.317703][ T8775] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 122.349521][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.520380][ T40] audit: type=1400 audit(1764833683.154:575): avc: denied { setattr } for pid=8791 comm="syz.0.826" path="/dev/snd/seq" dev="devtmpfs" ino=1311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 122.525849][ T8791] delete_channel: no stack [ 122.579091][ T8809] bad cache= option: nonw [ 122.579091][ T8809] [ 122.582241][ T8809] CIFS: VFS: bad cache= option: nonw [ 122.601089][ T40] audit: type=1400 audit(1764833683.234:576): avc: denied { map } for pid=8810 comm="syz.3.832" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 122.617723][ T40] audit: type=1400 audit(1764833683.234:577): avc: denied { ioctl } for pid=8810 comm="syz.3.832" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 122.642759][ T8819] IPv6: Can't replace route, no match found [ 122.674640][ T40] audit: type=1400 audit(1764833683.304:578): avc: denied { create } for pid=8821 comm="syz.3.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 122.687656][ T40] audit: type=1400 audit(1764833683.304:579): avc: denied { getopt } for pid=8821 comm="syz.3.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 122.697822][ T40] audit: type=1400 audit(1764833683.324:580): avc: denied { create } for pid=8816 comm="syz.1.835" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 122.848765][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 122.922963][ T8847] could not allocate digest TFM handle crc32c-intel [ 122.997804][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 123.000807][ T9] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 123.005120][ T9] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 123.011352][ T9] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 123.016287][ T9] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 123.024289][ T9] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 123.028830][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.032329][ T9] usb 5-1: Product: syz [ 123.034173][ T9] usb 5-1: Manufacturer: syz [ 123.036200][ T9] usb 5-1: SerialNumber: syz [ 123.047966][ C0] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 123.056235][ T9] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input14 [ 123.089334][ T8855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.093264][ T8855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.096318][ T8855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.257736][ T9] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 123.261319][ T9] (id 0x00) [ 123.308328][ T9] rc_core: IR keymap rc-imon-pad not found [ 123.310246][ T9] Registered IR keymap rc-empty [ 123.311814][ T9] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 123.314941][ T9] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 123.340610][ T9] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0 [ 123.347700][ T9] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input15 [ 123.357506][ T9] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:4> initialized [ 123.467290][ T8860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.849'. [ 123.472569][ T8861] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.475637][ T8861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.479018][ T8861] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.482114][ T8861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.603841][ T8865] team0: Port device vlan3 added [ 123.608671][ T8865] netlink: 'syz.1.850': attribute type 10 has an invalid length. [ 123.624206][ T8865] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 123.660869][ T8867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.851'. [ 123.891220][ T9] usb 5-1: USB disconnect, device number 4 [ 123.929083][ T8888] netlink: 'syz.2.858': attribute type 10 has an invalid length. [ 123.934098][ T8888] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 123.949260][ T8890] xfrm0 speed is unknown, defaulting to 1000 [ 123.971801][ T8895] netlink: 'syz.2.859': attribute type 2 has an invalid length. [ 124.088179][ T8915] netlink: 'syz.1.864': attribute type 2 has an invalid length. [ 124.091418][ T8915] netlink: 46 bytes leftover after parsing attributes in process `syz.1.864'. [ 124.181108][ T8918] could not allocate digest TFM handle cryptd(blake2b-160) [ 124.226837][ T8934] IPVS: set_ctl: invalid protocol: 135 0.0.0.0:65534 [ 124.231436][ T5943] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 124.232620][ T8937] IPVS: set_ctl: invalid protocol: 135 0.0.0.0:65534 [ 124.235753][ T5943] CPU: 0 UID: 0 PID: 5943 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 124.235779][ T5943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.235794][ T5943] Workqueue: hci0 hci_rx_work [ 124.235818][ T5943] Call Trace: [ 124.235825][ T5943] [ 124.235834][ T5943] dump_stack_lvl+0x16c/0x1f0 [ 124.235861][ T5943] sysfs_warn_dup+0x7f/0xa0 [ 124.235889][ T5943] sysfs_create_dir_ns+0x24b/0x2b0 [ 124.235915][ T5943] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 124.235957][ T5943] ? find_held_lock+0x2b/0x80 [ 124.235983][ T5943] ? do_raw_spin_unlock+0x172/0x230 [ 124.236015][ T5943] kobject_add_internal+0x2c4/0x9b0 [ 124.236048][ T5943] kobject_add+0x16e/0x240 [ 124.236075][ T5943] ? __pfx_kobject_add+0x10/0x10 [ 124.236103][ T5943] ? do_raw_spin_unlock+0x172/0x230 [ 124.236132][ T5943] ? kobject_put+0xab/0x590 [ 124.236165][ T5943] device_add+0x288/0x1950 [ 124.236190][ T5943] ? __pfx_dev_set_name+0x10/0x10 [ 124.236215][ T5943] ? __pfx_device_add+0x10/0x10 [ 124.236239][ T5943] ? mgmt_send_event_skb+0x2fb/0x460 [ 124.236267][ T5943] hci_conn_add_sysfs+0x17e/0x230 [ 124.236307][ T5943] le_conn_complete_evt+0x11ed/0x1f20 [ 124.236336][ T5943] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 124.236364][ T5943] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 124.236387][ T5943] ? skb_pull_data+0x166/0x210 [ 124.236419][ T5943] hci_le_meta_evt+0x357/0x5e0 [ 124.236447][ T5943] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 124.236472][ T5943] hci_event_packet+0x685/0x11c0 [ 124.236492][ T5943] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.236515][ T5943] ? __pfx_hci_event_packet+0x10/0x10 [ 124.236539][ T5943] ? kcov_remote_start+0x384/0x670 [ 124.236562][ T5943] ? lockdep_hardirqs_on+0x7c/0x110 [ 124.236594][ T5943] hci_rx_work+0x2c9/0xeb0 [ 124.236617][ T5943] process_one_work+0x9ba/0x1b20 [ 124.236652][ T5943] ? __pfx_process_one_work+0x10/0x10 [ 124.236684][ T5943] ? assign_work+0x1a0/0x250 [ 124.236713][ T5943] worker_thread+0x6c8/0xf10 [ 124.236752][ T5943] ? __pfx_worker_thread+0x10/0x10 [ 124.236778][ T5943] kthread+0x3c5/0x780 [ 124.236846][ T5943] ? __pfx_kthread+0x10/0x10 [ 124.236874][ T5943] ? rcu_is_watching+0x12/0xc0 [ 124.236896][ T5943] ? __pfx_kthread+0x10/0x10 [ 124.236921][ T5943] ret_from_fork+0x983/0xb10 [ 124.236942][ T5943] ? __pfx_ret_from_fork+0x10/0x10 [ 124.236963][ T5943] ? rcu_is_watching+0x12/0xc0 [ 124.236984][ T5943] ? __switch_to+0x7af/0x10d0 [ 124.237008][ T5943] ? __pfx_kthread+0x10/0x10 [ 124.237033][ T5943] ret_from_fork_asm+0x1a/0x30 [ 124.237073][ T5943] [ 124.237098][ T5943] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 124.350889][ T5943] Bluetooth: hci0: failed to register connection device [ 124.384074][ T8952] net_ratelimit: 12 callbacks suppressed [ 124.384087][ T8952] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 124.407878][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 124.438282][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 124.569124][ T9] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 124.572064][ T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 124.575977][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 124.580791][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 124.583866][ T9] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 124.586585][ T9] usb 5-1: Product: syz [ 124.588776][ T9] usb 5-1: Manufacturer: syz [ 124.590362][ T9] usb 5-1: SerialNumber: syz [ 124.593519][ T9] usb 5-1: config 0 descriptor?? [ 124.598231][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 124.600273][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 124.604282][ T9] usb 5-1: selecting invalid altsetting 0 [ 124.843391][ T8978] x_tables: ip6_tables: CT target: only valid in raw table, not syz1 [ 125.014473][ T8983] netlink: 'syz.2.884': attribute type 5 has an invalid length. [ 125.018338][ T8983] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 125.022848][ T8983] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 125.030934][ T8983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.884'. [ 125.132437][ T9002] Mount JFS Failure: -22 [ 125.144905][ T9001] netlink: 28 bytes leftover after parsing attributes in process `syz.1.888'. [ 125.148226][ T9001] netlink: 36 bytes leftover after parsing attributes in process `syz.1.888'. [ 125.168933][ T9005] macsec1: entered promiscuous mode [ 125.170844][ T9005] macsec1: entered allmulticast mode [ 125.197704][ T9007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.890'. [ 125.243714][ T54] usb 5-1: USB disconnect, device number 5 [ 125.381855][ T9020] loop3: detected capacity change from 0 to 7 [ 125.385579][ T9020] Dev loop3: unable to read RDB block 7 [ 125.387919][ T9020] loop3: AHDI p1 [ 125.389307][ T9020] loop3: partition table partially beyond EOD, truncated [ 125.418917][ T54] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 125.442409][ T9025] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge0 [ 125.464986][ T9025] sit0: entered promiscuous mode [ 125.469481][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.478009][ T9025] netlink: 'syz.1.898': attribute type 1 has an invalid length. [ 125.480971][ T9025] netlink: 1 bytes leftover after parsing attributes in process `syz.1.898'. [ 125.511193][ T5943] Bluetooth: unknown link type 128 [ 125.579462][ T54] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 125.581970][ T54] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 125.587824][ T54] usb 5-1: config 0 interface 0 has no altsetting 0 [ 125.591603][ T54] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 125.597909][ T54] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 125.600775][ T54] usb 5-1: Product: syz [ 125.602076][ T54] usb 5-1: Manufacturer: syz [ 125.603456][ T54] usb 5-1: SerialNumber: syz [ 125.618145][ T54] usb 5-1: config 0 descriptor?? [ 125.631530][ T54] hub 5-1:0.0: bad descriptor, ignoring hub [ 125.633957][ T54] hub 5-1:0.0: probe with driver hub failed with error -5 [ 125.639221][ T54] usb 5-1: selecting invalid altsetting 0 [ 125.648226][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 125.745673][ T9045] sctp: [Deprecated]: syz.1.904 (pid 9045) Use of struct sctp_assoc_value in delayed_ack socket option. [ 125.745673][ T9045] Use struct sctp_sack_info instead [ 125.832156][ T8890] netlink: 108 bytes leftover after parsing attributes in process `syz.0.857'. [ 126.360288][ T9048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.905'. [ 126.409386][ T9053] loop3: detected capacity change from 0 to 7 [ 126.412519][ T5946] Dev loop3: unable to read RDB block 7 [ 126.414812][ T5946] loop3: AHDI p1 [ 126.416339][ T5946] loop3: partition table partially beyond EOD, truncated [ 126.416513][ T9054] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 126.424681][ T9053] Dev loop3: unable to read RDB block 7 [ 126.426911][ T9053] loop3: AHDI p1 [ 126.429541][ T9053] loop3: partition table partially beyond EOD, truncated [ 126.507845][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.547434][ T9062] autofs4:pid:9062:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a) [ 126.658610][ T9068] nbd0: detected capacity change from 0 to 63 [ 126.663087][ T9075] nbd: must specify an index to disconnect [ 126.668793][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.672783][ T5943] block nbd0: Receive control failed (result -104) [ 126.862919][ T9095] openvswitch: netlink: nsh attribute has 65288 unknown bytes. [ 126.865978][ T9095] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 126.973490][ T9103] netlink: 'syz.0.926': attribute type 23 has an invalid length. [ 126.978484][ T9105] 9p: Unknown Cache mode or invalid value fs [ 127.048758][ T6028] usb 5-1: USB disconnect, device number 6 [ 127.050989][ T9107] xfrm0 speed is unknown, defaulting to 1000 [ 127.120303][ T9111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.124059][ T9111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.357753][ T54] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 127.407738][ T73] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 127.508026][ T54] usb 6-1: Using ep0 maxpacket: 8 [ 127.511894][ T54] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 127.516209][ T54] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 127.521009][ T54] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 127.525233][ T54] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 127.532259][ T54] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 127.536121][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.557911][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.561593][ T5937] Bluetooth: hci2: command tx timeout [ 127.744738][ T54] usb 6-1: GET_CAPABILITIES returned 0 [ 127.748934][ T54] usbtmc 6-1:16.0: can't read capabilities [ 127.798012][ T5977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.034979][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 128.034990][ T40] audit: type=1400 audit(1764833688.664:588): avc: denied { nlmsg_write } for pid=9137 comm="syz.2.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 128.098006][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.100889][ T9143] netlink: 'syz.2.941': attribute type 30 has an invalid length. [ 128.105248][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.108876][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.112204][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.115822][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.120309][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.123616][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.127144][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.130522][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.133937][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.139440][ T9143] bond2: option arp_missed_max: invalid value (0) [ 128.141655][ T9143] bond2: option arp_missed_max: allowed values 1 - 255 [ 128.146325][ T9143] bond2 (unregistering): Released all slaves [ 128.148158][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.151505][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.155123][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.158548][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.161956][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 128.167135][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 128.181239][ T9] usb 6-1: USB disconnect, device number 4 [ 128.199643][ T73] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 128.205737][ T73] usb 5-1: can't read configurations, error -71 [ 128.355684][ T9163] overlayfs: failed to clone upperpath [ 128.357695][ T40] audit: type=1400 audit(1764833688.984:589): avc: denied { map } for pid=9158 comm="syz.1.947" path="/dev/video8" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 128.365778][ T40] audit: type=1400 audit(1764833688.984:590): avc: denied { execute } for pid=9158 comm="syz.1.947" path="/dev/video8" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 128.442977][ T9165] tmpfs: Bad value for 'mpol' [ 128.573015][ T40] audit: type=1400 audit(1764833689.204:591): avc: denied { write } for pid=9175 comm="syz.1.954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 128.594745][ T9176] xfrm0 speed is unknown, defaulting to 1000 [ 128.680132][ T9189] pimreg: left allmulticast mode [ 128.809211][ T9197] __nla_validate_parse: 7 callbacks suppressed [ 128.809223][ T9197] netlink: 76 bytes leftover after parsing attributes in process `syz.0.960'. [ 128.820219][ T9195] bridge4: entered promiscuous mode [ 128.822484][ T9195] bridge4: entered allmulticast mode [ 128.906764][ T40] audit: type=1400 audit(1764833689.534:592): avc: denied { write } for pid=9206 comm="syz.3.962" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 128.924961][ T40] audit: type=1400 audit(1764833689.534:593): avc: denied { ioctl } for pid=9206 comm="syz.3.962" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 128.948949][ T9213] loop3: detected capacity change from 0 to 7 [ 128.954068][ T7421] Dev loop3: unable to read RDB block 7 [ 128.956086][ T7421] loop3: AHDI p1 [ 128.963953][ T7421] loop3: partition table partially beyond EOD, truncated [ 128.971187][ T9213] Dev loop3: unable to read RDB block 7 [ 128.973696][ T9213] loop3: AHDI p1 [ 128.975350][ T9213] loop3: partition table partially beyond EOD, truncated [ 128.989222][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 1 seconds [ 128.993676][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 1 seconds [ 128.997265][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 1 seconds [ 129.002103][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 1 seconds [ 129.064027][ T9227] netlink: 'syz.0.968': attribute type 1 has an invalid length. [ 129.071132][ T9227] netlink: 228 bytes leftover after parsing attributes in process `syz.0.968'. [ 129.075366][ T9227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.968'. [ 129.168805][ T40] audit: type=1400 audit(1764833689.794:594): avc: denied { remove_name } for pid=9232 comm="syz.0.971" name="file0" dev="9p" ino=72095727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 129.178175][ T40] audit: type=1400 audit(1764833689.804:595): avc: denied { rename } for pid=9232 comm="syz.0.971" name="file0" dev="9p" ino=72095727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 129.185769][ T40] audit: type=1400 audit(1764833689.804:596): avc: denied { unlink } for pid=9232 comm="syz.0.971" name="file1" dev="9p" ino=72095745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 129.216160][ T40] audit: type=1400 audit(1764833689.844:597): avc: denied { create } for pid=9232 comm="syz.0.971" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 129.231202][ T9234] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 129.234797][ T9234] overlayfs: missing 'lowerdir' [ 129.252519][ T9240] syz.2.972: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 129.259627][ T9240] CPU: 1 UID: 0 PID: 9240 Comm: syz.2.972 Not tainted syzkaller #0 PREEMPT(full) [ 129.259642][ T9240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.259649][ T9240] Call Trace: [ 129.259653][ T9240] [ 129.259657][ T9240] dump_stack_lvl+0x16c/0x1f0 [ 129.259676][ T9240] warn_alloc+0x248/0x3a0 [ 129.259690][ T9240] ? __pfx_warn_alloc+0x10/0x10 [ 129.259708][ T9240] ? hashlimit_mt_check_common+0x8c0/0x1460 [ 129.259726][ T9240] ? __vmalloc_node_noprof+0xad/0xf0 [ 129.259746][ T9240] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 129.259763][ T9240] ? lock_acquire+0x179/0x330 [ 129.259782][ T9240] ? hashlimit_mt_check_common+0x8c0/0x1460 [ 129.259802][ T9240] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 129.259819][ T9240] ? __lock_acquire+0x433/0x22f0 [ 129.259834][ T9240] ? ___kmalloc_large_node+0x130/0x1a0 [ 129.259855][ T9240] __kvmalloc_node_noprof+0x42c/0xa50 [ 129.259869][ T9240] ? hashlimit_mt_check_common+0x8c0/0x1460 [ 129.259885][ T9240] ? find_held_lock+0x2b/0x80 [ 129.259896][ T9240] ? hashlimit_mt_check_common+0x8c0/0x1460 [ 129.259915][ T9240] ? hashlimit_mt_check_common+0x8c0/0x1460 [ 129.259931][ T9240] hashlimit_mt_check_common+0x8c0/0x1460 [ 129.259950][ T9240] hashlimit_mt_check_v1+0x2fc/0x370 [ 129.259967][ T9240] ? __pfx_hashlimit_mt_check_v1+0x10/0x10 [ 129.259982][ T9240] ? find_held_lock+0x2b/0x80 [ 129.259997][ T9240] ? __pfx_hashlimit_mt_check_v1+0x10/0x10 [ 129.260013][ T9240] xt_check_match+0x286/0xa50 [ 129.260029][ T9240] ? acpi_os_map_iomem+0x1d8/0x5e0 [ 129.260043][ T9240] ? __pfx_xt_check_match+0x10/0x10 [ 129.260057][ T9240] ? pcpu_memcg_post_alloc_hook+0x1e/0x690 [ 129.260071][ T9240] ? xt_percpu_counter_alloc+0x13e/0x1b0 [ 129.260089][ T9240] ? xt_find_match+0x1f6/0x290 [ 129.260107][ T9240] find_check_entry.constprop.0+0x317/0x9b0 [ 129.260127][ T9240] ? __pfx_find_check_entry.constprop.0+0x10/0x10 [ 129.260151][ T9240] ? kfree+0x2f8/0x6e0 [ 129.260161][ T9240] ? translate_table+0xba1/0x1720 [ 129.260177][ T9240] ? xt_check_table_hooks+0x206/0x340 [ 129.260193][ T9240] translate_table+0xc98/0x1720 [ 129.260215][ T9240] ? __pfx_translate_table+0x10/0x10 [ 129.260235][ T9240] do_ipt_set_ctl+0x603/0xc40 [ 129.260250][ T9240] ? find_held_lock+0x2b/0x80 [ 129.260261][ T9240] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 129.260278][ T9240] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 129.260295][ T9240] ? sockopt_release_sock+0x52/0x60 [ 129.260313][ T9240] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 129.260335][ T9240] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 129.260351][ T9240] nf_setsockopt+0x8d/0xf0 [ 129.260366][ T9240] ip_setsockopt+0xcb/0xf0 [ 129.260384][ T9240] udp_setsockopt+0x7d/0xd0 [ 129.260398][ T9240] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 129.260412][ T9240] do_sock_setsockopt+0xf3/0x1d0 [ 129.260425][ T9240] __sys_setsockopt+0x1a0/0x230 [ 129.260447][ T9240] __x64_sys_setsockopt+0xbd/0x160 [ 129.260462][ T9240] ? do_syscall_64+0x91/0xf80 [ 129.260476][ T9240] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.260491][ T9240] do_syscall_64+0xcd/0xf80 [ 129.260506][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.260516][ T9240] RIP: 0033:0x7fc60e38f7c9 [ 129.260525][ T9240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.260536][ T9240] RSP: 002b:00007fc60f182038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 129.260547][ T9240] RAX: ffffffffffffffda RBX: 00007fc60e5e6090 RCX: 00007fc60e38f7c9 [ 129.260554][ T9240] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000004 [ 129.260561][ T9240] RBP: 00007fc60e413f91 R08: 0000000000000448 R09: 0000000000000000 [ 129.260567][ T9240] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000 [ 129.260573][ T9240] R13: 00007fc60e5e6128 R14: 00007fc60e5e6090 R15: 00007ffcab647f98 [ 129.260588][ T9240] [ 129.260592][ T9240] Mem-Info: [ 129.391010][ T9240] active_anon:41247 inactive_anon:0 isolated_anon:0 [ 129.391010][ T9240] active_file:5998 inactive_file:42437 isolated_file:434 [ 129.391010][ T9240] unevictable:17347 dirty:195 writeback:0 [ 129.391010][ T9240] slab_reclaimable:12567 slab_unreclaimable:72785 [ 129.391010][ T9240] mapped:34915 shmem:32676 pagetables:1486 [ 129.391010][ T9240] sec_pagetables:309 bounce:0 [ 129.391010][ T9240] kernel_misc_reclaimable:0 [ 129.391010][ T9240] free:397458 free_pcp:23244 free_cma:0 [ 129.412182][ T9240] Node 0 active_anon:147964kB inactive_anon:0kB active_file:23968kB inactive_file:169232kB unevictable:69696kB isolated(anon):0kB isolated(file):744kB mapped:140464kB dirty:780kB writeback:0kB shmem:112320kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB kernel_stack:14320kB pagetables:5688kB sec_pagetables:1236kB all_unreclaimable? no Balloon:0kB [ 129.426449][ T9240] Node 1 active_anon:15040kB inactive_anon:0kB active_file:24kB inactive_file:268kB unevictable:3660kB isolated(anon):0kB isolated(file):0kB mapped:188kB dirty:0kB writeback:0kB shmem:18384kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:144kB pagetables:256kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 129.441609][ T9240] Node 0 DMA free:5300kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9868kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:104kB local_pcp:100kB free_cma:0kB [ 129.467839][ T9240] lowmem_reserve[]: 0 1236 1236 1236 1236 [ 129.470304][ T9240] Node 0 DMA32 free:41324kB boost:0kB min:27548kB low:34432kB high:41316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:137972kB inactive_anon:0kB active_file:23968kB inactive_file:169976kB unevictable:76888kB writepending:780kB zspages:0kB present:2080628kB managed:1266432kB mlocked:73476kB bounce:0kB free_pcp:31364kB local_pcp:2944kB free_cma:0kB [ 129.498655][ T9240] lowmem_reserve[]: 0 0 0 0 0 [ 129.500292][ T9240] Node 1 Normal free:1537828kB boost:0kB min:39692kB low:49612kB high:59532kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15040kB inactive_anon:0kB active_file:24kB inactive_file:268kB unevictable:3660kB writepending:0kB zspages:0kB present:2097152kB managed:1781892kB mlocked:124kB bounce:0kB free_pcp:61464kB local_pcp:11216kB free_cma:0kB [ 129.508160][ T9245] 9pnet_virtio: no channels available for device syz [ 129.510979][ T9240] lowmem_reserve[]: 0 0 0 0 0 [ 129.515657][ T9240] Node 0 DMA: 5*4kB (UM) 6*8kB (UME) 5*16kB (UME) 5*32kB (UM) 6*64kB (UME) 6*128kB (UME) 5*256kB (UE) 3*512kB (UE) 1*1024kB (E) 0*2048kB 0*4096kB = 5300kB [ 129.519934][ T9245] netlink: 36 bytes leftover after parsing attributes in process `syz.3.973'. [ 129.522093][ T9240] Node 0 DMA32: 156*4kB (UE) 290*8kB (UME) 214*16kB (UME) 265*32kB (UME) 107*64kB (UME) 27*128kB (UME) 15*256kB (ME) 10*512kB (ME) 5*1024kB (ME) 4*2048kB (UM) 0*4096kB = 47424kB [ 129.531730][ T9240] Node 1 Normal: 3*4kB (ME) 9*8kB (UE) 1*16kB (E) 2*32kB (UE) 7*64kB (UE) 6*128kB (UME) 4*256kB (UME) 1*512kB (M) 1*1024kB (E) 3*2048kB (UM) 373*4096kB (M) = 1537892kB [ 129.537215][ T9240] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 129.540854][ T9240] Node 0 hugepages_total=7 hugepages_free=2 hugepages_surp=3 hugepages_size=2048kB [ 129.544374][ T9240] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 129.547802][ T9240] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 129.558658][ T9240] 92639 total pagecache pages [ 129.560299][ T9240] 0 pages in swap cache [ 129.561730][ T9240] Free swap = 124996kB [ 129.563147][ T9240] Total swap = 124996kB [ 129.575854][ T9240] 1048443 pages RAM [ 129.577333][ T9240] 0 pages HighMem/MovableOnly [ 129.586036][ T9240] 282522 pages reserved [ 129.587969][ T9240] 0 pages cma reserved [ 129.636385][ T5809] net_ratelimit: 1 callbacks suppressed [ 129.636401][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.641780][ T5937] Bluetooth: hci3: command 0x0405 tx timeout [ 129.707947][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.849908][ T9274] loop7: detected capacity change from 0 to 7 [ 129.872191][ T5943] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 129.895662][ T9284] loop3: detected capacity change from 0 to 7 [ 129.907843][ T9284] Dev loop3: unable to read RDB block 7 [ 129.909744][ T9284] loop3: AHDI p1 [ 129.911030][ T9284] loop3: partition table partially beyond EOD, truncated [ 129.911221][ T9274] Dev loop7: unable to read RDB block 7 [ 129.915408][ T9274] loop7: unable to read partition table [ 129.917471][ T9274] loop7: partition table beyond EOD, truncated [ 129.925001][ C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 129.928477][ C1] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 129.936836][ T9274] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰üŸCêj̖ã¢P=Ãœ?ã}X‹ºÐ œëÜ%õ«`Éæրù…ˆ{í©Ö˜Èµ4FLQk݊) failed (rc=-5) [ 130.016780][ T5345] Dev loop7: unable to read RDB block 7 [ 130.023100][ T5345] loop7: unable to read partition table [ 130.025345][ T5345] loop7: partition table beyond EOD, truncated [ 130.072929][ T9296] can: request_module (can-proto-4) failed. [ 130.141722][ T9303] netlink: 16 bytes leftover after parsing attributes in process `syz.2.994'. [ 130.212031][ T9307] netlink: 'syz.2.996': attribute type 10 has an invalid length. [ 130.214699][ T9307] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 130.218760][ T9307] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 130.327869][ T9313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.999'. [ 130.331243][ T9313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.999'. [ 130.357770][ T5977] usb 6-1: new low-speed USB device number 5 using dummy_hcd [ 130.433649][ T9321] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.1003'. [ 130.519830][ T5977] usb 6-1: config 1 interface 0 altsetting 128 endpoint 0x1 is Bulk; changing to Interrupt [ 130.523369][ T5977] usb 6-1: config 1 interface 0 altsetting 128 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 130.528946][ T5977] usb 6-1: config 1 interface 0 has no altsetting 0 [ 130.639781][ T9334] loop3: detected capacity change from 0 to 7 [ 130.643402][ T9334] Dev loop3: unable to read RDB block 7 [ 130.645880][ T9334] loop3: AHDI p1 [ 130.647774][ T9334] loop3: partition table partially beyond EOD, truncated [ 130.678392][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.696506][ T9337] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 130.701679][ T9337] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 1th superblock [ 130.704711][ T9337] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 130.708213][ T9337] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 2th superblock [ 130.895364][ T5937] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 131.325617][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 2 seconds [ 131.329514][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 2 seconds [ 131.333391][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 2 seconds [ 131.336982][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 2 seconds [ 131.433536][ T9355] netlink: 'syz.0.1015': attribute type 8 has an invalid length. [ 131.437711][ T9355] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1015'. [ 131.450104][ T9357] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9357 comm=syz.2.1016 [ 131.468872][ T9357] vlan2: entered promiscuous mode [ 131.471164][ T9357] bridge0: entered promiscuous mode [ 131.576986][ T9365] netlink: 'syz.0.1018': attribute type 10 has an invalid length. [ 131.582538][ T9365] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 131.651806][ T9371] overlay: ./file0 is not a directory [ 131.707890][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.948351][ T6394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.951142][ T6394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.970395][ T9387] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0 [ 131.972954][ T9388] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0 [ 131.976341][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1027'. [ 132.052344][ T9392] loop3: detected capacity change from 0 to 7 [ 132.056134][ T9392] Dev loop3: unable to read RDB block 7 [ 132.058779][ T9392] loop3: AHDI p1 [ 132.060438][ T9392] loop3: partition table partially beyond EOD, truncated [ 132.554853][ T9408] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 132.757864][ T6031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.761224][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.909311][ T6403] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.921732][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.121223][ T5977] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 133.124375][ T5977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.129679][ T5977] usb 6-1: can't set config #1, error -71 [ 133.133734][ T5977] usb 6-1: USB disconnect, device number 5 [ 133.158757][ T9446] loop3: detected capacity change from 0 to 7 [ 133.162089][ T9446] Dev loop3: unable to read RDB block 7 [ 133.164378][ T9446] loop3: AHDI p1 [ 133.165944][ T9446] loop3: partition table partially beyond EOD, truncated [ 133.372660][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 133.372678][ T40] audit: type=1400 audit(1764833694.004:618): avc: denied { set_context_mgr } for pid=9455 comm="syz.0.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 133.415918][ T9456] binder: BINDER_SET_CONTEXT_MGR already set [ 133.418755][ T9456] binder: 9455:9456 ioctl 4018620d 2000000002c0 returned -16 [ 133.559019][ T40] audit: type=1400 audit(1764833694.194:619): avc: denied { bind } for pid=9462 comm="syz.0.1054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 133.623427][ T9469] hfs: unable to load iocharset "io#harset" [ 133.637296][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 3 seconds [ 133.643487][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 3 seconds [ 133.649781][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 3 seconds [ 133.654686][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 3 seconds [ 133.684564][ T9479] loop3: detected capacity change from 0 to 7 [ 133.696558][ T7421] Dev loop3: unable to read RDB block 7 [ 133.703505][ T40] audit: type=1400 audit(1764833694.334:620): avc: denied { read } for pid=9480 comm="syz.1.1058" dev="nsfs" ino=4026533008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 133.717537][ T7421] loop3: AHDI p1 [ 133.717741][ T40] audit: type=1400 audit(1764833694.334:621): avc: denied { open } for pid=9480 comm="syz.1.1058" path="net:[4026533008]" dev="nsfs" ino=4026533008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 133.719234][ T7421] loop3: partition table partially beyond EOD, truncated [ 133.753031][ T9479] Dev loop3: unable to read RDB block 7 [ 133.755484][ T9479] loop3: AHDI p1 [ 133.757138][ T9479] loop3: partition table partially beyond EOD, truncated [ 133.849691][ T9493] __nla_validate_parse: 3 callbacks suppressed [ 133.849708][ T9493] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1064'. [ 133.950189][ T9506] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 134.051700][ T9516] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1070'. [ 134.068243][ T9516] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1070'. [ 134.239892][ T9534] Cannot find map_set index 65532 as target [ 134.242981][ T9534] fuse: Bad value for 'fd' [ 134.634418][ T9554] netlink: 'syz.2.1082': attribute type 1 has an invalid length. [ 134.636092][ T5937] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 134.663944][ T9554] bond2: entered promiscuous mode [ 134.666559][ T9554] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.680065][ T9557] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.683416][ T9557] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 134.688644][ T9557] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 134.689923][ T9554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1082'. [ 134.695523][ T9557] bond2: (slave ip6gre1): making interface the new active one [ 134.700566][ T9557] ip6gre1: entered promiscuous mode [ 134.704650][ T9557] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 134.784754][ T9554] bond2 (unregistering): (slave ip6gre1): Releasing backup interface [ 134.787767][ T9554] ip6gre1: left promiscuous mode [ 134.791234][ T9554] bond2 (unregistering): Released all slaves [ 134.804176][ T40] audit: type=1400 audit(1764833695.434:622): avc: denied { attach_queue } for pid=9559 comm="syz.1.1083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 134.839378][ T5809] net_ratelimit: 2 callbacks suppressed [ 134.839395][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 134.874676][ T9564] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1084'. [ 134.877753][ T9565] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1084'. [ 134.909340][ T9564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1084'. [ 134.932131][ T40] audit: type=1400 audit(1764833695.564:623): avc: denied { shutdown } for pid=9566 comm="syz.1.1085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 135.054110][ T9573] FAULT_INJECTION: forcing a failure. [ 135.054110][ T9573] name failslab, interval 1, probability 0, space 0, times 1 [ 135.058698][ T9573] CPU: 0 UID: 0 PID: 9573 Comm: syz.1.1088 Not tainted syzkaller #0 PREEMPT(full) [ 135.058724][ T9573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.058734][ T9573] Call Trace: [ 135.058740][ T9573] [ 135.058746][ T9573] dump_stack_lvl+0x16c/0x1f0 [ 135.058787][ T9573] should_fail_ex+0x512/0x640 [ 135.058807][ T9573] ? __kmalloc_cache_noprof+0x5f/0x800 [ 135.058820][ T9573] should_failslab+0xc2/0x120 [ 135.058838][ T9573] __kmalloc_cache_noprof+0x72/0x800 [ 135.058850][ T9573] ? p9_fid_create+0x45/0x460 [ 135.058867][ T9573] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 135.058882][ T9573] ? p9_fid_create+0x45/0x460 [ 135.058895][ T9573] ? find_held_lock+0x2b/0x80 [ 135.058906][ T9573] p9_fid_create+0x45/0x460 [ 135.058921][ T9573] p9_client_xattrwalk+0x47/0x290 [ 135.058939][ T9573] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 135.058952][ T9573] v9fs_fid_xattr_get+0x10a/0x300 [ 135.058966][ T9573] ? __pfx_v9fs_fid_xattr_get+0x10/0x10 [ 135.058979][ T9573] ? __pfx_v9fs_fid_find+0x10/0x10 [ 135.059009][ T9573] ? v9fs_fid_lookup+0xe9/0xeb0 [ 135.059027][ T9573] v9fs_xattr_handler_get+0x6b/0x120 [ 135.059042][ T9573] __vfs_getxattr+0x13d/0x1a0 [ 135.059060][ T9573] ? __pfx___vfs_getxattr+0x10/0x10 [ 135.059078][ T9573] ? netfs_start_io_direct+0x116/0x260 [ 135.059097][ T9573] cap_inode_need_killpriv+0x40/0x60 [ 135.059114][ T9573] security_inode_need_killpriv+0x1b9/0x1e0 [ 135.059129][ T9573] file_remove_privs_flags+0x32d/0x580 [ 135.059144][ T9573] ? __pfx_file_remove_privs_flags+0x10/0x10 [ 135.059162][ T9573] ? generic_write_checks+0x311/0x480 [ 135.059178][ T9573] ? __pfx_generic_write_checks+0x10/0x10 [ 135.059197][ T9573] netfs_unbuffered_write_iter+0x1d1/0x6b0 [ 135.059215][ T9573] v9fs_file_write_iter+0xbf/0x100 [ 135.059228][ T9573] vfs_write+0x7d3/0x11d0 [ 135.059243][ T9573] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 135.059257][ T9573] ? __pfx_vfs_write+0x10/0x10 [ 135.059283][ T9573] ksys_write+0x12a/0x250 [ 135.059300][ T9573] ? __pfx_ksys_write+0x10/0x10 [ 135.059320][ T9573] do_syscall_64+0xcd/0xf80 [ 135.059337][ T9573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.059348][ T9573] RIP: 0033:0x7fef1c98f7c9 [ 135.059357][ T9573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.059368][ T9573] RSP: 002b:00007fef1d74b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 135.059378][ T9573] RAX: ffffffffffffffda RBX: 00007fef1cbe5fa0 RCX: 00007fef1c98f7c9 [ 135.059386][ T9573] RDX: 000000000001000a RSI: 0000200000000380 RDI: 0000000000000003 [ 135.059392][ T9573] RBP: 00007fef1d74b090 R08: 0000000000000000 R09: 0000000000000000 [ 135.059398][ T9573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.059404][ T9573] R13: 00007fef1cbe6038 R14: 00007fef1cbe5fa0 R15: 00007ffc89c5e8a8 [ 135.059419][ T9573] [ 135.247035][ T9577] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 135.258958][ T9577] Error validating options; rc = [-22] [ 135.385733][ T9593] SELinux: Context system_u:object_r:dlm_control_device_t:s0 is not valid (left unmapped). [ 135.392554][ T40] audit: type=1400 audit(1764833696.024:624): avc: denied { relabelto } for pid=9592 comm="syz.0.1096" name="264" dev="tmpfs" ino=1416 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dlm_control_device_t:s0" [ 135.404577][ T40] audit: type=1400 audit(1764833696.024:625): avc: denied { associate } for pid=9592 comm="syz.0.1096" name="264" dev="tmpfs" ino=1416 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:dlm_control_device_t:s0" [ 135.459130][ T40] audit: type=1400 audit(1764833696.094:626): avc: denied { remove_name } for pid=5936 comm="syz-executor" name="binderfs" dev="tmpfs" ino=1420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dlm_control_device_t:s0" [ 135.485529][ T40] audit: type=1400 audit(1764833696.104:627): avc: denied { rmdir } for pid=5936 comm="syz-executor" name="264" dev="tmpfs" ino=1416 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dlm_control_device_t:s0" [ 135.511716][ T5937] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 135.643933][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.646915][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.649828][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.652495][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.657783][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.661240][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.664675][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.668273][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.671450][ T9614] netlink: 'syz.2.1101': attribute type 49 has an invalid length. [ 135.812240][ T9628] loop3: detected capacity change from 0 to 7 [ 135.815239][ T9628] Dev loop3: unable to read RDB block 7 [ 135.817201][ T9628] loop3: AHDI p1 [ 135.818970][ T9628] loop3: partition table partially beyond EOD, truncated [ 135.828730][ T5345] udevd[5345]: worker [7421] terminated by signal 33 (Unknown signal 33) [ 135.832742][ T5345] udevd[5345]: worker [7421] failed while handling '/devices/virtual/block/loop3' [ 135.866718][ T9630] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 135.870449][ T9630] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 1th superblock [ 135.873299][ T9630] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 135.876232][ T9630] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 2th superblock [ 135.879248][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.889799][ T9630] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 135.892359][ T9630] overlayfs: failed to set xattr on upper [ 135.894720][ T9630] overlayfs: ...falling back to redirect_dir=nofollow. [ 135.897682][ T9630] overlayfs: ...falling back to index=off. [ 135.900281][ T9630] overlayfs: ...falling back to uuid=null. [ 135.908540][ T9630] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 135.911523][ T9630] overlayfs: failed to set xattr on upper [ 135.913504][ T9630] overlayfs: ...falling back to redirect_dir=nofollow. [ 135.915802][ T9630] overlayfs: ...falling back to index=off. [ 135.918159][ T9630] overlayfs: ...falling back to uuid=null. [ 135.947940][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 4 seconds [ 135.951553][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 4 seconds [ 135.955287][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 4 seconds [ 135.959183][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 4 seconds [ 135.963116][ T6031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.030813][ T9634] FAULT_INJECTION: forcing a failure. [ 136.030813][ T9634] name failslab, interval 1, probability 0, space 0, times 0 [ 136.036096][ T9634] CPU: 3 UID: 0 PID: 9634 Comm: syz.3.1108 Not tainted syzkaller #0 PREEMPT(full) [ 136.036125][ T9634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 136.036136][ T9634] Call Trace: [ 136.036142][ T9634] [ 136.036150][ T9634] dump_stack_lvl+0x16c/0x1f0 [ 136.036175][ T9634] should_fail_ex+0x512/0x640 [ 136.036196][ T9634] ? fs_reclaim_acquire+0xae/0x150 [ 136.036222][ T9634] should_failslab+0xc2/0x120 [ 136.036246][ T9634] __kmalloc_noprof+0xdd/0x8f0 [ 136.036262][ T9634] ? rcu_is_watching+0x12/0xc0 [ 136.036280][ T9634] ? p9_fcall_init+0x97/0x260 [ 136.036305][ T9634] ? p9_fcall_init+0x97/0x260 [ 136.036323][ T9634] p9_fcall_init+0x97/0x260 [ 136.036345][ T9634] p9_tag_alloc+0x161/0x850 [ 136.036367][ T9634] ? __pfx_p9_tag_alloc+0x10/0x10 [ 136.036393][ T9634] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 136.036413][ T9634] ? kasan_save_stack+0x42/0x60 [ 136.036433][ T9634] ? kasan_save_stack+0x33/0x60 [ 136.036455][ T9634] p9_client_prepare_req+0x19b/0x4a0 [ 136.036478][ T9634] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 136.036498][ T9634] ? ksys_write+0x12a/0x250 [ 136.036523][ T9634] ? __lock_acquire+0x433/0x22f0 [ 136.036547][ T9634] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 136.036566][ T9634] p9_client_rpc+0x1c4/0xc40 [ 136.036590][ T9634] ? __pfx_p9_client_rpc+0x10/0x10 [ 136.036611][ T9634] ? idr_alloc_u32+0x20f/0x2f0 [ 136.036631][ T9634] ? __pfx_idr_alloc_u32+0x10/0x10 [ 136.036648][ T9634] ? do_raw_spin_lock+0x12c/0x2b0 [ 136.036671][ T9634] ? find_held_lock+0x2b/0x80 [ 136.036691][ T9634] ? trace_9p_fid_ref+0x169/0x1b0 [ 136.036713][ T9634] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 136.036733][ T9634] p9_client_xattrwalk+0xc0/0x290 [ 136.036759][ T9634] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 136.036778][ T9634] v9fs_fid_xattr_get+0x10a/0x300 [ 136.036797][ T9634] ? __pfx_v9fs_fid_xattr_get+0x10/0x10 [ 136.036817][ T9634] ? __pfx_v9fs_fid_find+0x10/0x10 [ 136.036843][ T9634] ? v9fs_fid_lookup+0xe9/0xeb0 [ 136.036866][ T9634] v9fs_xattr_handler_get+0x6b/0x120 [ 136.036888][ T9634] __vfs_getxattr+0x13d/0x1a0 [ 136.036914][ T9634] ? __pfx___vfs_getxattr+0x10/0x10 [ 136.036944][ T9634] cap_inode_need_killpriv+0x40/0x60 [ 136.036969][ T9634] security_inode_need_killpriv+0x1b9/0x1e0 [ 136.036988][ T9634] file_remove_privs_flags+0x32d/0x580 [ 136.037010][ T9634] ? __pfx_file_remove_privs_flags+0x10/0x10 [ 136.037030][ T9634] ? generic_write_checks+0x311/0x480 [ 136.037052][ T9634] ? __pfx_generic_write_checks+0x10/0x10 [ 136.037105][ T9634] netfs_unbuffered_write_iter+0x1d1/0x6b0 [ 136.037138][ T9634] v9fs_file_write_iter+0xbf/0x100 [ 136.037156][ T9634] vfs_write+0x7d3/0x11d0 [ 136.037179][ T9634] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 136.037199][ T9634] ? __pfx_vfs_write+0x10/0x10 [ 136.037237][ T9634] ksys_write+0x12a/0x250 [ 136.037259][ T9634] ? __pfx_ksys_write+0x10/0x10 [ 136.037288][ T9634] do_syscall_64+0xcd/0xf80 [ 136.037310][ T9634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.037328][ T9634] RIP: 0033:0x7ffa6198f7c9 [ 136.037342][ T9634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.037357][ T9634] RSP: 002b:00007ffa6289b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.037374][ T9634] RAX: ffffffffffffffda RBX: 00007ffa61be5fa0 RCX: 00007ffa6198f7c9 [ 136.037386][ T9634] RDX: 000000000001000a RSI: 0000200000000380 RDI: 0000000000000003 [ 136.037396][ T9634] RBP: 00007ffa6289b090 R08: 0000000000000000 R09: 0000000000000000 [ 136.037406][ T9634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.037415][ T9634] R13: 00007ffa61be6038 R14: 00007ffa61be5fa0 R15: 00007ffe9f897be8 [ 136.037439][ T9634] [ 136.413996][ T9653] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9653 comm=syz.3.1111 [ 136.463197][ T9661] bpf: Bad value for 'gid' [ 136.481781][ T9661] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1115'. [ 136.484467][ T9669] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 136.487083][ T9669] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 136.492177][ T9669] vhci_hcd vhci_hcd.0: Device attached [ 136.495468][ T9670] vhci_hcd: unknown pdu 1 [ 136.497894][ T6394] vhci_hcd: stop threads [ 136.498709][ T9669] IPVS: length: 24 != 63241423224 [ 136.501677][ T6394] vhci_hcd: release socket [ 136.503676][ T6394] vhci_hcd: disconnect device [ 136.586545][ T9676] /dev/nullb0: Can't lookup blockdev [ 136.600636][ T9688] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 136.602643][ T9673] IPVS: stopping master sync thread 9688 ... [ 136.635293][ T9690] overlayfs: failed to clone upperpath [ 136.643759][ T9679] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.1119'. [ 136.755482][ T9699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1126'. [ 136.771377][ T9703] CIFS mount error: No usable UNC path provided in device string! [ 136.771377][ T9703] [ 136.776538][ T9703] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 136.871754][ T9720] tmpfs: Bad value for 'huge' [ 136.918844][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.974553][ T9725] geneve3: entered promiscuous mode [ 136.976853][ T9725] geneve3: entered allmulticast mode [ 137.041620][ T9731] : renamed from bridge_slave_0 (while UP) [ 137.094117][ T9724] geneve3: entered promiscuous mode [ 137.096686][ T9724] geneve3: entered allmulticast mode [ 137.210419][ T9743] xfrm0 speed is unknown, defaulting to 1000 [ 137.320119][ T9745] xfrm0 speed is unknown, defaulting to 1000 [ 137.388801][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 137.394056][ T6310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 137.398726][ T5977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 137.399407][ T9754] vcan0: tx address claim with dest, not broadcast [ 137.448546][ T9756] devpts: Bad value for 'max' [ 137.450603][ T9754] devpts: Bad value for 'max' [ 137.744613][ T9726] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 137.748223][ T9726] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.764628][ T9726] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.772952][ T9726] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.776589][ T9726] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 137.780018][ T9726] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 137.784524][ T9726] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 137.789121][ T9726] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 137.794311][ T9726] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 137.796378][ T9726] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 137.800390][ T9726] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 137.803988][ T9726] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.806053][ T9726] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 137.814358][ T9726] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 137.948177][ T6396] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 137.954170][ T6310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 137.958621][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.028058][ T9777] FAULT_INJECTION: forcing a failure. [ 138.028058][ T9777] name failslab, interval 1, probability 0, space 0, times 0 [ 138.033571][ T9777] CPU: 3 UID: 0 PID: 9777 Comm: syz.0.1149 Not tainted syzkaller #0 PREEMPT(full) [ 138.033588][ T9777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 138.033595][ T9777] Call Trace: [ 138.033600][ T9777] [ 138.033605][ T9777] dump_stack_lvl+0x116/0x1f0 [ 138.033645][ T9777] should_fail_ex+0x512/0x640 [ 138.033667][ T9777] should_failslab+0xc2/0x120 [ 138.033686][ T9777] __kmalloc_noprof+0xdd/0x8f0 [ 138.033698][ T9777] ? p9pdu_vwritef+0x658/0x1d30 [ 138.033709][ T9777] ? virtqueue_add_sgs+0x794/0x1c70 [ 138.033728][ T9777] ? virtqueue_add_sgs+0x794/0x1c70 [ 138.033742][ T9777] virtqueue_add_sgs+0x794/0x1c70 [ 138.033759][ T9777] ? find_held_lock+0x2b/0x80 [ 138.033773][ T9777] ? __pfx_virtqueue_add_sgs+0x10/0x10 [ 138.033788][ T9777] ? __virt_addr_valid+0x81/0x610 [ 138.033799][ T9777] ? __phys_addr+0xe8/0x180 [ 138.033809][ T9777] ? pack_sg_list.constprop.0+0x2a8/0x320 [ 138.033831][ T9777] p9_virtio_request+0x26d/0x6c0 [ 138.033855][ T9777] ? __pfx_p9_virtio_request+0x10/0x10 [ 138.033873][ T9777] ? p9_client_prepare_req+0x112/0x4a0 [ 138.033894][ T9777] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 138.033917][ T9777] ? ksys_write+0x12a/0x250 [ 138.033939][ T9777] ? __lock_acquire+0x433/0x22f0 [ 138.033956][ T9777] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 138.033971][ T9777] p9_client_rpc+0x340/0xc40 [ 138.033987][ T9777] ? __pfx_p9_client_rpc+0x10/0x10 [ 138.034003][ T9777] ? idr_alloc_u32+0x20f/0x2f0 [ 138.034017][ T9777] ? __pfx_idr_alloc_u32+0x10/0x10 [ 138.034029][ T9777] ? do_raw_spin_lock+0x12c/0x2b0 [ 138.034046][ T9777] ? find_held_lock+0x2b/0x80 [ 138.034059][ T9777] ? trace_9p_fid_ref+0x169/0x1b0 [ 138.034074][ T9777] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 138.034092][ T9777] p9_client_xattrwalk+0xc0/0x290 [ 138.034119][ T9777] ? __pfx_v9fs_xattr_handler_get+0x10/0x10 [ 138.034138][ T9777] v9fs_fid_xattr_get+0x10a/0x300 [ 138.034159][ T9777] ? __pfx_v9fs_fid_xattr_get+0x10/0x10 [ 138.034179][ T9777] ? __pfx_v9fs_fid_find+0x10/0x10 [ 138.034198][ T9777] ? v9fs_fid_lookup+0xe9/0xeb0 [ 138.034223][ T9777] v9fs_xattr_handler_get+0x6b/0x120 [ 138.034245][ T9777] __vfs_getxattr+0x13d/0x1a0 [ 138.034271][ T9777] ? __pfx___vfs_getxattr+0x10/0x10 [ 138.034303][ T9777] cap_inode_need_killpriv+0x40/0x60 [ 138.034329][ T9777] security_inode_need_killpriv+0x1b9/0x1e0 [ 138.034349][ T9777] file_remove_privs_flags+0x32d/0x580 [ 138.034370][ T9777] ? __pfx_file_remove_privs_flags+0x10/0x10 [ 138.034390][ T9777] ? generic_write_checks+0x311/0x480 [ 138.034406][ T9777] ? __pfx_generic_write_checks+0x10/0x10 [ 138.034424][ T9777] netfs_unbuffered_write_iter+0x1d1/0x6b0 [ 138.034443][ T9777] v9fs_file_write_iter+0xbf/0x100 [ 138.034455][ T9777] vfs_write+0x7d3/0x11d0 [ 138.034471][ T9777] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 138.034485][ T9777] ? __pfx_vfs_write+0x10/0x10 [ 138.034509][ T9777] ksys_write+0x12a/0x250 [ 138.034524][ T9777] ? __pfx_ksys_write+0x10/0x10 [ 138.034543][ T9777] do_syscall_64+0xcd/0xf80 [ 138.034560][ T9777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.034571][ T9777] RIP: 0033:0x7f714778f7c9 [ 138.034580][ T9777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.034591][ T9777] RSP: 002b:00007f7148659038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.034602][ T9777] RAX: ffffffffffffffda RBX: 00007f71479e5fa0 RCX: 00007f714778f7c9 [ 138.034609][ T9777] RDX: 000000000001000a RSI: 0000200000000380 RDI: 0000000000000003 [ 138.034615][ T9777] RBP: 00007f7148659090 R08: 0000000000000000 R09: 0000000000000000 [ 138.034622][ T9777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.034628][ T9777] R13: 00007f71479e6038 R14: 00007f71479e5fa0 R15: 00007ffd96140b38 [ 138.034642][ T9777] [ 138.040506][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.171898][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.279956][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 5 seconds [ 138.284595][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 5 seconds [ 138.289505][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 5 seconds [ 138.294280][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 5 seconds [ 138.352908][ T9782] program syz.0.1151 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 138.491652][ T9794] loop3: detected capacity change from 0 to 7 [ 138.496285][ T9794] Dev loop3: unable to read RDB block 7 [ 138.498500][ T9794] loop3: AHDI p1 [ 138.499719][ T9794] loop3: partition table partially beyond EOD, truncated [ 138.714590][ T9806] 9pnet_virtio: no channels available for device syz [ 138.924047][ T9819] loop3: detected capacity change from 0 to 7 [ 138.927473][ T9819] Dev loop3: unable to read RDB block 7 [ 138.931520][ T9819] loop3: AHDI p1 [ 138.932824][ T9819] loop3: partition table partially beyond EOD, truncated [ 139.070804][ T5937] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.086788][ T9828] pim6reg9: entered allmulticast mode [ 139.102385][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 139.102395][ T40] audit: type=1400 audit(1764833699.734:638): avc: denied { accept } for pid=9823 comm="syz.3.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 139.143269][ T9827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.153694][ T9827] bond0: (slave rose0): Enslaving as an active interface with an up link [ 139.267128][ T9839] forcing mempool usage for netfs_alloc_request+0xfd/0xce0 [ 139.411244][ T9859] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 139.641002][ T40] audit: type=1400 audit(1764833700.274:639): avc: denied { ioctl } for pid=9866 comm="syz.1.1176" path="/281/file0/blkio.bfq.io_service_bytes_recursive" dev="9p" ino=72095783 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 139.646421][ T9888] __nla_validate_parse: 7 callbacks suppressed [ 139.646438][ T9888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1180'. [ 139.787781][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 139.863893][ T9892] cgroup: release_agent respecified [ 139.877765][ T5937] Bluetooth: hci3: command 0x0405 tx timeout [ 139.877800][ T5937] Bluetooth: hci2: command 0x0c1a tx timeout [ 139.913139][ T9896] 9pnet_virtio: no channels available for device syz [ 139.944283][ T9897] vxcan1: left allmulticast mode [ 139.978278][ T9897] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 139.984131][ T9897] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.017819][ T9897] macsec0: left promiscuous mode [ 140.019546][ T9897] macsec0: left allmulticast mode [ 140.027843][ T71] net_ratelimit: 10 callbacks suppressed [ 140.027856][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.063284][ T9897] erspan1: left promiscuous mode [ 140.089705][ T9897] macsec1: left promiscuous mode [ 140.091922][ T9897] macsec1: left allmulticast mode [ 140.123984][ T6396] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.130132][ T6118] xfrm0 speed is unknown, defaulting to 1000 [ 140.132164][ T6118] syz1: Port: 1 Link DOWN [ 140.133915][ T6396] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.136773][ T6396] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.139922][ T6396] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.199328][ T9910] validate_nla: 24 callbacks suppressed [ 140.199344][ T9910] netlink: 'syz.2.1187': attribute type 1 has an invalid length. [ 140.202908][ T9912] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 140.206079][ T9910] netlink: 14436 bytes leftover after parsing attributes in process `syz.2.1187'. [ 140.213847][ T9912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1194'. [ 140.218052][ T9912] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1194'. [ 140.221980][ T9912] netlink: 'syz.3.1194': attribute type 20 has an invalid length. [ 140.226178][ T9912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1194'. [ 140.230255][ T9912] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1194'. [ 140.234268][ T9912] netlink: 'syz.3.1194': attribute type 20 has an invalid length. [ 140.325138][ T40] audit: type=1400 audit(1764833700.954:640): avc: denied { connect } for pid=9919 comm="syz.2.1191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 140.329977][ T9920] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1191'. [ 140.513133][ T40] audit: type=1400 audit(1764833701.144:641): avc: denied { listen } for pid=9925 comm="syz.1.1190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 140.557371][ T9928] overlayfs: missing 'workdir' [ 140.590407][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 6 seconds [ 140.590554][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 6 seconds [ 140.590581][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 6 seconds [ 140.590606][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 6 seconds [ 140.682456][ T9936] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 140.738610][ T9938] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 50:fe:ef:f2:43:5f [ 140.834671][ T9945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1200'. [ 140.838853][ T9945] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1200'. [ 140.860664][ T9945] geneve3: entered promiscuous mode [ 140.862557][ T9945] geneve3: entered allmulticast mode [ 140.918948][ T9953] program syz.0.1202 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.067862][ T5809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.147749][ T5937] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.166223][ T9967] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 141.174483][ T9967] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1207'. [ 141.427724][ T6118] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 141.589486][ T6118] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x81 has an invalid bInterval 47, changing to 4 [ 141.593823][ T6118] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x81 has invalid maxpacket 42203, setting to 1023 [ 141.598384][ T6118] usb 6-1: config 0 interface 0 has no altsetting 0 [ 141.602178][ T6118] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 141.605330][ T6118] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 141.608350][ T6118] usb 6-1: Product: syz [ 141.609879][ T6118] usb 6-1: Manufacturer: syz [ 141.611466][ T6118] usb 6-1: SerialNumber: syz [ 141.615570][ T6118] usb 6-1: config 0 descriptor?? [ 141.621914][ T6118] usb 6-1: selecting invalid altsetting 0 [ 141.696224][ T9969] program syz.0.1208 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.787572][ T9982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.791274][ T40] audit: type=1400 audit(1764833702.424:642): avc: denied { validate_trans } for pid=9981 comm="syz.3.1211" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 141.791313][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.822523][ T9967] usb 6-1: cannot submit urb 0, error -2: endpoint not enabled [ 141.829458][ T841] usb 6-1: USB disconnect, device number 6 [ 141.834243][ T9986] forcing mempool usage for netfs_alloc_subrequest+0xc1/0x3c0 [ 141.868020][ T5943] Bluetooth: hci1: command 0x0c1a tx timeout [ 141.947803][ T5943] Bluetooth: hci3: command 0x0405 tx timeout [ 141.958066][ T5943] Bluetooth: hci2: command 0x0c1a tx timeout [ 141.986119][ T9991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.998382][ T9991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 142.002105][ T9991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 142.007713][ T9991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 142.016908][ T9991] trusted_key: encrypted_key: insufficient parameters specified [ 142.020983][ T9991] trusted_key: encrypted_key: insufficient parameters specified [ 142.643432][ T40] audit: type=1400 audit(1764833703.274:643): avc: denied { read } for pid=10021 comm="syz.3.1224" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 142.831222][T10040] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 142.928708][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 7 seconds [ 142.932246][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 7 seconds [ 142.932264][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 7 seconds [ 142.932278][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 7 seconds [ 142.966984][T10045] input: syz0 as /devices/virtual/input/input16 [ 142.978797][ T40] audit: type=1400 audit(1764833703.614:644): avc: denied { bind } for pid=10044 comm="syz.0.1231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 143.237678][ T5937] Bluetooth: hci0: command 0x0c1a tx timeout [ 143.431991][T10058] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 143.551679][ T40] audit: type=1400 audit(1764833704.184:645): avc: denied { execute } for pid=10073 comm="syz.0.1243" path="/dev/snd/pcmC0D0c" dev="devtmpfs" ino=1315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 143.580010][ T5937] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 143.612676][T10089] netlink: 'syz.3.1242': attribute type 4 has an invalid length. [ 143.616253][T10089] netlink: 'syz.3.1242': attribute type 1 has an invalid length. [ 143.626863][T10091] netlink: 'syz.2.1250': attribute type 29 has an invalid length. [ 143.772804][T10105] xfrm0 speed is unknown, defaulting to 1000 [ 143.948033][ T5943] Bluetooth: hci1: command 0x0c1a tx timeout [ 144.013812][ T6403] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.027728][ T5943] Bluetooth: hci2: command 0x0c1a tx timeout [ 144.030853][T10108] 9pnet_fd: Insufficient options for proto=fd [ 144.118953][ T6403] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.189525][ T6403] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.213946][ T40] audit: type=1400 audit(1764833704.844:646): avc: denied { execute } for pid=10113 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 144.224732][ T40] audit: type=1400 audit(1764833704.854:647): avc: denied { execute_no_trans } for pid=10113 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 144.341950][ T6403] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.414460][ T5937] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 144.420218][ T5937] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 144.425526][ T5937] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 144.430250][ T5937] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 144.434153][ T5937] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 144.464427][T10129] xfrm0 speed is unknown, defaulting to 1000 [ 144.478398][ T5943] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 144.497077][T10142] /dev/nullb0: Can't lookup blockdev [ 144.549822][T10148] unsupported nlmsg_type 40 [ 144.599428][T10152] x_tables: duplicate underflow at hook 1 [ 144.622482][ T6403] bridge_slave_1: left allmulticast mode [ 144.624817][ T6403] bridge_slave_1: left promiscuous mode [ 144.633968][ T6403] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.645844][ T6403] : left allmulticast mode [ 144.647412][ T6403] : left promiscuous mode [ 144.649725][ T6403] bridge0: port 1() entered disabled state [ 144.757383][T10171] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 144.761456][T10171] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 144.816564][T10176] netlink: 'syz.2.1276': attribute type 1 has an invalid length. [ 144.831288][T10176] __nla_validate_parse: 11 callbacks suppressed [ 144.831299][T10176] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1276'. [ 145.011277][T10180] 9p: Unknown Cache mode or invalid value fs [ 145.068425][ T13] net_ratelimit: 43 callbacks suppressed [ 145.068445][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.075457][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.079345][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.220268][T10182] binder: 10181:10182 ioctl c0306201 200000000300 returned -22 [ 145.228022][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 8 seconds [ 145.231555][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 8 seconds [ 145.235084][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 8 seconds [ 145.239687][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 8 seconds [ 145.284011][ T6403] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.289286][ T6403] bond0 (unregistering): Released all slaves [ 145.295345][ T6403] bond1 (unregistering): Released all slaves [ 145.304861][ T6403] bond2 (unregistering): Released all slaves [ 145.307919][ T5937] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.312751][ T6403] bond3 (unregistering): Released all slaves [ 145.321419][ T6403] bond4 (unregistering): Released all slaves [ 145.335389][T10176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1276'. [ 145.360030][T10129] chnl_net:caif_netlink_parms(): no params data found [ 145.431862][T10129] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.434669][T10129] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.437879][T10129] bridge_slave_0: entered allmulticast mode [ 145.441464][T10129] bridge_slave_0: entered promiscuous mode [ 145.445692][T10129] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.449093][T10129] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.451865][T10129] bridge_slave_1: entered allmulticast mode [ 145.455625][T10129] bridge_slave_1: entered promiscuous mode [ 145.476948][T10129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.483438][T10192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1280'. [ 145.510665][T10129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 145.521373][T10195] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1281'. [ 145.529734][T10129] team0: Port device team_slave_0 added [ 145.533181][T10129] team0: Port device team_slave_1 added [ 145.548701][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.552091][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.552802][T10129] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 145.558637][T10129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 145.567426][T10129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 145.574249][T10129] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 145.577047][T10129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 145.587033][T10129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.596471][T10202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1283'. [ 145.666366][T10208] netlink: 'syz.1.1283': attribute type 1 has an invalid length. [ 145.671526][T10208] netlink: 'syz.1.1283': attribute type 4 has an invalid length. [ 145.674231][T10208] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.1283'. [ 145.683529][T10129] hsr_slave_0: entered promiscuous mode [ 145.686522][T10129] hsr_slave_1: entered promiscuous mode [ 145.690150][T10129] debugfs: 'hsr0' already exists in 'hsr' [ 145.692653][T10129] Cannot create hsr debugfs directory [ 145.707497][T10211] netlink: 'syz.2.1285': attribute type 1 has an invalid length. [ 145.859108][T10129] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 145.863962][T10129] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 145.875372][T10129] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 145.886334][T10129] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 145.937492][ T6403] hsr_slave_0: left promiscuous mode [ 145.940049][ T6403] hsr_slave_1: left promiscuous mode [ 145.945619][T10226] fuse: Bad value for 'fd' [ 145.947811][ T6403] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.950488][ T6403] batadv0: mtu less than device minimum [ 145.953119][ T6403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 145.958752][ T6403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 145.964528][ T6403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 145.965474][ T40] audit: type=1400 audit(1764833706.594:648): avc: denied { rename } for pid=10223 comm="syz.0.1288" name="file0" dev="9p" ino=72095757 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 145.970264][ T6403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.000366][ T6403] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.005503][ T6403] batman_adv: batadv0: Interface deactivated: dummy0 [ 146.010122][ T6403] batman_adv: batadv0: Removing interface: dummy0 [ 146.011333][ T40] audit: type=1400 audit(1764833706.644:649): avc: denied { connect } for pid=10224 comm="syz.2.1289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 146.031175][ T6403] veth1_macvtap: left promiscuous mode [ 146.031967][T10236] 9pnet_virtio: no channels available for device syz [ 146.034060][ T6403] veth1_vlan: left promiscuous mode [ 146.038112][ T6403] veth0_vlan: left promiscuous mode [ 146.038685][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.042632][ T40] audit: type=1400 audit(1764833706.674:650): avc: denied { lock } for pid=10234 comm="syz.1.1292" path="socket:[33137]" dev="sockfs" ino=33137 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.055583][T10233] hfs: unable to load iocharset "io#harset" [ 146.131045][ T40] audit: type=1400 audit(1764833706.764:651): avc: denied { mounton } for pid=10223 comm="syz.0.1288" path="/308/file0/bus" dev="9p" ino=72095759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 146.136687][T10240] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 146.144720][T10240] overlayfs: missing 'lowerdir' [ 146.341412][ T6403] team0 (unregistering): Port device team_slave_1 removed [ 146.364075][ T6403] team0 (unregistering): Port device team_slave_0 removed [ 146.517700][ T5937] Bluetooth: hci3: command tx timeout [ 146.549973][ T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 146.696345][T10129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.701312][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 146.712352][ T9] usb 6-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 146.718833][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.721160][T10129] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.721607][ T9] usb 6-1: Product: syz [ 146.725440][ T9] usb 6-1: Manufacturer: syz [ 146.727157][ T9] usb 6-1: SerialNumber: syz [ 146.740533][ T9] usb 6-1: config 0 descriptor?? [ 146.745896][ T1198] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.748545][ T1198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.755967][ T9] option 6-1:0.0: GSM modem (1-port) converter detected [ 146.763143][ T1198] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.765548][ T1198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.845003][ T40] audit: type=1400 audit(1764833707.474:652): avc: denied { create } for pid=10258 comm="syz.0.1294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 146.889259][T10267] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1296'. [ 146.893082][T10267] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1296'. [ 146.896143][T10267] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1296'. [ 146.951477][ T9] usb 6-1: USB disconnect, device number 7 [ 146.956394][ T9] option 6-1:0.0: device disconnected [ 146.958152][T10129] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.113532][T10300] 9pnet_virtio: no channels available for device syz [ 147.134881][T10129] veth0_vlan: entered promiscuous mode [ 147.141575][T10129] veth1_vlan: entered promiscuous mode [ 147.181511][T10129] veth0_macvtap: entered promiscuous mode [ 147.185670][T10129] veth1_macvtap: entered promiscuous mode [ 147.207308][T10129] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.215953][T10129] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.224088][ T6400] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.227007][ T6400] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.234474][ T6400] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.237411][ T6400] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.282401][T10313] netlink: 'syz.0.1306': attribute type 1 has an invalid length. [ 147.285654][ T6394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.289504][ T6394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.311077][T10315] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1307'. [ 147.317304][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.320203][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.337379][ T40] audit: type=1400 audit(1764833707.964:653): avc: denied { mounton } for pid=10129 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 147.345286][ T40] audit: type=1400 audit(1764833707.964:654): avc: denied { mounton } for pid=10129 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 147.427169][ T40] audit: type=1400 audit(1764833708.054:655): avc: denied { unlink } for pid=10325 comm="syz.4.1310" name="file0" dev="9p" ino=72095727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 147.548050][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 9 seconds [ 147.552295][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 9 seconds [ 147.556374][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 9 seconds [ 147.560193][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 9 seconds [ 147.703124][T10359] Bluetooth: MGMT ver 1.23 [ 147.706612][T10361] tipc: Started in network mode [ 147.709314][T10361] tipc: Node identity 7f000001, cluster identity 4711 [ 147.712264][T10361] tipc: Enabling of bearer rejected, failed to enable media [ 147.722192][T10361] tipc: Enabling of bearer rejected, failed to enable media [ 147.728642][T10361] tipc: Enabled bearer , priority 10 [ 147.759372][T10364] IPVS: set_ctl: invalid protocol: 96 2.6.5.0:0 [ 147.762574][T10364] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 148.137740][ T6028] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 148.309402][ T6028] usb 9-1: config index 0 descriptor too short (expected 39, got 27) [ 148.312911][ T6028] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 148.319714][ T6028] usb 9-1: config 0 interface 0 has no altsetting 0 [ 148.329942][ T6028] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 148.333725][ T6028] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 148.336551][ T6028] usb 9-1: Product: syz [ 148.338334][ T6028] usb 9-1: Manufacturer: syz [ 148.339877][ T6028] usb 9-1: SerialNumber: syz [ 148.348165][ T6028] usb 9-1: config 0 descriptor?? [ 148.351881][ T6028] hub 9-1:0.0: bad descriptor, ignoring hub [ 148.353904][ T6028] hub 9-1:0.0: probe with driver hub failed with error -5 [ 148.358710][ T6028] usb 9-1: selecting invalid altsetting 0 [ 148.587839][ T5937] Bluetooth: hci3: command tx timeout [ 148.747805][ T5976] tipc: Node number set to 2130706433 [ 148.959964][ T6027] usb 9-1: USB disconnect, device number 2 [ 149.107977][ T6027] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 149.239185][ T6027] usb 9-1: device descriptor read/64, error -71 [ 149.279765][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 149.279776][ T40] audit: type=1400 audit(1764833709.914:658): avc: denied { recv } for pid=33 comm="ksoftirqd/3" saddr=172.20.20.29 src=20001 daddr=172.20.20.29 dest=20001 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 149.318769][ T40] audit: type=1400 audit(1764833709.954:659): avc: denied { recv } for pid=5852 comm="syz-executor" saddr=127.0.0.1 src=50644 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 149.332463][ T40] audit: type=1804 audit(1764833709.964:660): pid=10444 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1349" name="bus" dev="tmpfs" ino=2240 res=1 errno=0 [ 149.481279][ T6027] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 149.514672][ T40] audit: type=1326 audit(1764833710.144:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60e38f7c9 code=0x7ffc0000 [ 149.525256][ T40] audit: type=1326 audit(1764833710.154:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fc60e38f7c9 code=0x7ffc0000 [ 149.536143][ T40] audit: type=1326 audit(1764833710.164:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60e38f7c9 code=0x7ffc0000 [ 149.547067][ T40] audit: type=1326 audit(1764833710.164:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc60e3c2085 code=0x7ffc0000 [ 149.556987][ T40] audit: type=1326 audit(1764833710.164:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc60e38f7c9 code=0x7ffc0000 [ 149.566482][ T40] audit: type=1326 audit(1764833710.164:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60e38f7c9 code=0x7ffc0000 [ 149.575921][ T40] audit: type=1326 audit(1764833710.164:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.2.1351" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60e38f7c9 code=0x7ffc0000 [ 149.607802][ T6027] usb 9-1: device descriptor read/64, error -71 [ 149.718019][ T6027] usb usb9-port1: attempt power cycle [ 149.878688][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 10 seconds [ 149.883347][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 10 seconds [ 149.887352][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 10 seconds [ 149.891554][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 10 seconds [ 150.077743][ T6027] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 150.099198][ T6027] usb 9-1: device descriptor read/8, error -71 [ 150.163260][T10466] __nla_validate_parse: 5 callbacks suppressed [ 150.163270][T10466] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1356'. [ 150.169125][T10466] netlink: 'syz.1.1356': attribute type 7 has an invalid length. [ 150.171659][T10466] netlink: 'syz.1.1356': attribute type 8 has an invalid length. [ 150.174239][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1356'. [ 150.182153][T10466] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 150.338947][ T6027] usb 9-1: new full-speed USB device number 6 using dummy_hcd [ 150.350525][T10484] overlay: Bad value for 'index' [ 150.378404][ T6027] usb 9-1: device descriptor read/8, error -71 [ 150.396057][T10489] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 150.401795][T10489] Error validating options; rc = [-22] [ 150.407097][T10489] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 150.432590][T10492] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1362'. [ 150.435821][T10492] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1362'. [ 150.460208][T10495] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1366'. [ 150.487976][ T6027] usb usb9-port1: unable to enumerate USB device [ 150.526624][T10497] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1367'. [ 150.677741][ T5937] Bluetooth: hci3: command tx timeout [ 150.747881][ T6028] net_ratelimit: 36 callbacks suppressed [ 150.747894][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.159392][T10536] SELinux: syz.1.1378 (10536) set checkreqprot to 1. This is no longer supported. [ 151.176198][ T5937] Bluetooth: hci0: unexpected event for opcode 0x0803 [ 151.235120][T10540] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.238743][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.356171][T10545] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 151.405551][T10549] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10549 comm=syz.1.1383 [ 151.470892][T10554] xt_l2tp: invalid flags combination: 8 [ 151.526679][T10558] loop3: detected capacity change from 0 to 7 [ 151.531749][T10558] Dev loop3: unable to read RDB block 7 [ 151.534285][T10558] loop3: AHDI p1 [ 151.535862][T10558] loop3: partition table partially beyond EOD, truncated [ 151.601643][T10561] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1388'. [ 151.628667][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.760342][T10578] 9pnet: Could not find request transport: virtio­Jy Û£ [ 151.788038][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.790920][T10578] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1393'. [ 151.923123][T10595] kAFS: unable to lookup cell '(,' [ 151.924595][T10593] xt_TPROXY: Can be used only with -p tcp or -p udp [ 151.937325][T10595] batadv_slave_1: entered promiscuous mode [ 151.963729][T10603] netlink: 'syz.2.1400': attribute type 5 has an invalid length. [ 151.991594][T10594] batadv_slave_1: left promiscuous mode [ 152.047581][T10608] netlink: 'syz.2.1402': attribute type 10 has an invalid length. [ 152.055833][T10608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.060196][T10608] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 152.122118][T10619] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1406'. [ 152.160330][T10623] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 152.198038][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 11 seconds [ 152.201783][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 11 seconds [ 152.205337][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 11 seconds [ 152.209329][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 11 seconds [ 152.254949][T10633] ip6t_srh: unknown srh invflags 51E8 [ 152.300793][T10638] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1412'. [ 152.656572][T10652] tmpfs: Invalid gid '0x00000000ffffffff' [ 152.691654][T10647] openvswitch: netlink: Key type 51 is out of range max 32 [ 152.713058][T10656] IPVS: length: 18 != 7080 [ 152.761368][ T5937] Bluetooth: hci3: command tx timeout [ 152.775549][T10658] ubi31: attaching mtd0 [ 152.777664][T10658] ubi31 error: ubi_attach_mtd_dev: bad VID header (4722809) or data offsets (4722873) [ 152.829164][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 153.236174][T10671] netlink: 'syz.2.1425': attribute type 1 has an invalid length. [ 153.481377][T10685] erspan1: entered promiscuous mode [ 153.677721][T10691] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 153.679863][T10691] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 153.683132][T10691] vhci_hcd vhci_hcd.0: Device attached [ 153.686997][T10692] vhci_hcd: connection closed [ 153.687501][ T6403] vhci_hcd: stop threads [ 153.692200][ T6403] vhci_hcd: release socket [ 153.694156][ T6403] vhci_hcd: disconnect device [ 153.870539][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 153.885390][T10700] binder: 10698:10700 ioctl c0306201 200000000640 returned -22 [ 154.512526][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 12 seconds [ 154.517245][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 12 seconds [ 154.521785][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 12 seconds [ 154.526221][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 12 seconds [ 154.668124][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.671922][ T5976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.707528][T10730] netlink: 'syz.4.1446': attribute type 12 has an invalid length. [ 154.713153][T10730] netlink: 'syz.4.1446': attribute type 29 has an invalid length. [ 154.716134][T10730] netlink: 'syz.4.1446': attribute type 2 has an invalid length. [ 154.720887][T10730] netlink: 'syz.4.1446': attribute type 3 has an invalid length. [ 154.725378][T10730] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 154.792705][ T5937] Bluetooth: hci3: Malformed Event: 0x02 [ 154.982373][T10740] xfrm0 speed is unknown, defaulting to 1000 [ 155.017306][T10748] fuse: blksize only supported for fuseblk [ 155.464365][T10770] netlink: 'syz.0.1457': attribute type 1 has an invalid length. [ 155.469854][T10770] __nla_validate_parse: 8 callbacks suppressed [ 155.469865][T10770] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1457'. [ 155.476251][T10770] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1457'. [ 155.480526][T10770] netlink: 658 bytes leftover after parsing attributes in process `syz.0.1457'. [ 155.485633][T10770] netlink: 'syz.0.1457': attribute type 17 has an invalid length. [ 155.629896][T10774] xfrm0 speed is unknown, defaulting to 1000 [ 155.721881][T10777] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1460'. [ 155.922924][T10785] net_ratelimit: 2 callbacks suppressed [ 155.922942][T10785] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 155.929462][T10785] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 155.993077][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 155.993088][ T40] audit: type=1400 audit(1764833716.624:692): avc: denied { append } for pid=10786 comm="syz.4.1463" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 156.113336][T10796] loop3: detected capacity change from 0 to 7 [ 156.116125][T10796] Dev loop3: unable to read RDB block 7 [ 156.127034][T10796] loop3: AHDI p1 [ 156.128419][T10796] loop3: partition table partially beyond EOD, truncated [ 156.174227][ T40] audit: type=1400 audit(1764833716.804:693): avc: denied { read } for pid=10797 comm="syz.4.1467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 156.300003][T10803] Sensor A: ================= START STATUS ================= [ 156.302513][T10803] Sensor A: Test Pattern: 75% Colorbar [ 156.304547][T10803] Sensor A: Show Information: All [ 156.306239][T10803] Sensor A: Vertical Flip: false [ 156.307936][T10803] Sensor A: Horizontal Flip: false [ 156.309633][T10803] Sensor A: Brightness: 128 [ 156.311076][T10803] Sensor A: Contrast: 128 [ 156.312482][T10803] Sensor A: Hue: 0 [ 156.313740][T10803] Sensor A: Saturation: 128 [ 156.315226][T10803] Sensor A: ================== END STATUS ================== [ 156.381387][T10803] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 156.383497][T10803] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 156.387088][T10803] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.389522][T10803] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 156.392629][T10803] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.395786][T10803] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.397972][T10803] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.401054][T10803] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.534426][T10817] bridge0: port 3(syz_tun) entered blocking state [ 156.536867][T10817] bridge0: port 3(syz_tun) entered disabled state [ 156.539953][T10817] syz_tun: entered allmulticast mode [ 156.543269][T10817] syz_tun: entered promiscuous mode [ 156.546196][T10817] bridge0: port 3(syz_tun) entered blocking state [ 156.549558][T10817] bridge0: port 3(syz_tun) entered forwarding state [ 156.694632][T10825] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 156.748191][ T6394] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.753028][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.756992][ T71] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.763418][ T40] audit: type=1400 audit(1764833717.394:694): avc: denied { setopt } for pid=10821 comm="syz.0.1471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 156.765966][T10833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1471'. [ 156.835246][ T11] block nbd0: Possible stuck request ffff8880280e8000: control (read@0,1024B). Runtime 13 seconds [ 156.838930][ T11] block nbd0: Possible stuck request ffff8880280e8200: control (read@1024,1024B). Runtime 13 seconds [ 156.842508][ T11] block nbd0: Possible stuck request ffff8880280e8400: control (read@2048,1024B). Runtime 13 seconds [ 156.846208][ T11] block nbd0: Possible stuck request ffff8880280e8600: control (read@3072,1024B). Runtime 13 seconds [ 156.998504][ T6027] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 157.072346][T10840] netlink: 'syz.2.1476': attribute type 1 has an invalid length. [ 157.102531][T10840] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 157.107542][T10840] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 157.150781][T10842] gretap1: entered promiscuous mode [ 157.156668][T10842] bond2: (slave gretap1): making interface the new active one [ 157.160565][T10842] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 157.169702][ T6027] usb 9-1: config index 0 descriptor too short (expected 23569, got 27) [ 157.173361][ T6027] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.178256][ T6027] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 157.181814][ T6027] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 157.184958][ T6027] usb 9-1: Manufacturer: syz [ 157.188127][ T6027] usb 9-1: config 0 descriptor?? [ 157.222968][T10840] macvlan2: entered promiscuous mode [ 157.224929][T10840] macvlan2: entered allmulticast mode [ 157.227243][T10840] bond2: entered promiscuous mode [ 157.229777][T10840] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 157.235195][T10840] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 157.237702][ T6027] rc_core: IR keymap rc-hauppauge not found [ 157.241102][ T6027] Registered IR keymap rc-empty [ 157.243251][T10840] bond2: left promiscuous mode [ 157.243489][ T6027] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0 [ 157.254036][ T6027] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input18 [ 157.336987][T10846] IPVS: Error connecting to the multicast addr [ 157.347160][T10846] bond0: (slave wg0): Error: Device type is different from other slaves [ 157.351448][T10846] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1477'. [ 157.417166][T10834] xfrm0 speed is unknown, defaulting to 1000 [ 157.455533][T10851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.461102][T10851] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.472593][T10834] comedi comedi3: comedi_config --init_data is deprecated [ 157.477071][ T40] audit: type=1400 audit(1764833718.104:695): avc: denied { write } for pid=10854 comm="syz.0.1479" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 157.485481][ T6027] usb 9-1: USB disconnect, device number 7 [ 157.491126][ T40] audit: type=1400 audit(1764833718.104:696): avc: denied { read } for pid=10854 comm="syz.0.1479" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 157.708177][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.714461][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.719425][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.762629][T10877] loop3: detected capacity change from 0 to 7 [ 157.765470][T10877] Dev loop3: unable to read RDB block 7 [ 157.767365][T10877] loop3: AHDI p1 [ 157.769252][T10877] loop3: partition table partially beyond EOD, truncated [ 157.796841][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.805998][T10879] netlink: 'syz.0.1485': attribute type 4 has an invalid length. [ 157.856054][ T40] audit: type=1400 audit(1764833718.484:697): avc: denied { getopt } for pid=10882 comm="syz.0.1487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 158.025038][T10892] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1489'. [ 158.037187][T10896] ntfs3: block size(65536) > page size(4096) not supported by filesystem [ 158.042961][T10896] ------------[ cut here ]------------ [ 158.045388][T10896] kernel BUG at fs/buffer.c:1582! [ 158.047778][T10896] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 158.051640][T10896] CPU: 0 UID: 0 PID: 10896 Comm: syz.4.1490 Not tainted syzkaller #0 PREEMPT(full) [ 158.056548][T10896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.061289][T10896] RIP: 0010:folio_set_bh+0x18a/0x1e0 [ 158.063709][T10896] Code: df 48 89 fa 4c 01 e3 48 c1 ea 03 80 3c 02 00 75 43 48 89 5d 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 d7 c7 6f ff 90 <0f> 0b e8 0f d3 d8 ff e9 a5 fe ff ff 4c 89 ef e8 12 d2 d8 ff e9 cf [ 158.071795][T10896] RSP: 0018:ffffc900032a78c8 EFLAGS: 00010283 [ 158.073971][T10896] RAX: 0000000000003698 RBX: ffffea0000ceac00 RCX: ffffc9000c001000 [ 158.076982][T10896] RDX: 0000000000080000 RSI: ffffffff824e3cc9 RDI: 0000000000000006 [ 158.080016][T10896] RBP: ffff888053f5dd98 R08: 0000000000000006 R09: 0000000000010000 [ 158.083443][T10896] R10: 0000000000010000 R11: 00000000b4f1d8d0 R12: 0000000000010000 [ 158.086917][T10896] R13: 0000000000000004 R14: 0000000000010000 R15: 0000000000000000 [ 158.090405][T10896] FS: 00007fdd02e5d6c0(0000) GS:ffff8880d6983000(0000) knlGS:0000000000000000 [ 158.094201][T10896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.097032][T10896] CR2: 00007fdd02e5cf98 CR3: 0000000056cd0000 CR4: 0000000000352ef0 [ 158.100525][T10896] Call Trace: [ 158.102078][T10896] [ 158.103419][T10896] folio_alloc_buffers+0x295/0x6c0 [ 158.105724][T10896] __getblk_slow+0x1f4/0x560 [ 158.107889][T10896] bdev_getblk+0xd4/0xe0 [ 158.109819][T10896] __bread_gfp+0x86/0x3c0 [ 158.111734][T10896] ntfs_bread+0xd9/0x210 [ 158.113655][T10896] ntfs_fill_super+0x64f/0x4280 [ 158.115682][T10896] ? find_held_lock+0x2b/0x80 [ 158.117741][T10896] ? _printk+0xc7/0x100 [ 158.119351][T10896] ? __pfx__printk+0x10/0x10 [ 158.121213][T10896] ? __pfx_ntfs_fill_super+0x10/0x10 [ 158.123102][T10896] ? __pfx____ratelimit+0x10/0x10 [ 158.124793][T10896] ? sb_set_blocksize+0x29a/0x320 [ 158.126589][T10896] ? setup_bdev_super+0x369/0x730 [ 158.128270][T10896] get_tree_bdev_flags+0x38c/0x620 [ 158.129992][T10896] ? __pfx_ntfs_fill_super+0x10/0x10 [ 158.131781][T10896] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 158.133691][T10896] ? rcu_is_watching+0x12/0xc0 [ 158.135338][T10896] ? bpf_lsm_capable+0x9/0x10 [ 158.136981][T10896] ? security_capable+0x7e/0x260 [ 158.138973][T10896] vfs_get_tree+0x8e/0x330 [ 158.141015][T10896] path_mount+0x7bf/0x23a0 [ 158.143023][T10896] ? rcu_is_watching+0x12/0xc0 [ 158.145146][T10896] ? __pfx_path_mount+0x10/0x10 [ 158.146765][T10896] ? kmem_cache_free+0x2d8/0x770 [ 158.148406][T10896] ? putname+0xf5/0x1a0 [ 158.149846][T10896] ? putname+0xf5/0x1a0 [ 158.151262][T10896] ? putname+0xf5/0x1a0 [ 158.152639][T10896] ? __x64_sys_mount+0x293/0x310 [ 158.154293][T10896] __x64_sys_mount+0x293/0x310 [ 158.155898][T10896] ? __pfx___x64_sys_mount+0x10/0x10 [ 158.157649][T10896] ? fput+0x70/0xf0 [ 158.158951][T10896] do_syscall_64+0xcd/0xf80 [ 158.160490][T10896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.162444][T10896] RIP: 0033:0x7fdd01f8f7c9 [ 158.163943][T10896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.170268][T10896] RSP: 002b:00007fdd02e5d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 158.173017][T10896] RAX: ffffffffffffffda RBX: 00007fdd021e5fa0 RCX: 00007fdd01f8f7c9 [ 158.175625][T10896] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000200000000100 [ 158.178268][T10896] RBP: 00007fdd02013f91 R08: 0000200000000000 R09: 0000000000000000 [ 158.180874][T10896] R10: 0000000000400080 R11: 0000000000000246 R12: 0000000000000000 [ 158.183475][T10896] R13: 00007fdd021e6038 R14: 00007fdd021e5fa0 R15: 00007ffecfb718c8 [ 158.186093][T10896] [ 158.187140][T10896] Modules linked in: [ 158.188955][T10896] ---[ end trace 0000000000000000 ]--- [ 158.189395][T10897] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1490'. [ 158.217776][T10896] RIP: 0010:folio_set_bh+0x18a/0x1e0 [ 158.219686][T10896] Code: df 48 89 fa 4c 01 e3 48 c1 ea 03 80 3c 02 00 75 43 48 89 5d 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 d7 c7 6f ff 90 <0f> 0b e8 0f d3 d8 ff e9 a5 fe ff ff 4c 89 ef e8 12 d2 d8 ff e9 cf [ 158.227688][T10883] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 158.229293][T10896] RSP: 0018:ffffc900032a78c8 EFLAGS: 00010283 [ 158.232624][T10896] RAX: 0000000000003698 RBX: ffffea0000ceac00 RCX: ffffc9000c001000 [ 158.235342][T10896] RDX: 0000000000080000 RSI: ffffffff824e3cc9 RDI: 0000000000000006 [ 158.239033][T10896] RBP: ffff888053f5dd98 R08: 0000000000000006 R09: 0000000000010000 [ 158.242290][T10896] R10: 0000000000010000 R11: 00000000b4f1d8d0 R12: 0000000000010000 [ 158.245674][T10896] R13: 0000000000000004 R14: 0000000000010000 R15: 0000000000000000 [ 158.253302][T10896] FS: 00007fdd02e5d6c0(0000) GS:ffff8880d6b83000(0000) knlGS:0000000000000000 [ 158.257074][T10896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.260546][T10896] CR2: 00007f4f32748286 CR3: 0000000056cd0000 CR4: 0000000000352ef0 [ 158.264042][T10896] Kernel panic - not syncing: Fatal exception [ 158.268979][T10896] Kernel Offset: disabled [ 158.270872][T10896] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:35:18 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000053 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff852b0ac5 RDI=ffffffff9ae5dce0 RBP=ffffffff9ae5dca0 RSP=ffffc900032a7240 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6e69203a73706f4f R12=0000000000000000 R13=0000000000000053 R14=ffffffff9ae5dca0 R15=ffffffff852b0a60 RIP=ffffffff852b0aef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fdd02e5d6c0 ffffffff 00c00000 GS =0000 ffff8880d6983000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fdd02e5cf98 CR3=0000000056cd0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd02015050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd0201505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd02015057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd0201506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd020150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd020151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd021ba4a8 00007fdd021ba4a0 00007fdd021ba498 00007fdd021ba470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd02d1d100 00007fdd021ba460 00007fdd021ba478 00007fdd021ba4c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdd021ba4b8 00007fdd021ba4b0 00007fdd021ba4a8 00007fdd021ba4a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000188 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000000c1124 RBX=0000000000000001 RCX=ffffffff8b6256f9 RDX=ffffed100d4a671e RSI=ffffffff8bf1eb80 RDI=ffffffff81929edd RBP=ffffed1003bd4498 RSP=ffffc90000177de8 R8 =0000000000000000 R9 =ffffed100d4a671d R10=ffff88806a5338eb R11=0000000000000000 R12=0000000000000001 R13=ffff88801dea24c0 R14=ffffffff908612d0 R15=0000000000000000 RIP=ffffffff8b623def RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a83000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3de329 CR3=000000005bb8c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7147815050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f714781505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7147815057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f714781506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71478150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71478151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 732064616200786c 6c36313025783000 657a697320780004 00080000000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5605414447005d49 49131415005d1500 405f4c56055d404d 5751560541444700 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 79cf24de180a4d9b c9269ded0ed1a2a1 cc059804b3ce2a3f 7223d0773e29e800 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c58f076981ffd42 d6f76e2b3c78cf01 70f5ac883defe2b0 a1320fe95091c3ce ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6996b6a12886ab39 d5a25c642e65924f 70221b4c54dde824 87a314a2a6884a67 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 be5a0d3cec01756e 27a5e210e72fc3ac 5267c12971b5cae1 ca1600e47a19060f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=000000000000003a RCX=ffffffff820bb243 RDX=ffff8880230bc980 RSI=ffffffff820bb1ec RDI=00000000000001c0 RBP=ffff88805632e3c8 RSP=ffffc90003b2f830 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=000000000000003a R13=0000000000000000 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff820bb1f8 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6b83000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0923517d60 CR3=000000002f9ca000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f09229ba6c3 00007f09229ba6c3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd66205340 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555d5ce296 000055555d5cda00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555d5c6ffe 000055555d5c6ce0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555d5b9678 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 a80301e8040002b0 a40300020002b0a2 0300020002b0a003 00080002b098031f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100001800401 0000000806060168 e200080001e00300 100001d00301f0ff ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffffffffffe1000 01c00302100001b0 0348100009900300 040002b0c4031804 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0002b0c003080400 02b0bc0300040002 b0b8030e040002b0 b40300040002b0b0 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030000000a080602 b0a80301e8040002 b0a40300020002b0 a20300020002b0a0 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000096e34 RBX=0000000000000003 RCX=ffffffff8b6256f9 RDX=ffffed100d4e671e RSI=ffffffff8bf1eb80 RDI=ffffffff81929edd RBP=ffffed1003bd6000 RSP=ffffc90000197de8 R8 =0000000000000000 R9 =ffffed100d4e671d R10=ffff88806a7338eb R11=0000000000000000 R12=0000000000000003 R13=ffff88801deb0000 R14=ffffffff908612d0 R15=0000000000000000 RIP=ffffffff8b623def RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6c83000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f7148638d58 CR3=000000005075a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd96140ec0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7147815050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f714781505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7147815057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f714781506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71478150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71478151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000