last executing test programs: 36.842889016s ago: executing program 1 (id=1322): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x400000004a882, 0x0) r1 = dup(r0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) (async) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e20, 0x5, @empty, 0x3}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='tunl0\x00', 0x10) (async) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4) (async) read$snddsp(r1, &(0x7f0000000000)=""/57, 0x39) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 36.8422999s ago: executing program 1 (id=1324): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000dc0)=ANY=[@ANYBLOB="180000000100ffff00000000f800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_khugepaged_scan_pmd\x00', r1}, 0x18) mlock(&(0x7f0000400000/0xc00000)=nil, 0xc00000) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x1c, 0x52, 0x1, 0x0, 0x4, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @binary="feffffff"}]}, 0x1c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 36.702150049s ago: executing program 1 (id=1326): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {@in=@rand_addr=0x64010101, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xaf}}, 0xf0}}, 0x0) 36.260346238s ago: executing program 1 (id=1327): r0 = syz_open_dev$dri(&(0x7f0000002580), 0x200, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="640000001800010000000000000000000a9e"], 0x64}}, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, 0x0, 0x0) set_robust_list(&(0x7f0000000600)={0x0, 0x8000000000000000}, 0x18) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000100)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14) recvmmsg(r3, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000001580)=[{}, {&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001640)=""/206, 0xce}, {&(0x7f0000001240)=""/249, 0xf9}, {&(0x7f0000001340)=""/240, 0xf0}, {&(0x7f0000001440)=""/112, 0x70}, {&(0x7f00000014c0)=""/140, 0x8c}], 0x8, &(0x7f00000000c0)=""/46, 0x2e, 0x1f}, 0x8}], 0x32, 0x10122, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000026c0)={0x0, &(0x7f0000002600)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000001180)={&(0x7f0000001140)=[0x0, 0x0, 0x0], 0x3, r4, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000200)={0x0, 0x0, r4, r5, 0x0, 0x0, 0x80000001, 0x0, {0x100000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x80, 0x0, 0x0, 0xb2, 0x3fd, 0x0, 0x0, 0x0, "427f4d05618664ecb7f9ed7667675bc32afc7ebbfea1deee1e26520cc38c6a00"}}) 36.259152902s ago: executing program 1 (id=1328): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0/file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000140)={&(0x7f0000000600)=""/4096, 0x1000}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) setpgid(r0, r1) 36.258931761s ago: executing program 1 (id=1329): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0x7) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xa) 21.625502225s ago: executing program 32 (id=1329): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0x7) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xa) 1.060352988s ago: executing program 4 (id=2293): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x8000000000000}, 0x18) r2 = io_uring_setup(0x1fb8, &(0x7f0000000540)={0x0, 0x1ae0, 0x400, 0x0, 0xea}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000940)=[{0x0}], 0x1) syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46) io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, &(0x7f0000000000)=[r2], 0x1) 1.060043785s ago: executing program 4 (id=2295): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x4, 0x5, 0x7, 0x4, 0xf, "03f37fe99f4da288"}) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000000)=0x8001) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000540), &(0x7f0000000580)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, 0x0) 1.059973328s ago: executing program 0 (id=2296): unshare(0x22020400) r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x202280, 0x0) process_madvise(r0, 0x0, 0x0, 0xf, 0x0) 1.059903975s ago: executing program 4 (id=2297): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x0, 0x4000}, 0xc) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r0, &(0x7f0000000180), 0x0) 1.058267631s ago: executing program 0 (id=2298): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d85000000070000008500000023"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) sigaltstack(0x0, &(0x7f0000000540)={0x0}) 992.788536ms ago: executing program 0 (id=2299): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0x10000008, 0x0, 0xffffffff}, 0x1c) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000140)=@req3={0xfffffff9, 0xc, 0x81, 0x3, 0x10000, 0x200, 0x4}, 0x1c) 992.346617ms ago: executing program 4 (id=2300): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x2, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) 943.155458ms ago: executing program 0 (id=2301): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000590000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r2}, 0x18) r3 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r3, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 942.898572ms ago: executing program 0 (id=2302): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 892.386463ms ago: executing program 0 (id=2303): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$cdc_ecm(0x5, 0x1d3, &(0x7f00000011c0)=ANY=[@ANYBLOB="1201000202"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001180)=ANY=[@ANYBLOB="4c00000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00a3000000000000240012800b0001006d6163736563000014000280050009000100000005000d"], 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) 792.547444ms ago: executing program 4 (id=2304): openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x25, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x20000890) 673.086364ms ago: executing program 4 (id=2305): creat(0x0, 0x48) mount(0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x77359400}, 0x0) 302.433092ms ago: executing program 2 (id=2319): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={&(0x7f0000000680)={0xe8, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x13b}, {0x6, 0x11, 0x9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x28d}, {0x6, 0x11, 0x1a0}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0xff}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9b1}, {0x6, 0x11, 0x9cb}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x800}, 0x6008005) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0xf) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@multicast1, @private}, &(0x7f0000000040)=0xc) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', 0x0}) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r6, &(0x7f00000005c0), 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10) sendmsg$can_raw(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)={&(0x7f000000a000)=@canfd={{0x5}, 0x2, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000094e2f9663a918fa1efd9b0b"}, 0x38}, 0x2}, 0x24000895) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0x101500, 0x104) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r3, r5, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x303}}, 0x30) r8 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) 223.117193ms ago: executing program 2 (id=2320): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x2, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) 162.768525ms ago: executing program 3 (id=2325): sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x34}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x21c, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x208, 0x1, [@m_ife={0x84, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x8, 0x1ff, 0x5}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}]}, {0x31, 0x6, "ea24464decc1b2772ce0e9d802b5374a8d6638c9f5d62d73097ad328a4154dd4046c261a61dc99ee70038b3509"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0xc8, 0x14, 0x0, 0x0, {{0x9}, {0x4}, {0x99, 0x6, "576458eea52fd27eec92e713a172e757e1f62fe8475fa8817d9bd39d398251801f64d9b8e312b47b111ff094a2f452e1fd749b169123625c664a63e06baa8402c6b5fe34fbffaf329e5589fe1d00f704d8d13b0100000081ec7a1e9e21427be570631961812505684e260d3f73821a372961e6acf9f73f3ab3a6d19010c501877fc1473ff3fe388a502702c7e7d4eb99cd479f52be"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_bpf={0x8c, 0x5, 0x0, 0x0, {{0x8}, {0x64, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x4, 0x3, 0x87f7, 0x4}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0xd, 0x6, 0x3, 0x7fb}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x408, 0x6, 0x5, 0x5, 0x69e}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ct={0x2c, 0x1a, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xc3}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 102.999097ms ago: executing program 3 (id=2326): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) r3 = dup(r1) write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 102.838982ms ago: executing program 3 (id=2327): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x0, 0x4000}, 0xc) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r0, &(0x7f0000000180)=[{0x0}], 0x1) 102.387686ms ago: executing program 2 (id=2328): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154"], 0x0}, 0x94) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.050492ms ago: executing program 2 (id=2329): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01032abd7000fddbdf25050000000e0001006e657464657673696d0000000f0002006e65742cf897646576bdd8"], 0x34}, 0x1, 0x0, 0x0, 0x40014}, 0x0) 817.386µs ago: executing program 3 (id=2330): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x40}}, 0x0) 635.037µs ago: executing program 2 (id=2331): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r2}, 0x18) r3 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r3, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 531.733µs ago: executing program 3 (id=2332): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) 103.079µs ago: executing program 2 (id=2333): bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r2, &(0x7f0000000440)={@val, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x11}}], 0x1, 0x24008094) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x101}, 0x1c) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x3b) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x18) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20) r7 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'macvtap0\x00', 0x0}) setsockopt$inet6_mreq(r7, 0x29, 0x14, &(0x7f0000000000)={@mcast2, r8}, 0x14) r9 = socket$inet6(0xa, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66) setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, &(0x7f0000000080)='veth0_virt_wifi\x00', 0x10) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r8, {0xfffd, 0x10}, {0x1, 0xfff1}, {0xfff2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x14004804}, 0x840) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r4}, 0x8) 0s ago: executing program 3 (id=2334): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000601, 0x0, 0x0) kernel console output (not intermixed with test programs): [ T34] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 92.121261][ T34] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 92.124161][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.127450][ T34] usb 6-1: config 0 descriptor?? [ 92.129517][ T9017] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 92.133062][ T34] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 92.256418][ T29] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 92.321174][ T9051] binder: BINDER_SET_CONTEXT_MGR already set [ 92.323182][ T9051] binder: 9049:9051 ioctl 4018620d 2000000000c0 returned -16 [ 92.326397][ T9050] binder: 9049:9050 unknown command 333184546 [ 92.326409][ T9051] binder: 9049:9051 unknown command 333184546 [ 92.328492][ T9050] binder: 9049:9050 ioctl c0306201 200000000080 returned -22 [ 92.332900][ T9051] binder: 9049:9051 ioctl c0306201 200000000080 returned -22 [ 92.418103][ T29] usb 5-1: config index 0 descriptor too short (expected 9, got 0) [ 92.421399][ T29] usb 5-1: can't read configurations, error -22 [ 92.423902][ T29] usb usb5-port1: attempt power cycle [ 92.667516][ T9065] netlink: 'syz.3.921': attribute type 1 has an invalid length. [ 92.766406][ T29] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 92.790339][ T29] usb 5-1: config index 0 descriptor too short (expected 9, got 0) [ 92.791298][ T9070] netlink: 'syz.3.923': attribute type 17 has an invalid length. [ 92.793847][ T29] usb 5-1: can't read configurations, error -22 [ 92.798652][ T9070] macvtap0: entered allmulticast mode [ 92.800516][ T9070] veth0_macvtap: entered allmulticast mode [ 92.802982][ T9070] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check. [ 92.867904][ T9072] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5122 sclass=netlink_route_socket pid=9072 comm=syz.3.924 [ 92.916911][ T29] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 92.939033][ T29] usb 5-1: config index 0 descriptor too short (expected 9, got 0) [ 92.941483][ T29] usb 5-1: can't read configurations, error -22 [ 92.943560][ T29] usb usb5-port1: unable to enumerate USB device [ 93.311190][ T9107] comedi: valid board names for 8255 driver are: [ 93.313678][ T9107] 8255 [ 93.314940][ T9107] comedi: valid board names for vmk80xx driver are: [ 93.317413][ T9107] vmk80xx [ 93.318527][ T9107] comedi: valid board names for usbduxsigma driver are: [ 93.320889][ T9107] usbduxsigma [ 93.322246][ T9107] comedi: valid board names for usbduxfast driver are: [ 93.324967][ T9107] usbduxfast [ 93.326371][ T9107] comedi: valid board names for usbdux driver are: [ 93.328731][ T9107] usbdux [ 93.329717][ T9107] comedi: valid board names for ni6501 driver are: [ 93.331847][ T9107] ni6501 [ 93.332828][ T9107] comedi: valid board names for dt9812 driver are: [ 93.334964][ T9107] dt9812 [ 93.335944][ T9107] comedi: valid board names for ni_labpc_cs driver are: [ 93.338695][ T9107] ni_labpc_cs [ 93.340142][ T9107] comedi: valid board names for ni_daq_700 driver are: [ 93.343040][ T9107] ni_daq_700 [ 93.344565][ T9107] comedi: valid board names for labpc_pci driver are: [ 93.347179][ T9107] labpc_pci [ 93.348363][ T9107] comedi: valid board names for adl_pci9118 driver are: [ 93.350809][ T9107] pci9118dg [ 93.351950][ T9107] pci9118hg [ 93.353061][ T9107] pci9118hr [ 93.354214][ T9107] comedi: valid board names for 8255_pci driver are: [ 93.356522][ T9107] 8255_pci [ 93.357862][ T9107] comedi: valid board names for s526 driver are: [ 93.360248][ T9107] s526 [ 93.361225][ T9107] comedi: valid board names for multiq3 driver are: [ 93.363457][ T9107] multiq3 [ 93.364548][ T9107] comedi: valid board names for pcmuio driver are: [ 93.366731][ T9107] pcmuio48 [ 93.367837][ T9107] pcmuio96 [ 93.368913][ T9107] comedi: valid board names for pcmmio driver are: [ 93.371194][ T9107] pcmmio [ 93.372224][ T9107] comedi: valid board names for pcmda12 driver are: [ 93.374530][ T9107] pcmda12 [ 93.375922][ T9107] comedi: valid board names for pcmad driver are: [ 93.379030][ T9107] pcmad12 [ 93.380447][ T9107] pcmad16 [ 93.381850][ T9107] comedi: valid board names for ni_labpc driver are: [ 93.384529][ T9107] lab-pc-1200 [ 93.385665][ T9107] lab-pc-1200ai [ 93.386968][ T9107] lab-pc+ [ 93.388007][ T9107] comedi: valid board names for atmio16 driver are: [ 93.390603][ T9107] atmio16 [ 93.391862][ T9107] atmio16d [ 93.392917][ T9107] comedi: valid board names for ni_at_ao driver are: [ 93.395298][ T9107] at-ao-6 [ 93.396773][ T9107] at-ao-10 [ 93.398181][ T9107] comedi: valid board names for ni_at_a2150 driver are: [ 93.400858][ T9107] ni_at_a2150 [ 93.402054][ T9107] comedi: valid board names for adq12b driver are: [ 93.404174][ T9107] adq12b [ 93.405184][ T9107] comedi: valid board names for mpc624 driver are: [ 93.407844][ T9107] mpc624 [ 93.409129][ T9107] comedi: valid board names for c6xdigio driver are: [ 93.411407][ T9107] c6xdigio [ 93.412489][ T9107] comedi: valid board names for aio_iiro_16 driver are: [ 93.414774][ T9107] aio_iiro_16 [ 93.415943][ T9107] comedi: valid board names for aio_aio12_8 driver are: [ 93.418664][ T9107] aio_aio12_8 [ 93.420171][ T9107] aio_ai12_8 [ 93.421719][ T9107] aio_ao12_4 [ 93.423234][ T9107] comedi: valid board names for fl512 driver are: [ 93.425980][ T9107] fl512 [ 93.427302][ T9107] comedi: valid board names for dmm32at driver are: [ 93.430095][ T9107] dmm32at [ 93.431520][ T9107] comedi: valid board names for dt282x driver are: [ 93.434318][ T9107] dt2821 [ 93.435639][ T9107] dt2821-f [ 93.437132][ T9107] dt2821-g [ 93.438562][ T9107] dt2823 [ 93.439867][ T9107] dt2824-pgh [ 93.441336][ T9107] dt2824-pgl [ 93.442795][ T9107] dt2825 [ 93.444159][ T9107] dt2827 [ 93.445455][ T9107] dt2828 [ 93.446634][ T9107] dt2829 [ 93.447878][ T9107] dt21-ez [ 93.449279][ T9107] dt23-ez [ 93.450700][ T9107] dt24-ez [ 93.451839][ T9107] dt24-ez-pgl [ 93.453137][ T9107] comedi: valid board names for dt2817 driver are: [ 93.455368][ T9107] dt2817 [ 93.456482][ T9107] comedi: valid board names for dt2815 driver are: [ 93.458680][ T9107] dt2815 [ 93.459685][ T9107] comedi: valid board names for dt2814 driver are: [ 93.461787][ T9107] dt2814 [ 93.462800][ T9107] comedi: valid board names for dt2811 driver are: [ 93.465156][ T9107] dt2811-pgh [ 93.466790][ T9107] dt2811-pgl [ 93.468278][ T9107] comedi: valid board names for dt2801 driver are: [ 93.470541][ T9107] dt2801 [ 93.471859][ T9107] comedi: valid board names for das6402 driver are: [ 93.474585][ T9107] das6402-12 [ 93.475903][ T9107] das6402-16 [ 93.477321][ T9107] comedi: valid board names for das1800 driver are: [ 93.480012][ T9107] das-1701st [ 93.481164][ T9107] das-1701st-da [ 93.482401][ T9107] das-1702st [ 93.483558][ T9107] das-1702st-da [ 93.484821][ T9107] das-1702hr [ 93.485982][ T9107] das-1702hr-da [ 93.487384][ T9107] das-1701ao [ 93.488820][ T9107] das-1702ao [ 93.490131][ T9107] das-1801st [ 93.491281][ T9107] das-1801st-da [ 93.492583][ T9107] das-1802st [ 93.493689][ T9107] das-1802st-da [ 93.494878][ T9107] das-1802hr [ 93.496178][ T9107] das-1802hr-da [ 93.497403][ T9107] das-1801hc [ 93.498643][ T9107] das-1802hc [ 93.499986][ T9107] das-1801ao [ 93.501389][ T9107] das-1802ao [ 93.502776][ T9107] comedi: valid board names for das800 driver are: [ 93.505311][ T9107] das-800 [ 93.506492][ T9107] cio-das800 [ 93.507623][ T9107] das-801 [ 93.508648][ T9107] cio-das801 [ 93.509868][ T9107] das-802 [ 93.510883][ T9107] cio-das802 [ 93.512002][ T9107] cio-das802/16 [ 93.513201][ T9107] comedi: valid board names for isa-das08 driver are: [ 93.515418][ T9107] isa-das08 [ 93.516534][ T9107] das08-pgm [ 93.517620][ T9107] das08-pgh [ 93.518717][ T9107] das08-pgl [ 93.519797][ T9107] das08-aoh [ 93.520883][ T9107] das08-aol [ 93.522173][ T9107] das08-aom [ 93.523277][ T9107] das08/jr-ao [ 93.524447][ T9107] das08jr-16-ao [ 93.525619][ T9107] pc104-das08 [ 93.526813][ T9107] das08jr/16 [ 93.527922][ T9107] comedi: valid board names for das16m1 driver are: [ 93.530037][ T9107] das16m1 [ 93.531132][ T9107] comedi: valid board names for dac02 driver are: [ 93.533265][ T9107] dac02 [ 93.534374][ T9107] comedi: valid board names for rti802 driver are: [ 93.536666][ T9107] rti802 [ 93.537992][ T9107] comedi: valid board names for rti800 driver are: [ 93.540491][ T9107] rti800 [ 93.541486][ T9107] rti815 [ 93.542521][ T9107] comedi: valid board names for pcm3724 driver are: [ 93.544653][ T9107] pcm3724 [ 93.545690][ T9107] comedi: valid board names for pcl818 driver are: [ 93.547923][ T9107] pcl818l [ 93.548961][ T9107] pcl818h [ 93.550012][ T9107] pcl818hd [ 93.551080][ T9107] pcl818hg [ 93.552134][ T9107] pcl818 [ 93.553219][ T9107] pcl718 [ 93.554257][ T9107] pcm3718 [ 93.555294][ T9107] comedi: valid board names for pcl816 driver are: [ 93.557408][ T9107] pcl816 [ 93.558523][ T9107] pcl814b [ 93.559609][ T9107] comedi: valid board names for pcl812 driver are: [ 93.561722][ T9107] pcl812 [ 93.562723][ T9107] pcl812pg [ 93.563795][ T9107] acl8112pg [ 93.564922][ T9107] acl8112dg [ 93.566015][ T9107] acl8112hg [ 93.567151][ T9107] a821pgl [ 93.568227][ T9107] a821pglnda [ 93.569501][ T9107] a821pgh [ 93.570671][ T9107] a822pgl [ 93.571644][ T9107] a822pgh [ 93.572644][ T9107] a823pgl [ 93.573654][ T9107] a823pgh [ 93.574751][ T9107] pcl813 [ 93.575783][ T9107] pcl813b [ 93.576939][ T9107] acl8113 [ 93.578017][ T9107] iso813 [ 93.579012][ T9107] acl8216 [ 93.580000][ T9107] a826pg [ 93.580977][ T9107] comedi: valid board names for pcl730 driver are: [ 93.583047][ T9107] pcl730 [ 93.584070][ T9107] iso730 [ 93.585038][ T9107] acl7130 [ 93.586164][ T9107] pcm3730 [ 93.587235][ T9107] pcl725 [ 93.588215][ T9107] p8r8dio [ 93.589250][ T9107] acl7225b [ 93.590327][ T9107] p16r16dio [ 93.591420][ T9107] pcl733 [ 93.592409][ T9107] pcl734 [ 93.593396][ T9107] opmm-1616-xt [ 93.594620][ T9107] pearl-mm-p [ 93.595809][ T9107] ir104-pbf [ 93.597172][ T9107] comedi: valid board names for pcl726 driver are: [ 93.599566][ T9107] pcl726 [ 93.600681][ T9107] pcl727 [ 93.601949][ T9107] pcl728 [ 93.603139][ T9107] acl6126 [ 93.604325][ T9107] acl6128 [ 93.605354][ T9107] comedi: valid board names for pcl724 driver are: [ 93.607550][ T9107] pcl724 [ 93.608553][ T9107] pcl722 [ 93.609585][ T9107] pcl731 [ 93.610831][ T9107] acl7122 [ 93.612048][ T9107] acl7124 [ 93.613081][ T9107] pet48dio [ 93.614177][ T9107] pcmio48 [ 93.615211][ T9107] onyx-mm-dio [ 93.616419][ T9107] comedi: valid board names for pcl711 driver are: [ 93.618518][ T9107] pcl711 [ 93.619476][ T9107] pcl711b [ 93.620492][ T9107] acl8112hg [ 93.621693][ T9107] acl8112dg [ 93.622792][ T9107] comedi: valid board names for amplc_pc263 driver are: [ 93.624946][ T9107] pc263 [ 93.625886][ T9107] comedi: valid board names for amplc_pc236 driver are: [ 93.628173][ T9107] pc36at [ 93.629123][ T9107] comedi: valid board names for amplc_dio200 driver are: [ 93.631513][ T9107] pc212e [ 93.632605][ T9107] pc214e [ 93.633671][ T9107] pc215e [ 93.634754][ T9107] pc218e [ 93.635888][ T9107] pc272e [ 93.637153][ T9107] comedi: valid board names for comedi_parport driver are: [ 93.639787][ T9107] comedi_parport [ 93.641172][ T9107] comedi: valid board names for comedi_test driver are: [ 93.643653][ T9107] comedi_test [ 93.645127][ T9107] comedi: valid board names for comedi_bond driver are: [ 93.647982][ T9107] comedi_bond [ 93.812223][ T9121] GUP no longer grows the stack in syz.3.939 (9121): 200000007000-20000000a000 (200000004000) [ 93.815706][ T9121] CPU: 0 UID: 0 PID: 9121 Comm: syz.3.939 Not tainted syzkaller #0 PREEMPT(full) [ 93.815722][ T9121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.815728][ T9121] Call Trace: [ 93.815732][ T9121] [ 93.815736][ T9121] dump_stack_lvl+0x16c/0x1f0 [ 93.815771][ T9121] gup_vma_lookup+0x1d2/0x220 [ 93.815802][ T9121] __get_user_pages+0x243/0x34a0 [ 93.815819][ T9121] ? xsk_setsockopt+0x6db/0x9a0 [ 93.815833][ T9121] ? do_sock_setsockopt+0xf3/0x1d0 [ 93.815847][ T9121] ? __sys_setsockopt+0x1a0/0x230 [ 93.815856][ T9121] ? __x64_sys_setsockopt+0xbd/0x160 [ 93.815866][ T9121] ? __pfx___get_user_pages+0x10/0x10 [ 93.815882][ T9121] __gup_longterm_locked+0x2dd/0x17e0 [ 93.815897][ T9121] ? __pfx___gup_longterm_locked+0x10/0x10 [ 93.815913][ T9121] ? rcu_is_watching+0x12/0xc0 [ 93.815927][ T9121] ? lock_acquire+0x2cd/0x350 [ 93.815944][ T9121] pin_user_pages+0x13c/0x160 [ 93.815958][ T9121] ? __pfx_pin_user_pages+0x10/0x10 [ 93.815973][ T9121] ? xdp_umem_create+0x652/0x1270 [ 93.815990][ T9121] xdp_umem_create+0x73c/0x1270 [ 93.816007][ T9121] xsk_setsockopt+0x6db/0x9a0 [ 93.816022][ T9121] ? __pfx_xsk_setsockopt+0x10/0x10 [ 93.816037][ T9121] ? __fget_files+0x204/0x3c0 [ 93.816049][ T9121] ? selinux_socket_setsockopt+0x6a/0x80 [ 93.816064][ T9121] ? __pfx_xsk_setsockopt+0x10/0x10 [ 93.816078][ T9121] do_sock_setsockopt+0xf3/0x1d0 [ 93.816091][ T9121] __sys_setsockopt+0x1a0/0x230 [ 93.816102][ T9121] __x64_sys_setsockopt+0xbd/0x160 [ 93.816111][ T9121] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 93.816125][ T9121] do_syscall_64+0xcd/0x4c0 [ 93.816137][ T9121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.816148][ T9121] RIP: 0033:0x7fd96b98ebe9 [ 93.816157][ T9121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.816168][ T9121] RSP: 002b:00007fd969bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.816184][ T9121] RAX: ffffffffffffffda RBX: 00007fd96bbb5fa0 RCX: 00007fd96b98ebe9 [ 93.816191][ T9121] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 93.816197][ T9121] RBP: 00007fd96ba11e19 R08: 0000000000000020 R09: 0000000000000000 [ 93.816204][ T9121] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 93.816210][ T9121] R13: 00007fd96bbb6038 R14: 00007fd96bbb5fa0 R15: 00007ffec28566a8 [ 93.816219][ T9121] [ 93.827525][ C1] vxcan0: j1939_tp_rxtimer: 0xffff8880323ca000: rx timeout, send abort [ 93.829242][ T9124] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 93.887921][ T9126] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 93.979091][ T9131] geneve2: entered promiscuous mode [ 93.981654][ T9131] geneve2: entered allmulticast mode [ 94.150506][ T9136] __nla_validate_parse: 11 callbacks suppressed [ 94.150525][ T9136] netlink: 12 bytes leftover after parsing attributes in process `syz.3.944'. [ 94.168642][ T9140] kvm: MWAIT instruction emulated as NOP! [ 94.219223][ T9147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.221911][ T9147] batadv_slave_0: entered promiscuous mode [ 94.269866][ T9153] smc: net device bond0 erased user defined pnetid SYZ0 [ 94.288181][ T9153] devpts: Bad value for 'max' [ 94.288843][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 94.288857][ T40] audit: type=1400 audit(1755572641.844:837): avc: denied { remount } for pid=9152 comm="syz.3.950" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 94.330018][ C1] vxcan0: j1939_tp_rxtimer: 0xffff8880323ca000: abort rx timeout. Force session deactivation [ 94.415575][ T9157] netlink: 48 bytes leftover after parsing attributes in process `syz.3.952'. [ 94.447526][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.2.954'. [ 94.450455][ T9164] netlink: 12 bytes leftover after parsing attributes in process `syz.2.954'. [ 94.493838][ T9166] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9166 comm=syz.3.955 [ 94.616103][ T9179] netlink: 16 bytes leftover after parsing attributes in process `syz.3.959'. [ 94.635319][ T40] audit: type=1400 audit(1755572642.184:838): avc: denied { execute } for pid=9178 comm="syz.3.959" path="/dev/snd/seq" dev="devtmpfs" ino=1311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 94.690901][ T6029] usb 6-1: USB disconnect, device number 10 [ 94.790827][ T40] audit: type=1400 audit(1755572642.344:839): avc: denied { getopt } for pid=9196 comm="syz.0.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 94.835457][ T40] audit: type=1400 audit(1755572642.384:840): avc: denied { read } for pid=9199 comm="syz.0.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 94.842449][ T40] audit: type=1400 audit(1755572642.394:841): avc: denied { ioctl } for pid=9199 comm="syz.0.965" path="net:[4026532889]" dev="nsfs" ino=4026532889 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 94.908989][ T5330] Bluetooth: hci1: unexpected event for opcode 0x0419 [ 95.130601][ T40] audit: type=1400 audit(1755572642.684:842): avc: denied { getattr } for pid=9219 comm="syz.2.971" name="/" dev="9p" ino=35913850 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 95.131166][ T9221] overlayfs: workdir and upperdir must reside under the same mount [ 95.742240][ T9229] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 95.902599][ T9237] netlink: 'syz.0.977': attribute type 2 has an invalid length. [ 95.906513][ T9237] netlink: 'syz.0.977': attribute type 1 has an invalid length. [ 95.909003][ T9237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.977'. [ 96.005641][ T9241] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 96.039467][ T9244] No source specified [ 96.381857][ T9272] netlink: 16 bytes leftover after parsing attributes in process `syz.2.987'. [ 96.432701][ T9278] No source specified [ 96.477959][ T40] audit: type=1400 audit(1755572644.034:843): avc: denied { getopt } for pid=9282 comm="syz.2.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 96.480236][ T9283] netlink: 'syz.2.991': attribute type 10 has an invalid length. [ 96.487541][ T9283] netlink: 2 bytes leftover after parsing attributes in process `syz.2.991'. [ 96.490314][ T9283] team0: entered promiscuous mode [ 96.492055][ T9283] bridge0: port 1(team0) entered blocking state [ 96.494147][ T9283] bridge0: port 1(team0) entered disabled state [ 96.496199][ T9283] team0: entered allmulticast mode [ 96.548688][ T9291] netlink: 'syz.0.994': attribute type 1 has an invalid length. [ 96.549308][ T9292] program syz.2.993 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 96.569700][ T40] audit: type=1400 audit(1755572644.124:844): avc: denied { create } for pid=9293 comm="syz.2.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 96.570387][ T9295] netlink: 28 bytes leftover after parsing attributes in process `syz.2.996'. [ 96.576309][ T40] audit: type=1400 audit(1755572644.124:845): avc: denied { write } for pid=9293 comm="syz.2.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 96.712966][ T9310] No source specified [ 96.797561][ T9328] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9328 comm=syz.1.1003 [ 96.864530][ T9334] netlink: 'syz.2.1009': attribute type 1 has an invalid length. [ 96.867878][ T9334] netlink: 'syz.2.1009': attribute type 5 has an invalid length. [ 96.914528][ T9338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1011'. [ 96.963824][ T40] audit: type=1400 audit(1755572644.514:846): avc: denied { ioctl } for pid=9344 comm="syz.2.1013" path="/257/file0/file0" dev="fuse" ino=64 ioctlcmd=0x5415 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 97.027429][ T9353] wireguard0: entered promiscuous mode [ 97.029689][ T9353] wireguard0: entered allmulticast mode [ 97.056398][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 97.056444][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 97.087460][ T9359] 9pnet_fd: Insufficient options for proto=fd [ 97.119231][ T9366] random: crng reseeded on system resumption [ 97.181583][ T9373] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 97.199857][ T9377] kAFS: unparsable volume name [ 97.235717][ T9367] loop6: detected capacity change from 0 to 63 [ 97.248115][ T6323] buffer_io_error: 10 callbacks suppressed [ 97.248162][ T6323] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.265995][ T6323] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.276870][ T6323] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.279633][ T6323] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.287312][ T6323] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.655317][ T9395] netlink: 'syz.0.1028': attribute type 10 has an invalid length. [ 97.658022][ T9395] team0: entered promiscuous mode [ 97.659779][ T9395] bridge0: port 1(team0) entered blocking state [ 97.661977][ T9395] bridge0: port 1(team0) entered disabled state [ 97.664179][ T9395] team0: entered allmulticast mode [ 97.693379][ T9397] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=48422 sclass=netlink_xfrm_socket pid=9397 comm=syz.0.1029 [ 98.096357][ T5330] Bluetooth: hci1: command 0x0c1a tx timeout [ 98.283980][ T9409] loop9: detected capacity change from 0 to 7 [ 98.287254][ T6323] loop9: [ 98.288261][ T6323] loop9: partition table partially beyond EOD, truncated [ 98.292326][ T9409] loop9: [ 98.293629][ T9409] loop9: partition table partially beyond EOD, truncated [ 98.340534][ T9411] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9411 comm=syz.2.1033 [ 98.366605][ T9413] vxcan1: tx address claim with dest, not broadcast [ 98.506348][ T5330] Bluetooth: hci3: command 0x0c1a tx timeout [ 98.531599][ T9421] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 98.550180][ T9423] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 98.554528][ T1458] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 98.557791][ T1458] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 98.560219][ T1458] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 98.563913][ T1458] hid-generic 0003:0004:0000.0005: hidraw1: USB HID v0.00 Device [syz0] on syz1 [ 98.584945][ T9424] fido_id[9424]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 98.689738][ T9428] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 98.702189][ T9428] IPVS: Error connecting to the multicast addr [ 98.724279][ T9431] dvmrp1: entered allmulticast mode [ 98.741986][ T9434] netlink: 'syz.0.1043': attribute type 1 has an invalid length. [ 98.744731][ T9434] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 99.036336][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 99.196386][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 99.199818][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.202838][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.205842][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.209630][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.213820][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 99.216870][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.256405][ T13] vlan2: left promiscuous mode [ 99.296311][ T40] kauditd_printk_skb: 36238 callbacks suppressed [ 99.296323][ T40] audit: type=1326 audit(1755572646.844:37085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.307910][ T40] audit: type=1326 audit(1755572646.854:37086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.315031][ T40] audit: type=1326 audit(1755572646.854:37087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.321941][ T40] audit: type=1326 audit(1755572646.854:37088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.329215][ T40] audit: type=1326 audit(1755572646.854:37089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.336190][ T40] audit: type=1326 audit(1755572646.854:37090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.343232][ T40] audit: type=1326 audit(1755572646.854:37091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.350947][ T40] audit: type=1326 audit(1755572646.854:37092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.358145][ T40] audit: type=1326 audit(1755572646.854:37093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.365183][ T40] audit: type=1326 audit(1755572646.854:37094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9380 comm="syz.3.1023" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x50000 [ 99.422356][ T24] usb 5-1: GET_CAPABILITIES returned 0 [ 99.424098][ T24] usbtmc 5-1:16.0: can't read capabilities [ 99.626079][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.629203][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.632246][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.635112][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.638301][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.641076][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.643812][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.646795][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.649582][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.652371][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.655174][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.657960][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.661537][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.664385][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.667145][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 99.669902][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 99.696264][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 99.696350][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 99.727121][ T9446] __nla_validate_parse: 6 callbacks suppressed [ 99.727132][ T9446] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1045'. [ 100.244196][ T9459] tmpfs: Bad value for 'mpol' [ 100.573234][ T9478] lo: left promiscuous mode [ 100.577984][ T9478] syz_tun: left promiscuous mode [ 100.581566][ T9478] team0: left allmulticast mode [ 100.583635][ T9478] team_slave_1: left allmulticast mode [ 100.586638][ T9478] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.590157][ T9478] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 100.819247][ T9480] 9pnet_fd: p9_fd_create_tcp (9480): problem connecting socket to 127.0.0.1 [ 101.453402][ T9488] netlink: 'syz.3.1060': attribute type 30 has an invalid length. [ 101.801245][ T9506] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1065'. [ 101.805984][ T1458] usb 5-1: USB disconnect, device number 12 [ 101.808668][ T9504] block nbd1: shutting down sockets [ 101.899800][ T9523] syzkaller1: tun_chr_ioctl cmd 1074025678 [ 101.902259][ T9523] syzkaller1: group set to 32 [ 101.905944][ T9523] syzkaller1: entered promiscuous mode [ 101.908900][ T9523] syzkaller1: entered allmulticast mode [ 101.912073][ T46] syzkaller1: tun_net_xmit 70 [ 102.012062][ T9528] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 102.013093][ T9527] IPVS: stopping master sync thread 9528 ... [ 102.019183][ T9529] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 102.019235][ T9527] IPVS: stopping master sync thread 9529 ... [ 102.025632][ T9530] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 102.025747][ T9527] IPVS: stopping master sync thread 9530 ... [ 102.046267][ T9535] netlink: 'syz.0.1074': attribute type 23 has an invalid length. [ 102.078831][ T9532] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 102.086791][ T9532] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1073'. [ 102.118684][ T9544] Bluetooth: MGMT ver 1.23 [ 102.121260][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1077'. [ 102.124315][ T9544] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1077'. [ 102.162904][ T9549] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1079'. [ 102.232811][ T9554] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1081'. [ 102.237644][ T9554] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1081'. [ 102.349585][ T9561] usb usb8: usbfs: process 9561 (syz.2.1084) did not claim interface 0 before use [ 102.387769][ T9563] kAFS: unparsable volume name [ 102.444010][ T9574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1087'. [ 102.444720][ T9573] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1087'. [ 102.465348][ T9577] binder: BC_ACQUIRE_RESULT not supported [ 102.467567][ T9577] binder: 9576:9577 ioctl c0306201 2000000001c0 returned -22 [ 102.503525][ T9585] tipc: New replicast peer: 172.30.0.3 [ 102.505379][ T9585] tipc: Enabled bearer , priority 10 [ 102.524024][ T9588] openvswitch: netlink: IP tunnel dst address not specified [ 102.555858][ T9581] kvm: pic: non byte write [ 102.562637][ T9594] syzkaller0: entered promiscuous mode [ 102.564411][ T9594] syzkaller0: entered allmulticast mode [ 102.567145][ T9586] openvswitch: netlink: Key type 15632 is out of range max 32 [ 102.611413][ T9604] ieee802154 phy1 wpan1: encryption failed: -22 [ 102.689157][ T9608] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9608 comm=syz.3.1097 [ 102.856399][ T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 103.017856][ T24] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 103.020698][ T24] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 103.023779][ T24] usb 7-1: config 0 interface 0 has no altsetting 0 [ 103.027485][ T24] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 103.030600][ T24] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 103.033224][ T24] usb 7-1: Product: syz [ 103.034694][ T24] usb 7-1: Manufacturer: syz [ 103.036334][ T24] usb 7-1: SerialNumber: syz [ 103.040058][ T24] usb 7-1: config 0 descriptor?? [ 103.042806][ T24] hub 7-1:0.0: bad descriptor, ignoring hub [ 103.044773][ T24] hub 7-1:0.0: probe with driver hub failed with error -5 [ 103.048345][ T24] usb 7-1: selecting invalid altsetting 0 [ 103.256768][ T9615] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 103.301066][ T9615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 103.356487][ T1458] usb 7-1: USB disconnect, device number 7 [ 103.997064][ T24] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 103.997215][ T9634] overlayfs: missing 'lowerdir' [ 104.156462][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 104.159287][ T24] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 104.161629][ T24] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 104.165170][ T24] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 104.169057][ T24] usb 7-1: config 168 interface 0 altsetting 188 has an invalid descriptor for endpoint zero, skipping [ 104.172517][ T24] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 104.177049][ T24] usb 7-1: config 168 interface 0 has no altsetting 0 [ 104.180198][ T24] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 104.182598][ T24] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 104.186114][ T24] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 104.190161][ T24] usb 7-1: config 168 interface 0 altsetting 188 has an invalid descriptor for endpoint zero, skipping [ 104.193600][ T24] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 104.198142][ T24] usb 7-1: config 168 interface 0 has no altsetting 0 [ 104.201062][ T24] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 104.203446][ T24] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 104.207102][ T24] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 104.210985][ T24] usb 7-1: config 168 interface 0 altsetting 188 has an invalid descriptor for endpoint zero, skipping [ 104.215132][ T24] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 104.219717][ T24] usb 7-1: config 168 interface 0 has no altsetting 0 [ 104.224116][ T24] usb 7-1: string descriptor 0 read error: -22 [ 104.226136][ T24] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 104.229550][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.235006][ T24] adutux 7-1:168.0: interrupt endpoints not found [ 104.256333][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 104.256388][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 104.321852][ T9654] veth0: entered allmulticast mode [ 104.328345][ T40] kauditd_printk_skb: 15003 callbacks suppressed [ 104.328356][ T40] audit: type=1400 audit(1755572651.884:52098): avc: denied { ioctl } for pid=9655 comm="syz.0.1113" path="socket:[30320]" dev="sockfs" ino=30320 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 104.364528][ T9661] netlink: zone id is out of range [ 104.366573][ T9661] netlink: zone id is out of range [ 104.368344][ T9661] netlink: get zone limit has 8 unknown bytes [ 104.383780][ T40] audit: type=1400 audit(1755572651.934:52099): avc: denied { connect } for pid=9663 comm="syz.1.1116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 104.435111][ T29] usb 7-1: USB disconnect, device number 8 [ 104.506391][ T53] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 104.549308][ T9673] netlink: zone id is out of range [ 104.551136][ T9673] netlink: zone id is out of range [ 104.552823][ T9673] netlink: zone id is out of range [ 104.554675][ T9673] netlink: zone id is out of range [ 104.556354][ T9673] netlink: zone id is out of range [ 104.558085][ T9673] netlink: zone id is out of range [ 104.559769][ T9673] netlink: zone id is out of range [ 104.657677][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.661686][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.665253][ T53] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 104.668144][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.671718][ T53] usb 8-1: config 0 descriptor?? [ 105.076848][ T53] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 105.081461][ T53] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 105.090663][ T53] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:0D8C:0022.0006/input/input12 [ 105.099346][ T53] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 105.134590][ T40] audit: type=1400 audit(1755572652.684:52100): avc: denied { getopt } for pid=9682 comm="syz.2.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 105.234924][ T9697] netlink: 'syz.2.1126': attribute type 21 has an invalid length. [ 105.238451][ T9697] __nla_validate_parse: 6 callbacks suppressed [ 105.238460][ T9697] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1126'. [ 105.243228][ T9697] netlink: 'syz.2.1126': attribute type 6 has an invalid length. [ 105.245652][ T9697] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1126'. [ 105.277283][ T1458] usb 8-1: USB disconnect, device number 5 [ 105.329581][ T9704] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1127'. [ 105.370965][ T5330] Bluetooth: hci3: unexpected event for opcode 0x204e [ 105.465870][ T5330] Bluetooth: hci1: unexpected event for opcode 0x040e [ 105.481534][ T40] audit: type=1400 audit(1755572653.034:52101): avc: denied { execute } for pid=9718 comm="syz.0.1132" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=31870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 105.889139][ T9739] i2c i2c-1: Invalid block write size 34 [ 105.896412][ T6029] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 105.995711][ T9741] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1139'. [ 106.047051][ T6029] usb 5-1: Using ep0 maxpacket: 8 [ 106.049874][ T6029] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 106.052386][ T6029] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 106.055407][ T6029] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 106.058630][ T6029] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 106.062507][ T6029] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 106.065305][ T6029] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.070373][ T6029] usbtmc 5-1:16.0: bulk endpoints not found [ 106.247982][ T40] audit: type=1400 audit(1755572653.804:52102): avc: denied { ioctl } for pid=9761 comm="syz.3.1144" path="socket:[31895]" dev="sockfs" ino=31895 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 106.255287][ T9765] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached [ 106.259431][ T9765] comedi comedi3: Buffer allocation failed [ 106.496397][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 106.497768][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 106.526172][ T40] audit: type=1400 audit(1755572654.074:52103): avc: denied { getopt } for pid=9781 comm="syz.1.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 106.854340][ T9794] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1154'. [ 106.890214][ T40] audit: type=1400 audit(1755572654.444:52104): avc: denied { bind } for pid=9798 comm="syz.2.1156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 107.322991][ T40] audit: type=1400 audit(1755572654.874:52105): avc: denied { watch watch_reads } for pid=9825 comm="syz.3.1163" path="pipe:[2682]" dev="pipefs" ino=2682 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 107.325661][ T9826] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1163'. [ 107.335163][ T9826] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 107.353271][ T40] audit: type=1400 audit(1755572654.904:52106): avc: denied { setopt } for pid=9828 comm="syz.3.1164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 107.359988][ T40] audit: type=1400 audit(1755572654.904:52107): avc: denied { map } for pid=9828 comm="syz.3.1164" path="socket:[32860]" dev="sockfs" ino=32860 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 107.451065][ T9838] syz.3.1168: attempt to access beyond end of device [ 107.451065][ T9838] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0 [ 107.455096][ T9838] ADFS-fs (nbd3): error: unable to read block 3, try 0 [ 107.546925][ T9846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1170'. [ 107.552469][ T9846] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1170'. [ 107.707750][ T9852] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 107.729771][ T9854] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9854 comm=syz.3.1173 [ 107.734410][ T9854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1173'. [ 107.745292][ T9854] vlan2: entered allmulticast mode [ 107.747211][ T9854] bond2: entered allmulticast mode [ 107.998900][ T9864] geneve2: entered promiscuous mode [ 108.000659][ T9864] geneve2: entered allmulticast mode [ 108.003076][ T223] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.005897][ T223] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.009002][ T223] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.011791][ T223] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.041995][ T9870] gfs2: gfs2 mount does not exist [ 108.226021][ T9881] usb 5-1: USB disconnect, device number 13 [ 108.324698][ T9884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1183'. [ 108.346365][ T9886] 9pnet_fd: Insufficient options for proto=fd [ 109.146301][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 109.146314][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 109.377275][ T9923] program syz.0.1195 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.398464][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 109.398475][ T40] audit: type=1400 audit(1755572656.954:52115): avc: denied { ioctl } for pid=9925 comm="syz.0.1196" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 109.417741][ T9900] syz.3.1188 (9900): drop_caches: 1 [ 109.469879][ T9900] syz.3.1188 (9900): drop_caches: 1 [ 109.502993][ T40] audit: type=1400 audit(1755572657.054:52116): avc: denied { getopt } for pid=9932 comm="syz.0.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 109.723419][ T53] hid-generic 0362:07FF:7FFFFFFF.0007: item fetching failed at offset 0/2 [ 109.729971][ T53] hid-generic 0362:07FF:7FFFFFFF.0007: probe with driver hid-generic failed with error -22 [ 109.770756][ T9969] 9pnet: Could not find request transport: vi [ 110.074181][ T40] audit: type=1400 audit(1755572657.624:52117): avc: denied { write } for pid=9992 comm="syz.2.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 110.126622][ T53] usb 8-1: new low-speed USB device number 6 using dummy_hcd [ 110.267176][ T53] usb 8-1: device descriptor read/64, error -71 [ 110.506325][ T53] usb 8-1: new low-speed USB device number 7 using dummy_hcd [ 110.636959][ T53] usb 8-1: device descriptor read/64, error -71 [ 110.746479][ T53] usb usb8-port1: attempt power cycle [ 110.882069][ T9998] macvlan0: entered promiscuous mode [ 110.884631][ T9998] macvlan0: entered allmulticast mode [ 110.887159][ T9998] veth1_vlan: entered allmulticast mode [ 110.911684][ T40] audit: type=1400 audit(1755572658.464:52118): avc: denied { append } for pid=10000 comm="syz.0.1222" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 110.912025][T10001] random: crng reseeded on system resumption [ 110.925379][T10001] overlayfs: failed to resolve './file1': -2 [ 111.039646][T10016] __nla_validate_parse: 7 callbacks suppressed [ 111.039657][T10016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'. [ 111.044479][T10016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1228'. [ 111.048349][T10016] netlink: 'syz.2.1228': attribute type 20 has an invalid length. [ 111.053666][ T1236] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.054660][T10016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'. [ 111.056494][ T1236] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.056514][ T1236] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.056529][ T1236] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.068576][T10016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1228'. [ 111.071659][T10016] netlink: 'syz.2.1228': attribute type 20 has an invalid length. [ 111.086522][ T53] usb 8-1: new low-speed USB device number 8 using dummy_hcd [ 111.098121][T10018] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1229'. [ 111.106807][ T53] usb 8-1: device descriptor read/8, error -71 [ 111.115024][T10018] netlink: 'syz.2.1229': attribute type 11 has an invalid length. [ 111.117675][T10018] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1229'. [ 111.346368][ T53] usb 8-1: new low-speed USB device number 9 using dummy_hcd [ 111.367156][ T53] usb 8-1: device descriptor read/8, error -71 [ 111.466622][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 111.467077][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 111.477745][ T53] usb usb8-port1: unable to enumerate USB device [ 111.502145][T10027] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1232'. [ 111.505487][T10027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1232'. [ 111.512358][T10027] ksmbd: Unknown IPC event: 1, ignore. [ 111.516044][ T40] audit: type=1326 audit(1755572659.064:52119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10028 comm="syz.0.1234" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f63de38ebe9 code=0x0 [ 112.897797][T10053] netlink: 'syz.1.1240': attribute type 2 has an invalid length. [ 112.900956][T10053] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1240'. [ 112.904004][T10053] nbd: must specify a device to reconfigure [ 112.921843][T10061] mkiss: ax0: crc mode is auto. [ 112.939626][T10066] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1245'. [ 113.031174][ T223] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 113.032324][T10066] fuse: Bad value for 'fd' [ 113.034087][ T223] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.039031][ T223] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 113.041866][ T223] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.045516][T10066] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 113.049540][ T223] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 113.052878][ T223] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.057020][ T223] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 113.060540][ T223] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.148762][T10082] 9pnet: Found fid 0 not clunked [ 113.178931][T10085] netlink: 'syz.0.1251': attribute type 1 has an invalid length. [ 113.180254][T10087] syzkaller1: entered promiscuous mode [ 113.185163][T10087] syzkaller1: entered allmulticast mode [ 113.253482][ T40] audit: type=1400 audit(1755572660.804:52120): avc: denied { bind } for pid=10092 comm="syz.2.1254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 113.260276][ T40] audit: type=1400 audit(1755572660.804:52121): avc: denied { listen } for pid=10092 comm="syz.2.1254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 113.295495][T10102] SELinux: policydb magic number 0x92ccbb8d does not match expected magic number 0xf97cff8c [ 113.300060][T10102] SELinux: failed to load policy [ 113.302258][T10102] SELinux: policydb version 1402900228 does not match my version range 15-35 [ 113.305082][T10102] SELinux: failed to load policy [ 113.307753][T10104] program syz.1.1257 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 113.335235][T10107] fuse: Bad value for 'rootmode' [ 113.366774][T10112] netlink: 'syz.2.1260': attribute type 29 has an invalid length. [ 113.478866][ T40] audit: type=1400 audit(1755572661.034:52122): avc: denied { write } for pid=10117 comm="syz.2.1262" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 113.536458][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9121 Unhandled WRMSR(0xc1) = 0x41b [ 113.540043][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9121 Unhandled WRMSR(0xc2) = 0x1f1f [ 113.556866][T10109] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 113.589061][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9121 Unhandled WRMSR(0xc1) = 0x1000005d8 [ 113.592608][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9134 Unhandled WRMSR(0xc1) = 0x100 [ 113.596680][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9121 Unhandled WRMSR(0xc2) = 0x104 [ 113.600643][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9134 Unhandled WRMSR(0xc2) = 0x100 [ 113.651117][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9121 Unhandled WRMSR(0xc1) = 0x1000005d8 [ 113.655132][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9134 Unhandled WRMSR(0xc1) = 0x100 [ 113.659449][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9121 Unhandled WRMSR(0xc2) = 0x104 [ 113.662718][T10118] kvm: kvm [10117]: vcpu10, guest rIP: 0x9134 Unhandled WRMSR(0xc2) = 0x100 [ 114.192287][T10123] bridge0: entered promiscuous mode [ 114.340249][ T40] audit: type=1400 audit(1755572661.894:52123): avc: denied { getopt } for pid=10140 comm="syz.0.1270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 114.383734][T10143] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=10143 comm=syz.0.1271 [ 114.389597][T10143] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=10143 comm=syz.0.1271 [ 114.430627][T10146] 8021q: VLANs not supported on ip6_vti0 [ 114.433093][T10132] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 114.437251][ T40] audit: type=1400 audit(1755572661.994:52124): avc: denied { setopt } for pid=10145 comm="syz.2.1272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 114.547603][ T40] audit: type=1400 audit(1755572662.104:52125): avc: denied { listen } for pid=10147 comm="syz.0.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 114.729378][ T40] audit: type=1400 audit(1755572662.284:52126): avc: denied { write } for pid=10162 comm="syz.2.1278" name="file0" dev="tmpfs" ino=1758 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 114.739222][ T40] audit: type=1400 audit(1755572662.284:52127): avc: denied { open } for pid=10162 comm="syz.2.1278" path="/324/file0" dev="tmpfs" ino=1758 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 114.747723][ T40] audit: type=1400 audit(1755572662.284:52128): avc: denied { ioctl } for pid=10162 comm="syz.2.1278" path="/324/file0" dev="tmpfs" ino=1758 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 114.834656][T10166] Bluetooth: MGMT ver 1.23 [ 114.836308][ T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 114.976381][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 114.986380][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 114.993375][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.002643][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 115.007297][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 115.011195][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.015219][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 115.023939][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.167375][T10188] tipc: Disabling bearer [ 115.174929][T10188] mkiss: ax0: crc mode is auto. [ 115.192541][ T40] audit: type=1400 audit(1755572662.744:52129): avc: denied { setattr } for pid=10190 comm="syz.3.1287" name="KEY" dev="sockfs" ino=31649 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 115.240307][ T9] usb 6-1: GET_CAPABILITIES returned 0 [ 115.242184][ T9] usbtmc 6-1:16.0: can't read capabilities [ 115.297828][T10147] syz.0.1273 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 115.301294][T10147] CPU: 0 UID: 0 PID: 10147 Comm: syz.0.1273 Not tainted syzkaller #0 PREEMPT(full) [ 115.301311][T10147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 115.301318][T10147] Call Trace: [ 115.301323][T10147] [ 115.301327][T10147] dump_stack_lvl+0x16c/0x1f0 [ 115.301359][T10147] dump_header+0x101/0x930 [ 115.301371][T10147] oom_kill_process+0x272/0xa40 [ 115.301382][T10147] out_of_memory+0x350/0x1700 [ 115.301394][T10147] ? __pfx_out_of_memory+0x10/0x10 [ 115.301405][T10147] ? lock_acquire+0x2cd/0x350 [ 115.301424][T10147] mem_cgroup_out_of_memory+0x118/0x130 [ 115.301446][T10147] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 115.301462][T10147] ? do_raw_spin_unlock+0x172/0x230 [ 115.301474][T10147] try_charge_memcg+0x72b/0xd50 [ 115.301486][T10147] ? __pfx_try_charge_memcg+0x10/0x10 [ 115.301498][T10147] ? xa_load+0x153/0x2c0 [ 115.301510][T10147] ? rcu_read_unlock+0x17/0x60 [ 115.301522][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.301535][T10147] charge_memcg+0x8a/0x230 [ 115.301546][T10147] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 115.301561][T10147] __read_swap_cache_async+0x43e/0x5a0 [ 115.301578][T10147] ? __pfx___read_swap_cache_async+0x10/0x10 [ 115.301594][T10147] ? trace_sched_exit_tp+0xd1/0x120 [ 115.301626][T10147] ? swp_swap_info+0xa0/0x130 [ 115.301644][T10147] ? __pfx_swp_swap_info+0x10/0x10 [ 115.301656][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.301670][T10147] swap_cluster_readahead+0x3eb/0x710 [ 115.301688][T10147] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 115.301704][T10147] ? __pfx___schedule+0x10/0x10 [ 115.301728][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.301741][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.301756][T10147] ? get_vma_policy+0x242/0x3c0 [ 115.301770][T10147] swapin_readahead+0x13a/0xd60 [ 115.301786][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.301799][T10147] ? __pfx_swapin_readahead+0x10/0x10 [ 115.301815][T10147] ? __filemap_get_folio+0x32b/0xc30 [ 115.301829][T10147] ? swap_cache_get_folio+0x1df/0x450 [ 115.301845][T10147] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 115.301861][T10147] ? __pfx_get_swap_device+0x10/0x10 [ 115.301872][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.301885][T10147] ? lock_release+0x201/0x2f0 [ 115.301904][T10147] do_swap_page+0x635/0x6490 [ 115.301921][T10147] ? __pfx_do_swap_page+0x10/0x10 [ 115.301935][T10147] ? __pfx_default_wake_function+0x10/0x10 [ 115.301949][T10147] ? debug_object_free+0x28d/0x550 [ 115.301967][T10147] ? ___pte_offset_map+0x54/0x4f0 [ 115.301979][T10147] ? ___pte_offset_map+0x2ad/0x4f0 [ 115.301992][T10147] __handle_mm_fault+0x1719/0x2a50 [ 115.302010][T10147] ? __pfx___handle_mm_fault+0x10/0x10 [ 115.302026][T10147] ? vma_start_read+0x2fc/0x870 [ 115.302042][T10147] ? __pfx_vma_start_read+0x10/0x10 [ 115.302057][T10147] ? lock_vma_under_rcu+0x1eb/0x530 [ 115.302073][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.302088][T10147] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 115.302103][T10147] ? handle_mm_fault+0x2ab/0xd10 [ 115.302120][T10147] handle_mm_fault+0x589/0xd10 [ 115.302140][T10147] ? __bpf_trace_exceptions+0x1/0x40 [ 115.302158][T10147] do_user_addr_fault+0x60c/0x1370 [ 115.302169][T10147] ? rcu_is_watching+0x12/0xc0 [ 115.302182][T10147] exc_page_fault+0x5c/0xb0 [ 115.302192][T10147] asm_exc_page_fault+0x26/0x30 [ 115.302203][T10147] RIP: 0033:0x7f63de3c1453 [ 115.302212][T10147] Code: f6 08 00 48 8d 3d 56 f6 08 00 e8 f8 48 f6 ff 0f 1f 84 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 <80> 3d fe 70 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f [ 115.302223][T10147] RSP: 002b:00007ffdb45bacb8 EFLAGS: 00010293 [ 115.302232][T10147] RAX: 00000000fffffffa RBX: 00007f63de5b5fa0 RCX: 0000000000000000 [ 115.302239][T10147] RDX: 00007ffdb45bacd0 RSI: 0000000000000000 RDI: 0000000000000000 [ 115.302245][T10147] RBP: 00007f63de5b7da0 R08: 0000000000005666 R09: 00007f63df1f0000 [ 115.302252][T10147] R10: 0000000000000000 R11: 0009862a184f7ba8 R12: 000000000001c1f8 [ 115.302258][T10147] R13: 00007f63de5b6090 R14: ffffffffffffffff R15: 00007ffdb45bae10 [ 115.302268][T10147] [ 115.302272][T10147] memory: usage 307200kB, limit 307200kB, failcnt 9708 [ 115.432944][T10147] memory+swap: usage 287368kB, limit 9007199254740988kB, failcnt 0 [ 115.435623][T10147] kmem: usage 283980kB, limit 9007199254740988kB, failcnt 0 [ 115.439222][T10147] Memory cgroup stats for /syz0: [ 115.439301][T10147] cache 0 [ 115.442008][T10147] rss 0 [ 115.443236][T10147] rss_huge 0 [ 115.444385][T10147] shmem 0 [ 115.445912][T10147] mapped_file 0 [ 115.447428][T10147] dirty 0 [ 115.448429][T10147] writeback 0 [ 115.449564][T10147] workingset_refault_anon 25 [ 115.451116][T10147] workingset_refault_file 7 [ 115.452607][T10147] swap 458752 [ 115.453745][T10147] swapcached 20480 [ 115.454992][T10147] pgpgin 122614 [ 115.456150][T10147] pgpgout 122609 [ 115.457707][T10147] pgfault 64525 [ 115.459065][T10147] pgmajfault 33 [ 115.460237][T10147] inactive_anon 20480 [ 115.461801][T10147] active_anon 0 [ 115.462996][T10147] inactive_file 0 [ 115.464220][T10147] active_file 0 [ 115.465499][T10147] unevictable 0 [ 115.467355][T10147] hierarchical_memory_limit 314572800 [ 115.469118][T10147] hierarchical_memsw_limit 9223372036854771712 [ 115.471207][T10147] total_cache 0 [ 115.472362][T10147] total_rss 0 [ 115.473484][T10147] total_rss_huge 0 [ 115.474784][T10147] total_shmem 0 [ 115.475944][T10147] total_mapped_file 0 [ 115.477537][T10147] total_dirty 0 [ 115.478760][T10147] total_writeback 0 [ 115.481625][T10147] total_workingset_refault_anon 25 [ 115.481636][T10147] total_workingset_refault_file 7 [ 115.481641][T10147] total_swap 458752 [ 115.481645][T10147] total_swapcached 20480 [ 115.481649][T10147] total_pgpgin 122616 [ 115.481653][T10147] total_pgpgout 122611 [ 115.481657][T10147] total_pgfault 64532 [ 115.481661][T10147] total_pgmajfault 33 [ 115.481665][T10147] total_inactive_anon 20480 [ 115.481669][T10147] total_active_anon 0 [ 115.481672][T10147] total_inactive_file 0 [ 115.481676][T10147] total_active_file 0 [ 115.481680][T10147] total_unevictable 0 [ 115.481684][T10147] anon_cost 0 [ 115.481687][T10147] file_cost 0 [ 115.481692][T10147] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.1273,pid=10147,uid=0 [ 115.481754][T10147] Memory cgroup out of memory: Killed process 10147 (syz.0.1273) total-vm:101960kB, anon-rss:1084kB, file-rss:23080kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 115.492666][ T40] audit: type=1400 audit(1755572663.044:52130): avc: denied { ioctl } for pid=10208 comm="syz.2.1293" path="socket:[33395]" dev="sockfs" ino=33395 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 115.529223][ T1458] usb 6-1: USB disconnect, device number 11 [ 115.664113][T10212] program syz.2.1294 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 115.758161][ T1111] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [ 115.760619][ T1111] ata1.00: irq_stat 0x40000000 [ 115.762189][ T1111] ata1.00: failed command: ZAC MANAGEMENT OUT [ 115.764255][ T1111] ata1.00: cmd 9f/01:00:00:00:00/00:00:00:00:00/40 tag 5 [ 115.764255][ T1111] res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error) [ 115.769973][ T1111] ata1.00: status: { DRDY ERR } [ 115.771642][ T1111] ata1.00: error: { ABRT } [ 115.773058][ T1111] ata1.00: device reported invalid CHS sector 0 [ 115.775750][ C2] ata1: illegal qc_active transition (00000000->00100000) [ 115.807487][T10217] net_ratelimit: 199 callbacks suppressed [ 115.807500][T10217] openvswitch: netlink: IPv4 tunnel dst address is zero [ 115.830275][ T40] audit: type=1400 audit(1755572663.384:52131): avc: denied { map } for pid=10218 comm="syz.0.1297" path="socket:[34211]" dev="sockfs" ino=34211 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 115.854146][T10221] input: syz1 as /devices/virtual/input/input14 [ 115.861056][T10223] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 116.074135][ T40] audit: type=1400 audit(1755572663.624:52132): avc: denied { setopt } for pid=10240 comm="syz.1.1304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 116.098054][ T1111] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 116.101876][ T1111] ata1.00: configured for UDMA/100 [ 116.209241][T10252] sysfs: Unknown parameter 'euid>00000000000000000000' [ 116.211512][ T40] audit: type=1400 audit(1755572663.764:52133): avc: denied { remount } for pid=10251 comm="syz.1.1309" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 116.506030][T10273] netlink: 'syz.1.1315': attribute type 4 has an invalid length. [ 116.553748][T10282] loop9: detected capacity change from 0 to 7 [ 116.556892][ T6323] loop9: [ 116.557903][ T6323] loop9: partition table partially beyond EOD, truncated [ 116.561704][T10282] loop9: [ 116.562708][T10282] loop9: partition table partially beyond EOD, truncated [ 116.702265][T10286] netlink: 'syz.2.1318': attribute type 23 has an invalid length. [ 117.296362][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 117.296410][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 117.555883][T10312] __nla_validate_parse: 39 callbacks suppressed [ 117.555898][T10312] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1327'. [ 117.853733][T10318] overlay: ./file0 is not a directory [ 117.887528][ T5979] Bluetooth: hci3: SCO packet for unknown connection handle 1503 [ 117.888043][T10320] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1331'. [ 117.893354][T10320] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1331'. [ 117.967169][T10327] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1333'. [ 118.115699][T10335] netlink: zone id is out of range [ 118.116396][T10336] netlink: zone id is out of range [ 118.117961][T10335] netlink: zone id is out of range [ 118.120298][T10336] netlink: zone id is out of range [ 118.121328][T10335] netlink: zone id is out of range [ 118.125409][T10336] netlink: zone id is out of range [ 118.125608][T10335] netlink: zone id is out of range [ 118.127725][T10336] netlink: zone id is out of range [ 118.127732][T10336] netlink: zone id is out of range [ 118.556381][ T9] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 118.707927][ T9] usb 7-1: config 0 has no interfaces? [ 118.709750][ T9] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 118.712647][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.716646][ T9] usb 7-1: config 0 descriptor?? [ 118.923255][ T34] usb 7-1: USB disconnect, device number 9 [ 120.506337][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 120.506555][ T5330] Bluetooth: hci4: command 0x1003 tx timeout [ 120.581826][T10392] netlink: 'syz.3.1354': attribute type 1 has an invalid length. [ 120.585014][T10392] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1354'. [ 120.596138][T10392] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10392 comm=syz.3.1354 [ 120.718284][T10394] IPv6: Can't replace route, no match found [ 120.773815][T10405] vlan2: entered promiscuous mode [ 120.776155][T10405] vlan2: entered allmulticast mode [ 120.778373][T10405] hsr_slave_1: entered allmulticast mode [ 121.136819][ T9] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 121.296354][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 121.300320][ T9] usb 8-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 121.304560][ T9] usb 8-1: config 1 interface 0 has no altsetting 0 [ 121.308499][ T9] usb 8-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.40 [ 121.311525][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.314453][ T9] usb 8-1: Product: ࠁ [ 121.316100][ T9] usb 8-1: Manufacturer: ࠄ [ 121.317872][ T9] usb 8-1: SerialNumber: ᐉ [ 121.321045][T10411] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 121.531531][ T9] usbhid 8-1:1.0: can't add hid device: -71 [ 121.533532][ T9] usbhid 8-1:1.0: probe with driver usbhid failed with error -71 [ 121.537104][ T9] usb 8-1: USB disconnect, device number 10 [ 122.119869][T10413] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1359'. [ 122.168207][T10417] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 122.370825][ T40] audit: type=1400 audit(1755572669.924:52134): avc: denied { firmware_load } for pid=10426 comm="syz.0.1364" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 122.399084][T10427] syz.0.1364 (10427) used greatest stack depth: 19800 bytes left [ 122.496638][ T5979] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 122.497874][T10436] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1367'. [ 122.503035][T10436] F2FS-fs (nbd0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 122.505673][T10436] F2FS-fs (nbd0): Can't find valid F2FS filesystem in 1th superblock [ 122.509324][T10436] F2FS-fs (nbd0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 122.512226][T10436] F2FS-fs (nbd0): Can't find valid F2FS filesystem in 2th superblock [ 122.771792][T10448] NILFS (nullb0): couldn't find nilfs on the device [ 122.779543][T10448] cgroup2: Unknown parameter 'euid' [ 122.814714][T10455] pim6reg: entered allmulticast mode [ 122.817036][T10456] pim6reg: left allmulticast mode [ 122.884640][T10463] FAT-fs (nullb0): bogus number of reserved sectors [ 122.888090][T10463] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 122.896972][ T40] audit: type=1400 audit(1755572670.454:52135): avc: denied { write } for pid=10462 comm="syz.0.1375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 123.030737][ T40] audit: type=1326 audit(1755572670.584:52136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.038729][ T40] audit: type=1326 audit(1755572670.584:52137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.049137][ T40] audit: type=1326 audit(1755572670.584:52138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.057647][ T40] audit: type=1326 audit(1755572670.584:52139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.067248][ T40] audit: type=1326 audit(1755572670.584:52140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.076829][ T40] audit: type=1326 audit(1755572670.584:52141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.086467][ T40] audit: type=1326 audit(1755572670.584:52142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.095948][ T40] audit: type=1326 audit(1755572670.584:52143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.0.1380" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 123.252387][T10512] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.255727][T10512] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.301913][T10512] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.305165][T10512] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.379557][T10512] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.382877][T10512] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.440796][T10512] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.444071][T10512] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.501350][T10538] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1392'. [ 123.515145][ T81] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.518451][ T81] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.526136][ T81] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.529061][ T81] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.536070][ T81] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.539928][ T81] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.545791][ T81] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.549351][ T81] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.047999][T10585] netlink: 'syz.3.1412': attribute type 10 has an invalid length. [ 124.051861][T10585] macvlan1: entered allmulticast mode [ 124.054298][T10585] veth1_vlan: entered allmulticast mode [ 124.056851][T10585] team0: Device macvlan1 is up. Set it down before adding it as a team port [ 124.208246][T10593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1416'. [ 124.211254][T10593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1416'. [ 124.314768][T10599] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1418'. [ 124.317818][T10599] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1418'. [ 124.373557][T10603] Driver unsupported XDP return value 0 on prog (id 298) dev N/A, expect packet loss! [ 124.704405][T10623] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1428'. [ 125.626564][T10665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1446'. [ 125.628829][T10666] hub 6-0:1.0: USB hub found [ 125.631098][T10666] hub 6-0:1.0: 1 port detected [ 125.656175][T10669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1448'. [ 126.098130][T10724] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 126.101228][T10724] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.168080][T10724] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 126.171251][T10724] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.208859][T10724] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 126.212143][T10724] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.278451][T10724] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 126.281545][T10724] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.306795][T10727] netlink: 'syz.2.1475': attribute type 1 has an invalid length. [ 126.309694][T10727] netlink: 'syz.2.1475': attribute type 3 has an invalid length. [ 126.504331][T10739] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1481'. [ 126.510678][T10739] batadv1: entered promiscuous mode [ 126.512333][T10739] batadv1: entered allmulticast mode [ 126.686090][T10756] netlink: 'syz.2.1488': attribute type 21 has an invalid length. [ 126.858519][T10769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1493'. [ 127.483377][ T81] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.485974][ T81] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.491457][ T223] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.494151][ T223] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.499532][ T223] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.502221][ T223] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.507547][ T223] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.510192][ T223] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.924918][ T40] kauditd_printk_skb: 166 callbacks suppressed [ 127.924934][ T40] audit: type=1400 audit(1755572675.474:52310): avc: denied { mounton } for pid=10823 comm="syz.3.1518" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 128.077595][ T40] audit: type=1326 audit(1755572675.634:52311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.085014][ T40] audit: type=1326 audit(1755572675.634:52312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.092999][ T40] audit: type=1326 audit(1755572675.634:52313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.101745][ T40] audit: type=1326 audit(1755572675.634:52314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.111708][ T40] audit: type=1326 audit(1755572675.634:52315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.122076][ T40] audit: type=1326 audit(1755572675.634:52316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.130982][ T40] audit: type=1326 audit(1755572675.634:52317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.141484][ T40] audit: type=1326 audit(1755572675.634:52318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.151991][ T40] audit: type=1326 audit(1755572675.634:52319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10837 comm="syz.0.1522" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63de38ebe9 code=0x7ffc0000 [ 128.442354][T10877] 0{X: renamed from gretap0 [ 128.445159][T10877] 0{X: entered allmulticast mode [ 128.448340][T10877] net_ratelimit: 413 callbacks suppressed [ 128.448350][T10877] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 128.944637][T10934] program syz.2.1567 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 129.082229][T10948] __nla_validate_parse: 9 callbacks suppressed [ 129.082241][T10948] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1565'. [ 131.172470][T11021] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1602'. [ 131.213722][T11027] netlink: 'syz.2.1605': attribute type 1 has an invalid length. [ 131.225298][T11029] netlink: 'syz.3.1603': attribute type 4 has an invalid length. [ 131.227753][T11027] 8021q: adding VLAN 0 to HW filter on device bond5 [ 131.236726][T11027] bond5: (slave dummy0): making interface the new active one [ 131.240446][T11027] bond5: (slave dummy0): Enslaving as an active interface with an up link [ 132.040074][T11035] SELinux: Context system_u:object_r:crack_db_t:s0 is not valid (left unmapped). [ 132.657427][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.720659][T11081] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1625'. [ 132.723554][T11081] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1625'. [ 132.744977][ T5330] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 132.748088][ T5330] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 132.750395][ T5330] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 132.752933][ T5330] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 132.755473][ T5330] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 132.822627][T11083] chnl_net:caif_netlink_parms(): no params data found [ 132.861043][T11083] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.863374][T11083] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.866704][T11083] bridge_slave_0: entered allmulticast mode [ 132.869363][T11083] bridge_slave_0: entered promiscuous mode [ 132.872936][T11083] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.875278][T11083] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.878200][T11083] bridge_slave_1: entered allmulticast mode [ 132.880494][T11083] bridge_slave_1: entered promiscuous mode [ 132.902230][ T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.911898][T11083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.916079][T11083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 132.933917][T11083] team0: Port device team_slave_0 added [ 132.937319][T11083] team0: Port device team_slave_1 added [ 132.954296][T11083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 132.957137][T11083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.969842][T11083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 132.975148][ T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.980524][T11083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 132.982712][T11083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.991160][T11083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 133.012753][T11083] hsr_slave_0: entered promiscuous mode [ 133.014877][T11083] hsr_slave_1: entered promiscuous mode [ 133.017005][T11083] debugfs: 'hsr0' already exists in 'hsr' [ 133.018820][T11083] Cannot create hsr debugfs directory [ 133.074989][T11083] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 133.078874][T11083] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 133.082750][T11083] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 133.086330][T11083] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 133.092339][ T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.101213][ T40] kauditd_printk_skb: 180 callbacks suppressed [ 133.101224][ T40] audit: type=1400 audit(1755572680.654:52500): avc: denied { ioctl } for pid=11104 comm="syz.3.1631" path="socket:[36563]" dev="sockfs" ino=36563 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 133.105523][T11083] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.114973][T11083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.117494][T11083] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.119707][T11083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.138871][T11083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.145043][ T81] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.150082][ T81] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.150526][T11112] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1631'. [ 133.157498][ T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.163137][T11112] random: crng reseeded on system resumption [ 133.163142][T11083] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.170095][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.173195][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.178843][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.181137][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.251676][ T46] batman_adv: batadv0: Removing interface: gretap0 [ 133.460904][ T46] bond0 (unregistering): Released all slaves [ 133.466816][T11120] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 133.475351][T11083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.521796][ T46] tipc: Left network mode [ 133.576833][T11083] veth0_vlan: entered promiscuous mode [ 133.582529][T11083] veth1_vlan: entered promiscuous mode [ 133.598373][T11083] veth0_macvtap: entered promiscuous mode [ 133.603119][T11083] veth1_macvtap: entered promiscuous mode [ 133.612996][T11083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.619393][T11083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.630415][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.633364][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.636972][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.639805][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.662185][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.664784][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.672427][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.674995][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.681515][ T46] macvlan0: left promiscuous mode [ 133.681596][ T40] audit: type=1400 audit(1755572681.234:52501): avc: denied { mounton } for pid=11083 comm="syz-executor" path="/syzkaller.iYKZ3d/syz-tmp" dev="sda1" ino=2038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 133.692255][ T40] audit: type=1400 audit(1755572681.244:52502): avc: denied { mounton } for pid=11083 comm="syz-executor" path="/syzkaller.iYKZ3d/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 133.692525][ T46] batadv_slave_1: left promiscuous mode [ 133.701609][ T40] audit: type=1400 audit(1755572681.244:52503): avc: denied { mounton } for pid=11083 comm="syz-executor" path="/syzkaller.iYKZ3d/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=38405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 133.715955][ T40] audit: type=1400 audit(1755572681.254:52504): avc: denied { mounton } for pid=11083 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 133.725833][ T40] audit: type=1400 audit(1755572681.254:52505): avc: denied { mount } for pid=11083 comm="syz-executor" name="/" dev="gadgetfs" ino=7714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 133.736938][ T46] hsr_slave_0: left promiscuous mode [ 133.739026][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 133.741962][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 133.788860][ T46] team0 (unregistering): Port device team_slave_1 removed [ 133.869252][T11142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1639'. [ 133.872517][T11142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1639'. [ 133.877960][T11142] bridge0: port 2(vlan2) entered blocking state [ 133.880107][T11142] bridge0: port 2(vlan2) entered disabled state [ 133.882184][T11142] vlan2: entered allmulticast mode [ 133.883924][T11142] bridge0: entered allmulticast mode [ 133.886538][T11142] vlan2: left allmulticast mode [ 133.888566][T11142] bridge0: left allmulticast mode [ 134.047205][T11158] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1647'. [ 134.051612][ T40] audit: type=1400 audit(1755572681.604:52506): avc: denied { getopt } for pid=11157 comm="syz.4.1647" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 134.064293][T11158] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 134.119472][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1651'. [ 134.122331][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1651'. [ 134.128475][T11167] bridge0: port 3(vlan2) entered blocking state [ 134.130544][T11167] bridge0: port 3(vlan2) entered disabled state [ 134.132717][T11167] vlan2: entered allmulticast mode [ 134.134405][T11167] bridge0: entered allmulticast mode [ 134.136926][T11167] vlan2: left allmulticast mode [ 134.138485][T11167] bridge0: left allmulticast mode [ 134.243469][ T40] audit: type=1326 audit(1755572681.794:52507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11169 comm="syz.4.1652" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 134.250997][ T40] audit: type=1326 audit(1755572681.794:52508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11169 comm="syz.4.1652" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 134.258355][ T40] audit: type=1326 audit(1755572681.794:52509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11169 comm="syz.4.1652" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 134.260586][ T46] IPVS: stop unused estimator thread 0... [ 134.407845][T11178] program syz.4.1656 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 134.816654][ T5979] Bluetooth: hci4: command tx timeout [ 135.161841][T11272] tipc: Started in network mode [ 135.163441][T11272] tipc: Node identity 8e18b8735029, cluster identity 4711 [ 135.165729][T11272] tipc: Enabled bearer , priority 0 [ 135.170340][T11272] tipc: Disabling bearer [ 135.206681][T11280] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1706'. [ 135.210895][T11280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.213924][T11280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.217001][T11280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.192508][T11346] team0 (unregistering): Port device team_slave_0 removed [ 136.196544][T11346] team0 (unregistering): Port device team_slave_1 removed [ 136.211682][T11350] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1737'. [ 136.235994][T11352] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1738'. [ 136.896405][ T5979] Bluetooth: hci4: command tx timeout [ 138.222263][ T40] kauditd_printk_skb: 99 callbacks suppressed [ 138.222274][ T40] audit: type=1326 audit(1755572685.774:52609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.231779][ T40] audit: type=1326 audit(1755572685.774:52610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.239646][ T40] audit: type=1326 audit(1755572685.774:52611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.247234][ T40] audit: type=1326 audit(1755572685.784:52612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.254485][ T40] audit: type=1326 audit(1755572685.784:52613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11437 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd96b9c14a5 code=0x7ffc0000 [ 138.262133][ T40] audit: type=1326 audit(1755572685.784:52614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.269898][ T40] audit: type=1326 audit(1755572685.784:52615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.277097][ T40] audit: type=1326 audit(1755572685.784:52616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.284195][ T40] audit: type=1326 audit(1755572685.784:52617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11435 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.379164][ T40] audit: type=1326 audit(1755572685.934:52618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11437 comm="syz.3.1772" exe="/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fd96b98ebe9 code=0x7ffc0000 [ 138.545800][T11467] netlink: 'syz.3.1787': attribute type 10 has an invalid length. [ 138.548764][T11467] team0: Device macvlan1 is up. Set it down before adding it as a team port [ 138.899642][T11508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1806'. [ 138.905765][T11510] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1807'. [ 138.976539][ T5979] Bluetooth: hci4: command tx timeout [ 139.239757][T11552] 0{X: left allmulticast mode [ 139.251031][T11552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.254466][T11552] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.258762][T11552] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 139.391186][T11569] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11569 comm=syz.0.1834 [ 139.617506][T11590] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 640) [ 139.622660][T11590] SELinux: failed to load policy [ 139.627941][T11590] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11590 comm=syz.4.1844 [ 139.633654][T11590] netlink: 14521 bytes leftover after parsing attributes in process `syz.4.1844'. [ 140.180017][T11628] 9pnet_fd: Insufficient options for proto=fd [ 140.323374][T11638] IPv6: Can't replace route, no match found [ 140.785478][T11671] netlink: 'syz.4.1873': attribute type 4 has an invalid length. [ 140.791743][T11671] netlink: 'syz.4.1873': attribute type 4 has an invalid length. [ 141.056892][ T5979] Bluetooth: hci4: command tx timeout [ 141.085455][T11710] 9pnet_fd: Insufficient options for proto=fd [ 141.201130][T11720] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1893'. [ 141.205073][T11720] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1893'. [ 141.275065][T11725] netlink: 'syz.0.1896': attribute type 3 has an invalid length. [ 141.377037][T11733] 9pnet_fd: Insufficient options for proto=fd [ 142.063105][T11771] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1918'. [ 142.066197][T11771] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1918'. [ 142.082459][T11771] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1918'. [ 142.085291][T11771] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1918'. [ 142.115900][T11771] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1918'. [ 142.121063][T11771] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1918'. [ 142.193903][T11798] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.197405][T11798] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.243236][T11807] netlink: 'syz.3.1930': attribute type 4 has an invalid length. [ 142.245784][T11807] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1930'. [ 142.269132][T11798] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.272227][T11798] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.369718][T11798] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.374187][T11798] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.489756][T11798] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.493384][T11798] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.575616][ T103] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.579066][ T103] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.587281][ T1236] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.590352][ T1236] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.597828][ T1236] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.600625][ T1236] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.607659][ T13] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.610377][ T13] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.654352][T11851] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 142.656452][T11851] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 142.660197][T11851] vhci_hcd vhci_hcd.0: Device attached [ 142.663162][T11851] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(13) [ 142.665333][T11851] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 142.667798][T11851] vhci_hcd vhci_hcd.0: Device attached [ 142.671752][T11867] vhci_hcd: connection closed [ 142.671880][ T103] vhci_hcd: stop threads [ 142.672235][T11865] vhci_hcd: connection closed [ 142.673624][ T103] vhci_hcd: release socket [ 142.678416][ T103] vhci_hcd: disconnect device [ 142.680433][ T103] vhci_hcd: stop threads [ 142.681840][ T103] vhci_hcd: release socket [ 142.683283][ T103] vhci_hcd: disconnect device [ 143.096411][T11918] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5130 sclass=netlink_audit_socket pid=11918 comm=syz.3.1978 [ 143.317596][T11961] loop9: detected capacity change from 0 to 7 [ 143.321830][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.324285][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.328916][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.332211][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.334953][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.338322][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.340896][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.343562][ T6323] ldm_validate_partition_table(): Disk read failed. [ 143.345660][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.349137][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.351600][ T6323] Buffer I/O error on dev loop9, logical block 0, async page read [ 143.354209][ T6323] Dev loop9: unable to read RDB block 0 [ 143.356044][ T6323] loop9: unable to read partition table [ 143.358122][ T6323] loop9: partition table beyond EOD, truncated [ 143.364325][T11961] ldm_validate_partition_table(): Disk read failed. [ 143.368489][T11961] Dev loop9: unable to read RDB block 0 [ 143.370357][T11961] loop9: unable to read partition table [ 143.371891][T11963] xt_policy: neither incoming nor outgoing policy selected [ 143.374612][T11961] loop9: partition table beyond EOD, truncated [ 143.377801][T11961] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 143.377801][T11961] ) failed (rc=-5) [ 143.596742][ T40] kauditd_printk_skb: 165 callbacks suppressed [ 143.596780][ T40] audit: type=1326 audit(1755572691.154:52784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11979 comm="syz.2.2003" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f225578ebe9 code=0x0 [ 143.701235][ T40] audit: type=1326 audit(1755572691.254:52785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.708991][ T40] audit: type=1326 audit(1755572691.254:52786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.716353][ T40] audit: type=1326 audit(1755572691.254:52787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f571c18d550 code=0x7ffc0000 [ 143.723871][ T40] audit: type=1326 audit(1755572691.254:52788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.732261][ T40] audit: type=1326 audit(1755572691.254:52789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.743352][ T40] audit: type=1326 audit(1755572691.254:52790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.752121][ T40] audit: type=1326 audit(1755572691.254:52791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.760796][ T40] audit: type=1326 audit(1755572691.254:52792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 143.768660][ T40] audit: type=1326 audit(1755572691.254:52793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11988 comm="syz.4.2005" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f571c18ec23 code=0x7ffc0000 [ 144.526952][T12005] syz.2.2012 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 144.677331][T12030] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 144.859118][T12058] pimreg: entered allmulticast mode [ 144.861717][T12058] pimreg: left allmulticast mode [ 145.085923][T12080] __nla_validate_parse: 6 callbacks suppressed [ 145.085935][T12080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2045'. [ 145.695126][T12125] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2065'. [ 145.864941][T12148] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 145.867090][T12148] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 145.869763][T12148] vhci_hcd vhci_hcd.0: Device attached [ 145.871900][T12149] vhci_hcd: connection closed [ 145.872460][ T60] vhci_hcd: stop threads [ 145.875455][ T60] vhci_hcd: release socket [ 145.878249][ T60] vhci_hcd: disconnect device [ 145.972821][T12161] 9pnet_fd: Insufficient options for proto=fd [ 147.372158][T12248] 9pnet_fd: Insufficient options for proto=fd [ 147.685651][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2126'. [ 147.835477][T12286] qrtr: Invalid version 0 [ 147.932962][T12308] qrtr: Invalid version 0 [ 148.040276][T12329] qrtr: Invalid version 0 [ 148.062634][T12331] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2160'. [ 148.258124][T12355] qrtr: Invalid version 0 [ 148.296168][ T5330] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 148.299345][ T5330] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 148.301876][ T5330] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 148.302756][T12361] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2171'. [ 148.304473][ T5330] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 148.311076][ T5330] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 148.360092][T12366] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2173'. [ 148.364015][T12366] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2173'. [ 148.372747][T12370] netlink: 'syz.4.2174': attribute type 21 has an invalid length. [ 148.375436][T12370] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2174'. [ 148.380222][T12370] netlink: 'syz.4.2174': attribute type 1 has an invalid length. [ 148.383214][T12366] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2173'. [ 148.387406][T12358] chnl_net:caif_netlink_parms(): no params data found [ 148.388442][T12366] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2173'. [ 148.442535][T12358] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.444938][T12358] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.448964][T12358] bridge_slave_0: entered allmulticast mode [ 148.451568][T12358] bridge_slave_0: entered promiscuous mode [ 148.455944][T12358] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.458669][T12358] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.460969][T12358] bridge_slave_1: entered allmulticast mode [ 148.464539][T12358] bridge_slave_1: entered promiscuous mode [ 148.467197][T12385] qrtr: Invalid version 0 [ 148.490625][T12358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.495155][T12358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.518910][T12358] team0: Port device team_slave_0 added [ 148.522417][T12358] team0: Port device team_slave_1 added [ 148.544266][T12358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.547247][T12358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.555310][T12358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.559743][T12358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.562007][T12358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.570433][T12358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.601409][T12358] hsr_slave_0: entered promiscuous mode [ 148.604332][T12358] hsr_slave_1: entered promiscuous mode [ 148.606450][T12358] debugfs: 'hsr0' already exists in 'hsr' [ 148.608362][T12358] Cannot create hsr debugfs directory [ 148.662141][T12358] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 148.666204][T12358] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.707864][ T40] kauditd_printk_skb: 477 callbacks suppressed [ 148.707875][ T40] audit: type=1326 audit(1755572696.264:53271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.718138][ T40] audit: type=1326 audit(1755572696.264:53272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.721715][T12358] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 148.725405][ T40] audit: type=1326 audit(1755572696.264:53273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.728671][T12358] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.735893][ T40] audit: type=1326 audit(1755572696.264:53274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.746440][ T40] audit: type=1326 audit(1755572696.264:53275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.754001][ T40] audit: type=1326 audit(1755572696.264:53276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.761417][ T40] audit: type=1326 audit(1755572696.264:53277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.769139][ T40] audit: type=1326 audit(1755572696.264:53278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.4.2183" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.810675][T12358] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 148.814127][T12358] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.818164][T12403] program syz.4.2187 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 148.839823][T12405] qrtr: Invalid version 0 [ 148.841573][ T40] audit: type=1326 audit(1755572696.394:53279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz.4.2189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.850237][ T40] audit: type=1326 audit(1755572696.394:53280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz.4.2189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571c18ebe9 code=0x7ffc0000 [ 148.859624][T12358] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 148.864017][T12358] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.926768][ T103] bridge_slave_1: left allmulticast mode [ 148.928578][ T103] bridge_slave_1: left promiscuous mode [ 148.930371][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.933480][ T103] bridge_slave_0: left allmulticast mode [ 148.935242][ T103] bridge_slave_0: left promiscuous mode [ 148.937758][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.963434][ T103] bond1 (unregistering): (slave ip6gre1): Releasing backup interface [ 148.966006][ T103] ip6gre1 (unregistering): left promiscuous mode [ 148.972044][ T103] bond0 (unregistering): (slave ip6gretap2): Removing an active aggregator [ 148.975084][ T103] bond0 (unregistering): (slave ip6gretap2): Releasing backup interface [ 150.138773][ T103] bond1 (unregistering): Released all slaves [ 150.142765][ T103] smc: removing net device bond0 with user defined pnetid SYZ2 [ 150.145388][ T103] bond0 (unregistering): Released all slaves [ 150.149337][ T103] bond2 (unregistering): Released all slaves [ 150.169338][T12438] syz_tun: entered allmulticast mode [ 150.198863][T12437] syz_tun: left allmulticast mode [ 150.207929][T12358] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 150.215090][T12358] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 150.222726][ T103] tipc: Disabling bearer [ 150.224524][ T103] tipc: Left network mode [ 150.224571][T12358] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 150.234968][T12358] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 150.245136][T12452] __nla_validate_parse: 11 callbacks suppressed [ 150.245147][T12452] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2208'. [ 150.288061][T12358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.299439][T12358] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.310666][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.312925][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.318760][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.320993][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.336311][ T5330] Bluetooth: hci0: command tx timeout [ 150.428289][T12358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.443979][T12358] veth0_vlan: entered promiscuous mode [ 150.448283][T12358] veth1_vlan: entered promiscuous mode [ 150.460091][T12358] veth0_macvtap: entered promiscuous mode [ 150.463641][T12358] veth1_macvtap: entered promiscuous mode [ 150.470894][T12358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.475738][T12358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.481084][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.484021][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.488102][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.491051][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.532792][ T223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.535408][ T223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.548059][ T223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.550642][ T223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.558704][T12498] SELinux: policydb version 0 does not match my version range 15-35 [ 150.561756][T12498] SELinux: failed to load policy [ 150.623579][T12508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2231'. [ 150.629196][T12508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2231'. [ 150.715342][ T103] hsr_slave_0: left promiscuous mode [ 150.720372][ T103] veth1_macvtap: left promiscuous mode [ 150.722219][ T103] veth0_macvtap: left allmulticast mode [ 150.724095][ T103] veth0_macvtap: left promiscuous mode [ 150.726033][ T103] veth1_vlan: left allmulticast mode [ 150.727881][ T103] veth1_vlan: left promiscuous mode [ 150.729645][ T103] veth0_vlan: left promiscuous mode [ 150.910392][ T103] team0 (unregistering): Port device team_slave_1 removed [ 151.066065][T12526] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2237'. [ 151.069929][T12526] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.072625][T12526] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.176374][T12540] 9p: Unknown Cache mode or invalid value m [ 151.825195][T12496] Set syz1 is full, maxelem 65536 reached [ 151.914748][ T5979] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 151.919372][ T5979] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 151.922355][ T5979] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 151.925203][ T5979] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 151.928513][ T5979] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 151.953901][T12556] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2251'. [ 151.957203][T12556] ksmbd: Unknown IPC event: 3, ignore. [ 152.012430][T12546] chnl_net:caif_netlink_parms(): no params data found [ 152.093872][T12590] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2265'. [ 152.170189][T12546] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.172673][T12546] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.175366][T12546] bridge_slave_0: entered allmulticast mode [ 152.179377][T12546] bridge_slave_0: entered promiscuous mode [ 152.182397][T12546] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.184707][T12546] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.188345][T12546] bridge_slave_1: entered allmulticast mode [ 152.190749][T12546] bridge_slave_1: entered promiscuous mode [ 152.213464][T12546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.218148][T12546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.241239][T12546] team0: Port device team_slave_0 added [ 152.244771][T12546] team0: Port device team_slave_1 added [ 152.264288][T12546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.266771][T12546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.275423][T12546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.279703][T12546] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.281859][T12546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.290250][T12546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.314517][T12546] hsr_slave_0: entered promiscuous mode [ 152.316847][T12546] hsr_slave_1: entered promiscuous mode [ 152.320252][T12546] debugfs: 'hsr0' already exists in 'hsr' [ 152.322099][T12546] Cannot create hsr debugfs directory [ 152.368036][T12607] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.416341][ T5979] Bluetooth: hci0: command tx timeout [ 152.451418][T12607] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.504600][ T103] team0: left allmulticast mode [ 152.507294][ T103] team0: left promiscuous mode [ 152.509528][ T103] bridge0: port 1(team0) entered disabled state [ 152.729403][ T103] bond0 (unregistering): Released all slaves [ 152.734816][ T103] bond1 (unregistering): Released all slaves [ 152.740558][ T103] bond2 (unregistering): (slave wlan0): Releasing active interface [ 152.743081][ T103] vlan2: entered promiscuous mode [ 152.745688][ T103] bond2 (unregistering): (slave vlan2): Releasing active interface [ 152.749151][ T103] bond2 (unregistering): Released all slaves [ 152.753129][ T103] bond3 (unregistering): Released all slaves [ 152.757473][ T103] bond4 (unregistering): Released all slaves [ 152.762860][ T103] bond5 (unregistering): (slave dummy0): Releasing active interface [ 152.766101][ T103] bond5 (unregistering): Released all slaves [ 152.773733][T12607] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.838223][ T103] tipc: Disabling bearer [ 152.840018][ T103] tipc: Left network mode [ 152.904777][T12607] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.992038][T12631] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2282'. [ 152.995669][T12631] veth0_to_team: entered promiscuous mode [ 153.057256][ T46] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.061215][ T46] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.066249][ T46] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.074969][ T223] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.075311][T12645] netdevsim netdevsim3: Direct firmware load for ./file0/file1 failed with error -2 [ 153.081819][T12645] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0/file1 [ 153.165981][ T103] hsr_slave_0: left promiscuous mode [ 153.173660][ T103] hsr_slave_1: left promiscuous mode [ 153.328493][T12675] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2302'. [ 153.358779][T12546] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 153.362247][T12546] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 153.365724][T12546] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 153.372513][T12546] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 153.413207][T12546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.419948][T12546] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.424548][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.426875][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.433171][ T223] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.435461][ T223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.450054][T12685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2304'. [ 153.454577][T12685] vlan2: entered promiscuous mode [ 153.456203][T12685] syz_tun: entered promiscuous mode [ 153.523381][T12546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.537856][T12546] veth0_vlan: entered promiscuous mode [ 153.542566][T12546] veth1_vlan: entered promiscuous mode [ 153.552358][T12546] veth0_macvtap: entered promiscuous mode [ 153.555503][T12546] veth1_macvtap: entered promiscuous mode [ 153.561779][T12546] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.566516][T12546] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.571924][ T46] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.574807][ T46] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.577723][ T46] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.582227][ T46] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.601148][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.603666][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.613118][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.615614][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.936423][ T5979] Bluetooth: hci2: command tx timeout [ 153.984699][T12725] veth0_to_team: entered promiscuous mode [ 153.987009][T12725] veth0_to_team: entered allmulticast mode [ 154.084273][T12735] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2324'. [ 154.087871][T12735] netlink: 'syz.3.2324': attribute type 6 has an invalid length. [ 154.138871][ T40] kauditd_printk_skb: 101 callbacks suppressed [ 154.138883][ T40] audit: type=1800 audit(1755572701.694:53382): pid=12740 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2326" name="/" dev="9p" ino=2 res=0 errno=0 [ 154.284563][T12757] ------------[ cut here ]------------ [ 154.286131][ T40] audit: type=1326 audit(1755572701.834:53383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12758 comm="syz.3.2334" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0fdd8ebe9 code=0x7ffc0000 [ 154.287129][T12757] 'send_pkt()' returns 0, but 65536 expected [ 154.294550][ T40] audit: type=1326 audit(1755572701.834:53384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12758 comm="syz.3.2334" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0fdd8ebe9 code=0x7ffc0000 [ 154.294575][ T40] audit: type=1326 audit(1755572701.844:53385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12758 comm="syz.3.2334" exe="/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fa0fdd8ebe9 code=0x7ffc0000 [ 154.294593][ T40] audit: type=1326 audit(1755572701.844:53386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12758 comm="syz.3.2334" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0fdd8ebe9 code=0x7ffc0000 [ 154.324537][T12757] WARNING: CPU: 1 PID: 12757 at net/vmw_vsock/virtio_transport_common.c:426 virtio_transport_send_pkt_info+0x91d/0x1020 [ 154.329092][T12757] Modules linked in: [ 154.331295][T12757] CPU: 1 UID: 0 PID: 12757 Comm: syz.2.2333 Not tainted syzkaller #0 PREEMPT(full) [ 154.336639][T12757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 154.341306][ T40] audit: type=1400 audit(1755572701.894:53387): avc: denied { write } for pid=5909 comm="syz-executor" path="pipe:[2645]" dev="pipefs" ino=2645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 154.351335][T12757] RIP: 0010:virtio_transport_send_pkt_info+0x91d/0x1020 [ 154.354538][T12757] Code: 59 16 48 f6 84 db 75 26 e8 70 1b 48 f6 c6 05 71 34 20 05 01 90 48 8b 54 24 10 44 89 ee 48 c7 c7 00 4b 13 8d e8 e4 bb 06 f6 90 <0f> 0b 90 90 e8 4a 1b 48 f6 31 ff 44 89 e6 e8 80 16 48 f6 45 85 e4 [ 154.361753][T12757] RSP: 0018:ffffc90003717730 EFLAGS: 00010282 [ 154.363763][T12757] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90033b12000 [ 154.367073][T12757] RDX: 0000000000080000 RSI: ffffffff817a3365 RDI: 0000000000000001 [ 154.369703][T12757] RBP: ffff8880561b3800 R08: 0000000000000001 R09: 0000000000000000 [ 154.372259][T12757] R10: 0000000000000001 R11: 74203a7469647561 R12: 0000000000010000 [ 154.375092][T12757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000010000 [ 154.378438][T12757] FS: 00007f9c57aca6c0(0000) GS:ffff8880d67bc000(0000) knlGS:0000000000000000 [ 154.381934][T12757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 154.384428][T12757] CR2: 00007fa0fdfb7dac CR3: 00000000518b0000 CR4: 0000000000352ef0 [ 154.387379][T12757] DR0: 0000000000000104 DR1: fffffffffffffffd DR2: 0000000000000000 [ 154.390522][T12757] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 154.393496][T12757] Call Trace: [ 154.394580][T12757] [ 154.395536][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.397134][T12757] virtio_transport_seqpacket_enqueue+0x13c/0x1c0 [ 154.399161][T12757] ? __pfx_virtio_transport_seqpacket_enqueue+0x10/0x10 [ 154.401351][T12757] ? virtio_transport_stream_has_space+0x10a/0x150 [ 154.403388][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.404912][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.406468][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.407972][T12757] vsock_connectible_sendmsg+0xfa1/0x1280 [ 154.409767][T12757] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 154.411692][T12757] ? __pfx_woken_wake_function+0x10/0x10 [ 154.413478][T12757] ____sys_sendmsg+0xa95/0xc70 [ 154.414985][T12757] ? copy_msghdr_from_user+0x10a/0x160 [ 154.416882][T12757] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.418570][T12757] ? futex_unqueue+0x133/0x2c0 [ 154.420111][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.421644][T12757] ? lock_release+0x201/0x2f0 [ 154.423158][T12757] ___sys_sendmsg+0x134/0x1d0 [ 154.424666][T12757] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.426362][T12757] ? __pfx___futex_wait+0x10/0x10 [ 154.427948][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.429476][T12757] __sys_sendmmsg+0x200/0x420 [ 154.430964][T12757] ? __pfx___sys_sendmmsg+0x10/0x10 [ 154.432591][T12757] ? vsock_connectible_setsockopt+0x226/0x770 [ 154.434520][T12757] ? __pfx_do_futex+0x10/0x10 [ 154.436008][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.437569][T12757] ? __pfx___x64_sys_futex+0x10/0x10 [ 154.439227][T12757] ? __sys_setsockopt+0x1c0/0x230 [ 154.440805][T12757] __x64_sys_sendmmsg+0x9c/0x100 [ 154.442378][T12757] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 154.444269][T12757] do_syscall_64+0xcd/0x4c0 [ 154.445794][T12757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.448092][T12757] RIP: 0033:0x7f9c56b8ebe9 [ 154.449522][T12757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.455476][T12757] RSP: 002b:00007f9c57aca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 154.458105][T12757] RAX: ffffffffffffffda RBX: 00007f9c56db5fa0 RCX: 00007f9c56b8ebe9 [ 154.460573][T12757] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000005 [ 154.463066][T12757] RBP: 00007f9c56c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 154.465605][T12757] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000000 [ 154.468123][T12757] R13: 00007f9c56db6038 R14: 00007f9c56db5fa0 R15: 00007fff5808c678 [ 154.470602][T12757] [ 154.471591][T12757] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 154.473890][T12757] CPU: 1 UID: 0 PID: 12757 Comm: syz.2.2333 Not tainted syzkaller #0 PREEMPT(full) [ 154.476786][T12757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 154.480106][T12757] Call Trace: [ 154.481159][T12757] [ 154.482112][T12757] dump_stack_lvl+0x3d/0x1f0 [ 154.483606][T12757] vpanic+0x6e8/0x7a0 [ 154.484879][T12757] ? __pfx_vpanic+0x10/0x10 [ 154.486324][T12757] ? virtio_transport_send_pkt_info+0x91d/0x1020 [ 154.488295][T12757] panic+0xca/0xd0 [ 154.489494][T12757] ? __pfx_panic+0x10/0x10 [ 154.490907][T12757] check_panic_on_warn+0xab/0xb0 [ 154.492455][T12757] __warn+0xf6/0x3c0 [ 154.493729][T12757] ? preempt_schedule_notrace+0x62/0xe0 [ 154.495456][T12757] ? virtio_transport_send_pkt_info+0x91d/0x1020 [ 154.497448][T12757] report_bug+0x3c3/0x580 [ 154.498818][T12757] ? virtio_transport_send_pkt_info+0x91d/0x1020 [ 154.500838][T12757] handle_bug+0x184/0x210 [ 154.502215][T12757] exc_invalid_op+0x17/0x50 [ 154.503684][T12757] asm_exc_invalid_op+0x1a/0x20 [ 154.505219][T12757] RIP: 0010:virtio_transport_send_pkt_info+0x91d/0x1020 [ 154.507368][T12757] Code: 59 16 48 f6 84 db 75 26 e8 70 1b 48 f6 c6 05 71 34 20 05 01 90 48 8b 54 24 10 44 89 ee 48 c7 c7 00 4b 13 8d e8 e4 bb 06 f6 90 <0f> 0b 90 90 e8 4a 1b 48 f6 31 ff 44 89 e6 e8 80 16 48 f6 45 85 e4 [ 154.513556][T12757] RSP: 0018:ffffc90003717730 EFLAGS: 00010282 [ 154.515984][T12757] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90033b12000 [ 154.519110][T12757] RDX: 0000000000080000 RSI: ffffffff817a3365 RDI: 0000000000000001 [ 154.522240][T12757] RBP: ffff8880561b3800 R08: 0000000000000001 R09: 0000000000000000 [ 154.525427][T12757] R10: 0000000000000001 R11: 74203a7469647561 R12: 0000000000010000 [ 154.528570][T12757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000010000 [ 154.531671][T12757] ? __warn_printk+0x1a5/0x350 [ 154.533640][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.535535][T12757] virtio_transport_seqpacket_enqueue+0x13c/0x1c0 [ 154.538082][T12757] ? __pfx_virtio_transport_seqpacket_enqueue+0x10/0x10 [ 154.540803][T12757] ? virtio_transport_stream_has_space+0x10a/0x150 [ 154.543377][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.545306][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.547150][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.549051][T12757] vsock_connectible_sendmsg+0xfa1/0x1280 [ 154.551293][T12757] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 154.553726][T12757] ? __pfx_woken_wake_function+0x10/0x10 [ 154.555921][T12757] ____sys_sendmsg+0xa95/0xc70 [ 154.557848][T12757] ? copy_msghdr_from_user+0x10a/0x160 [ 154.559998][T12757] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.562108][T12757] ? futex_unqueue+0x133/0x2c0 [ 154.564039][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.565971][T12757] ? lock_release+0x201/0x2f0 [ 154.567849][T12757] ___sys_sendmsg+0x134/0x1d0 [ 154.569711][T12757] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.571760][T12757] ? __pfx___futex_wait+0x10/0x10 [ 154.573793][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.575692][T12757] __sys_sendmmsg+0x200/0x420 [ 154.577578][T12757] ? __pfx___sys_sendmmsg+0x10/0x10 [ 154.579627][T12757] ? vsock_connectible_setsockopt+0x226/0x770 [ 154.582084][T12757] ? __pfx_do_futex+0x10/0x10 [ 154.583998][T12757] ? rcu_is_watching+0x12/0xc0 [ 154.585914][T12757] ? __pfx___x64_sys_futex+0x10/0x10 [ 154.587996][T12757] ? __sys_setsockopt+0x1c0/0x230 [ 154.590000][T12757] __x64_sys_sendmmsg+0x9c/0x100 [ 154.591980][T12757] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 154.594383][T12757] do_syscall_64+0xcd/0x4c0 [ 154.596196][T12757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.598539][T12757] RIP: 0033:0x7f9c56b8ebe9 [ 154.600304][T12757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.607849][T12757] RSP: 002b:00007f9c57aca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 154.611121][T12757] RAX: ffffffffffffffda RBX: 00007f9c56db5fa0 RCX: 00007f9c56b8ebe9 [ 154.614278][T12757] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000005 [ 154.617426][T12757] RBP: 00007f9c56c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 154.620525][T12757] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000000 [ 154.623658][T12757] R13: 00007f9c56db6038 R14: 00007f9c56db5fa0 R15: 00007fff5808c678 [ 154.626777][T12757] [ 154.628936][T12757] Kernel Offset: disabled [ 154.630671][T12757] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:05:02 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=ffffc90005027888 RCX=ffffffff9140be24 RDX=ffffc90005027898 RSI=ffffc90005027858 RDI=ffffc90005027888 RBP=ffffc90005027858 RSP=ffffc90005027788 R8 =0000000000000001 R9 =0000000000000000 R10=ffffc90005027888 R11=0000000000006b0a R12=0000000000000008 R13=ffffc90005027898 R14=ffffc90005027890 R15=ffffc90005020000 RIP=ffffffff816ae2eb RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555580164500 ffffffff 00c00000 GS =0000 ffff8880d66bc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055558017f5c8 CR3=000000005ef30000 CR4=00352ef0 DR0=0000000000000104 DR1=fffffffffffffffd DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff928579e0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff92857b66 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff92857b66 00007fff92857b6c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0fde12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0fde12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0fde12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0fde12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0fde12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0fde12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85643805 RDI=ffffffff9b10e020 RBP=ffffffff9b10dfe0 RSP=ffffc900037170a0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552031203a555043 R12=0000000000000000 R13=0000000000000035 R14=ffffffff9b10dfe0 R15=ffffffff856437a0 RIP=ffffffff8564382f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f9c57aca6c0 ffffffff 00c00000 GS =0000 ffff8880d67bc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fa0fdfb7dac CR3=00000000518b0000 CR4=00352ef0 DR0=0000000000000104 DR1=fffffffffffffffd DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffeacddd3c6 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffeacddd3c6 00007ffeacddd3cc ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c212e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c212e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c212e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c212e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c212ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c212fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c3874a8 00007f571c3874a0 00007f571c387498 00007f571c387470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571ceed100 00007f571c387460 00007f571c380004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f571c3874b8 00007f571c3874b0 00007f571c3874a8 00007f571c3874a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000001a240c RBX=0000000000000002 RCX=ffffffff8b939c29 RDX=ffffed100d4c6656 RSI=ffffffff8c162800 RDI=ffffffff81913311 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000000 R9 =ffffed100d4c6655 R10=ffff88806a6332ab R11=0000000000000000 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90ab3f90 R15=0000000000000000 RIP=ffffffff8b93878f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68bc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000020000003f000 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff5808cb86 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff5808cb86 00007fff5808cb8c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56d874a8 00007f9c56d874a0 00007f9c56d87498 00007f9c56d87470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c578ed100 00007f9c56d87460 00007f9c56d87478 00007f9c56d874c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56d874b8 00007f9c56d874b0 00007f9c56d874a8 00007f9c56d874a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000022e584 RBX=0000000000000003 RCX=ffffffff8b939c29 RDX=ffffed100d4e6656 RSI=ffffffff8c162800 RDI=ffffffff81913311 RBP=ffffed1003c56000 RSP=ffffc90000197df8 R8 =0000000000000000 R9 =ffffed100d4e6655 R10=ffff88806a7332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801e2b0000 R14=ffffffff90ab3f90 R15=0000000000000000 RIP=ffffffff8b93878f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69bc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c46de22 CR3=00000000518b0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003172 656c6c616b7a7973 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff5808cb86 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff5808cb86 00007fff5808cb8c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56c12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56d874a8 00007f9c56d874a0 00007f9c56d87498 00007f9c56d87470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c578ed100 00007f9c56d87460 00007f9c56d80004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c56d874b8 00007f9c56d874b0 00007f9c56d874a8 00007f9c56d874a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000