last executing test programs: 2.010335503s ago: executing program 0 (id=542): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000180)={'dummy0\x00', {0x2, 0x0, @initdev}}) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x17, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e}, 0x94) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x1, 0xf000, 0x2000, &(0x7f0000a9e000/0x2000)=nil}) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x6, @mcast2={0xff, 0x3}}, 0x1c) (async) r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read(r5, &(0x7f0000000040)=""/138, 0x8a) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) (async) r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0xa00, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x0, @thr={&(0x7f0000000600)="f53289bb1eaad6ab87d8fd3baf52c80d51b37d30854a5947e632b08f584eea8e135d812ffdf3a2413e33b7939e78128cbca90fece71a6f5a1713430b00fddd1a49850c1f2a330b96b8803d030f8cfb1c8bfa71079f9ae13d4d65dd1dd4d63617abf51bc0060817d05b1daf1451452f816375e9933d67fcc00c866a6c1bc746cf23ee095c89c9aeb850c950976f8c56a003bb1f3e67684b80e7fd40e1f76c216a7138697fac855509683572e254ff0b7049ecb0134179cc8665b0ed142f", &(0x7f00000006c0)="6555aed5297da65d6c5f03ee2aeedd30cdd7a40d0eb22cdbfb6a9768b0b520ee2eaf9f70cd8901871287016ce3b0cd46f9d2e39b2c2accfe12818f9cdee38ae56b9755ae69a0179074f8e49056c06aaef6d46ca612fed6a405ed79286b26416ae60b6c088439458d59131539c1b61dabb4fef9e1b4e804729a7406e9beeb62283b1466d1eaf6a245772bc4ae035f08108ec42281fcfed0486c9b2ba316ba27d8462de346e3504014730408c47a2daf487bbc553d5c2ee0cc86be9fdafa956e56c96cab68373a3c498dde61d947d19098"}}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0xfffffffffffffdc8) io_setup(0x2278, &(0x7f0000000180)=0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r11, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) io_submit(r9, 0xa, &(0x7f0000000f00)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x7, 0x3, r3, &(0x7f00000007c0)="30a6e5e43e0d804c223a798c7a0ba960a8e8ea58bd5b21d3e47edb2f74c19fdc8034dd3a6e6620277366fd2128f7dfed307282a5c2b022bd45f16b005a9f072e2f3560efcb9527d88effe2cd00af3f35c3b57b15fe764819f44935472d5ff0f0f124c0f8dfa4ff846b5e26e37299cd8f051dfe431780402cd2aa58216ad6daf6dfc7798bc45e68903d9726462494601365bcc3a6fdeb5331fe701e003d513e520c212bffd9599383a794535cd1ea61d725ebda1e7bd07f4b2daef60ada104a79edab502e464ee475b6da81ef75637a", 0xcf, 0x80000000, 0x0, 0x1, r5}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x8, 0x0, r10, &(0x7f0000000440)="cce8484a4f5fcdd6", 0x8, 0x0, 0x0, 0x3, r5}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x2, 0x6, r5, &(0x7f00000008c0)="e9438f9dced1d25c241722cdcb6040594ad0bfd4ea20ecd597c350bc4f1e63108f3b62b1d915126ace6d93ef0209af4ef89a", 0x32, 0x0, 0x0, 0x3}, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x8, 0x3, r6, &(0x7f0000000940)="469a924200384aae84f7cce2a2d6caf1395c5d5516311171c19fde9f3c36700b9306261029b5355c3f65aa438925ed0c7f217fedc1df36799e41fccc7e1b761b92357e2704a1c5f27d118c3234b5ca4d85f73adea8d4388044228a5bbfc9aa1843ac955c824a71ff4c4589efb0088ad535f18befb1f0bd9791332b074d5a2544375947fa97901c1d91953aa273e8b8323efd9d67719cc9cc57a72f847b309138f04a954813259152550f6d1524e6a9b1", 0xb0, 0xb15e, 0x0, 0x1, r5}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000a80)="d8ed616da91a6d87f0c123d07876a6be085812fdbd6db68205981dfb16a6f120017c59d683d17bd8306e770ae5a1c17236993a7a191fa470a2b997f2", 0x3c, 0x400, 0x0, 0x1, r5}, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x8, 0xe904, r0, &(0x7f0000000b00)="289e2873978569107406cc1a51b6db7a1d6fccdc117119574e446497de7d2f76bc5a30e8aa5695ebe768a37570d8a5d80c96455ce6a7205362159dcadc1261b27734fc502f1f47a4c0e842e04b63e07ab0584d6aa7a8a277c15776249619563718620db69ef25137716348052b740d8539556c3d3962c531148c733a846d0a1457", 0x81, 0x7, 0x0, 0x1, r5}, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x5, 0x4, r2, &(0x7f0000000c00)="a0", 0x1, 0xffff, 0x0, 0x2, r4}, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x6, 0x1ff, r7, &(0x7f0000000c80)="a642a666f81c430fce365e10909aa9c9b67cd07e85b42366607c8a96227bfc1f0ad95bde88e1228f0231cc92d9ddcc7bcaf204caabbb6b9781087d08a6f1b0294fb2c02c16d8b93117ab10ac517b9e4983be1cf33abe166dcf6f6e8055d6587e5ccfb2f2cb3b7cb17da6149c9effb5d682e961328351db08260d14414b17691d0f2d3192aa17e3659d6fa861ae355d5df013af65239bf09fe381209590f769b8a4b2f7", 0xa3, 0x9}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x7, 0x0, r1, &(0x7f0000000d80)="4a0bcbb7", 0x4, 0x9, 0x0, 0x3}, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x1, 0x1, r0, &(0x7f0000000e00)="b7a3f29ef5c1b46e0169c6693771cb83a92e1beba6ba02881b220f9e3a591a8ba928d5a3f961b7c145933cc7da3e02bcd1274199de2eb8638384e8a63978604c9fabb29a05a8efd4eaecdb8ae881740a63c8b6823d72287e84ffc733fbcb8bf19a8de39fd3d91e47468bf5b868272fbeacd1b0ff0963883b2e7c468f675463385d83736fa994a86211cb3b9a3bb1984a7e53d0f4f73500f21ec5a889", 0x9c, 0x7, 0x0, 0x1}]) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0xe42, 0x9, 0xfffffffffffffffb, 0x5, 0x10000, 0x3, 0x4002004c2, 0x100000007ff, 0x1, 0x0, 0x10000000000400, 0x80, 0x8b, 0x0, 0x8, 0x8b], 0x58000, 0x240046}) (async) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) ioctl$KVM_RUN(r8, 0xae80, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x48, &(0x7f0000000500)={'trans=virtio,', {[{@dfltuid}]}}) (async) setxattr$incfs_id(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000140), 0x0, 0x0, 0x2) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000006a00010027bd05000000000000000000000000000800010001400000"], 0x20}, 0x1, 0x0, 0x0, 0x4050}, 0x8000) 2.009531897s ago: executing program 0 (id=543): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100"], 0x16) syz_clone3(0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_usb_connect(0x3, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0405"], 0x7) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0x8000) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xf}, {}, {0xffff, 0xfff3}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x3, 0xfff3}}]}}]}, 0x3c}}, 0x24040080) 1.37140419s ago: executing program 0 (id=553): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x7, 0x4, 0x700, 0x700, 0x2c}, 0x48) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000001200), r1) (async) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ppoll(&(0x7f0000000000)=[{r0, 0x408}, {r0, 0x1000}], 0x2, &(0x7f0000000080)={r3, r4+10000000}, &(0x7f00000000c0)={[0x1]}, 0x8) (async) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000001280)={0x24, r2, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x90}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20008850) (async) semget(0x0, 0x2, 0x80) 971.974352ms ago: executing program 1 (id=556): r0 = syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$ARCH_SET_GS(0x1e, r0, 0x0, 0x1001) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='xfs\x00', 0x2, &(0x7f00000002c0)='g\x859\xc1\x0e\xe9\x80Q\x9d\xb7\xb7\xf7\t\x00\xf3rpOuota') r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301) ioctl$USBDEVFS_CONTROL(r1, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0}) r2 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000140)={0x2, 0x4e20, @remote}, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000900)='stat\x00') lseek(r3, 0x7, 0x1) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040080}, 0x4000000) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)=@v1={0x1000000, [{0x950, 0x100}]}, 0xc, 0x3) 971.639898ms ago: executing program 1 (id=557): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3c, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209b"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 891.977915ms ago: executing program 1 (id=558): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)="98bd80d1b51fac3cd4242ec52d3a9d97a2363395b5add192d6bb49", 0x1b}, 0x1, 0x0, 0x0, 0x81}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x24, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x1b\x00'}, @typed={0x8, 0xa, 0x0, 0x0, @fd}]}, 0x24}}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000007800)={0x0, 0x0, &(0x7f00000077c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000036017bc32dbd7000fddbdf2503"], 0x14}}, 0x4000) 891.734614ms ago: executing program 1 (id=559): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001300)=ANY=[@ANYBLOB="140000001000010000000000000080000100000a34000000060a090400000000000000000200ffff0900020073797a32000000000900010073797a30000000000700074350111e0014000000110001"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x38, 0x7, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x0) syslog(0x2, &(0x7f0000003280)=""/106, 0x6a) 799.834554ms ago: executing program 1 (id=560): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0xe) open$dir(&(0x7f00000003c0)='./file0\x00', 0x400, 0x113) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) mount(&(0x7f00000006c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)='minix\x00', 0x204001, 0x0) 689.753561ms ago: executing program 2 (id=562): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f0000000200)={'wlan1\x00'}) 622.174992ms ago: executing program 2 (id=563): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0) r1 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) r2 = syz_open_dev$media(&(0x7f0000000040), 0x2, 0x102) r3 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000003f40), 0x200, 0x0) ioctl$CDROM_MEDIA_CHANGED(r3, 0x5325, 0x8) ioctl$MEDIA_IOC_DEVICE_INFO(r2, 0xc1007c00, &(0x7f0000000240)) r4 = shmat(r1, &(0x7f0000ff9000/0x1000)=nil, 0x5000) madvise(&(0x7f00004ba000/0x2000)=nil, 0x2000, 0xc) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0xc0068000, 0x0, 0xfd6c, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) shmdt(r4) ioctl$I2C_SLAVE(r0, 0x703, 0x60) r5 = socket(0x1, 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000100)={0x41, 0x1, 0x0, "4749570000000000000000000e00000008000000000000001400"}) r6 = socket(0x10, 0x3, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=@newtfilter={0x30, 0x28, 0xd27, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r7, {0xfff3, 0x9}, {0x0, 0x9}, {0xffff, 0xb}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x40408c4) 451.888979ms ago: executing program 0 (id=564): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000001340)=@hci={0x1f, 0x5865, 0x31}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)="b8b2821400000081000000008100", 0xe}, {&(0x7f00000002c0)="235b88fb", 0x4}], 0x2}, 0x4000080) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xd}, {0xffff, 0xffff}}}, 0x24}}, 0x40080) 450.782095ms ago: executing program 1 (id=565): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)="f10ec5575fa16c2b000000005f", 0xd}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) (async) recvmmsg(r1, &(0x7f0000004300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x61, 0x0) (async) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r2 = gettid() (async, rerun: 64) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x90040, 0x0) (rerun: 64) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000380)={0x1, 0x0, {0x0, 0x7, 0x4011, 0x9, 0xb, 0x7, 0x0, 0x4}}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r4 = socket(0x22, 0x2, 0x24) setsockopt$IP_VS_SO_SET_EDITDEST(r4, 0x0, 0x489, &(0x7f0000000280)={{0x32, @remote, 0x4e24, 0x3, 'ovf\x00', 0x0, 0x7, 0x6e}, {@remote, 0x4e23, 0x2, 0x9, 0x80000000, 0x3fc9}}, 0x44) (async) bind$alg(r4, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) (async, rerun: 32) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="20c13d10", 0x4) (async, rerun: 32) timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) (async) r6 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r6) (async) prctl$PR_SET_PTRACER(0x59616d61, 0x0) (async) ioctl$SIOCX25GFACILITIES(r5, 0x89e2, 0x0) (async) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) (async) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000080)=ANY=[@ANYRES32=r4], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000400)="e0b9547ed387dbe9abc89b6f5b7e", 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) (async) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) (async) timerfd_settime(r5, 0x1, &(0x7f0000000140)={{r7, r8+60000000}, {0x77359400}}, &(0x7f0000000180)) (async, rerun: 64) syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000080)) (async, rerun: 64) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x2fff) (async) r10 = openat2(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x224000, 0x160, 0x9}, 0x18) io_uring_enter(r10, 0x7202, 0x9eed, 0x40, &(0x7f0000000580)={[0x9]}, 0x8) 450.201703ms ago: executing program 3 (id=566): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 372.280297ms ago: executing program 3 (id=567): r0 = socket$igmp6(0xa, 0x3, 0x2) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x60, 0x0, 0x1, 0x0, 0x0, {0x39}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x73}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x60}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900"], 0x48}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x4e, &(0x7f0000000040)=ANY=[], 0x0) 372.082091ms ago: executing program 2 (id=568): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc1100001200010200"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000f504010007c01c000a"], 0x11fc}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001300e9990000000001000000fe8000000000000000000000000000bbe000000100000000000000000000000000000400100000000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="1c0000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000001f9e30d5430b62f96cff7cb6a35681a592577dbfefb4a3c574ec38d05743d78497546dd27284e37aac06afca7d9ca7aac2ee779f634bd2348a8ed59757847edc75c3fdb4d3f426b97d3cb4cbb8959d07338c5b6f51c5f906e060adcd76034928ac8325d5b86b1b83ba6a28d4d2ccbb94ced36cdcb939bef841782ed48da4065018d8481a7cfcccadabb7f3f13be15abb6e53b8807eef117c6eeb74fdf276aa13e1d606a1c556fc2321c899442de1429c4e18815d4293b96a4371acbf6bc4b6a394efad23364ad73cbce392f3dcf010056d039445a4968f0114fe0f9f884f912b5cb18a63d3e90699dcbb7aac16fa44935a627cf71e5e7d1a769fc5d9c95b33dbdba02d0f7ffe82da0015c2c7ba87b0f4517dbde26049e0cfe9df2f197e63bb76ee86c61e1e304cd81a3b58289228bc"], 0xb8}}, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2810024, &(0x7f00000001c0)={[{@xino_auto}], [{@obj_user={'obj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@context={'context', 0x3d, 'root'}}, {@flag='nomand'}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '}$'}}, {@dont_measure}, {@permit_directio}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000f00)=ANY=[@ANYBLOB="8500000008000000350000000000000085000000050000009500000000000000fed023000000c71adb30be7d75fa1f32f08a23ce3220b0cc9505d72768b8242dd90d17e4c52505756ca2b009546a0900000000000000d3df2bd87184446d165ae3939bbca322a415a98c8801000000000000800859362ed862b3c47fa8ce7c69adfd2f16af3a00000000000000000000009a317aa34f0c50f99eedac26048ab915e1be5aa845be00de14683ee4e859d65564a9c79d20e5a011e966388cd0bb39f45d6c508b8a0f7f2d48be0e2a8137c6741775428abf2ddfd2a473f5b271701e22f8cb42198906e1107fa780c435083cac323838727a606495803509f84729f3e8a2fbfb995f99b82df3b363a9cf6ba87fdfbf5a3dd0dde49b4193520e5e946687634c04000000000000bfbcd911eba0dee5e5ce6434f86fe82ee02f0e8e3173a97d85e232e584ace13387693614f3a7ef88709f4d552c7b3a7903e14dc418e58f3e98933b2c93fae25ec2dd190231e2531e1ffeff33676a4383a918cba3ad8318ea29f164563a42cdb596f255a251add2d2ae2fac0a0e7428e4bf07fc884be5721bdffe58c6a4b57014ce976ce8b9cddfa50175c53253d7659f0e88913d4fa7f37feb40337fada4363c0698510730725e23bdad60ceaeecfeeccc397565f204b82d6d4458d77a1b4abeadf350c21027d314237a9d448b82827ff3f29cc9b46c8fcfbb30d1fc18707c252b596cdbf4e77836adc1f59f9d1280333d135fdcdcee8eb817388666e02ff1b148b6bc3c283e71c0ad9c683c6bb6fea2d2d54af3ad488f0cc2e54a70c19ceac518adbe917652c34019d7478c716ab23d4a863b4dcd08d89f6cec674e9fd379d71e06357d207984e885ace8a0dbaffef403aff01d5f2f0e644b61cd8bd72a59f2d7cf67815aeb8761412d68c40dbed08b7eeda96b3856a519a71b83c19b2e8f88d92b66abec165663819a87e7cd8c082cb011051789c283eecfe08f0799f6c7023353b6d3af7177d6b56549616bfede82c598301c98b0420b1784b53238b39c0db1da864e593d45fd297e4d34e749bc737e0bcf36fd955a40124c00d40c3f21d26e6e276152412b4ef3f52dc416bb2d7463a93ee6c0b20c5749a44677a3c3a7aa9a47c7cd7bb52fbb2c8d63166f4ad1038f33258736b2224a66726f1fd4dce0eb6043a55fbdd341baba95cc5838a860068e0f3e73d992403455b03b25bd5414628d7325a6b25986666b336851d9c623c405bf608d4bd9347c83cb693aebab072be479705b0c6c9bb9728d131f8320b966898de1a16407692b57b6f7333eac0d2ed0a7a4457d9c70089fcf9aa553929a65777f3bbf6d0bdc6a11371a138c6d4b0fefc655716e4486f5c7a88e80b2fb0efb579333bef98ded75abfb982b1fb92f003a6aefb8bf25eacb848d8ed1c1162d000000000000000000000000e87dffd60f123527781805434d210bb72ac2c097c45b27dde4980bc85b43614d266a9d403c320f80646c7df8bdd1cf380000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/148, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff79}, 0x16) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0xe, 0x0, &(0x7f0000000700)="04d31fcd275bfc58188e699fa7c9", 0x0, 0x375, 0x0, 0x3a, 0x0, &(0x7f0000000540)="9a4f1f796ecac0afa6efee7073e66f741b673e78b684388008a1374fed03c7508a50a9e6796dfd73facfb013a6322467a4a0011fc387ea6be1e1", 0x0}, 0x50) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) 371.806567ms ago: executing program 0 (id=569): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) (async, rerun: 64) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) (async) setsockopt$sock_int(r1, 0x1, 0xc, &(0x7f0000000080)=0x17, 0x4) r2 = socket(0x2c, 0x3, 0x0) r3 = syz_open_dev$vcsu(&(0x7f0000000440), 0x8001, 0x115000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x8d, 0x8d, 0x3, [@fwd={0x1}, @type_tag={0x3, 0x0, 0x0, 0x12, 0x93c}, @decl_tag={0x10, 0x0, 0x0, 0x11, 0x3, 0xffffffffffffffff}, @typedef={0x4, 0x0, 0x0, 0x8, 0x3}, @func={0x6, 0x0, 0x0, 0xc, 0x5}, @const={0xc}, @datasec={0x1, 0x3, 0x0, 0xf, 0x1, [{0x2, 0x8, 0x3}, {0x4, 0x3e, 0x6}, {0x4, 0xfffffffe, 0xd}], "88"}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x6b, 0x0, 0x5b, 0x2}]}, {0x0, [0x0]}}, &(0x7f0000000540)=""/47, 0xab, 0x2f, 0x0, 0x1bbf1039}, 0x28) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="11000000040000000800000022bf000000000100", @ANYRES32, @ANYBLOB="00000001afb8b0678bd367000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/24, @ANYRES32=r3, @ANYBLOB], 0x50) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3c8, 0x0, 0xa, 0x148, 0x0, 0x10, 0x330, 0x2a8, 0x2a8, 0x330, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x70, 0xe0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b90ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc0d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @local, 0x0, 0x0, 'ip6erspan0\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg2\x00', {0xffffffffffffffff, 0xff, 0x0, 0x0, 0x0, 0x7fff, 0x200}}}, @inet=@rpfilter={{0x28}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @multicast, 0x2, 0x7, [0x0, 0x10, 0x1b, 0x2b, 0x37, 0x2e, 0x2b, 0x18, 0x2b, 0x34, 0xd, 0x0, 0x3d, 0x1, 0x32, 0x37], 0x1, 0x6, 0x1570000000000}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x428) (async, rerun: 64) r6 = socket(0x2c, 0x3, 0x0) (async, rerun: 64) r7 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) (async) recvmsg(0xffffffffffffffff, 0x0, 0x12020) (async) r8 = fsmount(r7, 0x0, 0x0) fchdir(r8) (async, rerun: 64) r9 = socket(0x10, 0x2, 0x0) (rerun: 64) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, @empty, @empty, 0x40, 0x20, 0x2, 0x2}}) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) (async, rerun: 64) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000140), &(0x7f0000000080)=@udp=r6}, 0x20) (async, rerun: 64) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r4, &(0x7f0000000140), &(0x7f0000000080)=@tcp6=r2, 0x2}, 0x20) (async) accept4$phonet_pipe(r0, 0x0, &(0x7f00000001c0), 0x80000) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r11, &(0x7f0000000040)={0x1f, 0xfffe, @any, 0x4004}, 0x2) (async) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="efe641f7ba570692e64064fce06cca99cecb6c17731058c143e390fc4f403c06bcda39099c9735cd49008e080400489dc8405e5ab4de3cd27d67dd4c76938e369b4a035c068d9d1952bec16f4f286b9ac668c0bf2c379930ee541591b84ed4e263e3908f46d303d2e23dbd9ddb02039a0c69cd37dbc78895aee9988f5cbceb7bc6f2c6e8f12e6d6c13255055c87f03150f3dc98aeb6c0fac6a2eb668bc1bc87ef3863696ce772523a0a0711539945708c873dd27fad4d2a782fc3b9c74c5894449d762fd0e5b284e6631e7b024", 0xcd, 0x2000c080, &(0x7f0000000200)={0xa, 0x4e23, 0x1, @loopback, 0x7fffffff}, 0x1c) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'tunl0\x00', 0x0, 0x8, 0x8, 0x0, 0x826, {{0xe, 0x4, 0x0, 0x2, 0x38, 0x64, 0x0, 0xa, 0x29, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_addr={0x44, 0x14, 0x34, 0x1, 0xb, [{@multicast1, 0x9}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7fff}]}, @ssrr={0x89, 0xf, 0xf, [@local, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @noop]}}}}}) sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@ipv6_getaddrlabel={0x40, 0x4a, 0x20, 0x70bd26, 0x25dfdbff, {0xa, 0x0, 0x8, 0x0, r12, 0xfffffffb}, [@IFAL_ADDRESS={0x14, 0x1, @mcast2}, @IFAL_LABEL={0x8, 0x2, 0xb}, @IFAL_LABEL={0x8, 0x2, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x48810) setsockopt$bt_BT_DEFER_SETUP(r10, 0x112, 0xf, &(0x7f0000000080), 0x4) 218.582735ms ago: executing program 3 (id=570): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x4040, 0x4) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa000000004404730001000000000000000000000000937d55238c30c2a82023876a0f6fa6229d6727dd970dd00f6387a076c6c2e6a1a199471c4a29792129db1d9c6b639266371bf4e40c12113edd702d93d946019a510bea829e27cd556e4f2bce3a3b28f61de50553e76768d83ec9af4f75d53b2151d53d9cc94f6a870644bb6bb038f66a219adf3042453f8f1fc0004d3d1a848b532e0939c5b60000000000000000000000549f706d5f954101d8b4b19ba8c19e4a7d956a277a686467406896816185b39f55c2e9d38fdaade3a018f75df302938ddaa05927c87760430e7e90a8ad590a5ae125646f967c40134dc2fe0e74cbafd304eaf64a6f51e25ff4e6557b1706884e998773e0d27051acdbd6013cd9728adc63ae4c0ee01a42c6a4e307751b1914d3991654a8dd43a5aa71c651970164f28e61a7ad1049143027cdacbbf88d0503f3d535096ccee49823"], 0x40}, 0x0) prctl$PR_SET_MM_MAP(0x17, 0x3, 0x0, 0xfffffffffffffdd7) syz_fuse_handle_req(r1, &(0x7f0000001640)="14da02f4e3298ebb27751a00f0cb507a747b2d39d6542a987169ed3d7b41ba7d0e8ad1e70a15949273618b44403528fd138701317a4597a55b92c9f529bc250010785d57a3c4ba702c4a9197c54c81cca163679f4487afe79b349c85b2b05c74d9737b8a1b6a4c57f43e7010715f7f9b12890f71cae5e6ce668ea4e123576cbc899fffb4a44a1ac6d129960f8462d6be54489343c111d24afdc31c663b1393108b1b88b8de133a53337935b60b5b1a914c1783c4af9596f374c8284062fcdb9b6510a6e6dbd56406d58904fba6e279bca6b763c6b541ac399d19f5ce29cc0884f49a22868753e64dc31cef48bcca63847286004e5a755c97aab1b970f7b2f2eefd73697db2a76863736252fed8c57ab80541fc45ede0be01340a2c33d91cb19c6face58c79638d8aa4773a6bdfa2737856b6579b676585c98472006345b6c0cab3d10afe747cb055d0ce4693b4fab8a367348b7772a0fae01e1a39bd80f00fe992f60e4d579b9a28bf567da4f9422145dab4056a63b50e8d367aa0996fa22781fda6a0e35642d5bbabaaa4209ce13826bd242275ee04016fd1316d4f1354dcd2aebc81f9e61bc3b82297524733a1194c2738ee253333f61364465a87e676f642f288c90475502480f9e2936ca682d605d5e22b4fc0b6ea8eb993f0d2d3a86dc606aa698797ed0b0f65f4978ffe7198f71dc7b97a02f636c7943a7ae7ea9423e7a6f25c857f83aad3f545f2fc5bf43d045ef009523169463a0c282f59cc1c76ccdf270211257917366dd0450edd0258cfdf007576ef5576e144db9f28f9651aaf29728315a76925fda06a455d783a8cf50b8a07879c4386c641123c181b7f5ecd7d6a296ea1005b2155381a2988d06b8364bf30e4a182340c92ad94f8e6b3c02fcfab9b0f80f74881efc2bfe1cf97a03a09fed81a28eee7304d759fcedcc1e1489e1b7bc539a9752eb962c9329c94217e36155bc58196025fecbf1d04f89015f2bfa2c20990808aeb51d556cbe6661209cb02f993ea5b1e8b0e9dc3b7c3133e60a5d597d09ada7cbcb84fa37535a967c20e99ee2b986a3708d2825ad3a291812313a67f988d3d4a6a41caf18643052570fe29b60b1b16771e9c1e8654f9378fa31505d6e528966f1bc41023d53c45d81d8443edb852d2b3b44f629e6fdbe5864c690286fdc9d5a33afe33245cf35cea8d352ac1dd8a0300d0ae59da3c0f6b288a687407ba2f04a7f929931014dd9638630e79af164f6002902c816cf4463a6dda2f494ca9472f0dd884cc19739b592c17e62746027505c0ccf3f02504978f61530c13fd4d97d944b8fe940854c89564487d2a93ee6633899348f21f4922ab7eb3754462b2601cbec2b66a6316471ad5efa6c40d25bf9e0ec165f16fc66e0ee80fb06ce550d6bf17ca36b3be5f98fc39fc84c84a86d59c4a4ded259fb6ca117c157e9093d4465c225aa024c98e74bbdea95c01cbb3cb8451aeb19b52d8fc3a4718f8c82d2c5b409671012f8a2dd6d03c65864155979b132429afb4e3f77eaa0cdfc7edca85a55ee119a8e7f29de073dda413227c89f3009d3775791b0ff01644907f91af406134d7f516a05635314d6f877a71c73923753fb32259eddd315363178b118ad58f67966f60729049f69e094cdaa5bf3bffbe1151b424f513d9b608558a693ded6c9a026136394d9d3f24856dde139b99901da085ca3aac24d32663e2b3a69934eec155dfcc631ba81a8d2fe272a5280435942950704a6249ca084aa59a42d48d1d071ffd8324d23f5d0e48f10e89870e3ebef0653fd6819b207a44d818008d832f4bcb03b0b7573b4beb90b22bd955146b49bc0f19bd29c21e89ae9d4c1f0b5c33566fa2840767393e0f43131af25c178779cba50fc5e64e401530e13a1d12ef7218cfdc79522a18a1e56c1b78b51863efdc66b39b02ba942f6297f14b93bb09c63d6ade0266ff5e14168642ba369ccb57d85373139cf4506cc1f1848c5056efcf939104c4462e2a220a70e75a78c9dda7431be5d2ffe16c2f7dea734f61a28911a2f81085d880e870c4433e7f4b46c7f16c6bb1bb10765d0968aeede2e6cdca9e3717c918db4f89ba0b8a725c63bce994f1528160385762e287685e2cbe4f7034426dae1d8abdfea3f61f30cce1454993ded413eea9296acebf6255050bd71ee88376eef9482a4a3185c3c202abeef3b6b9de13f5cf007ae7c99e05f68d8bb631290c72797dd371ddf37955625a45cafa4118d494f3ced647271ff47f004332d79f440258cd247f4a7a12b4a984a3e78cbc65bd021809f4291dfbeaab0c8a5fbf123707d864902e500d0cf4f21746868d17ec1b7a553efc995b2e7f0be862f80bed4954a39ecacb20a92677c6e1e8f203f3bc40b8a73dadd42fe938d525fe6e3b885cc4ccc49dc1e00d21fe95cbea9589aeda6e89a1e771ffb455c3d02f8ca8fcc96281511146a7ab78ef285fa91ff140deeb392206b880dd1d221583e7384c502a60b3f3f1824e00ecd44304ecfa4e2e459321d2139d97b5ac4caa9a09ceb1e4953f0b4c3b47698e542d4169a0a5683c88084029a56cfd71946876689be0dcb50c98ab7711771a0716ab11ab1e92c14a5a7a7cbcdcc69e792798139736e762d21a3e9bf967322ce590182e7e060f82f0c70483d8da6845f98f522ab43708d33257bf1674595454dfbacf26c30121f5a87c2150c40127afb8ffab5814fd7379ddfdba7023e28f7d0bdc6f497267ffe972d793581989ed0ae1518b6094d8d15a0ad2d03593e3bfde92414a62edee88ee4ba23cf7c78659cc2478fe6d9251d4b0d3f48dddd488fffc8786f60ff96dfae3804f3c761e4662b2689cfd7c79b699ee84d1e2af7f5130db8a4e057d8e4cc5df906b1032b3d55db1cbeb5f23a4a6750bf0275519fa53fc0d5bf8eacbf5e1d1c01e4f46fa1bc29950d13d410f27366b439f5452211c792f2708fc06c4d9258474cd088df9e4ce745aa27075d8d0fa8fc603b70998067adb6a94995865f5dc807b41a72d2d4523d201eb47e51e395525f70567b6fecc022599cbbd5154d6a32bbf8d116bb5e575d33b1e7ebfc5b44fb7521fb4ee9bce987204a231540db359c86dbbf5d14e64f1b8d6a52ad1ee49b599d689b6d9ec263e093784f30535e538c05e167090d24e9dd7e9fc8d2bf66e784d480082aa145c58b5aada306cf084d8d862c8bf0f073213849958b50501f75b6506d1caa4df15e811825b8e13c35e61a89ce241129b57bdff050b7486daa28dbb0168ec30ddf750973dbeedeaf5ee8e3cffb9cb95debae2c4fbc1b1bcbafb8189cd8980d0980c626944c9c065a0b84628ab218b8e7527d5f90d452b1189ac1171d49f2ebb81eb661d744677b379c5ca48bd0c97d9dcaca4129016e143f26fc38e641081b27a698c8c615618884ebedfbd617f0da7e0a33800962e3433b9f0b67fe1cb26bce2c75d90db52c98f6be4461001ad9a31ab779536eb2c3b45ec449bbc9b87fa91cbb6971d9d67be594ff459378a9e8d3ab1c78e8402c6d61dba6ced0cf3b5d686052ca2f1b7a3cbb4eff7906ef5c421d36e1684076ea9858980eef752b55f822f32eac1919076c7ff7769f745d7dd6423be6902f2f2d3e7efa89c30bbb26fb377a67e169c924655d674c82a7b06a4a5e4f763501cbbb6bc5a7c46c33f0ff346a86a67bade4b82b8c0b528f6640a1dc5f7efde6e14d2e1c63ddf565135ad7d033b0ec658b0845b4aa8a0d671f10140af616f564817e860a59b58203bd539e561b0d32fa8b16e8901ac38d44084acb3577bce3d02dc5d9e9727b0852a225db6d12ec459d35f089234f80dde752a4de9581fa0b13bb7324cc7a25f65730d14b9b732382652ffcb8584a03ac8c416fd42b527d6ef889909e54cdc92a51a503cf1548b06b3ec2850c0182bf45e98ac9904218b6c7a00de10356391683faee28daab3bca1078889a99ffd933cdab6650dab31d19424a39836bb47b5482d02cece8db65149fd723a77e6d91cd4e15c8ed2220085c54356ff981f714c45ed15727b894eb9404f19faf7eb22adde551e2607cf034edb7eeb53370187bab8108dfc36d4c2a50cd7f0f17060f48a9b40ffee17ee909e92cbc55dbbf9e2244a2d91735aee718c59bfed86d5d64b9a8ae65c3a8f057b406ab6f3a4731f45bca8b95d0e0d2d84f08830a747a51e0438e0f6aed543e84446569953e0a434a4bda51e504ac97ca5da0a06ceb0feaaff41672aae3119ab9393dedc38e216acc87710fe5729267ef42f90627ce9ef226e9b9a72627bd04a99352f3fb3835684f3d21baade7977bfc10353c90adb30dac5ce75ae50b09027db5f34363e74b5e5e5e9d7d79651ed073cfd872b4240fff41497aaa2648d6c5cc86718d88275014e049489c2ed4f44a8a905b268350da364d46143d55b0b379d5cbdcfc55687a37c75a39bd6a7d3858aff35399c0f7bc9fe00ff23b05665d99af7800f0ecae2c5574f9d26cbfcb15dca66361ca86757a311cf57ed75a99817ffd268f0a9dca93d9231c8e14d266c2ed6ade5a724943f262ce0fae49e1e682cd32473cef74579286c5ce38f312b5b534724520daf4ad83cefdd45941710528b79de1431531eb711a4455761a2ffe7177b5c66c2878ea76b1759004c508203dd7efac26c933fda87864a1e21c494bf32a2785d8e029fbc158b7d00b191d52b63d0df62b58e813d27f77c2534e9bc646a47591385873609f93a851fb29ced9494a22e12ec10c44b264cd0a73cc4f2a17ec1e7ce1b0500d2351979f8f2216e87546534157fb246454306f53ca0f2b8e8b6eb5afec4584e0027a10fb17d523bb57eb65c935adc35463610b4492c267e24f28fec417e824941c99f74247e8359ced45d502c7972a8ff77155e154403e8242165b913b80aa4d3955f3f0f1dff732d3b312488639378cb40aee6990b719a543cee78304bbee8b6d91df6f7238e20434ae3e6b61ed30c06d11e142772258a6a40fc0637d41fdaf48d5c3fcf3ebedd8fec92bbc71cb62c02c6b1d301baaa5f9030616e83f313dae5f88bbf2a15cf9ad8a876e9cff7e1e344f1ba49221f01db9ea809abea69833e7fe82738e44fe21ad510fdda38f0be6a4cb6c2b2961e09c5141388d2bf7568f9b46e95e86b199f40c2eb17f6170dcf88575729eb95a2d09be646156987de8a8e761f08d56bebf0a3480f914a8f3402cd04e50c8be78814a428bcbbb4e4be9c1d343a4aa85eeb91b3eb80baf7051900f84a90cd34fde66bd39e767d620394af804b634b77a1ea9f0e1fc27e2389d80e91484f0a03dbe5c4d3f9b83a675d25730f41ca41ad0a4962d673ef346f883f16a1ae0e29bb1dc3203f7d0eb01a035f852bb018a175019d1bbea26a1364f6e0b0c81786be24201d642b0b659a7763ecb1f5522ea7abb79fd9128c6355d53d7a388d0352556e4e5c412aee20ccc9f67e41b91f33ceffdd3a30536618861edc3d873a4f242d7f9a864fca31516c639dc07f65d6630fc3fee6a10da3920d4b3f52b542813ab8b40a30ad5f726564758519ad8c9ee2d42a9c2677fcffb726781e1660c7b66e9c2e0a54a7550d9069a5d0166b0cc73f6b2c3d8376a838cbebcea0f483e843810bf1e523de3232ac6889120a19d32d6409c5261e55f22703ab93e2b5dbf4c35259881794a288c40a1c7ce7e1270fb9ea5fbb802d217a52b014cec1395bb945527e8ada30c786c902dc75ed0a88586a4d824e39a11dee14db5fdc94760785a3c676b6ba048540df0723261c0085845d77c6ce41209192663c8a23dbf6647d36011540b729392e4f7adc8521fc63ef6721484d92dc7c8474d10683e7ca8b488b3e47f67103c49b94621ebdf3fb187bc8ac63fdbe5963deb7c40d348053ec812c8736117da846313e0401913f532c9b3b0cfae3c9d9cb8607e94e346d66fdf17d582bf7499e0116a5086210e1a254e0afdda7807dec6f7d650a6ba2968e81b7c289f2014a47498abbc19daa4408ed3756d869770b8464a11e4aa37f97e292712a574f9e67f7b93c393d6c32726c435114cc28c4730837eb985654abb1eaaf2cf5c575464495d14a360d64f98d5e5690f490fadd766ce4b20784fae18fee02d3e837817f35a474bb65923e627143f653e9ef3d17a05913a4025e2bacff2b92ced4687aa1b406f38a4ba1a3e8494e05a54778af1f8a19ffad1e84ea64c5379e11fd90dc6610b21cfa9325eb09e26cf53b602cb348938dc16605a7c7159ea3c4300286d1831b22846e44513b702032493fafd433eeb057bbd29493da3e0b77e030ed907b483f0a04b9a6d4b245b2af201c244c5709317af2682e2b273f4e69dda404dd5d4106cdb7a1ced26e086215f4571bd14cf1e8eb55ec1dc90cdcfcfa4b6f720f8d73a8b8e3d60683bf2899446e3054fe81ecc5def4b8f35fb58b48d234f9c0b0fa32191a5d447c01fc24c21cf6766b60f1b3cabb3d0a1522dc04ed10469a11ff82df01549f165f700d0ceba9c13037f1fda89d8a979cbe102521174c38baa5427755ac43e2d8af1fda128e263b4bb83324fbcfd580463b606f6521a4084bf8c603895051a0c9b0fafad76e4d8f095f7fdf15082ea130d6f2017f7fe9f29902d6e26e4d18cea16e28cee415232822a7c85513a3acb5eaabce75176785af8040c414eb17ea850a4d7019fb3a6f67475136dd0e24bc8f798bac579a0f3df7ac5a6c42c90cf51586cb4de81a3a66e5a55167db1b9a6aac6e65db06ef5c4f9621df52e3ca9a2f1c94f11e5a4b302995867c6cf2564d743eebc054b72d8f9635eb8980f5cb8ac7f599c1566f972e9db2e4d76730781f8898c24fe7a493b343d4b8ff5d623cfb1445f9cbb3cd200ddb489d737b778d6465f5bd6003efa5ee7e1aeb87869064a057c7d1d92b43988d5b9d4c86ce07eb5ee32f7a2f04ca8cfc3d5230102d7a6990a11fb7549f59fcc37834fcdcf3a479f63404a84daadb89c671207741e1fe14ba7ce906c3155572c3753cdb8840ee83c860bdd1ff99d4cd10a8f1fc8a226a091a9737018c4eb6be666c2bf7f8efe49f041697a48e37d5de32d98164d82e9deec140b7229e77b53a06057958d80eb4d557cd5c1a2e926287beff96e72c22ebf63e1fd9f0c0a14c2721a68e46f5134093215502b127cb5c66c3105a8217f7b43261522de5bf739969dcafb25a38e08927457d2f24c5e895be000b42b6c134a93745d6296795bdf007a8a89bef8a4c4e4b27500062c3d890ca1a594abbac00ef1f46473cfb41202b88e95daf6fea097356439410ba308fb78c6ac2545dfd81002006bb28ab7b2b288ca8f2b3be9102e14524ceab35da30a4460d0a1346fc5ed3a5ce954b64185bb7c73287a157693e8a9c9f5218a817e8366dbffb30e21e00969ac7aa396cf0d9ac63f44bf3aa30ae1d3adf9add7261fcb3d8636eb823befc7935f0a5e0489e880f442cc1e2e0e4b843a51c62708d15a0f73523f89e7c2ebb7c02ee256eca43fc7778abe6213eb081358fa3f30984bf35b8b3acd127ce0b0afe577ea75f4f2141c697d52a58acb9f506d9eff0cbb991170da8a7d35c0dc67aa9951c5a04fa71ae02d024e6b1931e9d4f44a1f2458e439bac4d563fc97a416d16e97b44e4f2801d24c0f4afe0c6279f573d948532fc50f84dba1f1f4938efe0d4fe1d382ed110a026e52a1da62bc52ef920a99e7e779220bedcd07dabb31cf33edc5969c777e8a750b22155a787c173ec370bc453ac670700a6464c7329def9a22af46623f2d45b80c4c85d48b6b125ebf47ef6246870bb66a8a0477b04d7ab18aedbfe523111baf97651986a941663756f6af54d2ef27a11d5b54c3923c2e3ccfe21056933a26b13baab60d427bd1d3f4562abf76d6418c987209ce2ab601b8a4f26daf496d275f41f1fd7c81fbeefa9036e164bee87f61ff970568f31da56e3c719a6136a30475113ae212c341b7b5001637975328dd335c0cfbbceddb609938d637ae305308fc3cdf3e485bf8d8101383e7df50cbedd84e7d14e32f7bedcd2b88fc16af270e9622a6ad179811978071a7b4c5df3baa65e27f06cd468606e653ff6d2051334822767846b6d35ff6b3f662d5acc8a4f78726b0b6c115487b193327f48bf94cc9290ea03f5bb5d33514fe6bf052154818be7eb861dbb4638b245f1b0a6a1a09499480f9b53050c07b8f03c7c87342d62b601068164de66f2e9094405b55a6589a941445d57a4a2614c806c513aae811cd9d8d3b6db43f22753b806ef9c18e847107bbed21446135a7d5569ea044c5692864d588dd7fb871b37259aa84e5eea76963a4bbb523773e91efbff2a8a34290b277c750c4d9d5af0987d3e27d244b82e044be0a6f0f97e5eec9836816dfea23be8426f9e1ab391ca8bd97fdf9ecc174e85755a1229faebecc4b5c1a85b7bfc0a7d9209fec6df3ffbc30e24747f47cea1bd76830da100f206afb206323c6148afe0cf7ea64ee5aea31654baab124d4da87338661beb3238f4deee27b8b1440f8c1a4daf0a4c2eab3d07506d1feed732f4a77111082d49807432d2ee8f2f1d33c05376188c4707210046954aa543fe1cd5b268235c29eba0dadf2114085861c16d8a4f8791d081839c047774d3742c82dc9d9da130ff92f417134836fd130488a3adb91b054e181ebe732b31683d365e108bfd9ff0f86c11ea91a78f90f67c5164886cf098f476f956b61d1d0594bed7941fe228d6e1745a782fdde0ea1e3fa8d1f88b6c7d899c599ae93cbf117503d11730076247673a7180738e47962b8c540e6d7ee6b1a25ad442d08ccf68bcc6ab435c91402b2afbfabb4bc4719deab1d4a2d77d453edb7fb7fb993c1581154191d873aec3632c0d7330a44e9237a01e0b2b2d5b09b44de3f015c6967de922a4b5f9ee44b88183cd47244521cbb97ce191d853ce617edd96a9eed971c9c1954351b6e8bafa83f97d078d40acc2a471ce4e94471e738f6d7e73516e11a05cc8ed2e54fd75527d4c2db4d5eceb3679f4c8ad0ec38924beeb45caa75d04f8dd9eb39822ebbc556f0a5b20d7aeafa8b99c6a981412927e04ce5f5efbf3d5ac44ea5b06faa5ccc9473d97d746d6226e57b415dab06df2980319d39cae3035cc7c020687b94cb65e80c49cf7d6f05327c45dcb96576588953a43ef56a9a50e3796f41502eb49b93939e91544f33dcfb7599ce5d1d3c0d19e8ec885eb93388aeb43e2a2e0d8eeb72435375adea394d0bd8280b77d7a1ae34dde16bdd7fe0a242e3004b76c90a0876e33af39cfb5cb873fd9641eaf328bf8427e60c3c90b326a964b014b834e4ed6db037fcf9c58a1e0a30523def2328666614969a8201de1fa57d4f1bf76c1cdad395fc2a672524095c951a1d87a48a1ad7f9fabf86bbc25590a245027bd557fd59251076bbafc794c9427fad274ec9804499c762c5c666cf855ebb7b9404b7c36eea7ef6f3a3d1c08de04a6abc9914a2d5d99c9c033dcbd4bf5e28436f1784e0e2298950eebaff66732e0818aa9357367bbad99e35a6a0222bc64fabcdc225504788ea654d9e850359e2d1245798b5739522eafe26cfa105ad54b17747af1b6e8a87f0323fd1a71187409838b73d9645a34aed291f4c7df53e1338651cfae827c2ab518883e4b8d51ba5abc59c6da0e8738108e847ba0429aeffc9f10620bc3cc236c795b7e14cfa40780fcd5ed5acc9415b78236cb3695b761b947b5b765e14ac98d56dcd9c56c7432f8f2fceaa31dd7628742b3bb39e9be7fecf656d1688c592f036cf31cb1def1138706e2ff1123e1536fe8b15a936e430e2a6a4c895da6938843197eba9c132e9dc6b9064e8769f0c65c2563c1a84fbc64a6f2d400c6069daaaac77d9620c7f4c5eaab3145b50272cc0ddd60b549b4ef44d1941aad95f2c9d7c608b9ba0919aadb59cf92d0efb5d30847ed0550cdbdfc79888919401f5721818fc58729431c7eb28961f225e7e34eebc2539fd22e503e9576100b45c08fc3dbf84bc968e51b07173fff1ca9343618b76da46f31e45ac5e8af6fbf440f9448c02126d277b970f9f38ce171e423dd625aecf165efb69fbbe8ea23ddaedb12f1ca4d1160da5f065339e270c42fd1482f28e04b2edbe3e99ba437b05f8c8a2b8b0b12c1126986c12897e40ba6895d61cfd88fc635fe4e1b743c14d28a304ee8ffe4d33e8409fc74124831095d7e0fc407dcf1eb3a9c9b976b028f8530c71b35a350880298b5013d190e067e6c1da274853c56a23339bb79d11915116987c48a94c4d479975d2f9548173fa30906459a3b664ef3642027026e9692120fde4d25a37bf8b627436dd59c011f3452aa8a4cb5bb4a50f964e68f126136c0526a73f606e781d03f4fc996831e1601ba41b8284b7074dba6346a07d86b12fbdc3ffe39afa65dc27e578119f8f2fbf4e94b9c48e677700493cc871445440a015c629a0b86e15d10ef7f60cf13c46c7597b61236469f9cde0628bab3e887bf333f73b24e73e44168897a6935a4f56190763a9b12639b99963db2ab20b12436f46eb24c2a843b52eb454acef323f539eac0e4fde2fdb767090abb9fb3d6cb90e7c0c360598d9533cec5ff080fca63f58b70d3e5f3972a933cbed19ec0bc06055c4fd4a9fca388a849bfe417ad8d591ff8117aaaa6de03ac85d42bcc72a373828b2c66add8227e80ccad0133569f3550996097483eeb00a15c77cf92293a42f3f43419b027f75f82c8e6192bda54fc0c6806086ce6c314c4e2868803b8db54b330ae503382ff12782e96af4e15e2313ba5cccbf4d141f69462134b157d93817c143508a3bdca753df82dd6e905c7cfa5fd264445e9f74835fde21dd09e648ad577ba5746d6113fea6646eb44c1cb2886dcdc74a9ca05e189b09a6ed42e1d536421d485cee4d285c16b0df622a4143d06a7d99190af85712db7dafce989dc0d1816989bf6eead4ac8c7e369c1f2ecb83c5517910c8f826ee061aaa9e8a3b401135518fbfe70feaaeba5a54592c757a011abe6ad3679d4334fde480eff8ce9a22ba9296062aa8ab142318fd0a0debbd57ce00a3c2ab4b5146aba6848989e582ebb81617ccceb8e74033911790dac3840c05f11d68d36634d02b601a293fdf36a0e75efcb9301aa978d5c3fb51d4cd01af8bc36f4ea6fe84d05dd4ebdb2bcac75444b831af1984d3aadbca68020b17eb3b6cebebf55587814c5365c1466fc67fe90f8679a3a4bd07918744dabb453bd7a8b8fb8737f9146861b919ab1f21c2ddd24621bdbad587163a407071b87cd2118474e6c71ceb45b438a5438950b68e91f3f620a749d1690e3811c373bcbfd4e4882b0cdabd23d8e4929cef09e1daa7aacec7cc8c9e08073c3d76adb13de8d9815928a90b40d620b97402858506643ec8e957f5d33d7bbb4271e942816012381228ceb8e26435f62f1bb4dec2f8476aa4bbc3ca36a96b84ae8e330ba715863024eba2b544670641522b0c10bb039cab23d9d1034bbd331bf0c96c19a194f2156136220ef9a717205561d62880b28c1bf52a52523e3cd0dee691ab3de821351f2fd0ea5e3cb59dc98ee96258c38aa5af372a7ebe76fe74cb8fbdcac5087efbaf973669601d480fd5f955c9ffc51648fa871ab3a", 0x2000, &(0x7f0000003780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd29, 0x25dfdbf9, {0x7, 0x0, 0x0, r4, 0x40, 0x9ffac2705d37b0b7, 0x5}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x48001}, 0x20000040) (async) bind$bt_hci(r1, &(0x7f0000000200)={0x1f, 0xffffffffffffffff}, 0x6) (async) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) (async) pselect6(0x40, &(0x7f0000000040)={0x9, 0x62ca, 0x20, 0x0, 0x100000, 0xffffffffffffffff, 0x53, 0xecbc}, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) (async) r5 = io_uring_setup(0x351c, &(0x7f00000000c0)={0x0, 0x2af5, 0x20, 0x2, 0x1ba}) io_uring_enter(r5, 0x6bb2, 0xa1ba, 0x14, &(0x7f0000000000), 0x8) (async) setsockopt$inet6_int(r1, 0x29, 0x48, &(0x7f00000001c0)=0x5, 0x4) 217.535725ms ago: executing program 2 (id=571): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0xffffffffffffff42) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000540)={0x0, &(0x7f0000000080)=[@out_dx={0x6a, 0x28, {0x4ecb, 0x0, 0x6}}, @nested_amd_stgi={0x17e, 0x10}, @wrmsr={0x65, 0x20, {0x4b564d04, 0x7}}, @enable_nested={0x12c, 0x18}, @set_irq_handler={0xc8, 0x20, {0xc1, 0x1}}, @out_dx={0x6a, 0x28, {0x7b76, 0x1, 0x1}}, @cpuid={0x64, 0x18, {0x2000, 0xe}}, @nested_load_code={0x12e, 0x61, {0x0, "66baf80cb8e8ff1284ef66bafc0cb84e2b0000eff30f5908400f01c4420f32c4e21191b4db06500000f3410f01df0f01c50f0966baf80cb8387b548cef66bafc0c66ed470fac68f924"}}, @nested_load_code={0x12e, 0x5e, {0x1, "65660f07420fc7bdf4ffff7ff34e0f2c70e566b8d3008ed8c40279359d00400000b9800000c00f3235002000000f30c463e922450003c48175d18600a00000f2abc4210de2c2"}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x7}, @out_dx={0x6a, 0x28, {0xfa91, 0x1, 0x94c6}}, @nested_amd_vmsave={0x183, 0x18}, @nested_amd_invlpga={0x17d, 0x20, {0x25000, 0xae2a}}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x3, @save_area=0x609, 0x2, 0x8, 0xffffffff7fffffff}}, @nested_vmlaunch={0x12f, 0x18}, @nested_amd_stgi={0x17e, 0x10}, @enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18, 0x2}, @enable_nested={0x12c, 0x18}, @nested_amd_clgi={0x17f, 0x10}, @code={0xa, 0x88, {"66b8a5008ec80fadea48b831000000000000000f23c00f21f835000000000f23f8440f20c03503000000440f22c048b800a00000000000000f23c80f21f8350800e0000f23f8360f070f01dfc481f96f9b0000000065660f388003c74424000d000000c74424022c000000c7442406000000000f011c24"}}, @nested_amd_clgi={0x17f, 0x10}, @rdmsr={0x66, 0x18, {0x981}}, @nested_vmresume={0x130, 0x18, 0x2}, @nested_amd_vmload={0x182, 0x18, 0x3}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x1, @guest_nat=0x6822, 0x1, 0x0, 0x101}}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0x3, 0x7fffffffffffffff}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x1, @host64=0x2c04, 0x1, 0x2c, 0x400}}, @nested_amd_set_intercept={0x181, 0x30, {0x0, 0x10000, 0x3, 0x1}}], 0x48f}) mmap$KVM_VCPU(&(0x7f0000a97000/0x1000)=nil, r0, 0x2000000, 0x100010, r1, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 140.338895ms ago: executing program 2 (id=572): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x8, 0xffff, 0xc0, 0x1, 0x9d, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x1}, 0x48) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) (async) pipe2(&(0x7f0000001cc0)={0xffffffffffffffff}, 0x800) read$FUSE(r0, &(0x7f0000001d00)={0x2020}, 0x2020) (async) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x17, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f1ff0000000071300000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203200000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xfffffffd}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r0}, 0x94) 134.117226ms ago: executing program 2 (id=573): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000095c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000009700)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r2, &(0x7f0000009a00)={0x0, 0x0, &(0x7f00000099c0)={&(0x7f0000009940)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fddbdf253000000008000300", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4004040) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil) (async) r6 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_add_vcpu$x86(r6, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x20, {0x4000009d, 0x1}}], 0x20}) (async) r7 = syz_kvm_add_vcpu$x86(r6, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x20, {0x4000009d, 0x1}}], 0x20}) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237647, 0x6, 0xfffffffc, 0x80}]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 130.534202ms ago: executing program 0 (id=574): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x284402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_TDX_INIT_VCPU(r3, 0xc008aeba, &(0x7f0000000080)={0x2, 0x0, 0x64e0000000000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_io_uring_setup(0xbd2, &(0x7f0000000140)={0x0, 0x6e96, 0x10000, 0x2, 0x166}, &(0x7f0000000080), &(0x7f0000001040)) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000040)={0x24, 0x2}) 62.32308ms ago: executing program 3 (id=575): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 144.884µs ago: executing program 3 (id=576): r0 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x101000) ioctl$CEC_ADAP_G_CAPS(r0, 0xc04c6100, &(0x7f0000000100)) ioctl$CEC_ADAP_G_CAPS(r0, 0xc04c6100, &(0x7f0000000080)) 0s ago: executing program 3 (id=577): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) (async) socket(0x27, 0x80a, 0x4) (async) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xffff}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_BYTEMODE={0x8, 0x7, 0x1}]}}]}, 0x38}}, 0x0) kernel console output (not intermixed with test programs): [ 52.954141][ T40] audit: type=1400 audit(1769228966.768:60): avc: denied { rlimitinh } for pid=5915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.962516][ T40] audit: type=1400 audit(1769228966.768:61): avc: denied { siginh } for pid=5915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:22121' (ED25519) to the list of known hosts. [ 55.182886][ T40] audit: type=1400 audit(1769228969.018:62): avc: denied { name_bind } for pid=5924 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 55.210509][ T40] audit: type=1400 audit(1769228969.048:63): avc: denied { execute } for pid=5925 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 55.219874][ T40] audit: type=1400 audit(1769228969.048:64): avc: denied { execute_no_trans } for pid=5925 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 57.717634][ T40] audit: type=1400 audit(1769228971.558:65): avc: denied { mounton } for pid=5925 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 57.728567][ T40] audit: type=1400 audit(1769228971.568:66): avc: denied { mount } for pid=5925 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.730281][ T5925] cgroup: Unknown subsys name 'net' [ 57.839026][ T5925] cgroup: Unknown subsys name 'cpuset' [ 57.845432][ T5925] cgroup: Unknown subsys name 'rlimit' [ 58.007111][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 58.007126][ T40] audit: type=1400 audit(1769228971.848:68): avc: denied { setattr } for pid=5925 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 58.019382][ T40] audit: type=1400 audit(1769228971.848:69): avc: denied { create } for pid=5925 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 58.026200][ T40] audit: type=1400 audit(1769228971.848:70): avc: denied { write } for pid=5925 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 58.032589][ T40] audit: type=1400 audit(1769228971.848:71): avc: denied { read } for pid=5925 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 58.039315][ T40] audit: type=1400 audit(1769228971.858:72): avc: denied { mounton } for pid=5925 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 58.047162][ T40] audit: type=1400 audit(1769228971.858:73): avc: denied { mount } for pid=5925 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 58.053844][ T5929] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 58.054360][ T40] audit: type=1400 audit(1769228971.868:74): avc: denied { read } for pid=5645 comm="dhcpcd" name="n102" dev="tmpfs" ino=1954 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.064982][ T40] audit: type=1400 audit(1769228971.868:75): avc: denied { open } for pid=5645 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=1954 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.072173][ T40] audit: type=1400 audit(1769228971.868:76): avc: denied { getattr } for pid=5645 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=1954 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.079647][ T40] audit: type=1400 audit(1769228971.898:77): avc: denied { relabelto } for pid=5929 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 58.806763][ T5925] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.168884][ T5293] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.172835][ T5293] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.175998][ T5293] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.179502][ T5293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.184418][ T5941] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.184922][ T5293] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.189862][ T5941] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.192596][ T5941] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.196438][ T5941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.201604][ T5951] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.202461][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.206821][ T5943] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.210665][ T5951] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.213407][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.224323][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.228965][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.232218][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.232936][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.237807][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.238243][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.499537][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 62.555338][ T5936] chnl_net:caif_netlink_parms(): no params data found [ 62.636522][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 62.731088][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.734643][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.737665][ T5937] bridge_slave_0: entered allmulticast mode [ 62.741384][ T5937] bridge_slave_0: entered promiscuous mode [ 62.753982][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 62.771987][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.775117][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.778130][ T5937] bridge_slave_1: entered allmulticast mode [ 62.781727][ T5937] bridge_slave_1: entered promiscuous mode [ 62.832970][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.836043][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.838991][ T5945] bridge_slave_0: entered allmulticast mode [ 62.842834][ T5945] bridge_slave_0: entered promiscuous mode [ 62.857840][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.860247][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.863293][ T5945] bridge_slave_1: entered allmulticast mode [ 62.866227][ T5945] bridge_slave_1: entered promiscuous mode [ 62.869632][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.872620][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.875761][ T5936] bridge_slave_0: entered allmulticast mode [ 62.879425][ T5936] bridge_slave_0: entered promiscuous mode [ 62.889633][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.904094][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.906778][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.909472][ T5936] bridge_slave_1: entered allmulticast mode [ 62.913220][ T5936] bridge_slave_1: entered promiscuous mode [ 62.918442][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.977682][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.001744][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.006737][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.010397][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.012691][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.015997][ T5946] bridge_slave_0: entered allmulticast mode [ 63.019801][ T5946] bridge_slave_0: entered promiscuous mode [ 63.025333][ T5937] team0: Port device team_slave_0 added [ 63.028421][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.038025][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.040385][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.042953][ T5946] bridge_slave_1: entered allmulticast mode [ 63.046065][ T5946] bridge_slave_1: entered promiscuous mode [ 63.049523][ T5937] team0: Port device team_slave_1 added [ 63.099045][ T5945] team0: Port device team_slave_0 added [ 63.101906][ T5936] team0: Port device team_slave_0 added [ 63.105262][ T5945] team0: Port device team_slave_1 added [ 63.118520][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.122505][ T5936] team0: Port device team_slave_1 added [ 63.135081][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.138046][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.148807][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.161966][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.172645][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.175133][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.183378][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.202802][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.205290][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.214052][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.232002][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.234359][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.242700][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.246884][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.249172][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.257496][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.263072][ T5946] team0: Port device team_slave_0 added [ 63.266055][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.268162][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.276118][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.290812][ T5946] team0: Port device team_slave_1 added [ 63.319458][ T5937] hsr_slave_0: entered promiscuous mode [ 63.321834][ T5937] hsr_slave_1: entered promiscuous mode [ 63.347986][ T5945] hsr_slave_0: entered promiscuous mode [ 63.350770][ T5945] hsr_slave_1: entered promiscuous mode [ 63.352971][ T5945] debugfs: 'hsr0' already exists in 'hsr' [ 63.354870][ T5945] Cannot create hsr debugfs directory [ 63.363512][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.365931][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.373714][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.381037][ T5936] hsr_slave_0: entered promiscuous mode [ 63.383490][ T5936] hsr_slave_1: entered promiscuous mode [ 63.385863][ T5936] debugfs: 'hsr0' already exists in 'hsr' [ 63.387785][ T5936] Cannot create hsr debugfs directory [ 63.399297][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.401742][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.410245][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.560870][ T5946] hsr_slave_0: entered promiscuous mode [ 63.563394][ T5946] hsr_slave_1: entered promiscuous mode [ 63.566506][ T5946] debugfs: 'hsr0' already exists in 'hsr' [ 63.568425][ T5946] Cannot create hsr debugfs directory [ 63.756228][ T5937] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.762516][ T5937] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.769180][ T5937] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.780278][ T5937] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.822350][ T5946] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.830345][ T5946] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.837059][ T5946] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.850615][ T5946] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.893587][ T5945] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.901330][ T5945] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.907189][ T5945] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.915263][ T5945] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.980706][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.989201][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.000648][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.003542][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.010415][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.052056][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.069615][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.072428][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.094085][ T3665] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.096418][ T3665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.111661][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.142695][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.150378][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.152608][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.164287][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.166652][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.172317][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.195789][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.205883][ T65] Bluetooth: hci1: command tx timeout [ 64.211407][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.221644][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 64.221653][ T40] audit: type=1400 audit(1769228978.058:90): avc: denied { sys_module } for pid=5937 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 64.222352][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.232127][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.246797][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.249684][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.272640][ T5936] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.285966][ T65] Bluetooth: hci2: command tx timeout [ 64.286006][ T5293] Bluetooth: hci0: command tx timeout [ 64.289825][ T5943] Bluetooth: hci3: command tx timeout [ 64.296204][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.298993][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.303422][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.306370][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.362396][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.426390][ T5937] veth0_vlan: entered promiscuous mode [ 64.438732][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.441781][ T5937] veth1_vlan: entered promiscuous mode [ 64.470979][ T5937] veth0_macvtap: entered promiscuous mode [ 64.485320][ T5937] veth1_macvtap: entered promiscuous mode [ 64.499256][ T5946] veth0_vlan: entered promiscuous mode [ 64.510288][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.522220][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.528036][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.531337][ T5946] veth1_vlan: entered promiscuous mode [ 64.544096][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.550408][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.557076][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.559850][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.578944][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.611284][ T5936] veth0_vlan: entered promiscuous mode [ 64.627885][ T5936] veth1_vlan: entered promiscuous mode [ 64.633406][ T5946] veth0_macvtap: entered promiscuous mode [ 64.663862][ T5946] veth1_macvtap: entered promiscuous mode [ 64.675286][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.676921][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.677596][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.690542][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.714257][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.721850][ T5945] veth0_vlan: entered promiscuous mode [ 64.724046][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.727938][ T5936] veth0_macvtap: entered promiscuous mode [ 64.731383][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.734346][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.741426][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.744225][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.746552][ T5936] veth1_macvtap: entered promiscuous mode [ 64.754154][ T40] audit: type=1400 audit(1769228978.588:91): avc: denied { mount } for pid=5937 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 64.763478][ T40] audit: type=1400 audit(1769228978.598:92): avc: denied { mounton } for pid=5937 comm="syz-executor" path="/syzkaller.RLKBn6/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 64.772288][ T40] audit: type=1400 audit(1769228978.598:93): avc: denied { mount } for pid=5937 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 64.779717][ T40] audit: type=1400 audit(1769228978.598:94): avc: denied { mounton } for pid=5937 comm="syz-executor" path="/syzkaller.RLKBn6/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 64.792679][ T5945] veth1_vlan: entered promiscuous mode [ 64.795726][ T40] audit: type=1400 audit(1769228978.598:95): avc: denied { mounton } for pid=5937 comm="syz-executor" path="/syzkaller.RLKBn6/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=9514 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 64.808466][ T5937] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 64.816127][ T40] audit: type=1400 audit(1769228978.608:96): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 64.823838][ T5945] veth0_macvtap: entered promiscuous mode [ 64.824041][ T40] audit: type=1400 audit(1769228978.608:97): avc: denied { mounton } for pid=5937 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 64.838824][ T40] audit: type=1400 audit(1769228978.608:98): avc: denied { mount } for pid=5937 comm="syz-executor" name="/" dev="gadgetfs" ino=9515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 64.846527][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.850589][ T40] audit: type=1400 audit(1769228978.618:99): avc: denied { mount } for pid=5937 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 64.860078][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.863470][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.869493][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.872926][ T5945] veth1_macvtap: entered promiscuous mode [ 64.892097][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.895850][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.906696][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.909497][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.925644][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.928339][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.930333][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.949088][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.959777][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.962723][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.971749][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.975033][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.012549][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.015898][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.032910][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.039507][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.065427][ T6036] Zero length message leads to an empty skb [ 65.070195][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.070209][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.074637][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.074656][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.313107][ T6055] bond1: entered promiscuous mode [ 65.315275][ T6055] bond1: entered allmulticast mode [ 65.367824][ T6062] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 65.496220][ T6072] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16'. [ 65.518377][ T6074] mkiss: ax0: crc mode is auto. [ 65.528049][ T6074] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8726 sclass=netlink_xfrm_socket pid=6074 comm=syz.0.17 [ 65.537391][ T6076] tmpfs: Bad value for 'mpol' [ 65.745846][ T6095] gfs2: path_lookup on \\8< $$&6n @M 0xffff: 1114112 [ 71.454053][ T6414] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 71.652434][ T6419] warning: `syz.0.123' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 71.870037][ T6430] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 71.872831][ T6430] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 71.879798][ T6430] vhci_hcd vhci_hcd.0: Device attached [ 71.894576][ T6431] vhci_hcd: connection closed [ 71.899893][ T4073] vhci_hcd vhci_hcd.1: stop threads [ 71.904394][ T4073] vhci_hcd vhci_hcd.1: release socket [ 71.906725][ T4073] vhci_hcd vhci_hcd.1: disconnect device [ 71.924527][ T6436] xt_cgroup: xt_cgroup: no path or classid specified [ 71.967732][ T6436] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 72.006202][ T6442] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 72.012322][ T6442] exFAT-fs (nullb0): invalid boot record signature [ 72.015425][ T6442] exFAT-fs (nullb0): failed to read boot sector [ 72.017967][ T6442] exFAT-fs (nullb0): failed to recognize exfat type [ 72.126722][ T6449] __nla_validate_parse: 2 callbacks suppressed [ 72.126739][ T6449] netlink: 36 bytes leftover after parsing attributes in process `syz.1.132'. [ 72.244808][ T6008] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 72.251077][ T6453] fuse: Unknown parameter ' /_D`|}m{O\TCE)mp4/VmzPUɉK0x0000000000000003' [ 72.262247][ T6453] xt_recent: hitcount (134217728) is larger than allowed maximum (65535) [ 72.415139][ T6463] ======================================================= [ 72.415139][ T6463] WARNING: The mand mount option has been deprecated and [ 72.415139][ T6463] and is ignored by this kernel. Remove the mand [ 72.415139][ T6463] option from the mount to silence this warning. [ 72.415139][ T6463] ======================================================= [ 72.416283][ T6008] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 72.431508][ T6463] new mount options do not match the existing superblock, will be ignored [ 72.437817][ T6008] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 72.442177][ T6008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 72.447654][ T6008] usb 5-1: Product: syz [ 72.449496][ T6008] usb 5-1: Manufacturer: syz [ 72.451486][ T6008] usb 5-1: SerialNumber: syz [ 72.670561][ T6008] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 72.674868][ T142] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 72.826445][ T142] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 72.830933][ T142] usb 7-1: config 0 has no interface number 0 [ 72.833692][ T142] usb 7-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 72.838646][ T142] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 72.843454][ T142] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 72.849087][ T142] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 72.853040][ T142] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 72.856614][ T142] usb 7-1: Product: syz [ 72.858442][ T142] usb 7-1: SerialNumber: syz [ 72.862497][ T142] usb 7-1: config 0 descriptor?? [ 72.872729][ T142] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 72.878682][ T142] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.8/input/input5 [ 72.931683][ T6008] usb 5-1: USB disconnect, device number 4 [ 72.938284][ T6008] usblp0: removed [ 73.078391][ T6463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.081781][ T6463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.089778][ T6463] [syz.2.] <== rxrpc_preparse_xdr_yfs_rxgk() = -EKEYREJECTED [d9c19884!=bc, 2c,d9c19820] [ 73.096404][ T6463] option changes via remount are deprecated (pid=6462 comm=syz.2.136) [ 73.101447][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.105619][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.108747][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.112248][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.115358][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.119017][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.122124][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.125336][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.129498][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.132613][ T142] usb 7-1: USB disconnect, device number 2 [ 73.132688][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 73.137989][ C0] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 73.146790][ T142] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 73.477198][ T6480] trusted_key: encrypted_key: insufficient parameters specified [ 73.569776][ T6483] netlink: 'syz.0.144': attribute type 1 has an invalid length. [ 73.610711][ T6486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 73.613327][ T6491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.146'. [ 73.665038][ T5949] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 73.785314][ T6510] binder: 6509:6510 ioctl c0306201 0 returned -14 [ 73.788586][ T6510] binder: 6509:6510 ioctl c0306201 200000000240 returned -11 [ 73.817294][ T5949] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 73.829478][ T5949] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 73.832368][ T5949] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 73.835308][ T5949] usb 8-1: Product: syz [ 73.836723][ T5949] usb 8-1: Manufacturer: syz [ 73.838387][ T5949] usb 8-1: SerialNumber: syz [ 73.993273][ T6522] netlink: 276 bytes leftover after parsing attributes in process `syz.0.156'. [ 74.045802][ T5949] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 74.126357][ T6536] input: syz1 as /devices/virtual/input/input6 [ 74.172121][ T6540] binder: 6538:6540 ioctl c0306201 200000000240 returned -11 [ 74.212027][ T6536] could not open pipe file descriptor [ 74.307186][ T61] usb 8-1: USB disconnect, device number 6 [ 74.309660][ T61] usblp0: removed [ 74.625620][ T40] kauditd_printk_skb: 43 callbacks suppressed [ 74.625636][ T40] audit: type=1400 audit(1769753276.447:297): avc: denied { create } for pid=6566 comm="syz.0.168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 74.635091][ T40] audit: type=1400 audit(1769753276.447:298): avc: denied { write } for pid=6566 comm="syz.0.168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 74.706877][ T6569] bond2: option arp_validate: invalid value (2048) [ 74.714589][ T6569] bond2 (unregistering): Released all slaves [ 74.729625][ T6567] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 74.841516][ T6585] binder: 6584:6585 ioctl c0306201 200000000240 returned -11 [ 74.907503][ T40] audit: type=1400 audit(1769753276.718:299): avc: denied { create } for pid=6588 comm="syz.0.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 74.910734][ T6589] netlink: 'syz.0.173': attribute type 7 has an invalid length. [ 74.916969][ T40] audit: type=1400 audit(1769753276.718:300): avc: denied { ioctl } for pid=6588 comm="syz.0.173" path="socket:[11820]" dev="sockfs" ino=11820 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 74.932524][ T6589] netlink: 'syz.0.173': attribute type 7 has an invalid length. [ 74.932542][ T46] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.939629][ T46] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.943617][ T46] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.947423][ T46] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.959777][ T40] audit: type=1400 audit(1769753276.776:301): avc: denied { setopt } for pid=6590 comm="syz.2.174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 74.987219][ T40] audit: type=1400 audit(1769753276.796:302): avc: denied { unmount } for pid=6592 comm="syz.3.175" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 75.063476][ T40] audit: type=1400 audit(1769753276.873:303): avc: denied { allowed } for pid=6597 comm="syz.0.177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 75.076226][ T6598] kAFS: unparsable volume name [ 75.077156][ T6600] gfs2: error -5 reading superblock [ 75.129987][ T40] audit: type=1326 audit(1769753276.931:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6601 comm="syz.0.178" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f75f199acb9 code=0x0 [ 75.176858][ T40] audit: type=1400 audit(1769753276.989:305): avc: denied { create } for pid=6595 comm="syz.3.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 75.196815][ T40] audit: type=1400 audit(1769753276.989:306): avc: denied { getopt } for pid=6595 comm="syz.3.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 75.337373][ T6617] binder: 6616:6617 ioctl c0306201 200000000240 returned -11 [ 75.400546][ T6625] netlink: 20 bytes leftover after parsing attributes in process `syz.3.185'. [ 75.591388][ T6644] netlink: 12 bytes leftover after parsing attributes in process `syz.1.189'. [ 75.612285][ T6644] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6644 comm=syz.1.189 [ 75.643283][ T6649] Bluetooth: MGMT ver 1.23 [ 75.645646][ T6649] overlayfs: conflicting options: userxattr,metacopy=on [ 75.689225][ T6652] binder: 6650:6652 ioctl c0306201 200000000240 returned -11 [ 75.699925][ T6653] netlink: 28 bytes leftover after parsing attributes in process `syz.3.193'. [ 75.703561][ T6653] netlink: 28 bytes leftover after parsing attributes in process `syz.3.193'. [ 75.745361][ T6655] netlink: 32 bytes leftover after parsing attributes in process `syz.1.194'. [ 75.848319][ T61] libceph: connect (1)[c::]:6789 error -101 [ 75.850919][ T61] libceph: mon0 (1)[c::]:6789 connect error [ 75.854142][ T6661] netlink: 80 bytes leftover after parsing attributes in process `syz.0.195'. [ 75.856212][ T61] libceph: connect (1)[c::]:6789 error -101 [ 75.862814][ T61] libceph: mon0 (1)[c::]:6789 connect error [ 75.883770][ T6668] F2FS-fs (nbd2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 75.886838][ T6668] F2FS-fs (nbd2): Can't find valid F2FS filesystem in 1th superblock [ 75.888603][ T6669] delete_channel: no stack [ 75.890721][ T6668] F2FS-fs (nbd2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 75.894782][ T6668] F2FS-fs (nbd2): Can't find valid F2FS filesystem in 2th superblock [ 75.903639][ T6669] capability: warning: `syz.3.197' uses 32-bit capabilities (legacy support in use) [ 75.909765][ T6669] SELinux: syz.3.197 (6669) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 75.916161][ T6668] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size. [ 75.963744][ T6679] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 75.965981][ T6679] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 75.968034][ T6664] ceph: No mds server is up or the cluster is laggy [ 75.969577][ T6679] vhci_hcd vhci_hcd.0: Device attached [ 75.983779][ T6680] vhci_hcd: unknown pdu 1 [ 75.994460][ T6684] binder: 6683:6684 ioctl c0306201 200000000240 returned -11 [ 75.997312][ T13] vhci_hcd vhci_hcd.0: stop threads [ 75.999123][ T13] vhci_hcd vhci_hcd.0: release socket [ 76.001712][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 76.016136][ T6682] 9pnet_virtio: no channels available for device syz [ 76.025512][ T6682] 9pnet_virtio: no channels available for device syz [ 76.027934][ T6682] 9pnet_virtio: no channels available for device syz [ 76.030634][ T6682] 9pnet_virtio: no channels available for device syz [ 76.033541][ T6676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.201'. [ 76.037197][ T6676] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 76.216415][ T6696] vivid-003: ================= START STATUS ================= [ 76.220395][ T6696] vivid-003: Radio HW Seek Mode: Bounded [ 76.223180][ T6696] vivid-003: Radio Programmable HW Seek: false [ 76.225602][ T6696] vivid-003: RDS Rx I/O Mode: Block I/O [ 76.228019][ T6696] vivid-003: Generate RBDS Instead of RDS: false [ 76.230295][ T6696] vivid-003: RDS Reception: true [ 76.232120][ T6696] vivid-003: RDS Program Type: 0 inactive [ 76.234094][ T6696] vivid-003: RDS PS Name: inactive [ 76.236052][ T6696] vivid-003: RDS Radio Text: inactive [ 76.238356][ T6696] vivid-003: RDS Traffic Announcement: false inactive [ 76.240822][ T6696] vivid-003: RDS Traffic Program: false inactive [ 76.243383][ T6696] vivid-003: RDS Music: false inactive [ 76.245731][ T6696] vivid-003: ================== END STATUS ================== [ 76.363541][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.367128][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.742331][ T6708] NILFS (nbd0): device size too small [ 76.850058][ T6717] netlink: 'syz.0.213': attribute type 1 has an invalid length. [ 76.853508][ T6717] netlink: 'syz.0.213': attribute type 1 has an invalid length. [ 76.910887][ T6722] netlink: 'syz.0.213': attribute type 30 has an invalid length. [ 76.914035][ T6722] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 77.240781][ T6749] ip6gre1: entered promiscuous mode [ 77.243086][ T6749] ip6gre1: entered allmulticast mode [ 77.259482][ T6749] : entered promiscuous mode [ 77.269708][ T6753] batadv_slave_1: vlans aren't supported yet for dev_uc|mc_add() [ 77.400552][ T6762] __nla_validate_parse: 7 callbacks suppressed [ 77.400568][ T6762] netlink: 40 bytes leftover after parsing attributes in process `syz.0.226'. [ 77.406931][ T6762] netlink: 24 bytes leftover after parsing attributes in process `syz.0.226'. [ 77.622877][ T6780] netlink: 'syz.2.233': attribute type 4 has an invalid length. [ 77.665418][ T6788] 9pnet_fd: p9_fd_create_tcp (6788): problem connecting socket to 127.0.0.1 [ 77.738313][ T6793] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 78.076743][ T142] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 78.232265][ T142] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 78.236977][ T142] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 78.241355][ T142] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 78.244999][ T142] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.252756][ T6798] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 78.259746][ T142] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 78.407702][ T6804] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 78.441784][ T6813] capability: warning: `syz.0.242' uses deprecated v2 capabilities in a way that may be insecure [ 78.486488][ T6816] netlink: 28 bytes leftover after parsing attributes in process `syz.0.243'. [ 78.494863][ T6816] netlink: 28 bytes leftover after parsing attributes in process `syz.0.243'. [ 78.498873][ T6816] netlink: 36 bytes leftover after parsing attributes in process `syz.0.243'. [ 79.114332][ T6833] tmpfs: Cannot disable swap on remount [ 79.313692][ T6846] netlink: 'syz.0.252': attribute type 11 has an invalid length. [ 79.393642][ T6853] netlink: 28 bytes leftover after parsing attributes in process `syz.0.252'. [ 79.397068][ T6853] netlink: 36 bytes leftover after parsing attributes in process `syz.0.252'. [ 79.401229][ T6852] netlink: 28 bytes leftover after parsing attributes in process `syz.0.252'. [ 79.404663][ T6852] netlink: 36 bytes leftover after parsing attributes in process `syz.0.252'. [ 79.430932][ T6849] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 79.561151][ T6859] raw_sendmsg: syz.1.255 forgot to set AF_INET. Fix it! [ 79.785082][ T6871] binder: 6870:6871 ioctl c0306201 0 returned -14 [ 79.789416][ T6871] binder: 6870:6871 ioctl c0306201 200000000240 returned -11 [ 79.907631][ T6877] xt_hashlimit: size too large, truncated to 1048576 [ 80.096415][ T6884] ipt_REJECT: TCP_RESET invalid for non-tcp [ 80.133673][ T40] kauditd_printk_skb: 50 callbacks suppressed [ 80.133689][ T40] audit: type=1400 audit(1769753281.810:357): avc: denied { shutdown } for pid=6885 comm="syz.1.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 80.143888][ T40] audit: type=1400 audit(1769753281.820:358): avc: denied { write } for pid=6885 comm="syz.1.264" lport=45285 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 80.151393][ T40] audit: type=1400 audit(1769753281.820:359): avc: denied { setopt } for pid=6885 comm="syz.1.264" lport=45285 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 80.189547][ T40] audit: type=1400 audit(1769753281.869:360): avc: denied { setopt } for pid=6887 comm="syz.1.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 80.198047][ T40] audit: type=1400 audit(1769753281.879:361): avc: denied { read } for pid=6887 comm="syz.1.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 80.234257][ T6896] binder: 6895:6896 ioctl c0306201 0 returned -14 [ 80.237556][ T6896] binder: 6895:6896 ioctl c0306201 200000000240 returned -11 [ 80.242626][ T6893] bond2: option downdelay: invalid value (18446744073709551615) [ 80.245033][ T6893] bond2: option downdelay: allowed values 0 - 2147483647 [ 80.249742][ T6893] bond2 (unregistering): Released all slaves [ 80.274062][ T40] audit: type=1400 audit(1769753281.947:362): avc: denied { append } for pid=6897 comm="syz.1.268" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 80.283599][ T40] audit: type=1400 audit(1769753281.947:363): avc: denied { map } for pid=6897 comm="syz.1.268" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 80.294045][ T40] audit: type=1400 audit(1769753281.947:364): avc: denied { execute } for pid=6897 comm="syz.1.268" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 80.351292][ T40] audit: type=1400 audit(1769753282.026:365): avc: denied { getopt } for pid=6905 comm="syz.0.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 80.353921][ T5293] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 80.361157][ T5293] Bluetooth: Wrong link type (-22) [ 80.534267][ T5293] Bluetooth: hci3: command 0x0405 tx timeout [ 80.560417][ T40] audit: type=1400 audit(1769753282.221:366): avc: denied { read } for pid=6917 comm="syz.0.275" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 80.610074][ T6921] binder: 6920:6921 ioctl c0306201 200000000240 returned -11 [ 80.764983][ T6929] netlink: 'syz.0.279': attribute type 1 has an invalid length. [ 80.820822][ T6931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'. [ 80.925651][ T59] usb 7-1: USB disconnect, device number 3 [ 81.012081][ T6937] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.076087][ T6935] nbd0: detected capacity change from 0 to 127 [ 81.080420][ T5943] block nbd0: Receive control failed (result -32) [ 81.086243][ T6312] block nbd0: Dead connection, failed to find a fallback [ 81.089291][ T6312] block nbd0: shutting down sockets [ 81.091648][ T6312] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.095653][ T6312] buffer_io_error: 10456 callbacks suppressed [ 81.095667][ T6312] Buffer I/O error on dev nbd0, logical block 0, async page read [ 81.102401][ T6312] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.107153][ T6312] Buffer I/O error on dev nbd0, logical block 1, async page read [ 81.110258][ T6312] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.114036][ T6312] Buffer I/O error on dev nbd0, logical block 2, async page read [ 81.117797][ T6312] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.121642][ T6312] Buffer I/O error on dev nbd0, logical block 3, async page read [ 81.124857][ T6312] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.132353][ T6312] Buffer I/O error on dev nbd0, logical block 0, async page read [ 81.135712][ T6312] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.142067][ T6312] Buffer I/O error on dev nbd0, logical block 1, async page read [ 81.145324][ T6312] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.151825][ T6947] netlink: 'syz.0.285': attribute type 10 has an invalid length. [ 81.155863][ T6312] Buffer I/O error on dev nbd0, logical block 2, async page read [ 81.160809][ T6312] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.164853][ T6312] Buffer I/O error on dev nbd0, logical block 3, async page read [ 81.168640][ T6312] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.168902][ T6948] binder: 6945:6948 ioctl c0306201 200000000240 returned -11 [ 81.172967][ T6312] Buffer I/O error on dev nbd0, logical block 0, async page read [ 81.183079][ T6312] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 81.187141][ T6312] Buffer I/O error on dev nbd0, logical block 1, async page read [ 81.191109][ T6312] ldm_validate_partition_table(): Disk read failed. [ 81.194590][ T6312] Dev nbd0: unable to read RDB block 0 [ 81.197532][ T6312] nbd0: unable to read partition table [ 81.206557][ T6312] ldm_validate_partition_table(): Disk read failed. [ 81.214942][ T6312] Dev nbd0: unable to read RDB block 0 [ 81.218898][ T10] IPVS: starting estimator thread 0... [ 81.221995][ T6312] nbd0: unable to read partition table [ 81.311067][ T6956] IPVS: using max 24 ests per chain, 57600 per kthread [ 81.473086][ T6975] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 81.526708][ T6991] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 81.542625][ T6991] dummy0: left allmulticast mode [ 81.545573][ T6991] bridge0: port 3(dummy0) entered disabled state [ 81.557815][ T6991] bridge_slave_0: left allmulticast mode [ 81.560290][ T6991] bridge_slave_0: left promiscuous mode [ 81.562873][ T6991] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.572703][ T6991] bridge_slave_1: left allmulticast mode [ 81.575102][ T6991] bridge_slave_1: left promiscuous mode [ 81.579760][ T6991] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.592216][ T6991] bond0: (slave bond_slave_0): Releasing backup interface [ 81.592682][ T6995] netlink: 'syz.0.294': attribute type 10 has an invalid length. [ 81.603385][ T6991] bond0: (slave bond_slave_1): Releasing backup interface [ 81.619286][ T6991] team0: Port device team_slave_0 removed [ 81.626389][ T6991] team0: Port device team_slave_1 removed [ 81.629332][ T6991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 81.631755][ T6991] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 81.635738][ T6991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 81.638568][ T6991] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 81.646478][ T6991] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 81.655358][ T6995] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 81.664042][ T6995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.669954][ T6995] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 81.733432][ T7002] binder: 7001:7002 ioctl c0306201 200000000240 returned -11 [ 81.973913][ T61] IPVS: starting estimator thread 0... [ 82.075959][ T7022] IPVS: using max 29 ests per chain, 69600 per kthread [ 82.355994][ T7046] block nbd1: NBD_DISCONNECT [ 82.496805][ T7053] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 82.501138][ T7053] block device autoloading is deprecated and will be removed. [ 82.505427][ T7050] tmpfs: Bad value for 'huge' [ 83.041110][ T7062] __nla_validate_parse: 6 callbacks suppressed [ 83.041126][ T7062] netlink: 132 bytes leftover after parsing attributes in process `syz.3.312'. [ 83.056642][ T7062] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 83.344690][ T7080] netlink: 'syz.3.319': attribute type 5 has an invalid length. [ 83.365804][ T7080] ip6erspan0: entered promiscuous mode [ 83.385586][ T7080] netlink: 'syz.3.319': attribute type 7 has an invalid length. [ 83.471561][ T7092] IPv6: NLM_F_REPLACE set, but no existing node found! [ 83.601734][ T7108] binder: 7106:7108 ioctl c0306201 200000000240 returned -11 [ 83.673817][ T7122] GUP no longer grows the stack in syz.0.329 (7122): 200000007000-20000000a000 (200000004000) [ 83.682116][ T7122] CPU: 1 UID: 0 PID: 7122 Comm: syz.0.329 Not tainted syzkaller #0 PREEMPT(full) [ 83.682145][ T7122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 83.682157][ T7122] Call Trace: [ 83.682164][ T7122] [ 83.682172][ T7122] dump_stack_lvl+0x100/0x190 [ 83.682225][ T7122] gup_vma_lookup.cold+0x83/0x96 [ 83.682252][ T7122] __get_user_pages+0x241/0x34d0 [ 83.682293][ T7122] ? do_syscall_64+0xc9/0xf80 [ 83.682321][ T7122] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.682342][ T7122] ? __pfx___get_user_pages+0x10/0x10 [ 83.682377][ T7122] __gup_longterm_locked+0x279/0x16f0 [ 83.682406][ T7122] ? __lock_acquire+0x400/0x2630 [ 83.682432][ T7122] ? __pfx___gup_longterm_locked+0x10/0x10 [ 83.682472][ T7122] pin_user_pages+0x13c/0x160 [ 83.682499][ T7122] ? __pfx_pin_user_pages+0x10/0x10 [ 83.682535][ T7122] xdp_umem_create+0x73e/0x11e0 [ 83.682571][ T7122] xsk_setsockopt+0x7ba/0xa90 [ 83.682599][ T7122] ? __pfx_xsk_setsockopt+0x10/0x10 [ 83.682624][ T7122] ? find_held_lock+0x2b/0x80 [ 83.682647][ T7122] ? __fget_files+0x215/0x3d0 [ 83.682672][ T7122] ? selinux_socket_setsockopt+0x6a/0x80 [ 83.682710][ T7122] ? __pfx_xsk_setsockopt+0x10/0x10 [ 83.682738][ T7122] do_sock_setsockopt+0xf3/0x1d0 [ 83.682771][ T7122] __sys_setsockopt+0x195/0x220 [ 83.682821][ T7122] __x64_sys_setsockopt+0xbd/0x160 [ 83.682844][ T7122] ? do_syscall_64+0x94/0xf80 [ 83.682863][ T7122] ? lockdep_hardirqs_on+0x78/0x100 [ 83.682883][ T7122] do_syscall_64+0xc9/0xf80 [ 83.682906][ T7122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.682925][ T7122] RIP: 0033:0x7f75f199acb9 [ 83.682942][ T7122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 83.682990][ T7122] RSP: 002b:00007f75f28f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 83.683010][ T7122] RAX: ffffffffffffffda RBX: 00007f75f1c16090 RCX: 00007f75f199acb9 [ 83.683024][ T7122] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000008 [ 83.683035][ T7122] RBP: 00007f75f1a08bf7 R08: 0000000000000020 R09: 0000000000000000 [ 83.683046][ T7122] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 83.683057][ T7122] R13: 00007f75f1c16128 R14: 00007f75f1c16090 R15: 00007ffed21384d8 [ 83.683083][ T7122] [ 83.846524][ T7136] netlink: 564 bytes leftover after parsing attributes in process `syz.2.336'. [ 83.869776][ T7141] netlink: 32 bytes leftover after parsing attributes in process `syz.3.338'. [ 83.875337][ T7136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'. [ 83.881610][ T7141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.338'. [ 83.883917][ T7136] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.933086][ T7142] tmpfs: Bad value for 'mpol' [ 84.095799][ T142] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 84.128390][ T7150] binder: 7149:7150 ioctl c0306201 200000000240 returned -11 [ 84.204056][ T7155] xt_hashlimit: size too large, truncated to 1048576 [ 84.247413][ T142] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 84.250769][ T142] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 84.254924][ T142] usb 5-1: config 0 interface 0 has no altsetting 0 [ 84.259960][ T142] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 84.263723][ T142] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 84.267312][ T142] usb 5-1: Product: syz [ 84.268874][ T142] usb 5-1: Manufacturer: syz [ 84.270738][ T142] usb 5-1: SerialNumber: syz [ 84.282123][ T142] usb 5-1: config 0 descriptor?? [ 84.285545][ T142] hub 5-1:0.0: bad descriptor, ignoring hub [ 84.288332][ T142] hub 5-1:0.0: probe with driver hub failed with error -5 [ 84.292022][ T142] usb 5-1: selecting invalid altsetting 0 [ 84.336699][ T7161] EXT4-fs (nbd2): unable to read superblock [ 84.439734][ T7170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'. [ 84.442985][ T7170] netlink: 12 bytes leftover after parsing attributes in process `syz.2.347'. [ 84.454559][ T7170] random: crng reseeded on system resumption [ 84.523663][ T7178] tracefs: Unknown parameter '1844674407370955161518446744073709551615' [ 84.593697][ T7184] binder: 7183:7184 ioctl c0306201 0 returned -14 [ 84.635258][ T7181] netlink: 12 bytes leftover after parsing attributes in process `syz.1.348'. [ 84.694413][ T7191] ipt_ECN: cannot use operation on non-tcp rule [ 84.731331][ T7196] netlink: 'syz.1.353': attribute type 1 has an invalid length. [ 84.743406][ T7196] netlink: 'syz.1.353': attribute type 39 has an invalid length. [ 84.750723][ T7198] netlink: 24 bytes leftover after parsing attributes in process `syz.2.354'. [ 84.897342][ T7138] usb 5-1: reset high-speed USB device number 5 using dummy_hcd [ 85.061516][ T7138] usb 5-1: device firmware changed [ 85.065990][ T5948] usb 5-1: USB disconnect, device number 5 [ 85.070638][ T7208] netlink: 28 bytes leftover after parsing attributes in process `syz.1.358'. [ 85.166814][ T7215] binder: 7214:7215 ioctl c0306201 0 returned -14 [ 85.177382][ T7217] input: syz1 as /devices/virtual/input/input9 [ 85.219305][ T7225] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 85.226829][ T5948] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 85.234637][ T7225] netlink: 'syz.3.362': attribute type 39 has an invalid length. [ 85.262889][ T40] kauditd_printk_skb: 70 callbacks suppressed [ 85.262907][ T40] audit: type=1400 audit(1769753542.867:437): avc: denied { create } for pid=7221 comm="syz.1.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 85.264785][ T40] audit: type=1400 audit(1769753542.867:438): avc: denied { listen } for pid=7221 comm="syz.1.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 85.287721][ T40] audit: type=1400 audit(1769753542.887:439): avc: denied { accept } for pid=7221 comm="syz.1.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 85.320234][ T40] audit: type=1800 audit(1769753542.927:440): pid=7229 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.363" name="file0" dev="tmpfs" ino=400 res=0 errno=0 [ 85.327209][ T40] audit: type=1804 audit(1769753542.927:441): pid=7229 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.363" name="/newroot/71/file0" dev="tmpfs" ino=400 res=1 errno=0 [ 85.427327][ T5948] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 85.432345][ T5948] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 85.435527][ T5948] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.439966][ T5948] usb 5-1: string descriptor 0 read error: -22 [ 85.442014][ T5948] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 85.444879][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 85.448884][ T5948] usb 5-1: config 0 descriptor?? [ 85.454081][ T5948] hub 5-1:0.0: bad descriptor, ignoring hub [ 85.456125][ T5948] hub 5-1:0.0: probe with driver hub failed with error -5 [ 85.459702][ T5948] usb 5-1: selecting invalid altsetting 0 [ 85.472199][ T40] audit: type=1400 audit(1769753543.077:442): avc: denied { remount } for pid=7230 comm="syz.3.364" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 85.472210][ T7232] debugfs: Bad value for 'mode' [ 85.502391][ T40] audit: type=1400 audit(1769753543.107:443): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 85.537500][ T40] audit: type=1400 audit(1769753543.147:444): avc: denied { connect } for pid=7236 comm="syz.3.365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 85.545529][ T7237] overlay: Unknown parameter 'appraise_type' [ 85.556715][ T6004] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 85.653126][ T7239] random: crng reseeded on system resumption [ 85.685767][ T6004] usb 7-1: device descriptor read/64, error -71 [ 85.766296][ T6008] usb 5-1: USB disconnect, device number 6 [ 85.925728][ T6004] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 86.065770][ T6004] usb 7-1: device descriptor read/64, error -71 [ 86.091602][ T40] audit: type=1400 audit(1769753543.697:445): avc: denied { watch } for pid=7244 comm="syz.1.368" path="/104" dev="tmpfs" ino=548 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 86.101146][ T40] audit: type=1400 audit(1769753543.697:446): avc: denied { watch_sb } for pid=7244 comm="syz.1.368" path="/104" dev="tmpfs" ino=548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 86.173228][ T7249] binder: 7248:7249 ioctl c0306201 0 returned -14 [ 86.187152][ T6004] usb usb7-port1: attempt power cycle [ 86.318407][ T7262] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 86.323165][ T7262] overlayfs: overlapping lowerdir path [ 86.523124][ T855] cfg80211: failed to load regulatory.db [ 86.535738][ T6004] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 86.566285][ T6004] usb 7-1: device descriptor read/8, error -71 [ 86.732616][ T7277] netlink: 'syz.3.379': attribute type 5 has an invalid length. [ 86.826545][ T6004] usb 7-1: new low-speed USB device number 7 using dummy_hcd [ 86.856725][ T6004] usb 7-1: device descriptor read/8, error -71 [ 86.966720][ T6004] usb usb7-port1: unable to enumerate USB device [ 87.021983][ T7286] blk_print_req_error: 138 callbacks suppressed [ 87.021996][ T7286] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.031667][ T7286] buffer_io_error: 138 callbacks suppressed [ 87.031682][ T7286] Buffer I/O error on dev nbd0, logical block 0, async page read [ 87.040927][ T7286] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.045251][ T7286] Buffer I/O error on dev nbd0, logical block 1, async page read [ 87.048644][ T7286] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.051777][ T7286] Buffer I/O error on dev nbd0, logical block 2, async page read [ 87.054337][ T7286] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.057614][ T7286] Buffer I/O error on dev nbd0, logical block 3, async page read [ 87.060292][ T7286] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.063455][ T7286] Buffer I/O error on dev nbd0, logical block 0, async page read [ 87.066288][ T7286] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.069361][ T7286] Buffer I/O error on dev nbd0, logical block 1, async page read [ 87.072822][ T7286] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.077010][ T7286] Buffer I/O error on dev nbd0, logical block 2, async page read [ 87.079818][ T7286] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.082832][ T7286] Buffer I/O error on dev nbd0, logical block 3, async page read [ 87.086600][ T7286] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.090428][ T7286] Buffer I/O error on dev nbd0, logical block 0, async page read [ 87.093724][ T7286] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 87.098149][ T7286] Buffer I/O error on dev nbd0, logical block 1, async page read [ 87.101817][ T7286] ldm_validate_partition_table(): Disk read failed. [ 87.105025][ T7286] Dev nbd0: unable to read RDB block 0 [ 87.108149][ T7286] nbd0: unable to read partition table [ 87.874010][ T5943] Bluetooth: hci3: unexpected event for opcode 0x8527 [ 88.086761][ T7322] tmpfs: Bad value for 'mpol' [ 88.200763][ T7324] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7324 comm=syz.0.396 [ 88.209144][ T7324] __nla_validate_parse: 3 callbacks suppressed [ 88.209155][ T7324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.396'. [ 88.214155][ T7324] openvswitch: netlink: Flow actions attr not present in new flow. [ 88.219378][ T7324] netlink: 'syz.0.396': attribute type 1 has an invalid length. [ 88.232233][ T7324] bond2: entered promiscuous mode [ 88.234300][ T7324] 8021q: adding VLAN 0 to HW filter on device bond2 [ 88.363832][ T7329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.372670][ T7329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.480270][ T7320] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 88.483679][ T7320] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 88.489451][ T7320] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 88.596078][ T5948] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 88.747161][ T5948] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 88.750327][ T5948] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.755586][ T5948] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 88.759006][ T5948] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 88.762276][ T5948] usb 5-1: Manufacturer: syz [ 88.766355][ T5948] usb 5-1: config 0 descriptor?? [ 88.825715][ T5948] rc_core: IR keymap rc-hauppauge not found [ 88.827785][ T5948] Registered IR keymap rc-empty [ 88.831032][ T5948] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 88.835740][ T5948] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input10 [ 88.971188][ T5948] usb 5-1: USB disconnect, device number 7 [ 89.092902][ T7360] ieee802154 phy0 wpan0: encryption failed: -22 [ 89.337972][ T7372] XFS (nbd2): no-recovery mounts must be read-only. [ 89.496122][ T7382] sctp: [Deprecated]: syz.2.411 (pid 7382) Use of struct sctp_assoc_value in delayed_ack socket option. [ 89.496122][ T7382] Use struct sctp_sack_info instead [ 89.503960][ T7382] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 89.704129][ T7402] syz_tun: entered allmulticast mode [ 89.732985][ T7401] syz_tun: left allmulticast mode [ 89.769754][ T7410] binder: BINDER_SET_CONTEXT_MGR already set [ 89.772632][ T7410] binder: 7408:7410 ioctl 4018620d 200000000040 returned -16 [ 89.846083][ T6008] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 89.941891][ T7421] fuse: Bad value for 'fd' [ 89.973133][ T7423] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'. [ 89.984957][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.1.425'. [ 90.000748][ T6008] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 90.004297][ T6008] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 90.008157][ T6008] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 90.011135][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.018915][ T7393] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 90.024671][ T6008] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 90.240883][ T6802] usb 5-1: USB disconnect, device number 8 [ 90.269231][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 90.269246][ T40] audit: type=1400 audit(1769753547.877:471): avc: denied { wake_alarm } for pid=7440 comm="syz.1.430" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 90.285054][ T40] audit: type=1400 audit(1769753547.887:472): avc: denied { connect } for pid=7442 comm="syz.2.431" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 90.322569][ T7447] vcan0: entered allmulticast mode [ 90.352147][ T40] audit: type=1400 audit(1769753547.957:473): avc: denied { read write } for pid=7451 comm="syz.1.433" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 90.363000][ T40] audit: type=1400 audit(1769753547.957:474): avc: denied { open } for pid=7451 comm="syz.1.433" path="/dev/input/mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 90.409334][ T40] audit: type=1400 audit(1769753548.017:475): avc: denied { ioctl } for pid=7451 comm="syz.1.433" path="/dev/input/mice" dev="devtmpfs" ino=939 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 90.519785][ T40] audit: type=1400 audit(1769753548.127:476): avc: denied { create } for pid=7462 comm="syz.2.436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 90.527363][ T40] audit: type=1400 audit(1769753548.137:477): avc: denied { ioctl } for pid=7462 comm="syz.2.436" path="socket:[15972]" dev="sockfs" ino=15972 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 90.581256][ T7465] netlink: 152 bytes leftover after parsing attributes in process `syz.2.437'. [ 90.584796][ T7465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=236 sclass=netlink_route_socket pid=7465 comm=syz.2.437 [ 90.628450][ T7467] bad cache= option: nonw [ 90.628450][ T7467] [ 90.631995][ T7467] CIFS: VFS: bad cache= option: nonw [ 90.633896][ T7467] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 90.643871][ T7467] CIFS mount error: No usable UNC path provided in device string! [ 90.643871][ T7467] [ 90.648166][ T7467] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 90.653764][ T40] audit: type=1400 audit(1769753548.257:478): avc: denied { ioctl } for pid=7466 comm="syz.2.438" path="socket:[17687]" dev="sockfs" ino=17687 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 90.703273][ T7469] netlink: 'syz.2.439': attribute type 1 has an invalid length. [ 90.716889][ T7470] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 90.719972][ T7471] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 90.775177][ T7476] netlink: 12 bytes leftover after parsing attributes in process `syz.1.441'. [ 90.799665][ T7474] kAFS: unable to lookup cell '(,cL' [ 90.802174][ T7474] kAFS: unable to lookup cell '(,' [ 90.804575][ T40] audit: type=1400 audit(1769753548.407:479): avc: denied { read } for pid=7473 comm="syz.2.440" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 90.809731][ T7474] kAFS: unable to lookup cell '(,cL' [ 90.837297][ T7482] /dev/sg0: Can't lookup blockdev [ 90.915325][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.445'. [ 91.024079][ T7495] netlink: 56 bytes leftover after parsing attributes in process `syz.2.446'. [ 91.089234][ T7504] set match dimension is over the limit! [ 91.100238][ T40] audit: type=1400 audit(1769753548.707:480): avc: denied { listen } for pid=7498 comm="syz.2.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 91.511851][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.515321][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.078062][ T7539] ALSA: seq fatal error: cannot create timer (-22) [ 92.316977][ T142] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 92.358102][ T7558] loop7: detected capacity change from 0 to 7 [ 92.364006][ C2] blk_print_req_error: 54 callbacks suppressed [ 92.364024][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.370632][ C2] buffer_io_error: 54 callbacks suppressed [ 92.370647][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.377888][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.381852][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.385350][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.389682][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.393599][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.397861][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.405534][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.408691][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.412849][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.413888][ T7566] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 92.415962][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.416180][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.416196][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.416796][ T6312] ldm_validate_partition_table(): Disk read failed. [ 92.432113][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.435868][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.442312][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.446429][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.451982][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 92.456044][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 92.460520][ T6312] Dev loop7: unable to read RDB block 0 [ 92.463199][ T6312] loop7: unable to read partition table [ 92.467070][ T6312] loop7: partition table beyond EOD, truncated [ 92.477127][ T142] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 92.479494][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 92.482830][ T142] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 92.493377][ T7558] ldm_validate_partition_table(): Disk read failed. [ 92.495695][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 92.497578][ T7558] Dev loop7: unable to read RDB block 0 [ 92.500331][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 92.501982][ T142] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 92.503253][ T7558] loop7: unable to read partition table [ 92.507646][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 92.507672][ T142] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 92.507691][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 92.507706][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 92.508539][ T142] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 92.512768][ T7558] loop7: partition table beyond EOD, [ 92.513188][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 92.521205][ T7558] truncated [ 92.524216][ T142] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 92.528649][ T7558] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 92.531144][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 92.552455][ T142] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 92.558343][ T142] usb 6-1: string descriptor 0 read error: -22 [ 92.560534][ T142] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 92.563503][ T142] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.585919][ T142] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 92.671296][ T7580] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 92.743417][ T7589] netlink: 12 bytes leftover after parsing attributes in process `syz.2.471'. [ 92.744388][ T7590] netlink: 8 bytes leftover after parsing attributes in process `syz.0.468'. [ 92.751515][ T7590] netlink: 24 bytes leftover after parsing attributes in process `syz.0.468'. [ 92.779585][ T142] usb 6-1: USB disconnect, device number 2 [ 92.973745][ T7606] openvswitch: netlink: IP tunnel TTL not specified. [ 92.976840][ T7606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=33552 sclass=netlink_route_socket pid=7606 comm=syz.3.475 [ 92.982003][ T7606] netlink: 'syz.3.475': attribute type 10 has an invalid length. [ 92.994059][ T7606] dummy0: entered promiscuous mode [ 93.000105][ T7606] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 93.134574][ T7613] [U] V3Fپ"S/4:XTZWTLW= [ 93.321782][ T142] IPVS: starting estimator thread 0... [ 93.326966][ T7615] sctp: [Deprecated]: syz.1.479 (pid 7615) Use of int in max_burst socket option. [ 93.326966][ T7615] Use struct sctp_assoc_value instead [ 93.337556][ T7615] __nla_validate_parse: 2 callbacks suppressed [ 93.337570][ T7615] netlink: 360 bytes leftover after parsing attributes in process `syz.1.479'. [ 93.405977][ T7616] IPVS: using max 31 ests per chain, 74400 per kthread [ 93.446309][ T7619] trusted_key: syz.1.480 sent an empty control message without MSG_MORE. [ 93.452879][ T7619] macsec1: entered promiscuous mode [ 93.454917][ T7619] macsec1: entered allmulticast mode [ 93.456942][ T7619] veth1_macvtap: entered allmulticast mode [ 93.459964][ T7619] veth1_macvtap: left allmulticast mode [ 93.808736][ T7638] netlink: 28 bytes leftover after parsing attributes in process `syz.2.482'. [ 93.906531][ T7639] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 94.156436][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 94.509084][ T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 94.512840][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.516712][ T10] usb 5-1: Product: syz [ 94.518505][ T10] usb 5-1: Manufacturer: syz [ 94.520492][ T10] usb 5-1: SerialNumber: syz [ 94.529722][ T10] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 94.555215][ T142] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 94.965209][ T7656] xt_socket: unknown flags 0x20 [ 95.076739][ T5943] Bluetooth: hci3: command 0x0405 tx timeout [ 95.176850][ T5948] usb 5-1: USB disconnect, device number 9 [ 95.504914][ T7673] vlan2: entered promiscuous mode [ 95.507616][ T7673] bridge0: entered promiscuous mode [ 95.563060][ T7675] netlink: 8 bytes leftover after parsing attributes in process `syz.1.499'. [ 95.643697][ T7679] netlink: 32 bytes leftover after parsing attributes in process `syz.1.501'. [ 95.646015][ T142] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 95.649534][ T142] ath9k_htc: Failed to initialize the device [ 95.650054][ T7679] netlink: 208 bytes leftover after parsing attributes in process `syz.1.501'. [ 95.655887][ T5948] usb 5-1: ath9k_htc: USB layer deinitialized [ 95.662157][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 95.662169][ T40] audit: type=1400 audit(1769753553.267:504): avc: denied { bind } for pid=7678 comm="syz.1.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 95.671944][ T40] audit: type=1400 audit(1769753553.267:505): avc: denied { write } for pid=7678 comm="syz.1.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 95.699958][ T40] audit: type=1400 audit(1769753553.307:506): avc: denied { setopt } for pid=7682 comm="syz.2.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 95.706001][ T7685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.504'. [ 95.828179][ T40] audit: type=1400 audit(1769753553.437:507): avc: denied { write } for pid=7701 comm="syz.1.509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 95.985156][ T7721] netlink: 48 bytes leftover after parsing attributes in process `syz.2.511'. [ 96.007064][ T7721] mkiss: ax0: crc mode is auto. [ 96.199807][ T7613] [U] J"E:" [ 96.239354][ T7724] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 96.243232][ T7724] UDF-fs: Scanning with blocksize 2048 failed [ 96.247310][ T7724] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 96.250480][ T7724] UDF-fs: Scanning with blocksize 4096 failed [ 96.318317][ T40] audit: type=1800 audit(1769753554.928:508): pid=7727 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.3.516" name="/newroot/119/file0" dev="tmpfs" ino=660 res=0 errno=0 [ 96.328881][ T7724] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 96.375025][ T7731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.517'. [ 96.517878][ T7742] trusted_key: encrypted_key: keyword 'new0default' not recognized [ 96.522741][ T7742] x_tables: duplicate underflow at hook 1 [ 96.525026][ T7742] SET target dimension over the limit! [ 96.604096][ T7746] syzkaller0: entered promiscuous mode [ 96.606196][ T7746] syzkaller0: entered allmulticast mode [ 96.617989][ T7745] ALSA: mixer_oss: invalid OSS volume ';' [ 96.806617][ T7713] binder: 7709:7713 ioctl c0306201 200000000280 returned -14 [ 96.867463][ T40] audit: type=1400 audit(1769753555.478:509): avc: denied { connect } for pid=7755 comm="syz.2.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 96.868722][ T7756] program syz.2.526 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.506051][ T7771] netlink: 28 bytes leftover after parsing attributes in process `syz.2.531'. [ 97.512668][ T7771] netlink: 'syz.2.531': attribute type 10 has an invalid length. [ 97.537400][ T7771] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 97.590315][ T40] audit: type=1400 audit(1769753556.198:510): avc: denied { read } for pid=7777 comm="syz.0.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 97.730088][ T7783] kvm: emulating exchange as write [ 97.767770][ T40] audit: type=1400 audit(1769753556.378:511): avc: denied { create } for pid=7789 comm="syz.2.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 97.775749][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 97.775773][ T40] audit: type=1400 audit(1769753556.378:512): avc: denied { setopt } for pid=7789 comm="syz.2.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 97.803024][ T40] audit: type=1400 audit(1769753556.408:513): avc: denied { mounton } for pid=7791 comm="syz.2.539" path="/122/bus" dev="tmpfs" ino=672 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 97.805406][ T7792] Mount JFS Failure: -22 [ 97.870943][ T7797] netlink: 20 bytes leftover after parsing attributes in process `syz.2.540'. [ 97.910872][ T7797] team0 (unregistering): Port device team_slave_0 removed [ 97.921475][ T7797] team0 (unregistering): Port device team_slave_1 removed [ 97.927349][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 97.930704][ T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 97.933827][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 97.938278][ T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 97.944914][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 97.953905][ T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 97.969886][ T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 97.974199][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.132134][ T7813] random: crng reseeded on system resumption [ 98.208931][ T10] usb 6-1: GET_CAPABILITIES returned 0 [ 98.215971][ T10] usbtmc 6-1:16.0: can't read capabilities [ 98.267653][ T7822] ata1.00: invalid multi_count 128 ignored [ 98.292716][ T7823] IPv6: syztnl0: Disabled Multicast RS [ 98.413008][ T10] usb 6-1: USB disconnect, device number 3 [ 98.617017][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 1 < count 7 [ 98.619851][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.624317][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 1 < count 550 [ 98.628001][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.633451][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 98.666801][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.669638][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 98.672834][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.675995][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.679311][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 98.682625][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.688015][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 98.724647][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.727842][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 98.731651][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.734664][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.738108][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 98.741345][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.746599][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 98.781290][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.784342][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 98.787838][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.790469][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.793800][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 98.797333][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.802540][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 98.839268][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.842323][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 98.845551][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.848709][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.852008][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 98.855370][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.860561][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 98.892368][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.895411][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 98.898599][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.901368][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.904655][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 98.907922][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.912623][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 98.948540][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.951573][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 98.954858][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 98.956813][ T7852] xfs: Unknown parameter 'g9Q ' [ 98.957937][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 98.963049][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 98.966579][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 98.971777][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.007573][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.010556][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.013859][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.017066][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.020396][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.023902][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.029250][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.031149][ T7857] ieee802154 phy0 wpan0: encryption failed: -22 [ 99.056096][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.059520][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.062891][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.066096][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.069527][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.072993][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.078345][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.114780][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.117948][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.121262][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.124394][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.127901][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.131342][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.136713][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.173296][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.176489][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.179817][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.182982][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.183619][ T7861] MINIX-fs: blocksize too small for device [ 99.186439][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.191827][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.197348][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.233217][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.238004][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.241351][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.244463][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.248015][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.251069][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.256141][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.292573][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.295729][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.298979][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.302048][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.305450][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.308924][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.314080][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.349698][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.352806][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.356164][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.359197][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.362556][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.366052][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.371163][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.406249][ T7861] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 99.407138][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.412141][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.415459][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.418757][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.422106][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.425497][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.430801][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.466562][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.469665][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.472945][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.476168][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.479520][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.483151][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.488364][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.497391][ T7867] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 99.523096][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.526203][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.530040][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.533032][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.536483][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.539803][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.544892][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.552356][ T7881] xt_hashlimit: size too large, truncated to 1048576 [ 99.579307][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.582310][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.586190][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.589153][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.592460][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.595854][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.600784][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.631132][ T7873] delete_channel: no stack [ 99.634578][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.637658][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.637688][ T7885] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 99.641372][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.644242][ T7885] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 99.646960][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.647238][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.656572][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.661434][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.692610][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.695754][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.700580][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.703566][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.707203][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.710460][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.715423][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.752145][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.755131][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.758901][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.761754][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.765287][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.768767][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.772974][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.793753][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.796527][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.798520][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.573'. [ 99.799103][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.804903][ T7902] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 99.805030][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.810906][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.813917][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.818056][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.842074][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.844722][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.847518][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.849888][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.852772][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.855856][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.859828][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.886196][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.888750][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.891836][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.894429][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.897362][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.900138][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.904565][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.928742][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.931701][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.935023][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.937766][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.940606][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.943397][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.947440][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.957990][ T5293] ================================================================== [ 99.961414][ T5293] BUG: KASAN: slab-use-after-free in le_read_features_complete+0x56/0x380 [ 99.965010][ T5293] Write of size 4 at addr ffff88803399c010 by task kworker/u33:1/5293 [ 99.969833][ T5293] [ 99.970894][ T5293] CPU: 1 UID: 0 PID: 5293 Comm: kworker/u33:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 99.970920][ T5293] Tainted: [L]=SOFTLOCKUP [ 99.970926][ T5293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 99.970943][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.970938][ T5293] Workqueue: hci0 hci_cmd_sync_work [ 99.970967][ T5293] Call Trace: [ 99.970973][ T5293] [ 99.970979][ T5293] dump_stack_lvl+0x100/0x190 [ 99.971002][ T5293] print_report+0x156/0x4c9 [ 99.971030][ T5293] ? __virt_addr_valid+0x81/0x620 [ 99.971046][ T5293] ? __phys_addr+0xe8/0x180 [ 99.971062][ T5293] ? le_read_features_complete+0x56/0x380 [ 99.971086][ T5293] kasan_report+0xdf/0x1a0 [ 99.971110][ T5293] ? le_read_features_complete+0x56/0x380 [ 99.971136][ T5293] kasan_check_range+0x10f/0x1e0 [ 99.971159][ T5293] le_read_features_complete+0x56/0x380 [ 99.971183][ T5293] hci_cmd_sync_work+0x214/0x470 [ 99.971206][ T5293] ? __pfx_le_read_features_complete+0x10/0x10 [ 99.971232][ T5293] process_one_work+0x9c2/0x1840 [ 99.971256][ T5293] ? __pfx_process_one_work+0x10/0x10 [ 99.971279][ T5293] ? assign_work+0x19c/0x250 [ 99.971298][ T5293] worker_thread+0x5da/0xe40 [ 99.971322][ T5293] ? kthread+0x17d/0x730 [ 99.971340][ T5293] ? __pfx_worker_thread+0x10/0x10 [ 99.971359][ T5293] kthread+0x3b3/0x730 [ 99.971376][ T5293] ? __pfx_kthread+0x10/0x10 [ 99.971393][ T5293] ? ret_from_fork+0x79/0xaf0 [ 99.971412][ T5293] ? ret_from_fork+0x79/0xaf0 [ 99.971430][ T5293] ? rcu_is_watching+0x12/0xc0 [ 99.971453][ T5293] ? __pfx_kthread+0x10/0x10 [ 99.971470][ T5293] ret_from_fork+0x754/0xaf0 [ 99.971489][ T5293] ? __pfx_ret_from_fork+0x10/0x10 [ 99.971510][ T5293] ? __switch_to+0x7b9/0x10c0 [ 99.971534][ T5293] ? __pfx_kthread+0x10/0x10 [ 99.971551][ T5293] ret_from_fork_asm+0x1a/0x30 [ 99.971571][ T5293] [ 99.971577][ T5293] [ 99.974453][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 99.976316][ T5293] Allocated by task 5943: [ 99.976330][ T5293] kasan_save_stack+0x30/0x50 [ 99.976351][ T5293] kasan_save_track+0x14/0x30 [ 99.976369][ T5293] __kasan_kmalloc+0xaa/0xb0 [ 99.976386][ T5293] __hci_conn_add+0x1f4/0x1ca0 [ 99.982154][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 99.982595][ T5293] hci_conn_add_unset+0x76/0x120 [ 99.984327][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 99.985723][ T5293] le_conn_complete_evt+0x633/0x1f40 [ 99.985745][ T5293] hci_le_conn_complete_evt+0x23c/0x3a0 [ 99.985762][ T5293] hci_le_meta_evt+0x34a/0x5f0 [ 99.985780][ T5293] hci_event_packet+0x682/0x11c0 [ 99.987043][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 99.988658][ T5293] hci_rx_work+0x451/0xfc0 [ 99.990307][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 99.992272][ T5293] process_one_work+0x9c2/0x1840 [ 99.992296][ T5293] worker_thread+0x5da/0xe40 [ 99.992315][ T5293] kthread+0x3b3/0x730 [ 99.992330][ T5293] ret_from_fork+0x754/0xaf0 [ 99.992349][ T5293] ret_from_fork_asm+0x1a/0x30 [ 99.992364][ T5293] [ 99.992369][ T5293] Freed by task 5943: [ 99.992407][ T5293] kasan_save_stack+0x30/0x50 [ 99.992426][ T5293] kasan_save_track+0x14/0x30 [ 99.992444][ T5293] kasan_save_free_info+0x3b/0x70 [ 99.995087][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 99.996306][ T5293] __kasan_slab_free+0x5f/0x80 [ 99.996330][ T5293] kfree+0x1c7/0x690 [ 99.996343][ T5293] device_release+0xa4/0x240 [ 100.014427][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.015555][ T5293] kobject_put+0x1f7/0x640 [ 100.017663][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 100.018867][ T5293] device_unregister+0x2f/0xe0 [ 100.020702][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.022182][ T5293] hci_conn_del_sysfs+0xb9/0x1a0 [ 100.023723][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 100.025682][ T5293] hci_conn_del+0x506/0x1180 [ 100.025709][ T5293] hci_disconn_complete_evt+0x410/0xa20 [ 100.027343][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 100.029107][ T5293] hci_event_packet+0xa86/0x11c0 [ 100.029130][ T5293] hci_rx_work+0x451/0xfc0 [ 100.029148][ T5293] process_one_work+0x9c2/0x1840 [ 100.030743][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 100.032456][ T5293] worker_thread+0x5da/0xe40 [ 100.035107][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 100.035995][ T5293] kthread+0x3b3/0x730 [ 100.036016][ T5293] ret_from_fork+0x754/0xaf0 [ 100.036041][ T5293] ret_from_fork_asm+0x1a/0x30 [ 100.036056][ T5293] [ 100.036062][ T5293] The buggy address belongs to the object at ffff88803399c000 [ 100.036062][ T5293] which belongs to the cache kmalloc-8k of size 8192 [ 100.036076][ T5293] The buggy address is located 16 bytes inside of [ 100.036076][ T5293] freed 8192-byte region [ffff88803399c000, ffff88803399e000) [ 100.054385][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.054777][ T5293] [ 100.054785][ T5293] The buggy address belongs to the physical page: [ 100.057210][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 100.059252][ T5293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33998 [ 100.061607][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.063676][ T5293] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 100.065425][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 100.067405][ T5293] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 100.067427][ T5293] page_type: f5(slab) [ 100.067444][ T5293] raw: 00fff00000000040 ffff88801b843180 ffffea00014ebe00 dead000000000003 [ 100.067460][ T5293] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 100.067477][ T5293] head: 00fff00000000040 ffff88801b843180 ffffea00014ebe00 dead000000000003 [ 100.067491][ T5293] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 100.069250][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 100.072108][ T5293] head: 00fff00000000003 ffffea0000ce6601 00000000ffffffff 00000000ffffffff [ 100.072128][ T5293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 100.072138][ T5293] page dumped because: kasan: bad access detected [ 100.073640][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 100.076480][ T5293] page_owner tracks the page as allocated [ 100.076489][ T5293] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5936, tgid 5936 (syz-executor), ts 63679736272, free_ts 23798584421 [ 100.076522][ T5293] post_alloc_hook+0x1e1/0x250 [ 100.076543][ T5293] get_page_from_freelist+0xe3d/0x2e10 [ 100.076561][ T5293] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 100.079204][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 100.079996][ T5293] alloc_pages_mpol+0x1fb/0x550 [ 100.098192][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.099403][ T5293] new_slab+0x2c4/0x440 [ 100.100720][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 100.102698][ T5293] ___slab_alloc+0xda3/0x1ca0 [ 100.105075][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.105971][ T65] Bluetooth: hci0: command 0x2016 tx timeout [ 100.106853][ T5293] __slab_alloc.isra.0+0x63/0x110 [ 100.106874][ T5293] __kmalloc_cache_noprof+0x531/0x810 [ 100.106889][ T5293] macvlan_common_newlink+0x47f/0x1a00 [ 100.106913][ T5293] macvtap_newlink+0x17a/0x240 [ 100.109195][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 100.111195][ T5293] rtnl_newlink+0x1494/0x2380 [ 100.113571][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 100.115541][ T5293] rtnetlink_rcv_msg+0x95e/0xe90 [ 100.118013][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 4096 [ 100.119723][ T5293] netlink_rcv_skb+0x159/0x420 [ 100.119754][ T5293] netlink_unicast+0x5aa/0x870 [ 100.122550][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 65280 [ 100.124545][ T5293] netlink_sendmsg+0x8b0/0xda0 [ 100.157175][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.159215][ T5293] __sys_sendto+0x4aa/0x520 [ 100.162363][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 145 [ 100.165526][ T5293] page last free pid 9 tgid 9 stack trace: [ 100.165539][ T5293] __free_frozen_pages+0x822/0x1130 [ 100.168758][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 7 [ 100.171569][ T5293] vfree.part.0+0x12b/0x9d0 [ 100.171592][ T5293] delayed_vfree_work+0x8e/0xd0 [ 100.171611][ T5293] process_one_work+0x9c2/0x1840 [ 100.171627][ T5293] worker_thread+0x5da/0xe40 [ 100.174722][ T5943] Bluetooth: hci3: hcon ffff888038c40000 sent 0 < count 512 [ 100.177594][ T5293] kthread+0x3b3/0x730 [ 100.177612][ T5293] ret_from_fork+0x754/0xaf0 [ 100.177627][ T5293] ret_from_fork_asm+0x1a/0x30 [ 100.177639][ T5293] [ 100.177642][ T5293] Memory state around the buggy address: [ 100.177651][ T5293] ffff88803399bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.177661][ T5293] ffff88803399bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.177670][ T5293] >ffff88803399c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.177677][ T5293] ^ [ 100.177684][ T5293] ffff88803399c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.177693][ T5293] ffff88803399c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.179676][ T5943] Bluetooth: hci3: hcon ffff888029fe4000 sent 0 < count 550 [ 100.182420][ T5293] ================================================================== [ 100.184151][ T5293] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 100.184169][ T5293] CPU: 1 UID: 0 PID: 5293 Comm: kworker/u33:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 100.184195][ T5293] Tainted: [L]=SOFTLOCKUP [ 100.184202][ T5293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 100.184214][ T5293] Workqueue: hci0 hci_cmd_sync_work [ 100.184242][ T5293] Call Trace: [ 100.184248][ T5293] [ 100.184255][ T5293] dump_stack_lvl+0x100/0x190 [ 100.184280][ T5293] vpanic+0x20d/0x630 [ 100.184298][ T5293] panic+0xd1/0xd1 [ 100.184314][ T5293] ? __pfx_panic+0x10/0x10 [ 100.184331][ T5293] ? le_read_features_complete+0x56/0x380 [ 100.184357][ T5293] ? preempt_schedule_common+0x42/0xc0 [ 100.184377][ T5293] ? check_panic_on_warn+0x1f/0x90 [ 100.184399][ T5293] check_panic_on_warn.cold+0x19/0x34 [ 100.184418][ T5293] end_report.part.0+0x3a/0x90 [ 100.184441][ T5293] kasan_report.cold+0xe/0x18 [ 100.184464][ T5293] ? le_read_features_complete+0x56/0x380 [ 100.184489][ T5293] kasan_check_range+0x10f/0x1e0 [ 100.184515][ T5293] le_read_features_complete+0x56/0x380 [ 100.184556][ T5293] hci_cmd_sync_work+0x214/0x470 [ 100.184577][ T5293] ? __pfx_le_read_features_complete+0x10/0x10 [ 100.184600][ T5293] process_one_work+0x9c2/0x1840 [ 100.184620][ T5293] ? __pfx_process_one_work+0x10/0x10 [ 100.184639][ T5293] ? assign_work+0x19c/0x250 [ 100.184654][ T5293] worker_thread+0x5da/0xe40 [ 100.184673][ T5293] ? kthread+0x17d/0x730 [ 100.184687][ T5293] ? __pfx_worker_thread+0x10/0x10 [ 100.184703][ T5293] kthread+0x3b3/0x730 [ 100.184718][ T5293] ? __pfx_kthread+0x10/0x10 [ 100.184732][ T5293] ? ret_from_fork+0x79/0xaf0 [ 100.184748][ T5293] ? ret_from_fork+0x79/0xaf0 [ 100.184764][ T5293] ? rcu_is_watching+0x12/0xc0 [ 100.184783][ T5293] ? __pfx_kthread+0x10/0x10 [ 100.184798][ T5293] ret_from_fork+0x754/0xaf0 [ 100.184814][ T5293] ? __pfx_ret_from_fork+0x10/0x10 [ 100.184831][ T5293] ? __switch_to+0x7b9/0x10c0 [ 100.184851][ T5293] ? __pfx_kthread+0x10/0x10 [ 100.184866][ T5293] ret_from_fork_asm+0x1a/0x30 [ 100.184884][ T5293] [ 100.186685][ T5293] Kernel Offset: disabled VM DIAGNOSIS: 04:30:13 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff823f410d RDX=ffff88802e670000 RSI=ffffffff823f42f3 RDI=ffff88802e670000 RBP=ffffea0000eaff74 RSP=ffffc9000e5ef9d0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=0000000000000007 R14=dffffc0000000000 R15=000000000000007f RIP=ffffffff8207003f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 000055556b7aa500 ffffffff 00c00000 GS =0000 ffff8880d65dc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007feed3c706c0 CR3=0000000060454000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=00000000000000ff Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed4b4d560 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe54e56396 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe54e56396 00007ffe54e5639c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e086dc ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e08728 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e0869c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e0871a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3fe44a0 00007feed3fe4480 00007feed3fe4488 00007feed3fe44b8 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500060006 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3fe4498 00007feed3fe4468 00007feed3fe44a0 00007feed3fe4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85699fa5 RDI=ffffffff9b206c00 RBP=ffffffff9b206bc0 RSP=ffffc900077af540 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3933333038387257 R12=0000000000000000 R13=0000000000000066 R14=0000000000000010 R15=ffffffff85699f40 RIP=ffffffff85699fcf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d66dc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007feed4bc9ff8 CR3=0000000012805000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=000000007ffeffff Opmask03=0000000001041000 Opmask04=00000000ffffefff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f68637461772f76 6564752f6e75722f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bafba77c40 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bafbcbb930 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fae893f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 737326c988b87483 737326ccd37b4059 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8a99b36a3d077470 7373737628dccfc8 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 772f766564752f6e 75722f00646c6f2e 68637461772f7665 64752f6e75722f00 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 520a534041500a4b 50570a0041494a0b 4d465144520a5340 41500a4b50570a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f9eac0194e740703 000055bfa06473ad 00000000000000c1 0000000000302e36 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001c1 6c2f0073656c0033 3170306d656d7000 306d656d702f6b63 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a302e30312d3533 712d63707276703a 29393030322c3948 43492b3533512843 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50647261646e6174 536e703a554d4551 6e76733a302e3072 623a343130322f31 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302f343064623a32 2d332e36312e312d 6e61696265642d33 2e36312e31727662 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000014100 000000000000303d 44440045525f5346 0054242044492065 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000002 RBX=ffff888038c409f8 RCX=0000000000000003 RDX=00000000ffffffff RSI=ffffffff8dc1f455 RDI=ffff888038c409f8 RBP=ffff888038c40a00 RSP=ffffc90003d2f8f8 R8 =00000000fbf8e5e8 R9 =0000000000000808 R10=0000000000000000 R11=0000000000000000 R12=1ffff920007a5f20 R13=ffff888038c40a08 R14=000000000000dd96 R15=ffff8880631d8020 RIP=ffffffff81e37367 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67dc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007feed4ba9d58 CR3=0000000060454000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010001 Opmask01=00000000ffffffff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 203a6b6361747320 6461657268747020 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe54e56396 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe54e56396 00007ffe54e5639c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e086dc ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e08728 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e0869c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3e0871a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 657a6973203c2065 7a69736565726600 632e6b6361747365 7461636f6c6c6100 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 405f4c5605190540 5f4c564040574300 460b4e4644515640 5144464a49494400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feed3fe4498 00007feed3fe4468 00007feed3fe44a0 00007feed3fe4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000ad1f5 RBX=ffff88801e2f8000 RCX=ffffffff8b76b4b5 RDX=0000000000000000 RSI=ffffffff8dc45440 RDI=ffffffff8bfa35a0 RBP=0000000000000003 RSP=ffffc90000197df0 R8 =0000000000000001 R9 =ffffed100d4e673d R10=ffff88806a7339eb R11=0000000000000000 R12=ffffed1003c5f000 R13=0000000000000003 R14=ffffffff90b737d0 R15=0000000000000000 RIP=ffffffff8b769e1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68dc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007feed4bc9ff8 CR3=0000000026488000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000f4000000 Opmask01=0000000000001000 Opmask02=0000000003ffffff Opmask03=0000000000000000 Opmask04=00000000ffffefff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f7463656a626f3a 755f6d6574737973 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00745f6563697665 643a725f7463656a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 00007ffe83ccbb80 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fae89a627f0 00007fae89a627e0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a15d5 2a2a2a2a2a415943 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e754f4645425d05 1a474f475a054149 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 00000000ffffffff 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff 0000000000000000 ffffffffffffffff ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 0000000000000000 00007ffe83ccbb80 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000014100 000000000000303d 44440045525f5346 0054242044492065 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000