last executing test programs: 5.939407224s ago: executing program 1 (id=830): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e001000000287e298ea938b8001cb57f2c5c3cb07e9c92"], 0x10) 5.806740466s ago: executing program 1 (id=832): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_MODULATOR(r0, 0xc0445636, &(0x7f0000000040)={0x6ac, "bd6071c2dc9514a2085d4c9f88b70417daea8f7b7e312e009633232f80925167", 0x10, 0x0, 0x345c, 0x5b98bb2df4c24cea, 0x5}) write(r0, &(0x7f00000000c0)="9ceec3d6b8cd31da4a3a24b939f2b7bf9c7f9dc3e55f91b82a1bf0787a0581419f7d799f0befc5834c6e155e8438d2eab0de5254544e1f4bdfbe9aa074c0e40e36672090ec7d1d0ecb18f9d81ff85f9f8800bf2137c5dcaeeab6949008ac762b266102c6085e3aa4e799ea32c9e5b290a7979835f048e1abd58cfb73575ea7c3406866c0f5645d1181990487b3e3c4e76916e0769eead307d3bc45967bf12efdedf64409f45021d091fca8250b9ffc8119", 0xb1) (async, rerun: 64) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x48240, 0x0) (async, rerun: 64) r2 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0, {r2}}, './file0\x00'}) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) (async) ioctl$F2FS_IOC_SEC_TRIM_FILE(r3, 0x4018f514, &(0x7f00000002c0)={0x7, 0x3, 0x2}) (async) umount2(&(0x7f0000000300)='./file0\x00', 0x0) (async) sendfile(r2, r1, &(0x7f0000000340)=0x400, 0x0) (async, rerun: 32) pivot_root(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00') (rerun: 32) r6 = syz_open_dev$sndctrl(&(0x7f0000000400), 0xe, 0x101200) sendfile(r1, r1, &(0x7f0000000440)=0x81, 0x3ff) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000004c0)=@o_path={&(0x7f0000000480)='./file0\x00', r3, 0x4000, r6}, 0x18) write$cgroup_int(r4, &(0x7f0000000500)=0x9, 0x12) write$binfmt_register(r5, &(0x7f0000000540)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x0, 0x3a, '+:', 0x3a, '/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0x3a, './file0', 0x3a, [0x43]}, 0x6e) r7 = open$dir(&(0x7f00000005c0)='./file0\x00', 0x10000, 0x1f) execveat(r7, &(0x7f0000000600)='./file0\x00', &(0x7f0000000780)={[&(0x7f0000000640)='/dev/video36\x00', &(0x7f0000000680)='/dev/autofs\x00', &(0x7f00000006c0)='M', &(0x7f0000000700)='\xc9\x00', &(0x7f0000000740)='}]($\x00']}, &(0x7f00000008c0)={[&(0x7f00000007c0)='/dev/cachefiles\x00', &(0x7f0000000800)='%\\-\x00', &(0x7f0000000840)='\x00', &(0x7f0000000880)='/dev/autofs\x00']}, 0x0) (async) setsockopt$packet_buf(r5, 0x107, 0xd, &(0x7f0000000900)="c11f99f1e0df484a3cbb42cdd868e256e7fffdf80d949b98fbbcd964d3d2722899970ea437749950dcf406ccb739348003855191", 0x34) (async) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000980), r4) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000009c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x60, r8, 0x8, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xb, 0x1a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SCAN_SSIDS={0x2c, 0x2d, 0x0, 0x1, [{0xd, 0x0, @random="709f8fb9f61cd5d8cd"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8001}, 0x200000c0) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) (async, rerun: 64) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000b00)={'veth0_virt_wifi\x00', 0x100}) (async, rerun: 64) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000bc0)={{{@in=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000cc0)=0xe8) read$FUSE(r3, &(0x7f0000000d00)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) mount$fuse(0x0, &(0x7f0000000b40)='./file0\x00', &(0x7f0000000b80), 0x800841, &(0x7f0000002d40)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r10}, 0x2c, {'group_id', 0x3d, r11}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8000000000000001}}, {}, {@max_read={'max_read', 0x3d, 0x6}}, {}, {@blksize={'blksize', 0x3d, 0x200}}, {@allow_other}, {@default_permissions}], [{@dont_measure}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/cachefiles\x00'}}]}}) (async, rerun: 32) getpriority(0x0, r12) (async, rerun: 32) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000002ec0)={0x630c, r1}, 0x0) (async) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000002f00)=r4, 0x4) 5.696934854s ago: executing program 1 (id=834): r0 = socket(0x10, 0x3, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000200)=0x2) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@mpls_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x14}, [@RTA_DST={0x8, 0x13, {0x7}}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) 4.29739765s ago: executing program 0 (id=844): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', 0x0}) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1}, 0x90) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) close_range(r3, r3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000ac0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000059870000000000000c00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000500)='GPL\x00', 0x7771, 0x0, 0x0, 0xd7b8dbcd861891a2, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xa51c, r2, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) 4.295743818s ago: executing program 1 (id=845): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) (async) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) (async) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x7c, r2, 0x1, 0x0, 0x4, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x5e, 0x33, @beacon={{{}, {0xdde}, @broadcast}, 0x0, @default, 0x0, @val, @val={0x1, 0x3, [{0x6}, {0x12}, {0xb, 0x1}]}, @void, @void, @void, @val={0x5, 0x3, {0x0, 0x5e, 0x2}}, @void, @void, @val={0x3c, 0x4, {0x1, 0x80, 0xa9, 0x1c}}, @val={0x2d, 0x1a, {0x40, 0x0, 0x3, 0x0, {0x2, 0x1ffa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3}, 0x7, 0x3, 0x4}}, @val={0x72, 0x6}, @void, @void}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async) setsockopt$inet_mreq(r0, 0x0, 0x23, 0x0, 0x0) (async) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b000000", 0x18}, {&(0x7f00000000c0)="bc588bb49cff7d081d465efc09c57bbfb7b83fa6366c", 0x16}], 0x2}, 0x0) (async) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) (async) r6 = fanotify_init(0x81, 0x0) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x9}, {0x4, 0xe}, {0xfd, 0x6, "6ed0"}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0) read$FUSE(r6, &(0x7f00000057c0)={0x2020}, 0x2020) 3.476471943s ago: executing program 0 (id=851): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r2, &(0x7f0000000780)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0xfffffffe, @local, 0x1}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000180)="648227da9388accdbba5a0cbbb5f01", 0xf}], 0x1}}, {{&(0x7f00000000c0)={0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x40}, 0x1c, &(0x7f00000005c0)}}], 0x2, 0x4000) shutdown(r2, 0x1) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_KEY(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3100de00a882e88dde64ef6d6c1ea10866b45c7ca68d4ddb7d12c901a7297c4ec0b04e5883af2f4e715c44d1e6a93ccbdc886d48f69b4cfae9d9ee4862c1626e6f7de01946b07c731f13827e517f9ae65c06ab4a96527a7cbeb389b7313687ef88abf23dc161799399ecdc347435b0ef372e1b4b6b4ca3c13713d62746cd2a1538caafe207432e5b58360e7cc2014d32da369db897465ef6e2", @ANYRES16=r3, @ANYBLOB="050125bd7000fedbdf250900000008000300", @ANYRES32=r5, @ANYBLOB="0a000600ffffffffffff00000800370000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000081}, 0x48000) setsockopt(r2, 0x84, 0x83, &(0x7f00000002c0)="1a00000002000000", 0x8) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48000, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f00000004c0), r8) sendmsg$NFC_CMD_GET_SE(r8, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000011c0)={0x14, r9, 0x5953a6d8b15e6715}, 0x14}}, 0x0) r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r10, 0xae03, 0x4a) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r11 = socket(0x10, 0x3, 0x0) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r12, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r12, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r12, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r12, &(0x7f0000000380)="e8", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x400}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r11, 0x6, 0xd, &(0x7f0000000240)='lp\x00', 0x3) sendmsg$inet(r12, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000100)='S', 0x1}], 0x1, &(0x7f00000007c0)=ANY=[@ANYBLOB="80"], 0x80}, 0x40888) r13 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r13, &(0x7f0000000080)={0x28, 0x0, 0x2711, @hyper}, 0x10) sendmmsg(r11, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={'lo\x00', @broadcast}) 3.281728432s ago: executing program 1 (id=852): r0 = syz_socket_connect_nvme_tcp() sendto$inet_nvme_of_msg(r0, &(0x7f00000000c0)={@icreq={{0x0, 0x0, 0x80, 0x1}, 0x0, 0x0, 0x1}, @val=&(0x7f0000000000)="6133e6ef837c32a8903726e8c9991a41a7f4c9dc7f03e60f180235423417e4e8794a58dd3ff30c34cafbe5624cbfea8589fb9d4a1e7598eb84b3ba85af3d7c078e76ccc5661104f0e512b5e34e0b9b3eba5441315cf4da91b562d9d181e2a89881d003057012507590e1007bb3e671bb88ec74b4e792c60302929d2fefe6215f6efa12c2e0d6c4ee794e3ed1fdf4c2b5ceea7d6b40706ec5950b59934f52"}, 0x88, 0x0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000180), 0x1, 0x2) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_POLL(r2, &(0x7f0000002240)={0x18, 0xfffffffffffffff5, r3, {0x4}}, 0x18) sendto$inet_nvme_icreq_pdu(r0, &(0x7f0000002280)={{0x0, 0x8, 0x80, 0x79}, 0x0, 0x0, 0x1, 0x7}, 0x80, 0x0, 0x0, 0x0) fsync(r2) syz_usb_disconnect(0xffffffffffffffff) read$FUSE(r2, &(0x7f0000002300)={0x2020}, 0x2020) write$usbip_server(r2, &(0x7f0000004340)=@ret_unlink={{0x4, 0x7, 0x0, 0x1, 0x401}, {0x8001}}, 0x30) r5 = openat$cgroup_pressure(r2, &(0x7f0000004380)='memory.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r5, &(0x7f00000043c0)={'full', 0x20, 0x1, 0x20, 0x8000000000000000}, 0x2f) r6 = syz_open_procfs$userns(r4, &(0x7f0000004440)) sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000004540)={&(0x7f0000004400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000004500)={&(0x7f0000004480)={0x44, 0x1402, 0x1, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r6}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r2}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000014}, 0x4000800) syz_genetlink_get_family_id$ethtool(&(0x7f0000004580), r2) syz_open_dev$usbfs(&(0x7f00000045c0), 0x4, 0xc4001) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000004600)) ioctl$AUTOFS_IOC_SETTIMEOUT(r1, 0x80049367, &(0x7f0000004640)=0x9) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000004680)=0xe439, 0x4) r7 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000046c0), r2) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000004700)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2ced, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x40, 0xff, [{{0x9, 0x4, 0x0, 0x3e, 0x1, 0x3, 0x1, 0x5, 0xfc, {0x9, 0x21, 0xbd4e, 0x5, 0x1, {0x22, 0x223}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x7, 0x5, 0x3}}}}}]}}]}}, &(0x7f0000004840)={0xa, &(0x7f0000004740)={0xa, 0x6, 0x100, 0x3, 0x81, 0x5, 0x40, 0xec}, 0x4a, &(0x7f0000004780)={0x5, 0xf, 0x4a, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0x0, 0x7, 0xfe00}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "89ff7e4130c2177459abeeffae8fe72f"}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x5, 0x9, 0x2d40}, @ssp_cap={0x20, 0x10, 0xa, 0x0, 0x5, 0xe6, 0xf88f, 0x1a27, [0xc000, 0x0, 0xff00c0, 0xc0, 0xfebf00]}]}, 0x1, [{0x4, &(0x7f0000004800)=@lang_id={0x4, 0x3, 0x41b}}]}) r8 = openat2(r2, &(0x7f0000004880)='./file0\x00', &(0x7f00000048c0)={0x100080, 0x53, 0x4}, 0x18) ioctl$VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000004900)={0x6, 0x8}) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000004980)={'team0\x00', 0x0}) getsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f00000049c0)={@ipv4={""/10, ""/2, @loopback}, 0x0}, &(0x7f0000004a00)=0x14) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000004d80)={r2, 0xe0, &(0x7f0000004c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000004a40)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000004a80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000004b00)=[0x0], 0x0, 0xa5, &(0x7f0000004b40)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000004bc0), &(0x7f0000004c00), 0x8, 0x4d, 0x8, 0x8, &(0x7f0000004c40)}}, 0x10) getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000004dc0)=0x0, &(0x7f0000004e00)=0x4) sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f00000053c0)={&(0x7f0000004940)={0x10, 0x0, 0x0, 0x80010}, 0xc, &(0x7f0000005380)={&(0x7f00000050c0)={0x290, 0x0, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [{{0x8, 0x1, r9}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r10}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r11}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xff}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x290}, 0x1, 0x0, 0x0, 0x4008840}, 0x20044004) 2.233802721s ago: executing program 3 (id=862): r0 = memfd_create(&(0x7f0000000300)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4) ftruncate(r0, 0x400000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000041c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408, 0x8}}, 0x50) syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r5 = dup2(r3, r2) lseek(r5, 0xffffffffffffff4c, 0x0) close(r1) r6 = syz_open_procfs$userns(0x0, &(0x7f0000000080)) ioctl$NS_GET_USERNS(r6, 0xb701, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r8 = dup(r7) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r8, 0x8008ae9d, &(0x7f0000002a00)=""/4096) ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000000)=""/3, &(0x7f0000000040)=0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) r9 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r9, &(0x7f0000002b40)={0x0, 0x0, &(0x7f0000002b00)={&(0x7f0000002ac0)={0x18, 0x1409, 0x1, 0x70bd26, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x46004}, 0xc080) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x0, 0x0, 0x0) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r10, &(0x7f0000000000), 0xd) finit_module(r0, 0x0, 0x0) 2.153639593s ago: executing program 3 (id=863): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100, 0x1000000, 0x20000}, &(0x7f0000000040), &(0x7f0000000080)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0xc1842, 0x0) syz_usb_disconnect(0xffffffffffffffff) io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000000)={&(0x7f0000002000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4, 0x1}, 0x1) socket(0x9, 0x2, 0x0) r2 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0) fsopen(&(0x7f0000000ec0)='zonefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='source', &(0x7f0000000400)='//\xf2/\x06\b///\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L6\x18\x91\xd2_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\x04\x00\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\xc8\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0x0}, &(0x7f0000000140)=0xc) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x5c1, '\x00', r3, r4, 0x0, 0x3}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.745347056s ago: executing program 2 (id=865): r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$rfkill(r0, &(0x7f00000000c0), 0x8) r1 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x44) fcntl$setlease(r1, 0x400, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x600, 0x48) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000040)) 1.615989971s ago: executing program 2 (id=866): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x8, 0x0, 0x9, 0xb}, {0x0, 0x4, 0x3, 0xd9}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x1, 0x8, 0xb}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r5, r4, 0x7}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r3}, 0x20) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[], 0x14}}, 0x0) sendto$inet6(r3, &(0x7f0000000040)="0b118f2b4190be586d04d99304c7975dfca451f6a36e5e11c583738f22bfc241adfd70c9456ea4fe6a5e0716c24ab3", 0xfffffffffffffea5, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c) r6 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x8, 0x400000) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000200)={r1, 0x1, r6, 0x0, 0x80000}) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)=0x0) sched_setaffinity(r8, 0x8, &(0x7f0000000080)=0x7fff) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "08b3fea3b593f07ff0a824c7f84d3a88a3f9e43418f219b378af0ed839ab9571", "61660d04373a43126e8905b2ca7b0d38dd6df301cf2c530ef41e8942258526fe", "efd9822b6187d06709b81ae9816a427a8d96f4404da0374805cc148ac911fba8", "19873536aa90d103ed81a6fbe1fa53814f0d72fa63cc5bf8e0a1b3763704f761", "080604a9590600000000804a40e2e2aa9c8eca6b7865c81e30615593e8554900", "ee2cfba13b974df37c5decf5", 0x1, 0xc89, 0x81, 0x401, 0x6}}) r9 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'ipvlan0\x00', @remote}) 1.445743593s ago: executing program 0 (id=867): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) unshare(0x22020600) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) r2 = fsmount(r1, 0x0, 0x4) r3 = openat$cgroup_pressure(r2, 0x0, 0x2, 0x0) read(r3, &(0x7f0000000040)=""/252, 0xfc) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "d285b6853bc4dc54c6910c1d66f8841a"}]}}}}}}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_netdev_private(r4, 0x89fc, &(0x7f0000000180)="a6cc52c1d0f2b4e3d8a8b3908400ffda8541aa29b89602552b93ef6f16d7762b103596bb1c40cd2dfa6c1238771c37e8b453a4c5adea812ba640c106dedab54d048b8a58659c0a5b7c42282953d513a80ffeb3f013006588000075ce0f6463f5516b035ba8b77dadd977fb379b7f1337929645ba3d91186403a019119fb98ca920dd6583729a708e293eb57123a9a4445e97a6ba544885a6524f0148ed0616d807feaaa2edb6bdf2f45bd0fa398a63bde8c610350540fe7fe0f6ffe2913c86788f0a32f6c70bec6756cf2c86901719") 1.445129746s ago: executing program 3 (id=868): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0x100, 0x10000000, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) r1 = socket$kcm(0x10, 0x2, 0x4) close(r1) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000400eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) 1.285985226s ago: executing program 2 (id=869): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_CTRL(r1, 0xc008561b, &(0x7f00000000c0)={0x9909cb, 0x9}) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00)) socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000540)={{0xb, 0x6, 0x0, 0x2, 'syz0\x00', 0x281d}, 0x0, [0x1, 0x4ea3, 0x9, 0x56cd, 0x5, 0x6, 0x0, 0x80000001, 0x201, 0x1, 0x3fb, 0x1, 0x9, 0x7, 0x4, 0x10000, 0x43, 0x49b5e351, 0xfffffffffffffffc, 0xe8de, 0xfffffffffffffff9, 0x9, 0x1ff, 0x9, 0x1, 0x8, 0x80000000, 0x4, 0x2, 0x8000, 0x8, 0xa36, 0x57bf4b04, 0x4, 0x40000000000001, 0x6, 0x8, 0x100000000, 0x8, 0x7ff, 0x6, 0x401, 0x5, 0x1, 0x1ff, 0x10000, 0x2, 0xb7, 0x0, 0x5, 0xbe5, 0xa0000000000, 0x0, 0x1, 0x8, 0x8000000000000000, 0xd3d, 0xbbeb, 0x1, 0x6, 0x4, 0x6, 0x8001, 0x3, 0x1, 0xec7, 0x646, 0xc58e, 0x3, 0x11ad, 0x0, 0x6, 0x8000, 0x100080, 0x7f, 0x9, 0x1, 0x5, 0x8000000000000000, 0x4, 0x7, 0xa5, 0x1b13, 0x4, 0x85, 0x8, 0x4, 0xf75, 0x9, 0xb, 0xffffffffffff66e3, 0xfffffffffffffff9, 0x851a, 0x5e997b8e, 0x0, 0x7, 0xffffffffffffffff, 0x3, 0x100, 0x4, 0x3ff, 0x6, 0x0, 0xffffffffffffff95, 0xa, 0x108000001, 0xcc7e, 0x8, 0x0, 0x6, 0x6, 0xfffffffffffffd96, 0x3f3, 0x1, 0x4, 0x0, 0x7, 0x5, 0x6, 0x1, 0xe1, 0xec2, 0x1, 0x5, 0xfff, 0x0, 0x80]}) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x3, @remote, 'geneve0\x00'}}, 0x1e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x30) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, 0x0, &(0x7f0000000200)) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3c}}}}, &(0x7f0000000240)=0x84) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000002100)={0x18, {"a2e3ad2119c752f91b5e09091bf70e0dd038e7ff7fc6e5539b324d078b089b3b0838721a0890e0878f0e1ac6e7049b3d63959b509a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70d998ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5af098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000108000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b2fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f794c9eee1198751adaa13d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d8872fe174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f980000000203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, &(0x7f0000000200)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x2c}}, &(0x7f0000000000)='syzkaller\x00'}, 0x94) sendmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) 1.155609574s ago: executing program 0 (id=870): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x103000, 0x0) r1 = syz_open_pts(r0, 0x400) dup3(r0, r1, 0x80000) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@bridge_newvlan={0xfffffffffffffc6e, 0x70, 0x239, 0x70bd2a, 0x25dfdbfb, {}, [@BRIDGE_VLANDB_ENTRY={0xf, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0x8}}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x2404c0d0) 1.154100598s ago: executing program 3 (id=871): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r0, 0x8982, &(0x7f0000000180)) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FLUSH_PMKSA(r4, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x8, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x8890) sendmsg$NL80211_CMD_SET_WIPHY(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x30, r5, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x5}, @NL80211_ATTR_WIPHY_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x8800) sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r5, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @void}}}, 0x28}}, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r5, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8ef, 0x54}}}}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x2, 0x3, 0x0, 0x0, {0x6, 0x9, 0x0, 0x3bf, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x1, 0x29df, 0x3}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40090}, 0x44) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x6, 0x0, 0xfd}, {0x4}, {0x6, 0x0, 0xa, 0x8}]}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x5c}, [@ldst={0x7, 0x2}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x48) 1.153805289s ago: executing program 0 (id=872): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) r1 = socket$inet6(0xa, 0x3, 0x5) syz_usbip_server_init(0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000002, 0x8010, 0xffffffffffffffff, 0x0) socket$kcm(0x21, 0x2, 0x2) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0e"], 0x22) r2 = socket$l2tp6(0xa, 0x2, 0x73) r3 = dup3(r2, r1, 0x0) sendmmsg$inet6(r3, &(0x7f0000001580)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast2, 0x5}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1400000000000000290000000b0000000008"], 0x18}}], 0x1, 0x0) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100), 0x3f00, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r7}, 0x10) r8 = socket$kcm(0x29, 0x7, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000280)={r3, r6}) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r9}, 0x10) io_setup(0x3, &(0x7f0000000340)) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/../file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x11}, 0x18) mount$9p_virtio(&(0x7f0000000040), &(0x7f00000001c0)='.\x00', &(0x7f0000000080), 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d76697274696f2c6d73697a653d3078303030303030303030303030333532352c001c47d2cb1e071aea"]) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r10, &(0x7f0000003480)={0x2020}, 0x2020) shutdown(r0, 0x1) r11 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b408000000000000611054000000000006040000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000080)={0x0, 0x8}, 0x10}, 0x94) r12 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r12, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=@newlink={0x3c, 0x10, 0x100, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x29963}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5, 0x9, 0x10}]}}}]}, 0x3c}}, 0x20000000) 666.719809ms ago: executing program 2 (id=873): r0 = fsopen(&(0x7f0000000000)='adfs\x00', 0x1) r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000002c0), 0x18d100, 0x0) ioctl$CDROM_TIMED_MEDIA_CHANGE(r1, 0x5396, &(0x7f0000000040)={0x200008, 0x1}) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r2 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r2, &(0x7f00000002c0)='./file1\x00', 0x6000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) chdir(&(0x7f0000001180)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xd4, 0xfffffffffffffff0}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 666.41741ms ago: executing program 2 (id=874): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) openat$hpet(0xffffffffffffff9c, &(0x7f00000002c0), 0x20001, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x4, 0xe, &(0x7f00000007c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff1100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45001ccaad505063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e57c7efe91ae5a53216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b0501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9ba898573b34d"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0x0, 0x2}, 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='veno\x00', 0x5) r6 = socket$vsock_stream(0x28, 0x1, 0x0) listen(r6, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r8 = accept4(r6, 0x0, 0x0, 0x0) recvmsg$kcm(r8, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x1}, 0x40000020) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c) bind$inet6(r9, &(0x7f0000000140)={0xa, 0x4e21, 0x7fff, @empty, 0x10001}, 0x1c) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendto$inet(r4, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0) ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f0000000040)={0xc7, 0x0, 0x1}) 414.131041ms ago: executing program 0 (id=875): socket$netlink(0x10, 0x3, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x40044160, 0x3) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) (async) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x20, 0x4, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040080}, 0x40000) r5 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r5}]}, 0x1c}}, 0x20000080) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r5}]}, 0x1c}}, 0x20000080) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) sendmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) (async) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000300)='./file0\x00') bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000000c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xa3, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000002c0), &(0x7f0000000380), 0x8, 0xc1, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000000c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xa3, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000002c0), &(0x7f0000000380), 0x8, 0xc1, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, r7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r8, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r8, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') (async) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) 216.780765ms ago: executing program 3 (id=876): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000600)={0xd, @win={{0xd, 0x7f, 0x9c3, 0x5}, 0x5, 0x0, 0x0, 0x5, 0x0, 0x5}}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0xfd, 0x2, 0x1, 0x6, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x2, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xe6e60000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xb4, 0x2, 0x4, 0x3, 0x4, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x10, 0x0, 0x8, 0x2, 0x1, 0x4, 0x0, 0x4, 0x9, 0x10}, {0xcccff001, 0x0, 0xa, 0x0, 0x0, 0x0, 0x2, 0x1, 0x7, 0x4}, {0x2000, 0xdddd0000, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4, 0x8}, {0xeeee8000, 0x3000, 0xb, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x5000, 0xd000, 0x0, 0x7, 0xc, 0x0, 0x2, 0x0, 0x4, 0x10, 0x80}, {0xdddd1000, 0x100000, 0xa, 0x6, 0x0, 0x0, 0x2, 0x4, 0x10}, {0x8080000, 0x3000, 0x0, 0x1, 0x7f, 0x4, 0x0, 0x1a, 0x26, 0x0, 0xff}, {0x80ac000}, {0xdddd1000}, 0xddf9fffb, 0x0, 0x1, 0x70, 0x0, 0xdd00, 0x5000, [0xfffffffffffffffc, 0x0, 0x1, 0xfffffffffffffffc]}) r5 = socket(0x28, 0x1, 0x0) getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r7 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffb, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000380)="8f176e010064", 0x0, 0x10, 0x1001a, 0x0, 0x0}) r8 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$CDROMMULTISESSION(0xffffffffffffffff, 0x5310, &(0x7f0000000040)={@lba=0x4, 0x20, 0x2}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@ip_ttl={{0x14, 0x0, 0x2, 0x800}}], 0x18}, 0x80) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r9, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000074fd2a4d391c5b2743a600100000120a01020000000000000000020073797a310000000008000440000000000900010073797a3100000000080003400000000a140000001100010000000000000000000000000a0000000000001c04472b71e88a14bd19fa0c740287184ffc9acad6899dbdda535f4480600f700c6f37774392888971619eb0d56e91442136dc1618053b76e73b3f0fb36e866c68c4c0af00b2c45226abe36d41e86f8afeaa3fb4cc68ae6eaae5d2d189c1b422ffba22f5bad24387e48da8b8000000000000000000"], 0x64}}, 0x0) ioctl$SIOCGETSGCNT_IN6(0xffffffffffffffff, 0x89e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) ioctl$KVM_GET_DEBUGREGS(r11, 0x8080aea1, &(0x7f0000000300)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000380)={0x0, 0x1}, 0x8) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) sendto$inet(r8, &(0x7f0000000100)="ab", 0x34000, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffcb1, &(0x7f0000000240)={&(0x7f00000019c0)=@delchain={0x2c, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x2c}}, 0x0) 3.330163ms ago: executing program 3 (id=877): r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000e5000000850000003900000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x10000004, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000100)={0x1, @raw_data="f210040fbc756187152d608a2bfac52370e3a80ce2d83cc3ab02a19ef300f39be6c49a56f6f1ab3326f93529c8638b6ca31251be3f023f281a3e60a98f4c6759800b8a4ee0d221fa1cc9d257fe8618afcaa64266e427705c1e60839bb4815a626ee41a04d3e7c4f5f0feb90ccb46897cec802a7807f971001d3c96939f554511221521bdaa90f4312622c36eb488a97ddb69f9718de293b79558e3b4c7ad8e9e0bb64f53c4ff85f1b0c84748007f3b54ff2b1dc14cbff1c832236c5f82dc31c725251361171e0159"}) (async) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000010400000000fc1e392500000000", @ANYRES32=0x0, @ANYBLOB="00000300000100001c0012800b000100697036746e6c00000c000280050006007f000000"], 0x3c}}, 0x24000840) 0s ago: executing program 1 (id=878): r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) r1 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r3, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) lseek(r3, 0x0, 0x4) r4 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$HIDIOCGNAME(r0, 0x80404806, &(0x7f00000002c0)) ppoll(&(0x7f00000001c0)=[{r4}], 0x1, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x10}}, 0x4400c420) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x74, 0x74, 0x7, [@func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0xb, 0x3}, {0xb, 0x2}, {0xe, 0x5}, {0xa, 0x5}, {0xd}, {0xa, 0x4}]}, @enum={0xf, 0x4, 0x0, 0x6, 0x4, [{0xc}, {0xf, 0x9}, {0x5, 0x4be}, {0xf, 0x7}]}, @volatile={0xf, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x61, 0x0, 0x5f, 0x0, 0x5f]}}, &(0x7f0000000400)=""/155, 0x93, 0x9b, 0x0, 0x8}, 0x28) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001800)={&(0x7f00000017c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@const={0x6, 0x0, 0x0, 0xa, 0x3}, @func={0x3, 0x0, 0x0, 0xc, 0x1}]}}, 0x0, 0x32, 0x0, 0x1, 0x9}, 0x28) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0x66, 0x0}, 0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000019c0)={{}, &(0x7f0000000100), 0x0}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000001840)={0x6, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x99, &(0x7f0000001900)=""/153, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfeffffff}, 0x94) r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000140)={'aio_iiro_16\x00', [0x9e1, 0x2566, 0xfffffffe, 0x100000, 0x8, 0x0, 0x5, 0x10, 0x1002, 0xffffffff, 0x1, 0x5, 0x344, 0x1, 0x7, 0x1, 0x8, 0x3, 0x5, 0xe, 0x100, 0x1003, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0x7df, 0x8, 0x400007, 0x1]}) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6299b5, 0x70bd29, 0x25dfdbfe, {0xa, 0x0, 0x8, 0xff, r8}, [@IFA_LOCAL={0x14, 0x2, @rand_addr=' \x01\x00'}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x80000000, 0x800, 0x807c}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c804}, 0x0) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r9, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x3}}) kernel console output (not intermixed with test programs): [ 38.152820][ T40] audit: type=1400 audit(1752130280.404:61): avc: denied { siginh } for pid=5857 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:5025' (ED25519) to the list of known hosts. [ 39.147502][ T40] audit: type=1400 audit(1752130281.424:62): avc: denied { name_bind } for pid=5876 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.167917][ T40] audit: type=1400 audit(1752130281.444:63): avc: denied { write } for pid=5877 comm="sh" path="pipe:[5926]" dev="pipefs" ino=5926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 39.183745][ T40] audit: type=1400 audit(1752130281.464:64): avc: denied { execute } for pid=5877 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 39.190488][ T40] audit: type=1400 audit(1752130281.464:65): avc: denied { execute_no_trans } for pid=5877 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 40.960546][ T40] audit: type=1400 audit(1752130283.234:66): avc: denied { mounton } for pid=5877 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 40.964899][ T5877] cgroup: Unknown subsys name 'net' [ 41.145307][ T5877] cgroup: Unknown subsys name 'cpuset' [ 41.149533][ T5877] cgroup: Unknown subsys name 'rlimit' [ 41.333219][ T5926] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 41.996351][ T5877] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.790327][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 44.790338][ T40] audit: type=1400 audit(1752130287.064:80): avc: denied { execmem } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.976952][ T40] audit: type=1400 audit(1752130287.254:81): avc: denied { create } for pid=5949 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 44.986460][ T40] audit: type=1400 audit(1752130287.254:82): avc: denied { read write } for pid=5949 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 44.993816][ T40] audit: type=1400 audit(1752130287.254:83): avc: denied { open } for pid=5949 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.000986][ T40] audit: type=1400 audit(1752130287.264:84): avc: denied { ioctl } for pid=5949 comm="syz-executor" path="socket:[3827]" dev="sockfs" ino=3827 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.030526][ T5961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.033231][ T5961] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.033611][ T5963] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.036376][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.039117][ T5963] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.040206][ T5964] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.040650][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.041156][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.041416][ T5961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.043008][ T5961] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.043311][ T5966] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.046829][ T40] audit: type=1400 audit(1752130287.324:85): avc: denied { read } for pid=5953 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.049656][ T5964] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.050248][ T5961] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.052291][ T5964] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.055430][ T5961] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.055770][ T40] audit: type=1400 audit(1752130287.324:86): avc: denied { open } for pid=5953 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.055796][ T40] audit: type=1400 audit(1752130287.324:87): avc: denied { mounton } for pid=5953 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.055854][ T5963] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.056714][ T5963] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.056957][ T5963] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.058634][ T5963] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.066193][ T5964] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.200921][ T40] audit: type=1400 audit(1752130287.474:88): avc: denied { module_request } for pid=5953 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.250137][ T5953] chnl_net:caif_netlink_parms(): no params data found [ 45.331198][ T5954] chnl_net:caif_netlink_parms(): no params data found [ 45.362083][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 45.403605][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.405862][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.408213][ T5953] bridge_slave_0: entered allmulticast mode [ 45.410835][ T5953] bridge_slave_0: entered promiscuous mode [ 45.417813][ T5953] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.420069][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.422291][ T5953] bridge_slave_1: entered allmulticast mode [ 45.425188][ T5953] bridge_slave_1: entered promiscuous mode [ 45.479160][ T5953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.530032][ T5953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.601248][ T5954] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.605598][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.608559][ T5954] bridge_slave_0: entered allmulticast mode [ 45.612279][ T5954] bridge_slave_0: entered promiscuous mode [ 45.621897][ T5953] team0: Port device team_slave_0 added [ 45.624227][ T5954] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.627273][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.630178][ T5954] bridge_slave_1: entered allmulticast mode [ 45.633624][ T5954] bridge_slave_1: entered promiscuous mode [ 45.690545][ T5953] team0: Port device team_slave_1 added [ 45.706328][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 45.713476][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.715773][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.718437][ T5951] bridge_slave_0: entered allmulticast mode [ 45.721476][ T5951] bridge_slave_0: entered promiscuous mode [ 45.739977][ T5954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.749345][ T5954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.752195][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.754658][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.756894][ T5951] bridge_slave_1: entered allmulticast mode [ 45.759472][ T5951] bridge_slave_1: entered promiscuous mode [ 45.791383][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.793621][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.801461][ T5953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.856051][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.858233][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.867276][ T5953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.898555][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.914582][ T5954] team0: Port device team_slave_0 added [ 45.918610][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.967957][ T5954] team0: Port device team_slave_1 added [ 45.986165][ T5951] team0: Port device team_slave_0 added [ 46.034652][ T5951] team0: Port device team_slave_1 added [ 46.036645][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.038858][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.041090][ T5949] bridge_slave_0: entered allmulticast mode [ 46.044411][ T5949] bridge_slave_0: entered promiscuous mode [ 46.063859][ T5953] hsr_slave_0: entered promiscuous mode [ 46.066100][ T5953] hsr_slave_1: entered promiscuous mode [ 46.082245][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.085062][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.087308][ T5949] bridge_slave_1: entered allmulticast mode [ 46.089869][ T5949] bridge_slave_1: entered promiscuous mode [ 46.093374][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.095552][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.103463][ T5954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.146874][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.149056][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.157092][ T5954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.169785][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.172825][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.183386][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.208011][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.227280][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.229450][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.237815][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.246012][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.297813][ T5954] hsr_slave_0: entered promiscuous mode [ 46.299999][ T5954] hsr_slave_1: entered promiscuous mode [ 46.302020][ T5954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.304604][ T5954] Cannot create hsr debugfs directory [ 46.406529][ T5951] hsr_slave_0: entered promiscuous mode [ 46.409662][ T5951] hsr_slave_1: entered promiscuous mode [ 46.412469][ T5951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.416828][ T5951] Cannot create hsr debugfs directory [ 46.421717][ T5949] team0: Port device team_slave_0 added [ 46.445367][ T5949] team0: Port device team_slave_1 added [ 46.557208][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.559399][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.568013][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.581402][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.584760][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.592684][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.669390][ T5949] hsr_slave_0: entered promiscuous mode [ 46.671975][ T5949] hsr_slave_1: entered promiscuous mode [ 46.674678][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.677332][ T5949] Cannot create hsr debugfs directory [ 46.722882][ T5953] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.747180][ T5953] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.756565][ T5953] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.774597][ T5953] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.829751][ T5954] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.840742][ T5954] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.845982][ T5954] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.860723][ T5954] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.887470][ T5951] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.896978][ T5951] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.901605][ T5951] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.916261][ T5951] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.963756][ T5949] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.969051][ T5949] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.973413][ T5949] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.978505][ T5949] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.021544][ T5953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.057108][ T5953] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.063110][ T5964] Bluetooth: hci2: command tx timeout [ 47.069477][ T5954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.072821][ T5964] Bluetooth: hci1: command tx timeout [ 47.075950][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.078261][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.082951][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.093444][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.095683][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.124250][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.129099][ T5954] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.141200][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.142928][ T5964] Bluetooth: hci0: command tx timeout [ 47.143502][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.148056][ T5964] Bluetooth: hci3: command tx timeout [ 47.156254][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.158501][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.167658][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.169888][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.178266][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.185808][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.188051][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.221784][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.226190][ T40] audit: type=1400 audit(1752130289.504:89): avc: denied { sys_module } for pid=5953 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 47.236349][ T5954] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.239664][ T5954] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.251329][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.253633][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.259365][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.262252][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.309951][ T5953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.337805][ T5953] veth0_vlan: entered promiscuous mode [ 47.343009][ T5953] veth1_vlan: entered promiscuous mode [ 47.353045][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.361599][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.376464][ T5953] veth0_macvtap: entered promiscuous mode [ 47.380491][ T5953] veth1_macvtap: entered promiscuous mode [ 47.396299][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.403513][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.415300][ T5951] veth0_vlan: entered promiscuous mode [ 47.418715][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.424828][ T5953] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.427620][ T5953] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.430288][ T5953] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.433772][ T5953] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.444979][ T5954] veth0_vlan: entered promiscuous mode [ 47.447061][ T5951] veth1_vlan: entered promiscuous mode [ 47.466647][ T5954] veth1_vlan: entered promiscuous mode [ 47.479050][ T5951] veth0_macvtap: entered promiscuous mode [ 47.488925][ T5951] veth1_macvtap: entered promiscuous mode [ 47.501988][ T5949] veth0_vlan: entered promiscuous mode [ 47.515683][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.516241][ T5954] veth0_macvtap: entered promiscuous mode [ 47.518181][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.520999][ T5949] veth1_vlan: entered promiscuous mode [ 47.526668][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.532044][ T5954] veth1_macvtap: entered promiscuous mode [ 47.545503][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.549459][ T5951] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.552250][ T5951] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.555759][ T5951] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.558455][ T5951] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.569735][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.570867][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.572382][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.589381][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.597317][ T5954] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.602239][ T5954] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.605736][ T5954] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.608432][ T5954] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.616990][ T5953] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.625047][ T5949] veth0_macvtap: entered promiscuous mode [ 47.637102][ T5949] veth1_macvtap: entered promiscuous mode [ 47.654075][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.656553][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.670269][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.680913][ T1249] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.681152][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.684387][ T1249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.687872][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.703989][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.710567][ T1249] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.713595][ T1249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.714253][ T5949] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.719464][ T5949] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.723775][ T5949] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.727431][ T5949] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.784328][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.789405][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.816367][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.819158][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.836242][ T6050] pim6reg: entered allmulticast mode [ 47.839068][ T6050] netlink: 80 bytes leftover after parsing attributes in process `syz.3.7'. [ 47.842263][ T6050] pim6reg: left allmulticast mode [ 47.911084][ T6058] trusted_key: syz.3.9 sent an empty control message without MSG_MORE. [ 47.933487][ T6051] mmap: syz.0.5 (6051) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 47.958762][ T6063] atomic_op ffff8880326f4998 conn xmit_atomic 0000000000000000 [ 48.031394][ T6070] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12'. [ 48.037193][ T6070] xfrm1: entered promiscuous mode [ 48.038869][ T6070] xfrm1: entered allmulticast mode [ 48.115568][ T6083] xt_policy: output policy not valid in PREROUTING and INPUT [ 48.119629][ T6083] xt_policy: output policy not valid in PREROUTING and INPUT [ 48.160440][ T6090] Unknown options in mask 5 [ 48.163872][ T6088] efs: device does not support 512 byte blocks [ 48.166079][ T6088] device does not support 512 byte blocks [ 48.166079][ T6088] [ 48.216762][ T6097] netlink: 16 bytes leftover after parsing attributes in process `syz.3.18'. [ 48.247618][ T6100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 48.256468][ T6100] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.260057][ T6100] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.264236][ T6100] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.267604][ T6100] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.275288][ T6100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 48.278264][ T6100] Zero length message leads to an empty skb [ 48.318819][ T6108] overlayfs: failed to resolve './file1': -2 [ 48.366155][ T6112] IPVS: Unknown mcast interface: nicvf0 [ 48.402645][ T6116] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 48.403807][ T6118] ======================================================= [ 48.403807][ T6118] WARNING: The mand mount option has been deprecated and [ 48.403807][ T6118] and is ignored by this kernel. Remove the mand [ 48.403807][ T6118] option from the mount to silence this warning. [ 48.403807][ T6118] ======================================================= [ 48.419061][ T6118] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 48.512777][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.554801][ T6134] netlink: 'syz.2.29': attribute type 1 has an invalid length. [ 48.558471][ T6134] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50173 sclass=netlink_route_socket pid=6134 comm=syz.2.29 [ 49.142627][ T5964] Bluetooth: hci1: command tx timeout [ 49.153835][ T5964] Bluetooth: hci2: command tx timeout [ 49.223030][ T5964] Bluetooth: hci3: command tx timeout [ 49.225165][ T63] Bluetooth: hci0: command tx timeout [ 49.317122][ T6153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.35'. [ 49.325055][ T63] Bluetooth: hci1: Malformed HCI Event: 0x22 [ 49.437375][ T6163] netlink: 4 bytes leftover after parsing attributes in process `syz.1.38'. [ 50.055649][ T40] kauditd_printk_skb: 129 callbacks suppressed [ 50.055660][ T40] audit: type=1400 audit(1752130292.334:219): avc: denied { create } for pid=6175 comm="syz.2.41" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 50.063322][ T6176] nbd: must specify a size in bytes for the device [ 50.065456][ T40] audit: type=1400 audit(1752130292.334:220): avc: denied { write } for pid=6175 comm="syz.2.41" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 50.262225][ T6183] netlink: 12 bytes leftover after parsing attributes in process `syz.2.44'. [ 50.275332][ T6183] netlink: 28 bytes leftover after parsing attributes in process `syz.2.44'. [ 50.278072][ T6183] netlink: 12 bytes leftover after parsing attributes in process `syz.2.44'. [ 50.349295][ T40] audit: type=1400 audit(1752130292.624:221): avc: denied { nlmsg_read } for pid=6186 comm="syz.2.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 50.407168][ T40] audit: type=1400 audit(1752130292.684:222): avc: denied { bind } for pid=6192 comm="syz.2.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 50.414492][ T6193] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.414774][ T40] audit: type=1400 audit(1752130292.684:223): avc: denied { create } for pid=6192 comm="syz.2.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 50.424577][ T40] audit: type=1400 audit(1752130292.684:224): avc: denied { ioctl } for pid=6192 comm="syz.2.48" path="socket:[10253]" dev="sockfs" ino=10253 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 50.434832][ T40] audit: type=1400 audit(1752130292.694:225): avc: denied { read } for pid=6192 comm="syz.2.48" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 50.442443][ T40] audit: type=1400 audit(1752130292.694:226): avc: denied { open } for pid=6192 comm="syz.2.48" path="/dev/dri/card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 50.451672][ T40] audit: type=1400 audit(1752130292.694:227): avc: denied { ioctl } for pid=6192 comm="syz.2.48" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64c8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 50.461718][ T40] audit: type=1400 audit(1752130292.694:228): avc: denied { ioctl } for pid=6192 comm="syz.2.48" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 50.688586][ T6206] pvfs2: Unknown parameter '](-' [ 50.785499][ T6215] overlayfs: cannot append lower layer [ 50.788684][ T6215] xt_hashlimit: size too large, truncated to 1048576 [ 51.042734][ T6036] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 51.210152][ T6036] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 51.215096][ T6036] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 51.219316][ T6036] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 51.222729][ T63] Bluetooth: hci2: command tx timeout [ 51.222816][ T63] Bluetooth: hci1: command tx timeout [ 51.226335][ T6036] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 51.230286][ T6036] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 51.234136][ T6036] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.238060][ T6036] usb 5-1: config 0 descriptor?? [ 51.241503][ T6217] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 51.302680][ T5964] Bluetooth: hci0: command tx timeout [ 51.302714][ T63] Bluetooth: hci3: command tx timeout [ 51.481811][ T6258] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 51.652289][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.655463][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.663690][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.667219][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.670190][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.672521][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.675619][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.678167][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.680482][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.683504][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.685831][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.688121][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.690479][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.692929][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.695227][ T6036] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 51.714712][ T6036] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 51.907700][ T6017] usb 5-1: USB disconnect, device number 2 [ 51.917583][ T6293] netlink: 'syz.2.74': attribute type 3 has an invalid length. [ 51.920941][ T6293] netlink: 'syz.2.74': attribute type 1 has an invalid length. [ 51.924264][ T6293] NCSI netlink: No device for ifindex 0 [ 52.127740][ T6299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 52.449441][ T6322] openvswitch: netlink: IP tunnel TTL not specified. [ 52.499406][ T6329] input: syz0 as /devices/virtual/input/input5 [ 52.711205][ T6350] netlink: 'syz.1.91': attribute type 2 has an invalid length. [ 52.726938][ T6352] bpf: Bad value for 'uid' [ 52.741437][ T6358] process 'syz.1.94' launched '/dev/fd/5' with NULL argv: empty string added [ 52.742903][ T6036] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 52.769704][ T6354] batadv_slave_1: entered promiscuous mode [ 52.775639][ T6357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 52.788594][ T6353] batadv_slave_1: left promiscuous mode [ 52.904265][ T6372] Falling back ldisc for ttyS3. [ 52.913412][ T6036] usb 5-1: Using ep0 maxpacket: 8 [ 52.922205][ T6036] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 52.925833][ T6036] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.928330][ T6036] usb 5-1: Product: syz [ 52.929641][ T6036] usb 5-1: Manufacturer: syz [ 52.931116][ T6036] usb 5-1: SerialNumber: syz [ 52.940491][ T6375] __nla_validate_parse: 6 callbacks suppressed [ 52.940501][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.953877][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.956655][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.959381][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.962775][ T6375] netdevsim netdevsim1 ªªªªªª: renamed from netdevsim0 (while UP) [ 52.969820][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.974458][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.977187][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 52.979912][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 53.038318][ T6382] netlink: 'syz.1.101': attribute type 1 has an invalid length. [ 53.040726][ T6382] netlink: 224 bytes leftover after parsing attributes in process `syz.1.101'. [ 53.141041][ T6036] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 53.302808][ T63] Bluetooth: hci1: command tx timeout [ 53.303591][ T5964] Bluetooth: hci2: command tx timeout [ 53.353971][ T6386] netlink: 248 bytes leftover after parsing attributes in process `syz.1.102'. [ 53.392907][ T5964] Bluetooth: hci0: command tx timeout [ 53.392932][ T63] Bluetooth: hci3: command tx timeout [ 53.673691][ T6417] openvswitch: netlink: Missing key (keys=100040, expected=80) [ 53.703723][ T6419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.707242][ T6419] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.746134][ T6421] sock: sock_timestamping_bind_phc: sock not bind to device [ 53.750488][ T6421] 9pnet_fd: p9_fd_create_tcp (6421): problem connecting socket to 127.0.0.1 [ 53.754058][ T6424] xt_hashlimit: size too large, truncated to 1048576 [ 53.978121][ T6449] xt_CT: You must specify a L4 protocol and not use inversions on it [ 54.118187][ T6459] netlink: 'syz.3.118': attribute type 1 has an invalid length. [ 54.133453][ T6459] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.178936][ T6466] netlink: 'syz.1.123': attribute type 20 has an invalid length. [ 54.533213][ T838] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 54.682607][ T838] usb 6-1: Using ep0 maxpacket: 8 [ 54.685430][ T838] usb 6-1: config 1 has an invalid descriptor of length 235, skipping remainder of the config [ 54.688644][ T838] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 54.694286][ T838] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 54.697077][ T838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.699556][ T838] usb 6-1: Product: syz [ 54.700873][ T838] usb 6-1: Manufacturer: syz [ 54.702359][ T838] usb 6-1: SerialNumber: syz [ 55.196195][ T6499] block nbd2: shutting down sockets [ 55.501233][ T6017] usb 5-1: USB disconnect, device number 3 [ 55.506297][ T6017] usblp0: removed [ 55.517909][ T40] kauditd_printk_skb: 85 callbacks suppressed [ 55.517918][ T40] audit: type=1400 audit(1752130297.794:314): avc: denied { create } for pid=6515 comm="syz.0.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 55.518668][ T6516] netlink: 'syz.0.138': attribute type 39 has an invalid length. [ 55.519890][ T40] audit: type=1400 audit(1752130297.794:315): avc: denied { write } for pid=6515 comm="syz.0.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 55.620073][ T40] audit: type=1400 audit(1752130297.894:316): avc: denied { getopt } for pid=6477 comm="syz.1.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 55.783288][ T6521] netlink: 'syz.0.139': attribute type 1 has an invalid length. [ 55.806000][ T40] audit: type=1400 audit(1752130298.084:317): avc: denied { write } for pid=6525 comm="syz.3.141" name="rtc0" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 55.846795][ T40] audit: type=1400 audit(1752130298.124:318): avc: denied { read write } for pid=6529 comm="syz.0.143" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 55.853980][ T40] audit: type=1400 audit(1752130298.124:319): avc: denied { open } for pid=6529 comm="syz.0.143" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 55.860995][ T40] audit: type=1400 audit(1752130298.124:320): avc: denied { ioctl } for pid=6529 comm="syz.0.143" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 55.875781][ T6533] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.911033][ T40] audit: type=1400 audit(1752130298.184:321): avc: denied { create } for pid=6534 comm="syz.0.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 55.917533][ T40] audit: type=1400 audit(1752130298.194:322): avc: denied { bind } for pid=6534 comm="syz.0.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 55.923378][ T6535] netlink: 'syz.0.145': attribute type 2 has an invalid length. [ 55.923497][ T40] audit: type=1400 audit(1752130298.194:323): avc: denied { listen } for pid=6534 comm="syz.0.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 55.926346][ T6535] netlink: 'syz.0.145': attribute type 1 has an invalid length. [ 55.995096][ T6537] block device autoloading is deprecated and will be removed. [ 55.998041][ T6537] syz.0.146: attempt to access beyond end of device [ 55.998041][ T6537] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 56.086231][ T6541] overlayfs: conflicting options: userxattr,metacopy=on [ 56.119969][ T6538] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 56.123219][ T6538] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 56.197442][ T6540] futex_wake_op: syz.0.147 tries to shift op by 32; fix this program [ 57.204278][ T6559] netlink: 'syz.0.152': attribute type 2 has an invalid length. [ 57.307770][ T838] usb 6-1: USB disconnect, device number 2 [ 57.438119][ T6572] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.484408][ T6582] Unsupported ieee802154 address type: 0 [ 57.739178][ T6603] netlink: 'syz.0.161': attribute type 1 has an invalid length. [ 57.918283][ T6627] team0: Device gtp0 is of different type [ 58.090516][ T6636] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 58.162765][ T6640] xt_hashlimit: size too large, truncated to 1048576 [ 58.458199][ T6647] : renamed from wg1 (while UP) [ 58.502993][ T838] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 58.660559][ T6659] __nla_validate_parse: 23 callbacks suppressed [ 58.660570][ T6659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.175'. [ 58.675579][ T838] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 58.678692][ T838] usb 5-1: config 0 interface 0 has no altsetting 0 [ 58.683465][ T838] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 58.686470][ T838] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 58.689049][ T838] usb 5-1: Product: syz [ 58.690630][ T838] usb 5-1: Manufacturer: syz [ 58.695534][ T838] usb 5-1: SerialNumber: syz [ 58.700084][ T838] usb 5-1: config 0 descriptor?? [ 58.708125][ T838] usb 5-1: selecting invalid altsetting 0 [ 58.920774][ T6645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.924756][ T6645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.929982][ T6645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.934158][ T6645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.975600][ T6681] : entered promiscuous mode [ 59.086550][ T9] usb 5-1: USB disconnect, device number 4 [ 59.143650][ T6699] overlayfs: failed to get inode (-116) [ 59.146118][ T6699] overlayfs: failed to get inode (-116) [ 59.284098][ T6708] UHID_CREATE from different security context by process 116 (syz.0.191), this is not allowed. [ 59.387316][ T838] hid-generic 07FF:18000:0003.0003: item fetching failed at offset 0/4 [ 59.390533][ T838] hid-generic 07FF:18000:0003.0003: probe with driver hid-generic failed with error -22 [ 59.440085][ T6719] gfs2: gfs2 mount does not exist [ 59.779611][ T6731] netlink: 'syz.1.197': attribute type 1 has an invalid length. [ 59.782139][ T6731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.197'. [ 59.863182][ T6036] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 59.994248][ T6742] CUSE: DEVNAME unspecified [ 60.000713][ T6742] netlink: 12 bytes leftover after parsing attributes in process `syz.1.202'. [ 60.033080][ T6036] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 60.037734][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.040688][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.044232][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.047331][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.050246][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.053732][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.056574][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.059478][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.063206][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.066049][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.068850][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.072293][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.075286][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.078125][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.081541][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.084701][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.087498][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.090940][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.094027][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.096918][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.100339][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.103827][ T6036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.106708][ T6036] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.110121][ T6036] usb 5-1: config 0 interface 0 has no altsetting 0 [ 60.114230][ T6036] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 60.117119][ T6036] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 60.119760][ T6036] usb 5-1: Product: syz [ 60.121145][ T6036] usb 5-1: Manufacturer: syz [ 60.122768][ T6036] usb 5-1: SerialNumber: syz [ 60.126801][ T6036] usb 5-1: config 0 descriptor?? [ 60.133439][ T6036] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 60.267559][ T6747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.203'. [ 60.308075][ T6692] Set syz1 is full, maxelem 65536 reached [ 60.335272][ T6751] tipc: Started in network mode [ 60.337115][ T6751] tipc: Node identity fe8000000000000000000000dfffff0f, cluster identity 4711 [ 60.340011][ T6751] tipc: Enabling of bearer rejected, failed to enable media [ 60.378244][ T6754] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 60.418706][ T6756] netlink: 20 bytes leftover after parsing attributes in process `syz.3.206'. [ 60.421617][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.206'. [ 60.641597][ T6764] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 60.645362][ T6764] overlayfs: missing 'lowerdir' [ 60.705118][ T6765] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 60.707907][ T6765] overlayfs: missing 'lowerdir' [ 60.733511][ T6036] usb 5-1: USB disconnect, device number 5 [ 60.735106][ T40] kauditd_printk_skb: 100 callbacks suppressed [ 60.735115][ T40] audit: type=1400 audit(1752130303.014:424): avc: denied { create } for pid=6768 comm="syz.3.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 60.736095][ T6769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.209'. [ 60.737527][ T6036] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 60.814547][ T6776] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 60.821764][ T6776] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4127567289 (33020538312 ns) > initial count (21272959856 ns). Using initial count to start timer. [ 60.847653][ T6777] bridge0: port 3(veth0_to_bridge) entered blocking state [ 60.849938][ T6777] bridge0: port 3(veth0_to_bridge) entered disabled state [ 60.852256][ T6777] veth0_to_bridge: entered allmulticast mode [ 60.855299][ T6777] veth0_to_bridge: entered promiscuous mode [ 60.857277][ T6777] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 60.862265][ T6777] bridge0: port 3(veth0_to_bridge) entered blocking state [ 60.864581][ T6777] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 60.971422][ T6790] (syz.2.216,6790,2):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 60.974429][ T6790] (syz.2.216,6790,2):ocfs2_fill_super:1177 ERROR: status = -22 [ 60.975563][ T6792] netlink: 'syz.1.217': attribute type 6 has an invalid length. [ 60.980883][ T6792] netlink: 'syz.1.217': attribute type 6 has an invalid length. [ 61.023720][ T6799] netlink: 16 bytes leftover after parsing attributes in process `syz.3.220'. [ 61.102055][ T6810] nfs: Unknown parameter 'noac/video36' [ 61.113192][ T6813] warning: `syz.1.224' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 61.145680][ T6819] vxfs: WRONG superblock magic 00000000 at 1 [ 61.147929][ T6819] vxfs: WRONG superblock magic 00000000 at 8 [ 61.149801][ T6819] vxfs: can't find superblock. [ 61.183701][ T6824] binfmt_misc: register: failed to install interpreter file ./file1 [ 61.189307][ T6824] fuse: Bad value for 'fd' [ 61.236517][ T40] audit: type=1400 audit(1752130303.514:425): avc: denied { connect } for pid=6830 comm="syz.1.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 61.331719][ T40] audit: type=1400 audit(1752130303.604:426): avc: denied { read } for pid=6843 comm="syz.1.233" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 61.339033][ T40] audit: type=1400 audit(1752130303.604:427): avc: denied { open } for pid=6843 comm="syz.1.233" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 61.346548][ T40] audit: type=1400 audit(1752130303.614:428): avc: denied { ioctl } for pid=6843 comm="syz.1.233" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 61.375863][ T6849] Cannot find del_set index 4 as target [ 61.378124][ T6848] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 61.567482][ T6861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.236'. [ 61.570410][ T6861] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 61.573176][ T6861] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 61.578622][ T40] audit: type=1400 audit(1752130303.854:429): avc: denied { read write } for pid=6860 comm="syz.2.236" name="mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 61.586737][ T40] audit: type=1400 audit(1752130303.854:430): avc: denied { open } for pid=6860 comm="syz.2.236" path="/dev/input/mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 61.709693][ T6867] binder: 6866:6867 ioctl 81f8943c 200000000380 returned -22 [ 61.750946][ T6870] netlink: 20 bytes leftover after parsing attributes in process `syz.3.238'. [ 62.033952][ T1121] sr 2:0:0:0: [sr0] tag#18 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 62.037104][ T1121] sr 2:0:0:0: [sr0] tag#18 Sense Key : Illegal Request [current] [ 62.039541][ T1121] sr 2:0:0:0: [sr0] tag#18 Add. Sense: Invalid command operation code [ 62.042162][ T1121] sr 2:0:0:0: [sr0] tag#18 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00 [ 62.046475][ T1121] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 62.050100][ T1121] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 62.230901][ T6876] /dev/sg0: Can't lookup blockdev [ 62.242290][ T6879] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 62.258294][ T40] audit: type=1400 audit(1752130304.534:431): avc: denied { map } for pid=6878 comm="syz.1.241" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 62.289683][ T6884] syz.0.243 uses obsolete (PF_INET,SOCK_PACKET) [ 62.564398][ T6889] overlayfs: failed to clone upperpath [ 62.587856][ T6893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pid=6893 comm=syz.0.247 [ 62.669475][ T6905] netlink: 'syz.1.251': attribute type 15 has an invalid length. [ 62.675355][ T6905] batadv_slave_1: entered promiscuous mode [ 62.732887][ T6914] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6914 comm=syz.3.254 [ 62.788147][ T40] audit: type=1400 audit(62.709:432): avc: denied { write } for pid=6922 comm="syz.3.258" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 62.818350][ T40] audit: type=1400 audit(62.739:433): avc: denied { append } for pid=6911 comm="syz.1.255" name="dlm-control" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.818522][ T6920] dlm: no locking on control device [ 62.834643][ T6929] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 63.026164][ T6947] SELinux: failed to load policy [ 63.438481][ T6977] mac80211_hwsim hwsim7 `ëÿÿ: renamed from wlan1 (while UP) [ 63.556485][ T6986] netlink: 'syz.2.279': attribute type 11 has an invalid length. [ 63.565873][ T6987] netlink: 'syz.2.279': attribute type 11 has an invalid length. [ 63.682240][ T7006] af_packet: tpacket_rcv: packet too big, clamped from 120 to 4294967272. macoff=96 [ 63.688985][ T7006] netlink: 'syz.2.285': attribute type 21 has an invalid length. [ 63.699568][ T7004] __nla_validate_parse: 6 callbacks suppressed [ 63.699577][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.286'. [ 63.751687][ T7004] atomic_op ffff8880554c9198 conn xmit_atomic 0000000000000000 [ 63.757826][ T7018] netlink: 'syz.2.288': attribute type 4 has an invalid length. [ 63.767795][ T7018] netlink: 'syz.2.288': attribute type 4 has an invalid length. [ 63.861560][ T7032] xt_hashlimit: size too large, truncated to 1048576 [ 63.989017][ T7042] capability: warning: `syz.1.296' uses 32-bit capabilities (legacy support in use) [ 64.012864][ T7047] nfs: Unknown parameter '' [ 64.159633][ T7066] bad cache= option: none [ 64.159633][ T7066] [ 64.162411][ T7066] CIFS: VFS: bad cache= option: none [ 64.219635][ T7075] xt_limit: Overflow, try lower: 1207959552/384 [ 64.305000][ T7083] syz.0.310: attempt to access beyond end of device [ 64.305000][ T7083] sr0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 64.356981][ T7088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.312'. [ 64.383588][ T7083] syz.0.310: attempt to access beyond end of device [ 64.383588][ T7083] sr0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 64.387572][ T7083] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256 [ 64.390585][ T7083] syz.0.310: attempt to access beyond end of device [ 64.390585][ T7083] sr0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 64.394578][ T7083] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512 [ 64.397449][ T7083] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found [ 64.399850][ T7083] UDF-fs: Scanning with blocksize 2048 failed [ 64.402413][ T7083] syz.0.310: attempt to access beyond end of device [ 64.402413][ T7083] sr0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 64.444501][ T7083] syz.0.310: attempt to access beyond end of device [ 64.444501][ T7083] sr0: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 64.448518][ T7083] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256 [ 64.451531][ T7083] syz.0.310: attempt to access beyond end of device [ 64.451531][ T7083] sr0: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 64.455587][ T7083] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512 [ 64.458534][ T7083] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found [ 64.460903][ T7083] UDF-fs: Scanning with blocksize 4096 failed [ 64.462954][ T7083] UDF-fs: warning (device sr0): udf_fill_super: No partition found (1) [ 64.500299][ T7093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 64.509459][ T7093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 64.849754][ T7100] GUP no longer grows the stack in syz.1.315 (7100): 200000007000-20000000a000 (200000004000) [ 64.853810][ T7100] CPU: 1 UID: 0 PID: 7100 Comm: syz.1.315 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 64.853825][ T7100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.853832][ T7100] Call Trace: [ 64.853836][ T7100] [ 64.853840][ T7100] dump_stack_lvl+0x16c/0x1f0 [ 64.853858][ T7100] gup_vma_lookup+0x1d2/0x220 [ 64.853877][ T7100] __get_user_pages+0x271/0x3b80 [ 64.853890][ T7100] ? kasan_save_stack+0x33/0x60 [ 64.853902][ T7100] ? kasan_save_track+0x14/0x30 [ 64.853914][ T7100] ? __kasan_kmalloc+0xaa/0xb0 [ 64.853926][ T7100] ? __kvmalloc_node_noprof+0x27b/0x620 [ 64.853937][ T7100] ? xdp_umem_create+0x652/0x1270 [ 64.853950][ T7100] ? __pfx___get_user_pages+0x10/0x10 [ 64.853958][ T7100] ? __x64_sys_setsockopt+0xbd/0x160 [ 64.853971][ T7100] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.853987][ T7100] __gup_longterm_locked+0x5e7/0x1840 [ 64.854001][ T7100] ? __pfx___gup_longterm_locked+0x10/0x10 [ 64.854018][ T7100] pin_user_pages+0x13c/0x160 [ 64.854028][ T7100] ? __pfx_pin_user_pages+0x10/0x10 [ 64.854037][ T7100] ? trace_kmalloc+0x2b/0xd0 [ 64.854053][ T7100] ? xdp_umem_create+0x652/0x1270 [ 64.854068][ T7100] xdp_umem_create+0x73c/0x1270 [ 64.854085][ T7100] xsk_setsockopt+0x5b2/0x840 [ 64.854097][ T7100] ? __pfx_xsk_setsockopt+0x10/0x10 [ 64.854107][ T7100] ? __lock_acquire+0x622/0x1c90 [ 64.854120][ T7100] ? selinux_socket_setsockopt+0x6a/0x80 [ 64.854134][ T7100] ? __pfx_xsk_setsockopt+0x10/0x10 [ 64.854145][ T7100] do_sock_setsockopt+0x221/0x470 [ 64.854161][ T7100] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 64.854204][ T7100] __sys_setsockopt+0x1a0/0x230 [ 64.854219][ T7100] __x64_sys_setsockopt+0xbd/0x160 [ 64.854231][ T7100] ? do_syscall_64+0x91/0x4c0 [ 64.854245][ T7100] ? lockdep_hardirqs_on+0x7c/0x110 [ 64.854258][ T7100] do_syscall_64+0xcd/0x4c0 [ 64.854273][ T7100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.854283][ T7100] RIP: 0033:0x7ff9fbd8e929 [ 64.854291][ T7100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.854301][ T7100] RSP: 002b:00007ff9fcc9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 64.854310][ T7100] RAX: ffffffffffffffda RBX: 00007ff9fbfb5fa0 RCX: 00007ff9fbd8e929 [ 64.854317][ T7100] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 64.854322][ T7100] RBP: 00007ff9fbe10b39 R08: 0000000000000020 R09: 0000000000000000 [ 64.854328][ T7100] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 64.854334][ T7100] R13: 0000000000000000 R14: 00007ff9fbfb5fa0 R15: 00007fffa6a7fe68 [ 64.854347][ T7100] [ 65.017549][ T7108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.317'. [ 65.127628][ T7134] netlink: 'syz.3.325': attribute type 10 has an invalid length. [ 65.127636][ T7133] netlink: 'syz.3.325': attribute type 10 has an invalid length. [ 65.130964][ T7134] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7134 comm=syz.3.325 [ 65.140715][ T7133] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7133 comm=syz.3.325 [ 65.146330][ T7134] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 65.207753][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.209031][ T5964] block nbd1: Receive control failed (result -32) [ 65.210336][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.215647][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.218308][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.221317][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.226755][ T7148] loop2: detected capacity change from 0 to 7 [ 65.228452][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.231111][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.233555][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.235494][ T6263] Dev loop2: unable to read RDB block 7 [ 65.235919][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.237529][ T6263] loop2: AHDI p1 p2 p3 [ 65.239893][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.241046][ T6263] loop2: partition table partially beyond EOD, [ 65.244007][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.245818][ T6263] truncated [ 65.246636][ T6263] loop2: p1 start 209 is beyond EOD, [ 65.248966][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.249876][ T6263] truncated [ 65.249881][ T6263] loop2: p3 start 335544320 is beyond EOD, [ 65.252104][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.252125][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.254738][ T6263] truncated [ 65.259872][ T6264] block nbd1: shutting down sockets [ 65.261777][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.268178][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.271342][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.274368][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.277457][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.278684][ T7148] Dev loop2: unable to read RDB block 7 [ 65.280538][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.280553][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.282318][ T7148] loop2: AHDI p1 p2 p3 [ 65.288576][ T7148] loop2: partition table partially beyond EOD, truncated [ 65.290861][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.291812][ T7148] loop2: p1 start 209 is beyond EOD, [ 65.292267][ T7153] binder: 7151:7153 ioctl 6628 0 returned -22 [ 65.294245][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.296768][ T7148] truncated [ 65.298468][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.301641][ T7148] loop2: p3 start 335544320 is beyond EOD, truncated [ 65.308758][ T7155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.334'. [ 65.311284][ T7155] netlink: 4 bytes leftover after parsing attributes in process `syz.3.334'. [ 65.312734][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.316946][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.319079][ T7155] netlink: 'syz.3.334': attribute type 11 has an invalid length. [ 65.320138][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.342785][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.346132][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.349287][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.352440][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.361005][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.363984][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.366359][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.368691][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.371027][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.374025][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.376610][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.378928][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.381267][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.384082][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.386491][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.388842][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 65.394399][ T6036] hid-generic 0000:007F:FFFFFFFE.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 65.424101][ T7167] fido_id[7167]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 65.590707][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.594257][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.597036][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.599974][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.602787][ T836] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 65.605150][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.607917][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.610674][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.614570][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.617454][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.620244][ T7185] kvm: kvm [7183]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x5 [ 65.743119][ T836] usb 7-1: device descriptor read/64, error -71 [ 65.747699][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 65.747709][ T40] audit: type=1804 audit(65.730:461): pid=7208 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.349" name="/newroot/76/file0" dev="tmpfs" ino=414 res=1 errno=0 [ 65.756755][ T40] audit: type=1800 audit(65.730:462): pid=7208 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.349" name="file0" dev="tmpfs" ino=414 res=0 errno=0 [ 65.875789][ T7223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.356'. [ 65.936200][ T7226] netlink: 'syz.0.357': attribute type 21 has an invalid length. [ 66.002756][ T836] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 66.031158][ T7236] netlink: 'syz.0.361': attribute type 1 has an invalid length. [ 66.034639][ T40] audit: type=1400 audit(66.020:463): avc: denied { map } for pid=7235 comm="syz.0.361" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 66.047139][ T7237] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 66.049444][ T7237] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 66.053839][ T7237] vhci_hcd vhci_hcd.0: Device attached [ 66.132810][ T836] usb 7-1: device descriptor read/64, error -71 [ 66.182699][ T5964] Bluetooth: hci3: command 0x0405 tx timeout [ 66.200261][ T40] audit: type=1400 audit(66.180:464): avc: denied { setopt } for pid=7244 comm="syz.0.363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 66.243283][ T836] usb usb7-port1: attempt power cycle [ 66.260986][ T40] audit: type=1400 audit(66.240:465): avc: denied { ioctl } for pid=7252 comm="syz.3.365" path="socket:[17446]" dev="sockfs" ino=17446 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 66.292666][ T34] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 66.313188][ T40] audit: type=1400 audit(66.300:466): avc: denied { setattr } for pid=7258 comm="syz.0.367" name="vcs" dev="devtmpfs" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 66.389627][ T7263] No control pipe specified [ 66.422526][ T7269] netlink: 12 bytes leftover after parsing attributes in process `syz.3.371'. [ 66.437534][ T40] audit: type=1400 audit(66.420:467): avc: denied { append } for pid=7265 comm="syz.0.370" name="sg1" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 66.439368][ T7266] netlink: 60 bytes leftover after parsing attributes in process `syz.0.370'. [ 66.463448][ T7273] xt_hashlimit: max too large, truncated to 1048576 [ 66.465884][ T7273] xt_bpf: check failed: parse error [ 66.493315][ T7279] overlayfs: failed to resolve './file0:/': -2 [ 66.496259][ T40] audit: type=1400 audit(66.480:468): avc: denied { remount } for pid=7278 comm="syz.3.374" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 66.592766][ T836] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 66.613042][ T836] usb 7-1: device descriptor read/8, error -71 [ 66.674530][ T7287] binder: 7286:7287 ioctl c0306201 0 returned -14 [ 66.685172][ T7288] mkiss: ax0: crc mode is auto. [ 66.822701][ T7238] vhci_hcd: connection reset by peer [ 66.826373][ T46] vhci_hcd: stop threads [ 66.828103][ T46] vhci_hcd: release socket [ 66.829951][ T46] vhci_hcd: disconnect device [ 66.852694][ T836] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 66.873141][ T836] usb 7-1: device descriptor read/8, error -71 [ 66.983992][ T836] usb usb7-port1: unable to enumerate USB device [ 67.392313][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.380'. [ 67.417017][ T7298] netlink: 44 bytes leftover after parsing attributes in process `syz.3.381'. [ 67.475836][ T7307] cgroup: No subsys list or none specified [ 67.532242][ T7312] netlink: 'syz.3.386': attribute type 1 has an invalid length. [ 67.544263][ T7312] 8021q: adding VLAN 0 to HW filter on device bond2 [ 67.560439][ T7313] veth5: entered promiscuous mode [ 67.565105][ T7313] bond2: (slave veth5): Enslaving as an active interface with a down link [ 67.720647][ T40] audit: type=1400 audit(67.700:469): avc: denied { bind } for pid=7333 comm="syz.3.392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 67.854542][ T7353] macvlan0: entered promiscuous mode [ 67.856253][ T7353] macvlan0: entered allmulticast mode [ 68.330870][ T40] audit: type=1400 audit(68.310:470): avc: denied { create } for pid=7386 comm="syz.0.407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 68.426437][ T7405] fuse: Unknown parameter 'f' [ 68.441245][ T7405] IPv6: Can't replace route, no match found [ 68.553959][ T7427] netlink: 'syz.1.420': attribute type 4 has an invalid length. [ 68.560564][ T7427] netlink: 'syz.1.420': attribute type 4 has an invalid length. [ 68.614151][ T7435] netlink: 'syz.3.424': attribute type 1 has an invalid length. [ 68.626556][ T7435] 8021q: adding VLAN 0 to HW filter on device bond3 [ 68.709380][ T7442] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 68.709380][ T7442] The task syz.1.425 (7442) triggered the difference, watch for misbehavior. [ 68.750556][ T5964] Bluetooth: hci3: Malformed LE Event: 0x0d [ 68.834051][ T6569] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 68.876872][ T7458] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1281 sclass=netlink_route_socket pid=7458 comm=syz.3.431 [ 68.881209][ T7458] __nla_validate_parse: 5 callbacks suppressed [ 68.881217][ T7458] netlink: 5 bytes leftover after parsing attributes in process `syz.3.431'. [ 68.887137][ T7458] 0ªî{X¹¦: renamed from macvtap0 (while UP) [ 68.890311][ T7458] 0ªî{X¹¦: entered allmulticast mode [ 68.892033][ T7458] veth0_macvtap: entered allmulticast mode [ 68.895426][ T7458] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 68.901697][ T7458] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7458 comm=syz.3.431 [ 68.955235][ T7462] No control pipe specified [ 68.993969][ T6569] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 68.997260][ T6569] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 69.000090][ T6569] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 69.003927][ T6569] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 69.007323][ T6569] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 69.010727][ T6569] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 69.014239][ T6569] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.018736][ T7431] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 69.023715][ T6569] hub 7-1:1.0: bad descriptor, ignoring hub [ 69.025579][ T6569] hub 7-1:1.0: probe with driver hub failed with error -5 [ 69.034397][ T6569] cdc_wdm 7-1:1.0: skipping garbage [ 69.036056][ T6569] cdc_wdm 7-1:1.0: skipping garbage [ 69.041456][ T6569] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 69.043449][ T6569] cdc_wdm 7-1:1.0: Unknown control protocol [ 69.232305][ T7488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.441'. [ 69.253341][ T7488] netlink: 'syz.0.441': attribute type 2 has an invalid length. [ 69.255920][ T7488] netlink: 12 bytes leftover after parsing attributes in process `syz.0.441'. [ 69.425424][ T7508] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 69.469257][ T7510] netlink: 28 bytes leftover after parsing attributes in process `syz.3.449'. [ 69.472104][ T7510] netlink: 28 bytes leftover after parsing attributes in process `syz.3.449'. [ 69.479452][ T7510] erspan0: entered promiscuous mode [ 69.481491][ T7510] batadv_slave_1: entered promiscuous mode [ 69.609423][ T7528] netlink: 12 bytes leftover after parsing attributes in process `syz.0.455'. [ 69.620848][ T7528] 8021q: adding VLAN 0 to HW filter on device bond1 [ 69.632412][ T7528] bond1: (slave batadv1): Opening slave failed [ 69.650950][ T29] usb 7-1: USB disconnect, device number 6 [ 69.653760][ T7431] cdc_wdm 7-1:1.0: Error autopm - -16 [ 69.793065][ T7543] fuse: Bad value for 'rootmode' [ 69.839946][ T7551] Bluetooth: MGMT ver 1.23 [ 69.973069][ T29] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 70.060877][ T7575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.471'. [ 70.136215][ T29] usb 7-1: unable to get BOS descriptor or descriptor too short [ 70.140010][ T29] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 70.142406][ T29] usb 7-1: can't read configurations, error -71 [ 70.182612][ T7589] bond0: (slave veth0_to_hsr): Error: Device can not be enslaved while up [ 70.185992][ T7589] cgroup2: Unknown parameter 'euid' [ 70.188214][ T7589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.476'. [ 70.269402][ T7607] 9pnet: Found fid 0 not clunked [ 70.349092][ T7616] netlink: zone id is out of range [ 70.350818][ T7616] netlink: zone id is out of range [ 70.352591][ T7616] netlink: zone id is out of range [ 70.354307][ T7616] netlink: zone id is out of range [ 70.355980][ T7616] netlink: zone id is out of range [ 70.357646][ T7616] netlink: zone id is out of range [ 70.359340][ T7616] netlink: zone id is out of range [ 70.361016][ T7616] netlink: zone id is out of range [ 70.364091][ T7616] netlink: zone id is out of range [ 70.392621][ T7620] veth0_to_bond: entered allmulticast mode [ 70.553700][ T7652] pim6reg9: entered allmulticast mode [ 70.870578][ T7681] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29968 sclass=netlink_route_socket pid=7681 comm=syz.3.502 [ 70.897289][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 70.897299][ T40] audit: type=1400 audit(70.891:494): avc: denied { write } for pid=7683 comm="syz.2.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 70.945307][ T40] audit: type=1400 audit(70.941:495): avc: denied { module_request } for pid=7690 comm="syz.1.506" kmod="rtnl-link-bridge_slave" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 70.964566][ T7701] batadv_slave_1: entered promiscuous mode [ 70.967921][ T40] audit: type=1400 audit(70.961:496): avc: denied { read } for pid=7700 comm="syz.2.508" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 70.980159][ T7700] batadv_slave_1: left promiscuous mode [ 70.982026][ T7692] validate_nla: 2 callbacks suppressed [ 70.982035][ T7692] netlink: 'syz.1.506': attribute type 9 has an invalid length. [ 70.986423][ T7692] netlink: 'syz.1.506': attribute type 12 has an invalid length. [ 70.989028][ T7692] netlink: 'syz.1.506': attribute type 1 has an invalid length. [ 70.992015][ T7692] netlink: 16 bytes leftover after parsing attributes in process `syz.1.506'. [ 70.996877][ T7692] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.000057][ T7692] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.003026][ T7692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.005754][ T7697] netlink: 'syz.1.506': attribute type 9 has an invalid length. [ 71.014859][ T7697] netlink: 'syz.1.506': attribute type 12 has an invalid length. [ 71.017470][ T7697] netlink: 'syz.1.506': attribute type 1 has an invalid length. [ 71.019939][ T7697] netlink: 16 bytes leftover after parsing attributes in process `syz.1.506'. [ 71.024174][ T7697] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.027157][ T7697] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.029489][ T7697] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.067444][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.218597][ T7729] overlayfs: failed to clone upperpath [ 71.270101][ T40] audit: type=1400 audit(71.261:497): avc: denied { map } for pid=7734 comm="syz.2.517" path="/dev/comedi4" dev="devtmpfs" ino=1306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.277050][ T40] audit: type=1400 audit(71.261:498): avc: denied { execute } for pid=7734 comm="syz.2.517" path="/dev/comedi4" dev="devtmpfs" ino=1306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.325201][ T7739] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 71.373628][ T40] audit: type=1400 audit(71.371:499): avc: denied { bind } for pid=7748 comm="syz.3.523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 71.387214][ T34] vhci_hcd: vhci_device speed not set [ 71.446507][ T7756] PKCS8: Unsupported PKCS#8 version [ 71.448209][ T7756] PKCS8: Unsupported PKCS#8 version [ 71.449755][ T7756] PKCS8: Unsupported PKCS#8 version [ 71.451304][ T7756] PKCS8: Unsupported PKCS#8 version [ 71.503634][ T7766] syzkaller1: entered promiscuous mode [ 71.505236][ T7766] syzkaller1: entered allmulticast mode [ 71.647531][ T40] audit: type=1400 audit(71.641:500): avc: denied { watch } for pid=7790 comm="syz.0.532" path="/121/file0" dev="9p" ino=35913813 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 71.658833][ T7791] netlink: 'syz.0.532': attribute type 3 has an invalid length. [ 71.662642][ T40] audit: type=1400 audit(71.641:501): avc: denied { remove_name } for pid=7790 comm="syz.0.532" name="file0" dev="9p" ino=35913824 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 71.669157][ T40] audit: type=1400 audit(71.641:502): avc: denied { rename } for pid=7790 comm="syz.0.532" name="file0" dev="9p" ino=35913824 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 71.682198][ T40] audit: type=1400 audit(71.641:503): avc: denied { add_name } for pid=7790 comm="syz.0.532" name="file1" dev="9p" ino=35913890 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 71.899686][ T7802] capability: warning: `syz.1.536' uses deprecated v2 capabilities in a way that may be insecure [ 71.903657][ T6037] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 72.023753][ T7804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.054654][ T6037] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 72.058324][ T6037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 72.062275][ T6037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 72.067555][ T6037] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 72.069878][ T7806] SELinux: policydb magic number 0x69662f2e does not match expected magic number 0xf97cff8c [ 72.071650][ T6037] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 72.075215][ T7806] SELinux: failed to load policy [ 72.078120][ T7804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.082152][ T6037] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.086273][ T6037] usb 5-1: config 0 descriptor?? [ 72.088301][ T7791] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 72.136943][ T7804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.422666][ T5964] Bluetooth: hci2: command 0x0406 tx timeout [ 72.500492][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.503151][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.505525][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.507871][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.510477][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.513010][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.515326][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.517719][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.520049][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.522419][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.525192][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.527498][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.529886][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.532190][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.534636][ T6037] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 72.544783][ T6037] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 72.727841][ T63] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 72.739214][ T63] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 72.753531][ T6037] usb 5-1: USB disconnect, device number 6 [ 73.380369][ T7861] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 73.388965][ T7861] CIFS mount error: No usable UNC path provided in device string! [ 73.388965][ T7861] [ 73.392393][ T7861] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 73.608741][ T7879] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 73.736737][ T7882] kvm: emulating exchange as write [ 73.902653][ C3] net_ratelimit: 25432 callbacks suppressed [ 73.902664][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.908481][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.912124][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.915849][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.919484][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.923170][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.926823][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.930603][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.934494][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 73.938264][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 74.164729][ T7938] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 74.204800][ T7944] netlink: 'syz.1.584': attribute type 2 has an invalid length. [ 74.326350][ T7952] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 74.329573][ T7952] __nla_validate_parse: 3 callbacks suppressed [ 74.329582][ T7952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.587'. [ 74.760026][ T63] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 74.808978][ T7976] netlink: 12 bytes leftover after parsing attributes in process `syz.0.595'. [ 74.842682][ T29] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 74.972098][ T7981] syz.0.597: attempt to access beyond end of device [ 74.972098][ T7981] loop0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 74.976276][ T7981] efs: cannot read volume header [ 74.992614][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 74.995480][ T29] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 74.998218][ T29] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 75.000829][ T29] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 75.003732][ T29] usb 7-1: config 250 has no interface number 0 [ 75.005760][ T29] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 75.009305][ T29] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 75.012488][ T29] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 75.015742][ T29] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 75.018795][ T29] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 75.022961][ T29] usb 7-1: config 250 interface 228 has no altsetting 0 [ 75.026266][ T29] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 75.029091][ T29] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 75.031587][ T29] usb 7-1: Product: syz [ 75.033138][ T29] usb 7-1: SerialNumber: syz [ 75.041891][ T29] hub 7-1:250.228: bad descriptor, ignoring hub [ 75.048341][ T29] hub 7-1:250.228: probe with driver hub failed with error -5 [ 75.245809][ T7992] netlink: 'syz.1.602': attribute type 10 has an invalid length. [ 75.259483][ T29] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 9 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 75.261994][ T7967] block device autoloading is deprecated and will be removed. [ 75.282993][ T29] usb 7-1: USB disconnect, device number 9 [ 75.288069][ T29] usblp0: removed [ 75.325133][ T8002] bad cache= option: none [ 75.325133][ T8002] [ 75.327169][ T8002] CIFS: VFS: bad cache= option: none [ 75.329161][ T8001] bad cache= option: none [ 75.329161][ T8001] [ 75.331118][ T8001] CIFS: VFS: bad cache= option: none [ 75.386024][ T6036] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 75.532644][ T6036] usb 5-1: Using ep0 maxpacket: 16 [ 75.537106][ T6036] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 75.539829][ T6036] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 75.542254][ T6036] usb 5-1: Product: syz [ 75.544782][ T6036] usb 5-1: Manufacturer: syz [ 75.546300][ T6036] usb 5-1: SerialNumber: syz [ 75.549866][ T6036] usb 5-1: config 0 descriptor?? [ 75.761527][ T6036] usb 5-1: USB disconnect, device number 7 [ 76.645691][ T8017] netlink: 830 bytes leftover after parsing attributes in process `syz.1.612'. [ 76.746601][ T5964] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 76.749248][ T5964] Bluetooth: hci3: Injecting HCI hardware error event [ 76.752282][ T5964] Bluetooth: hci3: hardware error 0x00 [ 76.879787][ T40] kauditd_printk_skb: 17 callbacks suppressed [ 76.879798][ T40] audit: type=1400 audit(76.871:521): avc: denied { setattr } for pid=8034 comm="syz.1.618" name="SCO" dev="sockfs" ino=20612 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 77.097071][ T40] audit: type=1400 audit(77.091:522): avc: denied { append } for pid=8047 comm="syz.2.621" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 77.119372][ T40] audit: type=1400 audit(77.091:523): avc: denied { open } for pid=8047 comm="syz.2.621" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 77.138212][ T8049] netlink: 48 bytes leftover after parsing attributes in process `syz.2.621'. [ 77.161555][ T8049] loop6: detected capacity change from 0 to 63 [ 77.181399][ T6263] Buffer I/O error on dev loop6, logical block 0, async page read [ 77.213228][ T6263] Buffer I/O error on dev loop6, logical block 0, async page read [ 77.215883][ T6263] Buffer I/O error on dev loop6, logical block 0, async page read [ 77.218500][ T6263] Buffer I/O error on dev loop6, logical block 0, async page read [ 77.221114][ T6263] Buffer I/O error on dev loop6, logical block 0, async page read [ 77.259088][ T40] audit: type=1400 audit(77.251:524): avc: denied { lock } for pid=8043 comm="syz.0.620" path="socket:[20716]" dev="sockfs" ino=20716 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 77.400426][ T8062] Cannot find set identified by id 3 to match [ 77.404091][ T8062] overlay: Unknown parameter 'uid<00000000000000016384' [ 77.419684][ T40] audit: type=1400 audit(77.411:525): avc: denied { read } for pid=8061 comm="syz.2.623" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 77.483994][ T5963] Bluetooth: hci1: command 0x0406 tx timeout [ 78.134566][ T8088] netlink: 'syz.2.632': attribute type 3 has an invalid length. [ 78.140214][ T8088] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'. [ 78.153611][ T8088] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 78.157119][ T8088] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 78.536342][ T8104] netlink: 36 bytes leftover after parsing attributes in process `syz.3.636'. [ 78.617005][ T40] audit: type=1400 audit(78.611:526): avc: denied { create } for pid=8108 comm="syz.1.638" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 78.638984][ T40] audit: type=1400 audit(78.621:527): avc: denied { read } for pid=8108 comm="syz.1.638" name="file0" dev="tmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 78.651534][ T40] audit: type=1400 audit(78.621:528): avc: denied { open } for pid=8108 comm="syz.1.638" path="/135/file0" dev="tmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 78.660306][ T40] audit: type=1400 audit(78.621:529): avc: denied { mounton } for pid=8108 comm="syz.1.638" path="/135/file0" dev="tmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 78.686309][ T40] audit: type=1400 audit(78.681:530): avc: denied { connect } for pid=8110 comm="syz.3.639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 78.904821][ T5964] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 78.912678][ C3] net_ratelimit: 88855 callbacks suppressed [ 78.912689][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 78.912688][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.912784][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 78.912845][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.913009][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.913164][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.913415][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.913589][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.913741][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.913933][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 78.980339][ T8119] /dev/nullb0: Can't lookup blockdev [ 79.281765][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.298266][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.365992][ T8131] netlink: 'syz.3.644': attribute type 12 has an invalid length. [ 79.369033][ T8131] netlink: 132 bytes leftover after parsing attributes in process `syz.3.644'. [ 79.417029][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.422872][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.428654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.466119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.472451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.551655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.558618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.828905][ T8138] netlink: 56 bytes leftover after parsing attributes in process `syz.2.647'. [ 79.883888][ T8138] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.366682][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.653'. [ 81.284211][ T8203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.665'. [ 81.585982][ T53] cfg80211: failed to load regulatory.db [ 82.232744][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 82.232753][ T40] audit: type=1400 audit(82.231:545): avc: denied { ioctl } for pid=8224 comm="syz.1.672" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x1288 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 82.262634][ T40] audit: type=1400 audit(82.251:546): avc: denied { map } for pid=8224 comm="syz.1.672" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 82.269667][ T40] audit: type=1400 audit(82.251:547): avc: denied { execute } for pid=8224 comm="syz.1.672" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 82.373816][ T8225] tipc: Failed to remove unknown binding: 66,1,1/0:3119483958/3119483960 [ 82.387583][ T8225] tipc: Failed to remove unknown binding: 66,1,1/0:3119483958/3119483960 [ 82.657988][ T8237] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8237 comm=syz.3.673 [ 82.771466][ T8239] netlink: 80 bytes leftover after parsing attributes in process `syz.1.674'. [ 82.915675][ T40] audit: type=1400 audit(82.911:548): avc: denied { write } for pid=8246 comm="syz.1.680" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 82.925082][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.934374][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.937099][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.949879][ T40] audit: type=1400 audit(82.911:549): avc: denied { map } for pid=8246 comm="syz.1.680" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 82.960270][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.964101][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.970404][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.976817][ T40] audit: type=1400 audit(82.911:550): avc: denied { execute } for pid=8246 comm="syz.1.680" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 82.984316][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 82.995018][ T8245] netlink: 'syz.3.678': attribute type 3 has an invalid length. [ 83.195933][ T40] audit: type=1400 audit(83.191:551): avc: denied { nlmsg_write } for pid=8266 comm="syz.1.684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 83.346146][ T8269] netlink: 4 bytes leftover after parsing attributes in process `syz.2.683'. [ 83.370874][ T8275] netlink: 16 bytes leftover after parsing attributes in process `syz.0.687'. [ 83.784058][ T40] audit: type=1400 audit(83.741:552): avc: denied { listen } for pid=8277 comm="syz.0.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 83.922601][ C3] net_ratelimit: 93647 callbacks suppressed [ 83.922617][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 83.922640][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 83.922645][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 83.922795][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 83.922971][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 83.923447][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 83.923591][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 83.923756][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 83.924216][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 83.924367][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 84.323936][ T8290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.690'. [ 84.409103][ T40] audit: type=1326 audit(84.401:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8291 comm="syz.1.691" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9fbd8e929 code=0x7ffc0000 [ 84.683920][ T40] audit: type=1326 audit(84.401:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8291 comm="syz.1.691" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9fbd8e929 code=0x7ffc0000 [ 84.774485][ T8295] program syz.0.692 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 84.840072][ T8303] program syz.0.692 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 85.214061][ T8307] input: syz1 as /devices/virtual/input/input8 [ 85.307248][ T8313] team0: Device gtp0 is of different type [ 85.360050][ T8316] validate_nla: 40 callbacks suppressed [ 85.360062][ T8316] netlink: 'syz.3.698': attribute type 2 has an invalid length. [ 85.364557][ T8316] netlink: 'syz.3.698': attribute type 8 has an invalid length. [ 85.366980][ T8316] netlink: 1148 bytes leftover after parsing attributes in process `syz.3.698'. [ 86.908901][ T8373] syz.1.718: calling unsupported SCSI_IOCTL_SEND_COMMAND [ 87.217693][ T8383] netlink: 192 bytes leftover after parsing attributes in process `syz.1.723'. [ 87.435976][ T8392] netlink: 20 bytes leftover after parsing attributes in process `syz.1.726'. [ 87.638541][ T8397] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8397 comm=syz.3.722 [ 87.658362][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 87.658372][ T40] audit: type=1400 audit(87.651:562): avc: denied { append } for pid=8404 comm="syz.0.729" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 87.771641][ T40] audit: type=1400 audit(87.761:563): avc: denied { audit_read } for pid=8415 comm="syz.0.732" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 87.791194][ T8416] netlink: 56 bytes leftover after parsing attributes in process `syz.0.732'. [ 87.870846][ T8418] netlink: 216 bytes leftover after parsing attributes in process `syz.1.734'. [ 88.230274][ T40] audit: type=1400 audit(88.221:564): avc: denied { ioctl } for pid=8439 comm="syz.2.739" path="socket:[22150]" dev="sockfs" ino=22150 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 88.343231][ T8449] netlink: 12 bytes leftover after parsing attributes in process `syz.2.741'. [ 88.716896][ T8468] netlink: 24 bytes leftover after parsing attributes in process `syz.1.748'. [ 88.765712][ T8470] 9pnet_fd: Insufficient options for proto=fd [ 88.832959][ T40] audit: type=1400 audit(88.831:565): avc: denied { map } for pid=8469 comm="syz.1.749" path="socket:[22297]" dev="sockfs" ino=22297 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 88.902246][ T8475] netlink: 12 bytes leftover after parsing attributes in process `syz.2.752'. [ 88.911534][ T8475] netlink: 12 bytes leftover after parsing attributes in process `syz.2.752'. [ 88.932620][ C0] net_ratelimit: 94132 callbacks suppressed [ 88.932633][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 88.932650][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 88.932797][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 88.933531][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 88.933681][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 88.933932][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 88.934445][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 88.934592][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 88.934768][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 88.935037][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 89.207392][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.759'. [ 89.529557][ T8518] netlink: 'syz.2.767': attribute type 12 has an invalid length. [ 89.874451][ T8538] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 89.888092][ T8538] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 89.899987][ T8538] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 89.937800][ T8538] tmpfs: Invalid uid '0x00000000ffffffff' [ 90.035244][ T8545] overlayfs: missing 'workdir' [ 90.423776][ T6036] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 90.526321][ T8569] loop6: detected capacity change from 0 to 524287999 [ 90.564357][ T6036] usb 5-1: device descriptor read/64, error -71 [ 90.764083][ T40] audit: type=1400 audit(90.751:566): avc: denied { read } for pid=8578 comm="syz.1.790" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 90.779787][ T40] audit: type=1400 audit(90.751:567): avc: denied { open } for pid=8578 comm="syz.1.790" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 90.815665][ T40] audit: type=1400 audit(90.811:568): avc: denied { map } for pid=8578 comm="syz.1.790" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 90.823247][ T40] audit: type=1400 audit(90.811:569): avc: denied { execute } for pid=8578 comm="syz.1.790" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 90.842605][ T6036] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 90.876909][ T8583] __nla_validate_parse: 2 callbacks suppressed [ 90.876920][ T8583] netlink: 32 bytes leftover after parsing attributes in process `syz.2.787'. [ 90.974445][ T6036] usb 5-1: device descriptor read/64, error -71 [ 91.082877][ T6036] usb usb5-port1: attempt power cycle [ 91.183066][ T8585] tipc: Enabled bearer , priority 10 [ 91.422652][ T6036] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 91.453179][ T6036] usb 5-1: device descriptor read/8, error -71 [ 91.681300][ T8617] netlink: 'syz.3.800': attribute type 2 has an invalid length. [ 91.683839][ T8617] netlink: 1184 bytes leftover after parsing attributes in process `syz.3.800'. [ 91.692611][ T6036] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 91.713059][ T6036] usb 5-1: device descriptor read/8, error -71 [ 91.823264][ T6036] usb usb5-port1: unable to enumerate USB device [ 91.944230][ T8636] netlink: 28 bytes leftover after parsing attributes in process `syz.2.806'. [ 92.185961][ T6036] tipc: Node number set to 562036495 [ 92.196780][ T5964] block nbd1: Receive control failed (result -32) [ 92.210490][ T8606] block nbd1: shutting down sockets [ 92.774377][ T8641] xt_bpf: check failed: parse error [ 93.416621][ T8680] netlink: 'syz.0.822': attribute type 10 has an invalid length. [ 93.582557][ C1] sched: DL replenish lagged too much [ 93.942594][ C0] net_ratelimit: 95611 callbacks suppressed [ 93.942597][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 93.942606][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.942683][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 93.942781][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.942943][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.943104][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.943270][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.943438][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.943599][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 93.943759][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 94.490800][ T40] audit: type=1400 audit(94.471:570): avc: denied { write } for pid=8709 comm="syz.1.832" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 94.904672][ T40] audit: type=1400 audit(94.901:571): avc: denied { open } for pid=8731 comm="syz.0.837" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=23232 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 96.159497][ T8758] netlink: 'syz.1.845': attribute type 9 has an invalid length. [ 96.168522][ T8758] netlink: 32 bytes leftover after parsing attributes in process `syz.1.845'. [ 96.462152][ T8765] xt_hashlimit: overflow, rate too high: 0 [ 97.485950][ T6036] usb 6-1: new low-speed USB device number 3 using dummy_hcd [ 97.566293][ T40] audit: type=1400 audit(97.561:572): avc: denied { getopt } for pid=8801 comm="syz.2.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 97.647331][ T8808] netlink: 173848 bytes leftover after parsing attributes in process `syz.3.860'. [ 97.653655][ T6036] usb 6-1: Invalid ep0 maxpacket: 32 [ 97.658257][ T8808] SET target dimension over the limit! [ 97.792631][ T6036] usb 6-1: new low-speed USB device number 4 using dummy_hcd [ 97.965398][ T6036] usb 6-1: Invalid ep0 maxpacket: 32 [ 97.969560][ T6036] usb usb6-port1: attempt power cycle [ 98.013138][ T40] audit: type=1400 audit(98.011:573): avc: denied { module_load } for pid=8811 comm="syz.3.862" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="hugetlbfs" ino=23461 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=system permissive=1 [ 98.039033][ T8812] Invalid ELF header magic: != ELF [ 98.291872][ T40] audit: type=1400 audit(98.281:574): avc: denied { create } for pid=8813 comm="syz.3.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 98.322634][ T6036] usb 6-1: new low-speed USB device number 5 using dummy_hcd [ 98.343460][ T6036] usb 6-1: Invalid ep0 maxpacket: 32 [ 98.473596][ T6036] usb 6-1: new low-speed USB device number 6 using dummy_hcd [ 98.498721][ T6036] usb 6-1: Invalid ep0 maxpacket: 32 [ 98.501101][ T6036] usb usb6-port1: unable to enumerate USB device [ 98.917839][ T8822] ipvlan0: entered allmulticast mode [ 98.919941][ T8822] veth0_vlan: entered allmulticast mode [ 98.952598][ C1] net_ratelimit: 89472 callbacks suppressed [ 98.952609][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.952611][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.952617][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9a:20:d1:9c:d3:c9, vlan:0) [ 98.952763][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.952927][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.953104][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.953282][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.953422][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.953582][ C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 98.953722][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 99.146323][ T8837] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 99.148429][ T8837] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 99.152935][ T8837] vhci_hcd vhci_hcd.0: Device attached [ 99.155649][ T5964] Bluetooth: hci2: unexpected subevent 0x0e length: 30 > 15 [ 99.158013][ T5964] Bluetooth: hci2: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00 [ 99.180682][ T40] audit: type=1400 audit(99.171:575): avc: denied { shutdown } for pid=8835 comm="syz.0.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 99.187250][ T8837] SELinux: syz.0.872 (8837) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 99.195225][ T8838] vhci_hcd: connection closed [ 99.216506][ T12] vhci_hcd: stop threads [ 99.219567][ T12] vhci_hcd: release socket [ 99.220992][ T12] vhci_hcd: disconnect device [ 99.270968][ T8841] netlink: 12 bytes leftover after parsing attributes in process `syz.3.871'. [ 99.276564][ T40] audit: type=1326 audit(99.271:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8836 comm="syz.3.871" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f146178e929 code=0x0 [ 99.581243][ T8845] overlayfs: failed to clone upperpath [ 99.828298][ T40] audit: type=1400 audit(99.821:577): avc: denied { unmount } for pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 100.052115][ T8851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.876'. [ 100.213485][ T8862] 9pnet_virtio: no channels available for device syz [ 100.241132][ T40] audit: type=1400 audit(100.231:578): avc: denied { mount } for pid=8855 comm="syz.0.875" name="/" dev="9p" ino=35913813 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 100.429367][ T8865] ------------[ cut here ]------------ [ 100.431256][ T8865] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/aio_iiro_16.c:180:9 [ 100.434740][ T8865] shift exponent 9574 is too large for 32-bit type 'int' [ 100.441492][ T8865] CPU: 2 UID: 0 PID: 8865 Comm: syz.1.878 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 100.441507][ T8865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.441514][ T8865] Call Trace: [ 100.441518][ T8865] [ 100.441522][ T8865] dump_stack_lvl+0x16c/0x1f0 [ 100.441541][ T8865] __ubsan_handle_shift_out_of_bounds+0x27f/0x420 [ 100.441567][ T8865] aio_iiro_16_attach.cold+0x19/0x1e [ 100.441582][ T8865] comedi_device_attach+0x3b3/0x900 [ 100.441602][ T8865] do_devconfig_ioctl+0x1a7/0x580 [ 100.441618][ T8865] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 100.441642][ T8865] ? find_held_lock+0x2b/0x80 [ 100.441659][ T8865] comedi_unlocked_ioctl+0x15bb/0x2e90 [ 100.441671][ T8865] ? do_raw_spin_unlock+0x124/0x230 [ 100.441683][ T8865] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 100.441696][ T8865] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 100.441707][ T8865] ? do_vfs_ioctl+0x523/0x1a60 [ 100.441718][ T8865] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 100.441733][ T8865] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 100.441747][ T8865] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 100.441763][ T8865] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 100.441781][ T8865] ? hook_file_ioctl_common+0x145/0x410 [ 100.441795][ T8865] ? selinux_file_ioctl+0x180/0x270 [ 100.441808][ T8865] ? selinux_file_ioctl+0xb4/0x270 [ 100.441822][ T8865] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 100.441834][ T8865] __x64_sys_ioctl+0x18b/0x210 [ 100.441871][ T8865] do_syscall_64+0xcd/0x4c0 [ 100.441889][ T8865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.441901][ T8865] RIP: 0033:0x7ff9fbd8e929 [ 100.441910][ T8865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.441921][ T8865] RSP: 002b:00007ff9fcc7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.441931][ T8865] RAX: ffffffffffffffda RBX: 00007ff9fbfb6080 RCX: 00007ff9fbd8e929 [ 100.441938][ T8865] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000008 [ 100.441944][ T8865] RBP: 00007ff9fbe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 100.441951][ T8865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.441957][ T8865] R13: 0000000000000000 R14: 00007ff9fbfb6080 R15: 00007fffa6a7fe68 [ 100.441971][ T8865] [ 100.441975][ T8865] ---[ end trace ]--- [ 100.634819][ T8865] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 100.637102][ T8865] CPU: 2 UID: 0 PID: 8865 Comm: syz.1.878 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 100.640764][ T8865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.644100][ T8865] Call Trace: [ 100.645157][ T8865] [ 100.646109][ T8865] dump_stack_lvl+0x3d/0x1f0 [ 100.647568][ T8865] panic+0x71c/0x800 [ 100.648810][ T8865] ? __pfx_panic+0x10/0x10 [ 100.650372][ T8865] ? __pfx__printk+0x10/0x10 [ 100.651832][ T8865] check_panic_on_warn+0xab/0xb0 [ 100.653398][ T8865] __ubsan_handle_shift_out_of_bounds+0x2a6/0x420 [ 100.655441][ T8865] aio_iiro_16_attach.cold+0x19/0x1e [ 100.657097][ T8865] comedi_device_attach+0x3b3/0x900 [ 100.658742][ T8865] do_devconfig_ioctl+0x1a7/0x580 [ 100.660338][ T8865] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 100.662069][ T8865] ? find_held_lock+0x2b/0x80 [ 100.663548][ T8865] comedi_unlocked_ioctl+0x15bb/0x2e90 [ 100.665252][ T8865] ? do_raw_spin_unlock+0x124/0x230 [ 100.666879][ T8865] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 100.668712][ T8865] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 100.670527][ T8865] ? do_vfs_ioctl+0x523/0x1a60 [ 100.672020][ T8865] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 100.673587][ T8865] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 100.675613][ T8865] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 100.677612][ T8865] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 100.679740][ T8865] ? hook_file_ioctl_common+0x145/0x410 [ 100.681466][ T8865] ? selinux_file_ioctl+0x180/0x270 [ 100.683101][ T8865] ? selinux_file_ioctl+0xb4/0x270 [ 100.684702][ T8865] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 100.686533][ T8865] __x64_sys_ioctl+0x18b/0x210 [ 100.688032][ T8865] do_syscall_64+0xcd/0x4c0 [ 100.689465][ T8865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.691305][ T8865] RIP: 0033:0x7ff9fbd8e929 [ 100.692699][ T8865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.698570][ T8865] RSP: 002b:00007ff9fcc7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.701139][ T8865] RAX: ffffffffffffffda RBX: 00007ff9fbfb6080 RCX: 00007ff9fbd8e929 [ 100.703580][ T8865] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000008 [ 100.706026][ T8865] RBP: 00007ff9fbe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 100.708459][ T8865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.710896][ T8865] R13: 0000000000000000 R14: 00007ff9fbfb6080 R15: 00007fffa6a7fe68 [ 100.713331][ T8865] [ 100.714994][ T8865] Kernel Offset: disabled [ 100.716395][ T8865] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:52:22 Registers: info registers vcpu 0 CPU#0 RAX=0000000080000101 RBX=0000000000000000 RCX=000000007f1fed10 RDX=0000000000000000 RSI=ffffffff8de0d055 RDI=ffffffff8c158f60 RBP=0000000000000002 RSP=ffffc90000006c40 R8 =03813abc02fcf7df R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8b88341d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6716000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0e0578bf98 CR3=0000000035c2b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04a11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04a11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04a11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04a11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04a11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04a11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04b85488 00007f0e04b85480 00007f0e04b85478 00007f0e04b85450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e056ed100 00007f0e04b85440 00007f0e04b85458 00007f0e04b854a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0e04b85498 00007f0e04b85490 00007f0e04b85488 00007f0e04b85480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8de01d534f13c890 2e1078f448644ada e7bd87b0019e32e6 1288ba6e345e2f0a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4db3738589bad9c2 d3632ac0e1fff829 f235ac3008d4d10c c0bfb1a5caa970d4 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f4772f7d8dec6feb 0000000000000000 0000000000000000 6c739dbd22dd8129 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 baed2b41a2135a78 9f09903afd15170c ed0c4c5402a2155b f3f6f44c8de01d53 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f13c8902e1078f4 48644adae7bd87b0 019e32e61288ba6e 345e2f0a241bcefb ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffff88806a533228 RCX=ffffffff8a649644 RDX=0000000000000000 RSI=ffffffff8c158ee0 RDI=ffffffff8df40da8 RBP=0000000000000001 RSP=ffffc9000069fd08 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000004 R13=ffff88802a572080 R14=0000000000000000 R15=0000000000000001 RIP=ffffffff81a16f30 RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000555569b1b500 ffffffff 00c00000 GS =0000 ffff8880d6816000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f51e5885f98 CR3=000000002c8a1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555569b2e730 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555569b4af7b 0000555569b48500 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555569b38008 0000555569b37ca0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9830100004800401 0000040806060177 9200100004a00300 1000049003000800 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2e01ffffffffff ffffffef08018003 02e0100002800401 00080007000c0008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 736e6172741e0800 0300703901ffffff fffffffffff9082e 80030030656c6966 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50033d6f6e646677 2c0e084203010000 000ca4061e033d6f 6e6466722c64663d ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0102808010000fff ffffffffff040680 0401c71000080142 f60030656c69662f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e01ffffffffffff ffffef0806800300 040010002e800401 80040010000a0141 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d8010000040ca406 50033d6f6e646677 2c0e084203010000 000ca4061e033d6f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e6466722c64663d 736e6172741e0800 0300703901ffffff fffffffffff9082e ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bc395 RDI=ffffffff9b0c42a0 RBP=ffffffff9b0c4260 RSP=ffffc900260b74e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0c4260 R15=ffffffff855bc330 RIP=ffffffff855bc3bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff9fcc7e6c0 ffffffff 00c00000 GS =0000 ffff8880d6916000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2a170e CR3=000000004960d000 CR4=00352ef0 DR0=000003fffffffffe DR1=0000000000000ddb DR2=0000000000000006 DR3=0000000000000006 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbe11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbe11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbe11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbe11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbe11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbe11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbf85488 00007ff9fbf85480 00007ff9fbf85478 00007ff9fbf85450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fcaed100 00007ff9fbf85440 00007ff9fbf85458 00007ff9fbf854a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff9fbf85498 00007ff9fbf85490 00007ff9fbf85488 00007ff9fbf85480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 31dd1ffc68a03109 a6ec445c288dec41 33e1b6600a7a4197 5187f81680ac1248 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fab75b97ee6c6da4 24d78657e7c9c3a0 62fcd9e26d842050 77d5f83ab4342d40 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 31dd1ffc68a03109 a6ec445c288dec41 33e1b6600a7a4197 5187f81680ac1248 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 836ee70ffacbffcf 2ba9814b2e913e7c a1e9d449ac457ec6 f33bd650c8a0f5d4 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c6e0ca6f00e69905 7ed2797fcc1a1919 93229ef1c13e6e1c 57a4e093a9beccd9 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000056758 RCX=ffffffff822e9888 RDX=ffff888022dd0000 RSI=ffffffff822e9897 RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc900006f7ae8 R8 =0000000000000005 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=ffff88801e604b80 R13=0000000000000001 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff81bbf718 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a16000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fdb07182e9c CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000020000002 Opmask01=0000000000000001 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb074f28f0 00007fdb074f2310 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb074b3050 00007fdb074b20c0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb074b3580 00007fdb074b2b20 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb071b50c0 00007fdb074b3ab0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb074f1da0 00007fdb074b25f0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb071b56b0 00007fdb071b50c0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb074b3ab0 00007fdb074b3580 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdb074b2b20 00007fdb074b3050 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e75006465696669 63657073206e6f69 74706f20676e6f6c 207974706d65000a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6262653235653263 38672d3335303030 2d72656c6c616b7a 79732d3563722d30 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2738386562626532 3565326338672d33 353030302d72656c 6c616b7a79732d35 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 63722d302e36312e 3627206f74207972 6f74636572696420 65676e6168632074 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000