last executing test programs: 4m24.391729929s ago: executing program 0 (id=5399): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10) 4m24.289956527s ago: executing program 0 (id=5402): socket(0x1, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x78}, 0x94) 4m24.282736326s ago: executing program 0 (id=5405): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2193, 0xd000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xfa41}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4040) 4m24.195242959s ago: executing program 0 (id=5412): prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) eventfd2(0x0, 0x0) 4m24.126732556s ago: executing program 0 (id=5415): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) 4m24.072744411s ago: executing program 0 (id=5417): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31040000000900010073797a30000000000800054000000021380000001d0a03000000000000000000070000000900010073797a3000000000090002"], 0xbc}}, 0x48004) 4m8.048117361s ago: executing program 32 (id=5417): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31040000000900010073797a30000000000800054000000021380000001d0a03000000000000000000070000000900010073797a3000000000090002"], 0xbc}}, 0x48004) 2m30.414955779s ago: executing program 3 (id=10846): r0 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000200)="1d", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, &(0x7f0000000740)="69bf05d40ff7e03db3ddca537c6c5612321b25d32064e9ed643d462211406432e87c4d40383939ab8276bfc0294ba021d1ccf9b6b32d1b6c9e8c9737ca2d08305301693ef20a414ca24bed3736d182271d197fc2146a9f55070f3f31155b9081ecbd0fcc0296c88eac143394a776955e8a075194717757c9e085976cac66fd4c5bc83183df2db8205863d7f803e302420e7fc5315861803024f921932a49a4283f6a7d8ab2cbd629e984582467fd6ca63598d554677517903644dc2ef01f8dec", 0xc0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r1, r0}, &(0x7f0000000600)=""/100, 0x64, &(0x7f0000000180)={&(0x7f0000000400)={'xxhash64-generic\x00'}, &(0x7f00000005c0)="0900a9351a47", 0x6}) 2m30.411833375s ago: executing program 3 (id=10848): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) recvmsg(r0, &(0x7f000000c1c0)={0x0, 0x0, 0x0}, 0x20) 2m30.410779926s ago: executing program 3 (id=10849): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x1c}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0) 2m30.361111436s ago: executing program 3 (id=10851): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x40, r1, 0x7, 0x2, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 2m30.286853532s ago: executing program 3 (id=10852): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r0, &(0x7f0000000300)) 2m30.286572479s ago: executing program 3 (id=10853): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x161200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 2m14.254451766s ago: executing program 33 (id=10853): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x161200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 1m38.983586251s ago: executing program 1 (id=12744): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x6a4, 0x0, 0x7}]}) 1m38.909017303s ago: executing program 1 (id=12751): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) connect$inet(r0, &(0x7f0000000280)={0x2, 0x4, @multicast1}, 0x10) sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0) 1m38.871911805s ago: executing program 1 (id=12753): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)={0x38, r2, 0x1, 0x70bd2c, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x22, 0x26}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x143c}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000) 1m38.811589504s ago: executing program 1 (id=12755): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 1m38.810832723s ago: executing program 1 (id=12757): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') lseek(r0, 0x2000, 0x0) 1m38.670771836s ago: executing program 1 (id=12763): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x90, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x71, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0x9, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x4, 0x6, {0x3, 0x8, 0x9, 0x4}}, @val={0x6, 0x2, 0x1fc}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x1, 0x100, 0x1}}, @void, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) 1m38.618235268s ago: executing program 34 (id=12763): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x90, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x71, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0x9, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x4, 0x6, {0x3, 0x8, 0x9, 0x4}}, @val={0x6, 0x2, 0x1fc}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x1, 0x100, 0x1}}, @void, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) 1m38.010809327s ago: executing program 4 (id=12780): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001a00)="381ae182b4f24854a91f6c29f81de8fb5f07ff2d67985f11bf163ab6cfa0da9c", 0x20) 1m37.934926024s ago: executing program 4 (id=12781): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) utime(&(0x7f0000000440)='./file0\x00', 0x0) 1m37.066710148s ago: executing program 4 (id=12791): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x1, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x3}}]}, 0x38}}, 0x0) 1m36.967072206s ago: executing program 4 (id=12792): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 1m36.966643324s ago: executing program 4 (id=12793): write$binfmt_format(0xffffffffffffffff, &(0x7f00000000c0)='1\x00', 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15170000bcb7040008000a00", @ANYRES32=r1, @ANYBLOB="140012800c0001006d6163767461700004000280080005"], 0x44}, 0x1, 0x0, 0x0, 0x240448c5}, 0x8000002) 1m36.500473418s ago: executing program 4 (id=12809): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="b4ba4300b80f00efba200066b80000000066ef66dea400000f20c06635000001000f228a66b9b10a00000f32660f3814b285d80f300f4ecb67660f2816", 0x3d}], 0x1, 0x73, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r0, 0x8949, &(0x7f0000000000)) 1m36.419817064s ago: executing program 35 (id=12809): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="b4ba4300b80f00efba200066b80000000066ef66dea400000f20c06635000001000f228a66b9b10a00000f32660f3814b285d80f300f4ecb67660f2816", 0x3d}], 0x1, 0x73, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r0, 0x8949, &(0x7f0000000000)) 1m10.090717494s ago: executing program 7 (id=13652): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@bridge_dellink={0x2c, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4}}]}]}, 0x2c}}, 0x0) 1m10.036954446s ago: executing program 7 (id=13655): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRES8], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) 1m9.404381879s ago: executing program 2 (id=13677): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r1, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r2, @ANYBLOB="90005a808c000080140005000b000000080009000600ff01520005004f0002"], 0xac}}, 0x0) 1m9.403308971s ago: executing program 2 (id=13678): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, &(0x7f0000000300)={[{@gid={'gid', 0x3d, r1}}]}) 1m9.339657127s ago: executing program 2 (id=13679): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x20000) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x88000, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000000149202, 0x0) 1m9.337116691s ago: executing program 2 (id=13680): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 1m9.276831164s ago: executing program 2 (id=13681): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x44, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x78e}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x4}]}, 0x44}}, 0x4000004) 1m9.149771s ago: executing program 2 (id=13682): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x40, r2, 0x1, 0x70bd2b, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x41, 0x5f}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}]]}, 0x40}}, 0x0) 1m9.115515251s ago: executing program 36 (id=13682): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x40, r2, 0x1, 0x70bd2b, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x41, 0x5f}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}]]}, 0x40}}, 0x0) 1m8.570590436s ago: executing program 7 (id=13689): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000020a050000e9fff57f814700020000000900010073797a30"], 0x48}}, 0x0) 1m8.420894874s ago: executing program 7 (id=13696): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 1m8.350394407s ago: executing program 7 (id=13700): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4112, 0x1010}], 0x1, 0x800, 0x0) 1m8.048170619s ago: executing program 7 (id=13707): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1m8.012607464s ago: executing program 37 (id=13707): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 3.285288543s ago: executing program 5 (id=15702): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7040ffdbde25060000000c00018008000100", @ANYRES32=r3], 0x20}}, 0x8080) 3.220935091s ago: executing program 5 (id=15706): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) syz_emit_ethernet(0x4c, &(0x7f0000000500)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x1, 0x2, 0x4, 0x0, @val=0x80}, "8a2a3c82990f"}}}}}}}, 0x0) 3.220733939s ago: executing program 5 (id=15707): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0) mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) 3.170760768s ago: executing program 5 (id=15708): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) r0 = socket(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e24, 0x3, @mcast1, 0x2}, 0x1c) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) setsockopt$sock_int(r0, 0x1, 0x35, &(0x7f0000000040)=0x2000007, 0x4) 3.166480948s ago: executing program 5 (id=15711): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write(r0, &(0x7f0000000080)="b6", 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x1f}, 0x14) 3.097376308s ago: executing program 5 (id=15715): syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwrite64(r0, &(0x7f0000000080)="dc765aa136431bf661", 0x9, 0x7) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x200000000000000) 1.862466026s ago: executing program 9 (id=15745): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="6000000000000000290000000b0000000008000000000000c910fe8000000000000000000000000000bbc9100000000000000000000000000000000107200000000006000000bb2c0000000000000000000000000000000000000000000000001800000000000000290000000400000000000000000000000801"], 0x180}, 0x0) 1.799049898s ago: executing program 9 (id=15747): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x28, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0x0, 0x700}, @generic={0x0, 0x2, "d58838000391"}]}}}}}}, 0xfd6c) 1.696956463s ago: executing program 9 (id=15751): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000080)=0x4, 0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x60010002, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) 1.551965852s ago: executing program 9 (id=15755): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f00000003c0)) 1.4785333s ago: executing program 9 (id=15761): setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040)) 1.029336083s ago: executing program 6 (id=15765): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000000600000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001f40)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c) syz_emit_ethernet(0x46, &(0x7f0000007380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x10, 0x3a, 0xff, @empty, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xd, 0x6, 0xc18, 0x5932}}}}}}, 0x0) 868.778878ms ago: executing program 6 (id=15766): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) 868.612135ms ago: executing program 6 (id=15767): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xef) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e) 804.584373ms ago: executing program 6 (id=15768): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) mremap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000ff8000/0x2000)=nil) 696.805982ms ago: executing program 6 (id=15770): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 696.668262ms ago: executing program 8 (id=15771): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in=@broadcast, @in=@remote, 0x4e22, 0x0, 0x4e24, 0x0, 0xa}, {0x0, 0x4, 0x0, 0x5, 0x6, 0x5, 0x0, 0x40000000000000}, {0x9, 0x100009, 0x53e5, 0xb}, 0x0, 0x1, 0x1, 0x0, 0x3, 0x3}, {{@in=@loopback, 0xffffeffd, 0x32}, 0xa, @in=@multicast1, 0x1502, 0x0, 0x0, 0x0, 0x4, 0xfffffffd, 0x1}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @empty}, 0x1c) 644.756036ms ago: executing program 8 (id=15772): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffd, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000200)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(r1, 0x0, 0x0) write$tun(r1, &(0x7f0000000400)=ANY=[], 0xa2) 644.669791ms ago: executing program 8 (id=15773): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "48b603de"}]}}, 0x0}, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000014000100000080000000000002000080080002"], 0x1c}], 0x1, 0x0, 0x0, 0x20008040}, 0x0) 135.072763ms ago: executing program 6 (id=15774): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x40938, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) 56.112688ms ago: executing program 8 (id=15775): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb4}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) 1.409427ms ago: executing program 8 (id=15776): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000140)={0x0, 0x9, 0x7, 0xfffff001}, 0x10) 1.295088ms ago: executing program 9 (id=15777): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r0, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r1, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 0s ago: executing program 8 (id=15778): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x4e21, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c) listen(r0, 0x100101) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000100)=@srh={0x1d, 0x0, 0x4, 0x0, 0x40, 0x8, 0x40}, 0x8) accept4(r0, 0x0, 0x0, 0x80800) kernel console output (not intermixed with test programs): state [ 351.729607][ T9796] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.732003][ T9796] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.734250][ T9796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.767327][ T9796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.775455][ T5271] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.778365][ T5271] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.787269][ T9796] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.794153][T16360] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.796476][T16360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.801859][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.804167][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.834369][T10156] loop8: detected capacity change from 0 to 7 [ 351.841275][T20065] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 351.843610][T20065] loop8: partition table partially beyond EOD, truncated [ 351.847570][T20065] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 351.851261][T20065] loop8: p2 start 956478 is beyond EOD, truncated [ 351.858366][T10156] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 351.863981][T10156] loop8: partition table partially beyond EOD, truncated [ 351.866501][T10156] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 351.871911][T10156] loop8: p2 start 956478 is beyond EOD, truncated [ 351.899799][T20065] udevd[20065]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 351.912987][T20065] udevd[20065]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 351.921425][ T9796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 352.067019][ T9796] veth0_vlan: entered promiscuous mode [ 352.072378][ T9796] veth1_vlan: entered promiscuous mode [ 352.086719][ T9796] veth0_macvtap: entered promiscuous mode [ 352.090538][ T9796] veth1_macvtap: entered promiscuous mode [ 352.099684][ T9796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.116331][ T9796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 352.124810][ T12] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.129856][ T12] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.134346][ T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.135962][ T5294] Bluetooth: hci2: command tx timeout [ 352.138706][ T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.181616][T16360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.184291][T16360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.202940][T10167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.205506][T10167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.986204][T10231] bond1: ARP target 4.0.0.0 is already present [ 352.988167][T10231] bond1: option arp_ip_target: invalid value (4) [ 352.991484][T10231] bond1 (unregistering): Released all slaves [ 353.237626][ T5294] Bluetooth: hci3: command tx timeout [ 353.266246][T10326] netlink: 20 bytes leftover after parsing attributes in process `syz.8.13764'. [ 353.284797][T10332] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13762'. [ 353.288343][T10332] bridge0: left allmulticast mode [ 353.366055][T10342] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13768'. [ 353.368906][T10342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13768'. [ 353.596805][T10369] netlink: 12 bytes leftover after parsing attributes in process `syz.8.13779'. [ 353.964784][ T143] usb 13-1: new full-speed USB device number 2 using dummy_hcd [ 354.136757][ T143] usb 13-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 354.140432][ T143] usb 13-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 354.143978][ T143] usb 13-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 354.149663][ T143] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.155261][T10375] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 354.161068][T10375] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 354.165504][ T143] usb 13-1: Quirk or no altset; falling back to MIDI 1.0 [ 354.349766][ T5294] Bluetooth: hci2: command tx timeout [ 354.386525][ T143] usb 13-1: USB disconnect, device number 2 [ 354.671330][T10483] binder: 10481:10483 ioctl c018620c 200000000000 returned -22 [ 355.155484][T10545] sp0: Synchronizing with TNC [ 355.183698][T11074] usb 14-1: new high-speed USB device number 2 using dummy_hcd [ 355.365079][T11074] usb 14-1: Using ep0 maxpacket: 16 [ 355.368371][T11074] usb 14-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 355.371666][T11074] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.375365][T11074] usb 14-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 355.381798][T11074] usb 14-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 355.384799][T11074] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 355.387562][T11074] usb 14-1: SerialNumber: syz [ 355.398295][T11074] cdc_ether 14-1:1.0: probe with driver cdc_ether failed with error -22 [ 355.470805][ T5294] Bluetooth: hci3: command tx timeout [ 355.615673][ T6102] usb 14-1: USB disconnect, device number 2 [ 355.691312][T10602] netlink: 36 bytes leftover after parsing attributes in process `syz.6.13847'. [ 356.180324][T10643] GUP no longer grows the stack in syz.8.13864 (10643): 200000007000-20000000a000 (200000004000) [ 356.188778][T10643] CPU: 3 UID: 0 PID: 10643 Comm: syz.8.13864 Tainted: G L syzkaller #0 PREEMPT(full) [ 356.188807][T10643] Tainted: [L]=SOFTLOCKUP [ 356.188814][T10643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 356.188824][T10643] Call Trace: [ 356.188830][T10643] [ 356.188837][T10643] dump_stack_lvl+0x16c/0x1f0 [ 356.188861][T10643] gup_vma_lookup+0x1d2/0x220 [ 356.188886][T10643] __get_user_pages+0x241/0x3590 [ 356.188916][T10643] ? __x64_sys_setsockopt+0xbd/0x160 [ 356.188940][T10643] ? do_syscall_64+0xcd/0xf80 [ 356.188957][T10643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.188976][T10643] ? __pfx___get_user_pages+0x10/0x10 [ 356.189005][T10643] __gup_longterm_locked+0x2dd/0x17e0 [ 356.189027][T10643] ? __lock_acquire+0x410/0x2890 [ 356.189054][T10643] ? __pfx___gup_longterm_locked+0x10/0x10 [ 356.189089][T10643] pin_user_pages+0x13c/0x160 [ 356.189112][T10643] ? __pfx_pin_user_pages+0x10/0x10 [ 356.189147][T10643] xdp_umem_create+0x741/0x1270 [ 356.189179][T10643] xsk_setsockopt+0x9cf/0xc00 [ 356.189203][T10643] ? __pfx_xsk_setsockopt+0x10/0x10 [ 356.189236][T10643] ? selinux_socket_setsockopt+0x6a/0x80 [ 356.189265][T10643] ? __pfx_xsk_setsockopt+0x10/0x10 [ 356.189289][T10643] do_sock_setsockopt+0xf3/0x1d0 [ 356.189310][T10643] __sys_setsockopt+0x1a0/0x230 [ 356.189345][T10643] __x64_sys_setsockopt+0xbd/0x160 [ 356.189369][T10643] ? do_syscall_64+0x91/0xf80 [ 356.189387][T10643] ? lockdep_hardirqs_on+0x7c/0x110 [ 356.189405][T10643] do_syscall_64+0xcd/0xf80 [ 356.189426][T10643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.189444][T10643] RIP: 0033:0x7f39ddb8f7c9 [ 356.189459][T10643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.189477][T10643] RSP: 002b:00007f39de9ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 356.189494][T10643] RAX: ffffffffffffffda RBX: 00007f39ddde5fa0 RCX: 00007f39ddb8f7c9 [ 356.189505][T10643] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 356.189515][T10643] RBP: 00007f39ddc13f91 R08: 0000000000000020 R09: 0000000000000000 [ 356.189526][T10643] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 356.189536][T10643] R13: 00007f39ddde6038 R14: 00007f39ddde5fa0 R15: 00007fff157391d8 [ 356.189567][T10643] [ 356.432520][T10684] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 356.441222][T10684] syzkaller0: group set to 0 [ 356.444759][ T29] Process accounting resumed [ 356.477940][ T40] kauditd_printk_skb: 239 callbacks suppressed [ 356.477951][ T40] audit: type=1400 audit(2000000091.767:66573): avc: denied { create } for pid=10694 comm="syz.6.13880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 356.491745][ T40] audit: type=1400 audit(2000000091.777:66574): avc: denied { bind } for pid=10694 comm="syz.6.13880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 356.497951][ T40] audit: type=1400 audit(2000000091.777:66575): avc: denied { accept } for pid=10694 comm="syz.6.13880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 356.508829][ T40] audit: type=1400 audit(2000000091.777:66576): avc: denied { write } for pid=10694 comm="syz.6.13880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 356.573998][ T5294] Bluetooth: hci2: command tx timeout [ 356.585569][ T40] audit: type=1326 audit(2000000091.861:66577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10707 comm="syz.8.13886" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39ddb8f7c9 code=0x0 [ 356.636136][ T40] audit: type=1400 audit(2000000091.908:66578): avc: denied { read } for pid=10714 comm="syz.6.13887" name="event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 356.645243][ T40] audit: type=1400 audit(2000000091.908:66579): avc: denied { open } for pid=10714 comm="syz.6.13887" path="/dev/input/event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 356.656495][ T40] audit: type=1400 audit(2000000091.926:66580): avc: denied { read write } for pid=10701 comm="syz.5.13882" name="mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 356.666883][ T40] audit: type=1400 audit(2000000091.926:66581): avc: denied { open } for pid=10701 comm="syz.5.13882" path="/dev/input/mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 356.764901][ T40] audit: type=1400 audit(2000000092.020:66582): avc: denied { create } for pid=10721 comm="syz.5.13889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 357.028652][T10750] loop5: detected capacity change from 0 to 7 [ 357.078991][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.082172][ C0] buffer_io_error: 23 callbacks suppressed [ 357.082181][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.086927][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.089937][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.092630][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.095702][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.098956][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.101919][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.105675][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.108821][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.111544][ C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.114672][ C2] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.117299][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.120749][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.123520][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.126609][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.130509][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.133521][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.136452][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 357.139513][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 357.142559][T10750] ldm_validate_partition_table(): Disk read failed. [ 357.145171][T10750] Dev loop5: unable to read RDB block 0 [ 357.147676][T10750] loop5: unable to read partition table [ 357.149551][T10750] loop5: partition table beyond EOD, truncated [ 357.151701][T10750] loop_reread_partitions: partition scan of loop5 (ʖxs) failed (rc=-5) [ 357.180210][T10755] netlink: 'syz.9.13899': attribute type 1 has an invalid length. [ 357.218505][T10758] netlink: 20 bytes leftover after parsing attributes in process `syz.9.13900'. [ 357.221958][T10758] netlink: 44 bytes leftover after parsing attributes in process `syz.9.13900'. [ 357.306659][T10767] binder: 10766:10767 ioctl c0306201 200000000640 returned -22 [ 357.450187][T10770] nbd1: detected capacity change from 0 to 549764202496 [ 357.459076][ T5294] block nbd1: Receive control failed (result -32) [ 357.462361][T20065] block nbd1: Send control failed (result -32) [ 357.464856][T20065] block nbd1: Request send failed, requeueing [ 357.472036][ T11] block nbd1: Dead connection, failed to find a fallback [ 357.475387][ T11] block nbd1: shutting down sockets [ 357.477960][T20065] ldm_validate_partition_table(): Disk read failed. [ 357.480132][T20065] Dev nbd1: unable to read RDB block 0 [ 357.482493][T20065] nbd1: unable to read partition table [ 357.493597][T20065] ldm_validate_partition_table(): Disk read failed. [ 357.495808][T20065] Dev nbd1: unable to read RDB block 0 [ 357.497631][T20065] nbd1: unable to read partition table [ 357.527229][ T29] Process accounting resumed [ 357.585642][ T6049] libceph: connect (1)[c::]:6789 error -101 [ 357.588092][ T6049] libceph: mon0 (1)[c::]:6789 connect error [ 357.685515][ T5294] Bluetooth: hci3: command tx timeout [ 357.742517][T10793] ceph: No mds server is up or the cluster is laggy [ 357.875680][T10840] team0: Device gtp1 is up. Set it down before adding it as a team port [ 358.219954][ T6049] usb 14-1: new high-speed USB device number 3 using dummy_hcd [ 358.379595][T10924] mac80211_hwsim hwsim41 wlan0: entered promiscuous mode [ 358.386300][T10924] macsec1: entered promiscuous mode [ 358.388030][T10924] macsec1: entered allmulticast mode [ 358.389575][T10924] mac80211_hwsim hwsim41 wlan0: entered allmulticast mode [ 358.391605][ T6049] usb 14-1: Using ep0 maxpacket: 8 [ 358.397059][ T6049] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 358.400171][ T6049] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 358.410966][ T6049] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 358.415011][ T6049] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 358.419283][ T6049] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 358.422167][ T6049] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.646426][ T6049] usb 14-1: GET_CAPABILITIES returned 0 [ 358.648822][ T6049] usbtmc 14-1:16.0: can't read capabilities [ 358.797397][ T5294] Bluetooth: hci2: command tx timeout [ 358.863907][ T6049] usb 14-1: USB disconnect, device number 3 [ 359.046642][T10960] binder: 10959:10960 ioctl c018620c 200000000000 returned -1 [ 359.100987][T10964] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 359.104912][T10964] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.346872][T10981] loop6: detected capacity change from 0 to 524279808 [ 359.653504][ T29] e1000 0000:00:06.0 eth0: Reset adapter [ 359.771389][ T29] e1000 0000:00:06.0 eth0: Reset adapter [ 359.920105][ T5294] Bluetooth: hci3: command tx timeout [ 362.048863][ T29] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 363.105581][ T40] kauditd_printk_skb: 139 callbacks suppressed [ 363.105592][ T40] audit: type=1400 audit(2000000097.949:66722): avc: denied { mounton } for pid=11032 comm="syz.6.13984" path="/332/file1" dev="tmpfs" ino=1723 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 363.115062][ T40] audit: type=1400 audit(2000000097.949:66723): avc: denied { mount } for pid=11032 comm="syz.6.13984" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 363.122025][ T40] audit: type=1400 audit(2000000097.949:66724): avc: denied { unmount } for pid=11032 comm="syz.6.13984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 363.130820][ T40] audit: type=1400 audit(2000000097.968:66725): avc: denied { name_bind } for pid=11036 comm="syz.8.13985" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 363.138315][ T40] audit: type=1400 audit(2000000097.987:66726): avc: denied { create } for pid=11038 comm="syz.5.13986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 363.146016][ T40] audit: type=1400 audit(2000000097.987:66727): avc: denied { read write } for pid=9436 comm="syz-executor" name="loop8" dev="devtmpfs" ino=666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 363.155727][ T40] audit: type=1400 audit(2000000097.987:66728): avc: denied { open } for pid=9436 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 363.173105][ T40] audit: type=1400 audit(2000000097.987:66729): avc: denied { write } for pid=11038 comm="syz.5.13986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 363.192415][ T40] audit: type=1400 audit(2000000097.987:66730): avc: denied { ioctl } for pid=9436 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=666 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 363.202959][ T40] audit: type=1400 audit(2000000098.015:66731): avc: denied { create } for pid=11041 comm="syz.8.13988" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 363.264112][T11056] netlink: 56 bytes leftover after parsing attributes in process `syz.5.13991'. [ 363.358452][T11071] batadv_slave_1: entered promiscuous mode [ 363.361157][T11070] batadv_slave_1: left promiscuous mode [ 363.566157][ T6144] usb 10-1: new low-speed USB device number 9 using dummy_hcd [ 363.728369][ T6144] usb 10-1: config 0 has an invalid interface number: 55 but max is 0 [ 363.737254][ T6144] usb 10-1: config 0 has no interface number 0 [ 363.739609][ T6144] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 363.743189][ T6144] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 363.746515][ T6144] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 363.750702][ T6144] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 363.759740][ T6144] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 363.760769][T11139] netlink: 'syz.6.14015': attribute type 9 has an invalid length. [ 363.763159][ T6144] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 363.765729][T11139] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.14015'. [ 363.775644][ T6144] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 363.778413][ T6144] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.782803][ T6144] usb 10-1: config 0 descriptor?? [ 363.784973][T11059] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 363.787344][T11059] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 363.792819][ T6144] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 363.865782][ T6102] usb 14-1: new high-speed USB device number 4 using dummy_hcd [ 364.023572][ T29] usb 10-1: USB disconnect, device number 9 [ 364.027244][ T6102] usb 14-1: config index 0 descriptor too short (expected 39, got 27) [ 364.029162][ T29] ldusb 10-1:0.55: LD USB Device #0 now disconnected [ 364.029826][ T6102] usb 14-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 364.035369][ T6102] usb 14-1: config 0 has no interfaces? [ 364.039610][ T6102] usb 14-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 364.042489][ T6102] usb 14-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 364.045040][ T6102] usb 14-1: Product: syz [ 364.046411][ T6102] usb 14-1: Manufacturer: syz [ 364.048258][ T6102] usb 14-1: SerialNumber: syz [ 364.051449][ T6102] usb 14-1: config 0 descriptor?? [ 364.198260][T11196] sctp: Trying to GSO but underlying device doesn't support it. [ 364.286522][ T6144] usb 14-1: USB disconnect, device number 4 [ 364.612043][T11230] netlink: 'syz.6.14038': attribute type 2 has an invalid length. [ 364.615992][T11230] netlink: 132 bytes leftover after parsing attributes in process `syz.6.14038'. [ 364.868100][T11272] blkio.reset_stats is deprecated [ 364.947624][T11287] netlink: 24 bytes leftover after parsing attributes in process `syz.6.14055'. [ 364.950492][T11287] netlink: 24 bytes leftover after parsing attributes in process `syz.6.14055'. [ 364.976696][T11293] netlink: 16 bytes leftover after parsing attributes in process `syz.9.14057'. [ 365.317777][T11357] netlink: 'syz.8.14076': attribute type 9 has an invalid length. [ 365.544236][ T10] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 365.729162][ T10] usb 10-1: config index 0 descriptor too short (expected 23569, got 27) [ 365.732083][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.736153][ T10] usb 10-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 365.740210][ T10] usb 10-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 365.742889][ T10] usb 10-1: Manufacturer: syz [ 365.746034][ T10] usb 10-1: config 0 descriptor?? [ 365.790228][ T10] rc_core: IR keymap rc-hauppauge not found [ 365.792287][ T10] Registered IR keymap rc-empty [ 365.794674][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0 [ 365.798883][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input37 [ 365.995272][ T10] usb 10-1: USB disconnect, device number 10 [ 366.055272][T11414] kAFS: unable to lookup cell '(,cL' [ 366.058748][T11414] kAFS: unable to lookup cell '\,' [ 366.234887][T11436] binder: 11435:11436 unknown command 0 [ 366.236725][T11436] binder: 11435:11436 ioctl c0306201 2000000005c0 returned -22 [ 366.504141][T11472] netlink: 16 bytes leftover after parsing attributes in process `syz.8.14106'. [ 366.604091][T11487] vcan0: tx address claim with dest, not broadcast [ 366.998017][T11555] netlink: 8 bytes leftover after parsing attributes in process `syz.9.14134'. [ 367.009764][T11558] netem: incorrect ge model size [ 367.011976][T11558] netem: change failed [ 367.093174][T11578] tmpfs: Invalid gid '0x00000000ffffffff' [ 367.548956][T11628] netlink: 12 bytes leftover after parsing attributes in process `syz.8.14157'. [ 367.552196][T11628] netlink: 32 bytes leftover after parsing attributes in process `syz.8.14157'. [ 368.053799][T11707] netlink: 'syz.8.14179': attribute type 8 has an invalid length. [ 368.406913][T11766] netlink: 'syz.6.14197': attribute type 8 has an invalid length. [ 368.409601][T11766] sch_fq: defrate 0 ignored. [ 368.488592][ T40] kauditd_printk_skb: 263 callbacks suppressed [ 368.488607][ T40] audit: type=1400 audit(2000000102.990:66995): avc: denied { bind } for pid=11773 comm="syz.5.14204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 368.499979][ T40] audit: type=1400 audit(2000000102.990:66996): avc: denied { listen } for pid=11775 comm="syz.8.14202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 368.508696][ T40] audit: type=1400 audit(2000000102.990:66997): avc: denied { accept } for pid=11775 comm="syz.8.14202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 368.662981][ T40] audit: type=1400 audit(2000000103.149:66998): avc: denied { ioctl } for pid=11800 comm="syz.5.14211" path="socket:[129234]" dev="sockfs" ino=129234 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 368.672162][T11801] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 368.676021][T11801] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.677963][ T40] audit: type=1400 audit(2000000103.168:66999): avc: denied { create } for pid=11804 comm="syz.6.14212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 368.678168][T11805] __nla_validate_parse: 3 callbacks suppressed [ 368.678177][T11805] netlink: 156 bytes leftover after parsing attributes in process `syz.6.14212'. [ 368.678191][T11805] netlink: 4 bytes leftover after parsing attributes in process `syz.6.14212'. [ 368.678546][T11801] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.684775][ T40] audit: type=1400 audit(2000000103.168:67000): avc: denied { write } for pid=11804 comm="syz.6.14212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 368.741642][T11813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.14214'. [ 368.755564][ T40] audit: type=1400 audit(2000000103.243:67001): avc: denied { setopt } for pid=11815 comm="syz.9.14215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 368.761608][ T40] audit: type=1400 audit(2000000103.243:67002): avc: denied { ioctl } for pid=11815 comm="syz.9.14215" path="socket:[130114]" dev="sockfs" ino=130114 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 368.774729][ T40] audit: type=1400 audit(2000000103.252:67003): avc: denied { module_request } for pid=11818 comm="syz.5.14216" kmod=7463705FFFFFFFFF scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 368.790880][ T40] audit: type=1400 audit(2000000103.271:67004): avc: denied { read } for pid=11822 comm="syz.9.14217" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 369.543057][T11912] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.14244'. [ 369.621502][T11922] tipc: Started in network mode [ 369.623220][T11922] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 369.625660][T11922] tipc: Enabled bearer , priority 10 [ 369.628288][T11922] netlink: 12 bytes leftover after parsing attributes in process `syz.6.14248'. [ 370.059873][T11950] netlink: 'syz.6.14256': attribute type 4 has an invalid length. [ 370.062852][T11950] netlink: 'syz.6.14256': attribute type 8 has an invalid length. [ 370.065590][T11950] netlink: 212 bytes leftover after parsing attributes in process `syz.6.14256'. [ 370.110929][ T6061] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 370.119084][ T6061] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 370.123465][ T6061] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 370.127680][ T6061] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 370.133311][ T6061] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 370.135641][T11962] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 370.139878][T11962] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 370.153576][T11962] overlayfs: fs on '.' does not support file handles, falling back to xino=off. [ 370.174786][T11955] lo speed is unknown, defaulting to 1000 [ 370.298887][T11955] chnl_net:caif_netlink_parms(): no params data found [ 370.399928][T11955] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.402870][T11955] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.406024][T11955] bridge_slave_0: entered allmulticast mode [ 370.409090][T11955] bridge_slave_0: entered promiscuous mode [ 370.413043][T11955] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.415365][T11955] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.417612][T11955] bridge_slave_1: entered allmulticast mode [ 370.421514][T11955] bridge_slave_1: entered promiscuous mode [ 370.454693][T11955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.461156][T11955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.478522][T12143] Context (ID=0x1) not attached to queue pair (handle=0x1:0x3) [ 370.498449][T11955] team0: Port device team_slave_0 added [ 370.502274][T11955] team0: Port device team_slave_1 added [ 370.533776][T12169] netlink: 8 bytes leftover after parsing attributes in process `syz.6.14279'. [ 370.535745][T11955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.536691][T12169] netlink: 12 bytes leftover after parsing attributes in process `syz.6.14279'. [ 370.539073][T11955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 370.550617][T11955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.558031][T11955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.560596][T11955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 370.569114][T11955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.593350][T11955] hsr_slave_0: entered promiscuous mode [ 370.595724][T11955] hsr_slave_1: entered promiscuous mode [ 370.598070][T11955] debugfs: 'hsr0' already exists in 'hsr' [ 370.599867][T11955] Cannot create hsr debugfs directory [ 370.603166][T10259] wlan1: Trigger new scan to find an IBSS to join [ 370.688036][T11955] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.801659][T11955] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.815887][ T6102] tipc: Node number set to 8432298 [ 370.896046][T11955] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.003051][T12327] netlink: 'syz.8.14298': attribute type 2 has an invalid length. [ 371.027653][T11955] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.107138][T12345] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.14303'. [ 371.201183][T12346] nbd2: detected capacity change from 0 to 127 [ 371.208326][ T6061] block nbd2: Receive control failed (result -104) [ 371.260100][T11955] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 371.268611][T11955] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 371.281555][T11955] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 371.290628][T11955] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 371.335867][T12394] netlink: 40 bytes leftover after parsing attributes in process `syz.5.14313'. [ 371.368851][T11955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.385069][T11955] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.390008][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.392330][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.399382][ T9367] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.401649][ T9367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 371.491865][T12405] mkiss: ax0: crc mode is auto. [ 371.587231][T12416] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 371.603578][T11955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.766781][T11955] veth0_vlan: entered promiscuous mode [ 371.773622][T11955] veth1_vlan: entered promiscuous mode [ 371.788738][T11955] veth0_macvtap: entered promiscuous mode [ 371.792925][T11955] veth1_macvtap: entered promiscuous mode [ 371.806705][T11955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.813678][T11955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.820226][T10222] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.823826][T10222] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.827127][T10222] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.830062][T10222] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.875623][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.879534][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.898879][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.901327][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.058677][T12476] SELinux: ebitmap: truncated map [ 372.064251][T12476] SELinux: failed to load policy [ 372.313431][ T6061] Bluetooth: hci3: command tx timeout [ 373.125629][T12583] nbd3: detected capacity change from 0 to 63 [ 373.128967][ T6061] block nbd3: Receive control failed (result -104) [ 373.673380][T12678] tipc: Started in network mode [ 373.675021][T12678] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 373.677928][T12678] tipc: New replicast peer: fc00:0000:0000:0000:0000:0000:0000:0000 [ 373.680639][T12678] tipc: Enabled bearer , priority 10 [ 373.898761][ T40] kauditd_printk_skb: 238 callbacks suppressed [ 373.898770][ T40] audit: type=1400 audit(2000000108.050:67243): avc: denied { create } for pid=12708 comm="syz.8.14409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 373.916034][ T40] audit: type=1400 audit(2000000108.059:67244): avc: denied { write } for pid=12710 comm="syz.6.14410" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 373.981624][ T40] audit: type=1400 audit(2000000108.134:67245): avc: denied { read write } for pid=12716 comm="syz.8.14412" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 373.988921][ T40] audit: type=1400 audit(2000000108.134:67246): avc: denied { open } for pid=12716 comm="syz.8.14412" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 374.039378][ T40] audit: type=1400 audit(2000000108.181:67247): avc: denied { append } for pid=12723 comm="syz.9.14415" name="pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 374.056797][ T40] audit: type=1400 audit(2000000108.181:67248): avc: denied { create } for pid=12726 comm="syz.8.14416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 374.072228][ T40] audit: type=1400 audit(2000000108.190:67249): avc: denied { write } for pid=12726 comm="syz.8.14416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 374.078734][ T40] audit: type=1400 audit(2000000108.190:67250): avc: denied { read } for pid=12726 comm="syz.8.14416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 374.085076][ T40] audit: type=1400 audit(2000000108.190:67251): avc: denied { ioctl } for pid=12726 comm="syz.8.14416" path="socket:[133328]" dev="sockfs" ino=133328 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 374.105622][ T40] audit: type=1400 audit(2000000108.246:67252): avc: denied { write } for pid=12736 comm="syz.8.14420" name="ptype" dev="proc" ino=4026535315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 374.303813][T12757] bond1: option xmit_hash_policy: invalid value (6) [ 374.308991][T12787] overlayfs: missing 'workdir' [ 374.310047][T12757] bond1 (unregistering): Released all slaves [ 374.329202][T12816] __nla_validate_parse: 3 callbacks suppressed [ 374.329212][T12816] netlink: 8 bytes leftover after parsing attributes in process `syz.9.14426'. [ 374.337086][T12816] netlink: 12 bytes leftover after parsing attributes in process `syz.9.14426'. [ 374.385868][ T6061] Bluetooth: hci1: Dropping invalid advertising data [ 374.394489][ T6061] Bluetooth: hci1: Malformed LE Event: 0x02 [ 374.536818][ T6061] Bluetooth: hci3: command tx timeout [ 374.750542][ T143] tipc: Node number set to 1 [ 374.776457][T12900] team0: Device gtp0 is up. Set it down before adding it as a team port [ 374.799230][ T30] block nbd2: Connection timed out, retrying (0/1 alive) [ 374.802110][ T30] block nbd2: Connection timed out, retrying (0/1 alive) [ 374.804581][ T30] block nbd2: Connection timed out, retrying (0/1 alive) [ 374.808323][ T30] block nbd2: Connection timed out, retrying (0/1 alive) [ 374.811973][ T30] block nbd2: Dead connection, failed to find a fallback [ 374.814165][ T30] block nbd2: shutting down sockets [ 374.815874][ T30] blk_print_req_error: 80 callbacks suppressed [ 374.815883][ T30] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.821062][ T30] buffer_io_error: 78 callbacks suppressed [ 374.821070][ T30] Buffer I/O error on dev nbd2, logical block 3, async page read [ 374.827730][ T30] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.830669][ T30] Buffer I/O error on dev nbd2, logical block 2, async page read [ 374.833062][ T30] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.836045][ T30] Buffer I/O error on dev nbd2, logical block 1, async page read [ 374.838466][ T30] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.841378][ T30] Buffer I/O error on dev nbd2, logical block 0, async page read [ 374.848702][T11050] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.852015][T11050] Buffer I/O error on dev nbd2, logical block 0, async page read [ 374.854498][T11050] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.863580][T11050] Buffer I/O error on dev nbd2, logical block 1, async page read [ 374.866058][T11050] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.868994][T11050] Buffer I/O error on dev nbd2, logical block 2, async page read [ 374.872357][T11050] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.875278][T11050] Buffer I/O error on dev nbd2, logical block 3, async page read [ 374.877733][T11050] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.881121][T11050] Buffer I/O error on dev nbd2, logical block 0, async page read [ 374.883590][T11050] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 374.892737][T11050] Buffer I/O error on dev nbd2, logical block 1, async page read [ 374.895729][T11050] ldm_validate_partition_table(): Disk read failed. [ 374.898247][T11050] Dev nbd2: unable to read RDB block 0 [ 374.904210][T11050] nbd2: unable to read partition table [ 374.908842][T11050] ldm_validate_partition_table(): Disk read failed. [ 374.912020][T11050] Dev nbd2: unable to read RDB block 0 [ 374.914117][T11050] nbd2: unable to read partition table [ 375.053079][T12941] netlink: 28 bytes leftover after parsing attributes in process `syz.9.14469'. [ 375.170078][T12956] sch_tbf: peakrate 5120 is lower than or equals to rate 4294927007 ! [ 375.744935][ T9] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 375.745171][ T143] usb 14-1: new high-speed USB device number 5 using dummy_hcd [ 375.852504][ T6102] usb 13-1: new high-speed USB device number 3 using dummy_hcd [ 375.916036][ T9] usb 11-1: Using ep0 maxpacket: 8 [ 375.922321][ T9] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 375.931092][ T9] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 375.934196][ T9] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 375.937964][ T143] usb 14-1: Using ep0 maxpacket: 8 [ 375.940862][ T143] usb 14-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 375.943145][ T9] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 375.945712][ T143] usb 14-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 375.948440][ T9] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 375.951263][ T143] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.954019][ T9] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.957221][ T143] usb 14-1: Product: syz [ 375.957231][ T143] usb 14-1: Manufacturer: syz [ 375.967091][ T143] usb 14-1: SerialNumber: syz [ 375.972426][ T143] usb 14-1: config 0 descriptor?? [ 375.991835][T10259] wlan1: Trigger new scan to find an IBSS to join [ 376.012257][ T6102] usb 13-1: Using ep0 maxpacket: 16 [ 376.015615][ T6102] usb 13-1: config 0 has no interfaces? [ 376.017344][ T6102] usb 13-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 376.020604][ T6102] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.027157][ T6102] usb 13-1: config 0 descriptor?? [ 376.188431][ T9] usb 11-1: GET_CAPABILITIES returned 0 [ 376.190212][ T9] usbtmc 11-1:16.0: can't read capabilities [ 376.190409][ T6102] usb 14-1: USB disconnect, device number 5 [ 376.245305][ T6144] usb 13-1: USB disconnect, device number 3 [ 376.405130][ T6102] usb 11-1: USB disconnect, device number 6 [ 376.762358][ T6061] Bluetooth: hci3: command tx timeout [ 376.989054][ T9367] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 377.011439][T13107] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.119360][T13107] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.284794][T13107] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.321385][T13161] netlink: 108 bytes leftover after parsing attributes in process `syz.5.14529'. [ 377.324882][T13161] netlink: 8 bytes leftover after parsing attributes in process `syz.5.14529'. [ 377.404000][T13107] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.579123][ T4684] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.601617][ T4684] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.610999][ T12] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.632067][ T12] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.958540][ T143] usb 14-1: new high-speed USB device number 6 using dummy_hcd [ 378.077629][T13242] netlink: 4 bytes leftover after parsing attributes in process `syz.6.14557'. [ 378.084317][T13242] macsec2: entered allmulticast mode [ 378.086398][T13242] bridge0: port 2(macsec2) entered blocking state [ 378.089483][T13242] bridge0: port 2(macsec2) entered disabled state [ 378.118677][ T9] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 378.148177][ T143] usb 14-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 378.153225][ T143] usb 14-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 378.157472][ T143] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 378.160443][ T143] usb 14-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 378.164556][ T143] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 378.168342][ T143] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 378.184074][ T143] usb 14-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 378.187661][ T143] usb 14-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 378.190534][ T143] usb 14-1: Product: syz [ 378.191853][ T143] usb 14-1: Manufacturer: syz [ 378.197425][T13208] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 378.204750][ T143] cdc_wdm 14-1:1.0: skipping garbage [ 378.206480][ T143] cdc_wdm 14-1:1.0: skipping garbage [ 378.214034][ T143] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device [ 378.217516][ T143] cdc_wdm 14-1:1.0: Unknown control protocol [ 378.281384][ T9] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 378.289785][ T9] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 378.294958][ T9] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 378.298471][ T9] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 378.303549][ T9] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 378.308251][ T9] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 378.311340][ T9] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 378.313847][ T9] usb 10-1: Product: syz [ 378.315217][ T9] usb 10-1: Manufacturer: syz [ 378.322323][ T9] cdc_wdm 10-1:1.0: skipping garbage [ 378.324292][ T9] cdc_wdm 10-1:1.0: skipping garbage [ 378.327116][ T9] cdc_wdm 10-1:1.0: cdc-wdm1: USB WDM device [ 378.329016][ T9] cdc_wdm 10-1:1.0: Unknown control protocol [ 378.351560][T13271] netlink: 24 bytes leftover after parsing attributes in process `syz.8.14564'. [ 378.423760][ C2] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 378.425952][ C2] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 378.428066][ C2] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 378.430215][ C2] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 378.432377][ C2] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 378.434524][ C2] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 378.436650][ C2] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 378.438751][ C2] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 378.441665][ C2] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 378.444288][ C2] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 378.447372][ C2] cdc_wdm 14-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 378.454275][ T6102] usb 14-1: USB disconnect, device number 6 [ 378.537719][ T9] usb 10-1: USB disconnect, device number 11 [ 378.653288][ T29] usb 13-1: new high-speed USB device number 4 using dummy_hcd [ 378.824635][ T29] usb 13-1: Using ep0 maxpacket: 16 [ 378.828051][ T29] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.831842][ T29] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 378.837097][ T29] usb 13-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 378.840754][ T29] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.845456][ T29] usb 13-1: config 0 descriptor?? [ 378.984762][ T6061] Bluetooth: hci3: command tx timeout [ 379.025679][T13320] netlink: 16 bytes leftover after parsing attributes in process `syz.6.14575'. [ 379.149301][T13327] netlink: 4 bytes leftover after parsing attributes in process `syz.6.14578'. [ 379.270958][ T40] kauditd_printk_skb: 155 callbacks suppressed [ 379.270969][ T40] audit: type=1400 audit(2000000113.072:67408): avc: denied { ioctl } for pid=13337 comm="syz.6.14583" path="socket:[133805]" dev="sockfs" ino=133805 ioctlcmd=0x89b0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 379.301335][ T40] audit: type=1400 audit(2000000113.100:67409): avc: denied { create } for pid=13342 comm="syz.6.14584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 379.308089][ T40] audit: type=1400 audit(2000000113.100:67410): avc: denied { recv } for pid=5921 comm="syz-executor" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=38474 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 379.318584][ T40] audit: type=1400 audit(2000000113.128:67411): avc: denied { ioctl } for pid=13342 comm="syz.6.14584" path="socket:[133812]" dev="sockfs" ino=133812 ioctlcmd=0x89fb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 379.360155][ T40] audit: type=1400 audit(2000000113.166:67412): avc: denied { checkpoint_restore } for pid=13345 comm="syz.5.14585" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 379.368735][ T40] audit: type=1400 audit(2000000113.166:67413): avc: denied { execute } for pid=13345 comm="syz.5.14585" name="file0" dev="tmpfs" ino=2742 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 379.408162][ T40] audit: type=1400 audit(2000000113.203:67414): avc: denied { create } for pid=13353 comm="syz.5.14588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 379.420568][ T40] audit: type=1400 audit(2000000113.203:67415): avc: denied { bind } for pid=13353 comm="syz.5.14588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 379.432042][T13357] netlink: 'syz.9.14589': attribute type 3 has an invalid length. [ 379.434677][ T40] audit: type=1400 audit(2000000113.203:67416): avc: denied { accept } for pid=13353 comm="syz.5.14588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 379.434703][ T40] audit: type=1400 audit(2000000113.203:67417): avc: denied { write } for pid=13353 comm="syz.5.14588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 379.451803][T13357] netlink: 'syz.9.14589': attribute type 1 has an invalid length. [ 379.454369][T13357] netlink: 212 bytes leftover after parsing attributes in process `syz.9.14589'. [ 379.458380][T13357] NCSI netlink: No device for ifindex 813332851 [ 379.469585][ T29] usbhid 13-1:0.0: can't add hid device: -71 [ 379.471621][ T29] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 379.481981][ T29] usb 13-1: USB disconnect, device number 4 [ 379.891034][T13454] can0: slcan on ttyS3. [ 379.981661][T13454] can0 (unregistered): slcan off ttyS3. [ 380.016914][T13470] veth1_to_batadv: entered promiscuous mode [ 380.136768][T13484] __nla_validate_parse: 1 callbacks suppressed [ 380.136779][T13484] netlink: 116 bytes leftover after parsing attributes in process `syz.6.14625'. [ 380.316674][T13533] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 380.319641][T13533] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 380.323887][T13533] overlayfs: conflicting lowerdir path [ 380.684937][ T6144] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 380.845515][ T6144] usb 11-1: Using ep0 maxpacket: 8 [ 380.848490][ T6144] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 380.851737][ T6144] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 380.854956][ T6144] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 380.858424][ T6144] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 380.862712][ T6144] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 380.865553][ T6144] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.025290][T13613] lo speed is unknown, defaulting to 1000 [ 381.086379][ T6144] usb 11-1: GET_CAPABILITIES returned 0 [ 381.088299][ T6144] usbtmc 11-1:16.0: can't read capabilities [ 381.303516][ T6144] usb 11-1: USB disconnect, device number 7 [ 381.310504][T13653] tun0: tun_chr_ioctl cmd 1074025672 [ 381.312984][T13653] tun0: ignored: set checksum disabled [ 381.419956][ T6061] Bluetooth: hci0: Malformed LE Event: 0x0d [ 381.850530][ T6151] usb 13-1: new high-speed USB device number 5 using dummy_hcd [ 381.917894][T13685] bond1: invalid ARP target 0.0.0.0 specified for addition [ 381.920287][T13685] bond1: option arp_ip_target: invalid value (0) [ 381.923426][T13685] bond1 (unregistering): Released all slaves [ 382.022805][ T6151] usb 13-1: config index 0 descriptor too short (expected 39, got 27) [ 382.025400][ T6151] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 382.030208][ T6151] usb 13-1: config 0 interface 0 has no altsetting 0 [ 382.034646][ T6151] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 382.037497][ T6151] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 382.042695][ T6151] usb 13-1: Product: syz [ 382.044064][ T6151] usb 13-1: Manufacturer: syz [ 382.045707][ T6151] usb 13-1: SerialNumber: syz [ 382.051682][ T6151] usb 13-1: config 0 descriptor?? [ 382.059149][ T6151] hub 13-1:0.0: bad descriptor, ignoring hub [ 382.061076][ T6151] hub 13-1:0.0: probe with driver hub failed with error -5 [ 382.066539][T13763] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 382.067704][ T6151] usb 13-1: selecting invalid altsetting 0 [ 382.068734][T13763] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 382.073628][T13763] vhci_hcd vhci_hcd.0: Device attached [ 382.321339][ T6102] usb 47-1: new high-speed USB device number 2 using vhci_hcd [ 382.331674][ T6144] usb 10-1: new low-speed USB device number 12 using dummy_hcd [ 382.503884][ T6144] usb 10-1: config 0 has no interfaces? [ 382.505842][ T6144] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 382.508825][ T6144] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.512801][ T6144] usb 10-1: config 0 descriptor?? [ 382.618102][T13813] netlink: 830 bytes leftover after parsing attributes in process `syz.9.14689'. [ 382.733362][ T9] usb 10-1: USB disconnect, device number 12 [ 382.735628][T13764] vhci_hcd: connection closed [ 382.735939][ T5271] vhci_hcd vhci_hcd.5: stop threads [ 382.739662][ T5271] vhci_hcd vhci_hcd.5: release socket [ 382.741456][ T5271] vhci_hcd vhci_hcd.5: disconnect device [ 382.802189][ T6102] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 382.947477][T13847] netlink: 4 bytes leftover after parsing attributes in process `syz.9.14698'. [ 382.951582][T13847] netlink: 20 bytes leftover after parsing attributes in process `syz.9.14698'. [ 382.954923][T13847] netlink: 4 bytes leftover after parsing attributes in process `syz.9.14698'. [ 383.061401][T13678] usb 13-1: reset high-speed USB device number 5 using dummy_hcd [ 383.179854][T13871] netlink: 20 bytes leftover after parsing attributes in process `syz.9.14708'. [ 383.230479][T13871] netlink: 20 bytes leftover after parsing attributes in process `syz.9.14708'. [ 383.256284][T13678] usb 13-1: device firmware changed [ 383.262461][ T10] usb 13-1: USB disconnect, device number 5 [ 383.388028][T13903] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 383.399354][T13903] bond1 (unregistering): Released all slaves [ 383.422041][ T10] usb 13-1: new high-speed USB device number 6 using dummy_hcd [ 383.432189][T13977] netlink: 8 bytes leftover after parsing attributes in process `syz.9.14716'. [ 383.438048][T13977] netlink: 12 bytes leftover after parsing attributes in process `syz.9.14716'. [ 383.600569][ T10] usb 13-1: config index 0 descriptor too short (expected 39, got 27) [ 383.606966][ T10] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 383.610342][ T10] usb 13-1: config 0 interface 0 has no altsetting 0 [ 383.631218][ T10] usb 13-1: language id specifier not provided by device, defaulting to English [ 383.639799][ T10] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 383.643102][ T10] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 383.648207][ T10] usb 13-1: Product: syz [ 383.652859][ T10] usb 13-1: config 0 descriptor?? [ 383.660192][ T10] hub 13-1:0.0: bad descriptor, ignoring hub [ 383.662215][ T10] hub 13-1:0.0: probe with driver hub failed with error -5 [ 383.665743][ T10] usb 13-1: selecting invalid altsetting 0 [ 383.703190][T14019] option changes via remount are deprecated (pid=14017 comm=syz.5.14730) [ 383.706615][T14019] cgroup: option or name mismatch, new: 0x0 "pim6reg0", old: 0x0 "" [ 383.794864][T14029] kvm: kvm [14027]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000030) = 0x6 [ 383.977568][T14057] netlink: 27 bytes leftover after parsing attributes in process `syz.9.14741'. [ 383.989173][ T10] usb 13-1: USB disconnect, device number 6 [ 384.195065][T14095] netlink: 'syz.6.14752': attribute type 1 has an invalid length. [ 384.326353][T14110] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 384.417984][T14118] loop5: detected capacity change from 0 to 7 [ 384.421078][T13064] Dev loop5: unable to read RDB block 7 [ 384.423166][T13064] loop5: AHDI p1 p2 [ 384.424605][T13064] loop5: partition table partially beyond EOD, truncated [ 384.428996][T13064] loop5: p1 start 1702000233 is beyond EOD, truncated [ 384.440544][T14118] Dev loop5: unable to read RDB block 7 [ 384.442364][T14118] loop5: AHDI p1 p2 [ 384.443625][T14118] loop5: partition table partially beyond EOD, truncated [ 384.446885][T14118] loop5: p1 start 1702000233 is beyond EOD, truncated [ 384.454748][ T6061] Bluetooth: hci2: Malformed LE Event: 0x0d [ 384.717916][ T40] kauditd_printk_skb: 213 callbacks suppressed [ 384.717929][ T40] audit: type=1400 audit(2000000374.173:67631): avc: denied { create } for pid=14144 comm="syz.6.14769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 384.726106][ T40] audit: type=1400 audit(2000000374.173:67632): avc: denied { connect } for pid=14144 comm="syz.6.14769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 384.732802][ T40] audit: type=1400 audit(2000000374.173:67633): avc: denied { ioctl } for pid=14144 comm="syz.6.14769" path="socket:[136745]" dev="sockfs" ino=136745 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 384.740677][ T40] audit: type=1400 audit(2000000374.173:67634): avc: denied { write } for pid=14144 comm="syz.6.14769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 384.748423][ T40] audit: type=1400 audit(2000000374.201:67635): avc: denied { recv } for pid=14146 comm="syz.6.14770" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=38474 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 384.758882][ T29] usb 14-1: new full-speed USB device number 7 using dummy_hcd [ 384.920645][ T29] usb 14-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 384.924060][ T29] usb 14-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 384.927954][ T29] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 384.932020][ T29] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 255, setting to 64 [ 384.935519][ T29] usb 14-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 384.941870][ T29] usb 14-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 384.944829][ T29] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.947510][ T29] usb 14-1: Product: syz [ 384.949004][ T29] usb 14-1: Manufacturer: syz [ 384.950631][ T29] usb 14-1: SerialNumber: syz [ 384.959953][ T29] usb 14-1: config 0 descriptor?? [ 384.967439][T14127] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 384.976467][ T29] input: KB Gear Tablet as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/input/input40 [ 384.981463][ T40] audit: type=1400 audit(2000000374.416:67636): avc: denied { read } for pid=5329 comm="acpid" name="mouse2" dev="devtmpfs" ino=3360 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 384.990700][ T40] audit: type=1400 audit(2000000374.416:67637): avc: denied { open } for pid=5329 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=3360 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 385.004941][ T40] audit: type=1400 audit(2000000374.416:67638): avc: denied { ioctl } for pid=5329 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=3360 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 385.012687][ T40] audit: type=1400 audit(2000000374.416:67639): avc: denied { create } for pid=14158 comm="syz.6.14774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 385.019662][ T40] audit: type=1400 audit(2000000374.425:67640): avc: denied { bind } for pid=14158 comm="syz.6.14774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 385.248524][ T6102] usb 14-1: USB disconnect, device number 7 [ 385.304023][T14191] lo speed is unknown, defaulting to 1000 [ 385.716805][T14258] macvtap1: entered promiscuous mode [ 385.718498][T14258] macvtap1: entered allmulticast mode [ 385.720388][T14258] veth1_to_bridge: entered promiscuous mode [ 385.723132][T14258] veth1_to_bridge: entered allmulticast mode [ 385.725954][T14258] team0: Device macvtap1 failed to register rx_handler [ 385.729967][T14258] veth1_to_bridge: left allmulticast mode [ 385.733888][T14258] veth1_to_bridge: left promiscuous mode [ 386.191450][T14301] __nla_validate_parse: 1 callbacks suppressed [ 386.191467][T14301] netlink: 8 bytes leftover after parsing attributes in process `syz.8.14813'. [ 386.197992][T14301] netlink: 4 bytes leftover after parsing attributes in process `syz.8.14813'. [ 386.201719][T14301] netlink: 'syz.8.14813': attribute type 11 has an invalid length. [ 386.207307][T14301] netlink: 'syz.8.14813': attribute type 7 has an invalid length. [ 386.250096][T14311] netlink: 68 bytes leftover after parsing attributes in process `syz.8.14817'. [ 386.630637][ T143] usb 13-1: new high-speed USB device number 7 using dummy_hcd [ 386.683025][T14362] macvtap1: entered promiscuous mode [ 386.684999][T14362] macvtap1: entered allmulticast mode [ 386.686814][T14362] team0: Device macvtap1 is already an upper device of the team interface [ 386.813763][ T143] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.817183][ T143] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.820190][ T143] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 386.824237][ T143] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.827089][ T143] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.830789][ T143] usb 13-1: config 0 descriptor?? [ 387.266027][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.268277][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.273274][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.275660][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.277907][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.280218][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.282585][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.285593][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.287935][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.290223][ T143] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 387.308138][ T143] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 387.555016][ T9] usb 13-1: USB disconnect, device number 7 [ 387.899203][T14443] block nbd6: not configured, cannot reconfigure [ 388.110271][T14454] netlink: 'syz.5.14861': attribute type 32 has an invalid length. [ 388.113141][T14454] netlink: 8 bytes leftover after parsing attributes in process `syz.5.14861'. [ 388.131972][T14454] bond1: Setting coupled_control to off (0) [ 388.141132][T14477] Falling back ldisc for ttynull. [ 388.457581][T14570] netlink: 8 bytes leftover after parsing attributes in process `syz.9.14890'. [ 388.461251][T14570] netlink: 12 bytes leftover after parsing attributes in process `syz.9.14890'. [ 388.587855][ T10] usb 11-1: new full-speed USB device number 8 using dummy_hcd [ 388.724192][T14602] lo speed is unknown, defaulting to 1000 [ 388.760029][ T10] usb 11-1: config index 0 descriptor too short (expected 39, got 27) [ 388.763359][ T10] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 388.766555][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 388.771564][ T10] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 388.774560][ T10] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 388.778062][T14631] input: syz1 as /devices/virtual/input/input42 [ 388.778805][ T10] usb 11-1: Product: syz [ 388.782423][ T10] usb 11-1: Manufacturer: syz [ 388.784044][ T10] usb 11-1: SerialNumber: syz [ 388.785855][T14631] input: failed to attach handler leds to device input42, error: -6 [ 388.787492][ T10] usb 11-1: config 0 descriptor?? [ 388.794965][ T10] hub 11-1:0.0: bad descriptor, ignoring hub [ 388.796947][ T10] hub 11-1:0.0: probe with driver hub failed with error -5 [ 388.801167][ T10] usb 11-1: selecting invalid altsetting 0 [ 389.026716][ T6102] usb 14-1: new high-speed USB device number 8 using dummy_hcd [ 389.186875][ T6102] usb 14-1: Using ep0 maxpacket: 32 [ 389.190757][ T6102] usb 14-1: config 0 has an invalid interface number: 209 but max is 0 [ 389.193404][ T6102] usb 14-1: config 0 has no interface number 0 [ 389.195404][ T6102] usb 14-1: config 0 interface 209 has no altsetting 0 [ 389.200719][ T6102] usb 14-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23 [ 389.203569][ T6102] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.206110][ T6102] usb 14-1: Product: syz [ 389.207459][ T6102] usb 14-1: Manufacturer: syz [ 389.209053][ T6102] usb 14-1: SerialNumber: syz [ 389.212091][ T6102] usb 14-1: config 0 descriptor?? [ 389.432409][T14602] netlink: 96 bytes leftover after parsing attributes in process `syz.9.14903'. [ 389.445351][ T6102] usb 14-1: USB disconnect, device number 8 [ 389.768562][ T10] usb 11-1: USB disconnect, device number 8 [ 389.924751][ T10] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 389.967445][ T143] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 390.053626][T14705] netlink: 8 bytes leftover after parsing attributes in process `syz.9.14919'. [ 390.056567][T14705] netlink: 'syz.9.14919': attribute type 30 has an invalid length. [ 390.059056][T14705] netlink: 4 bytes leftover after parsing attributes in process `syz.9.14919'. [ 390.086558][ T10] usb 11-1: config index 0 descriptor too short (expected 39, got 27) [ 390.089906][ T10] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 390.093558][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 390.098166][ T10] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 390.101872][ T10] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 390.104473][ T10] usb 11-1: Product: syz [ 390.105886][ T10] usb 11-1: Manufacturer: syz [ 390.107873][ T10] usb 11-1: SerialNumber: syz [ 390.111282][ T10] usb 11-1: config 0 descriptor?? [ 390.114351][ T10] hub 11-1:0.0: bad descriptor, ignoring hub [ 390.116277][ T10] hub 11-1:0.0: probe with driver hub failed with error -5 [ 390.121452][ T10] usb 11-1: selecting invalid altsetting 0 [ 390.123408][ T40] kauditd_printk_skb: 228 callbacks suppressed [ 390.123418][ T40] audit: type=1400 audit(2000000379.222:67869): avc: denied { bind } for pid=14710 comm="syz.8.14921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 390.138592][ T143] usb 10-1: Using ep0 maxpacket: 8 [ 390.152939][ T143] usb 10-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 390.162199][ T143] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.164899][ T143] usb 10-1: Product: syz [ 390.165179][ T40] audit: type=1400 audit(2000000379.268:67870): avc: denied { create } for pid=14721 comm="syz.8.14922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 390.166374][ T143] usb 10-1: Manufacturer: syz [ 390.176493][ T40] audit: type=1400 audit(2000000379.278:67871): avc: denied { write } for pid=14721 comm="syz.8.14922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 390.176674][ T143] usb 10-1: SerialNumber: syz [ 390.183891][ T40] audit: type=1400 audit(2000000379.287:67872): avc: denied { read } for pid=14721 comm="syz.8.14922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 390.186777][ T143] usb 10-1: config 0 descriptor?? [ 390.197275][ T143] option 10-1:0.0: GSM modem (1-port) converter detected [ 390.200839][ T40] audit: type=1400 audit(2000000379.287:67873): avc: denied { ioctl } for pid=14721 comm="syz.8.14922" path="socket:[138301]" dev="sockfs" ino=138301 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 390.414061][ T24] usb 10-1: USB disconnect, device number 13 [ 390.423269][ T24] option 10-1:0.0: device disconnected [ 390.449542][ T6270] usb 11-1: USB disconnect, device number 9 [ 390.609156][ T143] usb 14-1: new high-speed USB device number 9 using dummy_hcd [ 390.662651][ T10] usb 13-1: new high-speed USB device number 8 using dummy_hcd [ 390.770273][ T143] usb 14-1: too many configurations: 83, using maximum allowed: 8 [ 390.782075][ T143] usb 14-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 390.785899][ T143] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.789155][ T143] usb 14-1: Product: syz [ 390.790873][ T143] usb 14-1: Manufacturer: syz [ 390.793130][ T143] usb 14-1: SerialNumber: syz [ 390.835434][ T10] usb 13-1: config index 0 descriptor too short (expected 39, got 27) [ 390.838044][ T10] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 390.841131][ T10] usb 13-1: config 0 interface 0 has no altsetting 0 [ 390.845156][ T10] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 390.848082][ T10] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 390.850742][ T10] usb 13-1: Product: syz [ 390.852133][ T10] usb 13-1: Manufacturer: syz [ 390.853637][ T10] usb 13-1: SerialNumber: syz [ 390.856614][ T10] usb 13-1: config 0 descriptor?? [ 390.859677][ T10] hub 13-1:0.0: bad descriptor, ignoring hub [ 390.861563][ T10] hub 13-1:0.0: probe with driver hub failed with error -5 [ 390.865197][ T10] usb 13-1: selecting invalid altsetting 0 [ 390.946011][ T40] audit: type=1400 audit(2000000379.998:67874): avc: denied { create } for pid=14774 comm="syz.6.14926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 390.948223][ T6270] IPVS: starting estimator thread 0... [ 390.954705][ T40] audit: type=1400 audit(2000000379.998:67875): avc: denied { ioctl } for pid=14774 comm="syz.6.14926" path="socket:[138313]" dev="sockfs" ino=138313 ioctlcmd=0x8955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 390.969724][ T40] audit: type=1400 audit(2000000379.998:67876): avc: denied { setopt } for pid=14774 comm="syz.6.14926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 390.976034][ T40] audit: type=1400 audit(2000000380.007:67877): avc: denied { read write } for pid=6013 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 390.983895][ T40] audit: type=1400 audit(2000000380.007:67878): avc: denied { open } for pid=6013 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 391.056213][ T143] rtl8150 14-1:1.0: couldn't reset the device [ 391.059307][T14776] IPVS: using max 50 ests per chain, 120000 per kthread [ 391.068734][ T143] rtl8150 14-1:1.0: probe with driver rtl8150 failed with error -5 [ 391.074886][ T143] usb 14-1: USB disconnect, device number 9 [ 391.287350][T14814] netlink: 12 bytes leftover after parsing attributes in process `syz.5.14935'. [ 391.507568][T14737] usb 13-1: reset high-speed USB device number 8 using dummy_hcd [ 391.691774][T14851] misc userio: Begin command sent, but we're already running [ 391.704358][T14737] usb 13-1: device firmware changed [ 391.711701][ T24] usb 13-1: USB disconnect, device number 8 [ 391.774759][T14871] netlink: 'syz.5.14949': attribute type 21 has an invalid length. [ 391.781117][T14871] netlink: 156 bytes leftover after parsing attributes in process `syz.5.14949'. [ 391.785409][T14871] netlink: 'syz.5.14949': attribute type 21 has an invalid length. [ 391.788235][T14871] netlink: 156 bytes leftover after parsing attributes in process `syz.5.14949'. [ 391.871244][ T24] usb 13-1: new high-speed USB device number 9 using dummy_hcd [ 392.032965][ T24] usb 13-1: config index 0 descriptor too short (expected 39, got 27) [ 392.035551][ T24] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 392.039672][ T24] usb 13-1: config 0 interface 0 has no altsetting 0 [ 392.040824][T14889] netlink: 8 bytes leftover after parsing attributes in process `syz.5.14955'. [ 392.048962][ T24] usb 13-1: string descriptor 0 read error: -22 [ 392.051549][ T24] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 392.056454][ T24] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 392.061622][ T24] usb 13-1: config 0 descriptor?? [ 392.066098][ T24] hub 13-1:0.0: bad descriptor, ignoring hub [ 392.068780][ T24] hub 13-1:0.0: probe with driver hub failed with error -5 [ 392.073947][ T24] usb 13-1: selecting invalid altsetting 0 [ 392.399653][T14949] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 392.406557][ T24] usb 13-1: USB disconnect, device number 9 [ 392.439448][T14961] netlink: 'syz.5.14976': attribute type 14 has an invalid length. [ 392.807181][T14996] netlink: 8 bytes leftover after parsing attributes in process `syz.9.14993'. [ 392.902275][T15007] netlink: 4 bytes leftover after parsing attributes in process `syz.5.14996'. [ 392.909762][T15007] netlink: 4 bytes leftover after parsing attributes in process `syz.5.14996'. [ 393.245272][T15037] 8021q: adding VLAN 0 to HW filter on device bond2 [ 393.249849][T15037] bond0: (slave bond2): Enslaving as an active interface with an up link [ 393.309026][ T6061] Bluetooth: hci0: unexpected event for opcode 0x1004 [ 393.495240][T15092] netlink: 12 bytes leftover after parsing attributes in process `syz.6.15015'. [ 393.501748][T15092] netlink: 3 bytes leftover after parsing attributes in process `syz.6.15015'. [ 393.563659][T15096] IPv6: NLM_F_CREATE should be specified when creating new route [ 393.660231][T15102] bridge0: left allmulticast mode [ 394.429842][T10222] failed while handling packet from 1:16384 [ 394.434581][T10222] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.439904][T10222] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.442752][T10222] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.445641][T10222] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.143975][ T10] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 395.304354][ T10] usb 10-1: Using ep0 maxpacket: 8 [ 395.307837][ T10] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 395.310801][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.320476][ T10] pvrusb2: Hardware description: Terratec Grabster AV400 [ 395.322890][ T10] pvrusb2: ********** [ 395.324291][ T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 395.327954][ T10] pvrusb2: Important functionality might not be entirely working. [ 395.330789][ T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 395.334537][ T10] pvrusb2: ********** [ 395.426395][T15201] netlink: 28 bytes leftover after parsing attributes in process `syz.8.15055'. [ 395.469823][T15207] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15057'. [ 395.508463][ T40] kauditd_printk_skb: 132 callbacks suppressed [ 395.508475][ T40] audit: type=1400 audit(2000000384.261:68011): avc: denied { name_bind } for pid=15210 comm="syz.6.15058" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 395.517337][ T40] audit: type=1400 audit(2000000384.261:68012): avc: denied { node_bind } for pid=15210 comm="syz.6.15058" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 395.541306][ T40] audit: type=1400 audit(2000000384.289:68013): avc: denied { ioctl } for pid=15163 comm="syz.5.15042" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 395.552484][ T2492] pvrusb2: Invalid write control endpoint [ 395.573094][ T40] audit: type=1400 audit(2000000384.327:68014): avc: denied { recv } for pid=33 comm="ksoftirqd/3" saddr=127.0.0.1 src=38474 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 395.593527][ T40] audit: type=1400 audit(2000000384.345:68015): avc: denied { module_request } for pid=15221 comm="syz.6.15061" kmod="netdev-wlan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 395.603488][ T2492] pvrusb2: Invalid write control endpoint [ 395.608496][ T2492] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 395.611710][ T2492] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 395.614175][ T2492] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 395.629182][ T2492] pvrusb2: Device being rendered inoperable [ 395.631210][ T40] audit: type=1400 audit(2000000384.373:68016): avc: denied { sys_module } for pid=15221 comm="syz.6.15061" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 395.641398][ T2492] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 395.643965][ T2492] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 395.653937][ T2492] pvrusb2: Attached sub-driver cx25840 [ 395.656563][ T2492] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 395.659199][ T40] audit: type=1400 audit(2000000384.392:68017): avc: denied { recv } for pid=5920 comm="sshd-session" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=38474 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 395.660652][ T2492] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 395.669770][ T40] audit: type=1400 audit(2000000384.411:68018): avc: denied { allowed } for pid=15230 comm="syz.8.15063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 395.689146][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 395.692750][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 395.765110][T15165] pvrusb2: Attempted to execute control transfer when device not ok [ 395.770445][ T10] usb 10-1: USB disconnect, device number 14 [ 395.796004][ T40] audit: type=1400 audit(2000000384.523:68019): avc: denied { sqpoll } for pid=15243 comm="syz.8.15067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 395.818508][ T40] audit: type=1400 audit(2000000384.542:68020): avc: denied { create } for pid=15246 comm="syz.6.15066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 396.010642][ T6049] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 396.780518][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 396.783409][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 396.962168][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.209891][ T6102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.637428][ T6061] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 397.637933][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.641500][ T6061] Bluetooth: hci0: Injecting HCI hardware error event [ 397.651356][ T5294] Bluetooth: hci0: hardware error 0x00 [ 397.681132][T15445] __nla_validate_parse: 4 callbacks suppressed [ 397.681143][T15445] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15145'. [ 397.755431][T15449] debugfs: 'ttyS3' already exists in 'caif_serial' [ 397.892904][ T6102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 397.896250][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 398.281360][T15504] 9p: Unknown uid 00000000004294967295 [ 398.315062][ T143] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 398.472117][ T143] usb 11-1: unable to get BOS descriptor or descriptor too short [ 398.476509][ T143] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 398.480429][ T143] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 398.485225][ T143] usb 11-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 398.488329][ T143] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.491033][ T143] usb 11-1: Product: syz [ 398.492822][ T143] usb 11-1: Manufacturer: syz [ 398.494390][ T143] usb 11-1: SerialNumber: syz [ 398.719955][T15484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.727696][T15484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.741426][ T143] usb 11-1: 0:2 : does not exist [ 398.756086][ T143] usb 11-1: USB disconnect, device number 10 [ 398.770069][T13064] udevd[13064]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb11/11-1/11-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 399.305910][T15572] netlink: 8 bytes leftover after parsing attributes in process `syz.6.15183'. [ 399.309488][T15572] netlink: 12 bytes leftover after parsing attributes in process `syz.6.15183'. [ 399.543345][T15609] netlink: 190972 bytes leftover after parsing attributes in process `syz.5.15200'. [ 399.860566][ T5294] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 399.877037][T15655] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 399.878853][T15655] dvmrp1: linktype set to 774 [ 399.905497][T15664] batadv_slave_1: entered promiscuous mode [ 399.908339][T15662] batadv_slave_1: left promiscuous mode [ 399.978371][T15669] binder: 15667:15669 ioctl c0306201 0 returned -14 [ 400.105659][T15694] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15234'. [ 400.112289][T15694] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15234'. [ 400.276815][T15718] ptrace attach of "/syz-executor exec"[9436] was attempted by ""[15718] [ 400.384901][T15726] input: syz1 as /devices/virtual/input/input44 [ 400.883879][ T40] kauditd_printk_skb: 228 callbacks suppressed [ 400.883890][ T40] audit: type=1400 audit(2000000645.282:68249): avc: denied { map_create } for pid=15783 comm="syz.6.15256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 400.898026][ T40] audit: type=1400 audit(2000000645.282:68250): avc: denied { map_read map_write } for pid=15783 comm="syz.6.15256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 401.004041][ T40] audit: type=1400 audit(2000000645.395:68251): avc: denied { read } for pid=15789 comm="syz.5.15259" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 401.011200][ T40] audit: type=1400 audit(2000000645.404:68252): avc: denied { open } for pid=15789 comm="syz.5.15259" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 401.019650][ T40] audit: type=1400 audit(2000000645.413:68253): avc: denied { allowed } for pid=15789 comm="syz.5.15259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 401.026052][ T40] audit: type=1400 audit(2000000645.413:68254): avc: denied { create } for pid=15789 comm="syz.5.15259" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 401.033651][ T40] audit: type=1400 audit(2000000645.413:68255): avc: denied { map } for pid=15789 comm="syz.5.15259" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=143529 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 401.042210][ T40] audit: type=1400 audit(2000000645.413:68256): avc: denied { read write } for pid=15789 comm="syz.5.15259" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=143529 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 401.057898][ T40] audit: type=1400 audit(2000000645.413:68257): avc: denied { create } for pid=15791 comm="syz.6.15260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 401.064722][ T40] audit: type=1400 audit(2000000645.413:68258): avc: denied { connect } for pid=15791 comm="syz.6.15260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 401.212085][T15812] loop7: detected capacity change from 0 to 7 [ 401.214936][T13064] buffer_io_error: 138 callbacks suppressed [ 401.214945][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.228136][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.231012][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.233575][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.236216][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.238783][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.243057][ T6102] net_ratelimit: 14 callbacks suppressed [ 401.243067][ T6102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 401.245962][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.247880][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 401.250493][T13064] ldm_validate_partition_table(): Disk read failed. [ 401.255338][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.257973][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.264283][T13064] Buffer I/O error on dev loop7, logical block 0, async page read [ 401.266926][T13064] Dev loop7: unable to read RDB block 0 [ 401.268941][T13064] loop7: unable to read partition table [ 401.271482][T13064] loop7: partition table beyond EOD, truncated [ 401.274305][T15812] ldm_validate_partition_table(): Disk read failed. [ 401.277426][T15812] Dev loop7: unable to read RDB block 0 [ 401.279374][T15812] loop7: unable to read partition table [ 401.281364][T15812] loop7: partition table beyond EOD, truncated [ 401.284851][T15812] loop_reread_partitions: partition scan of loop7 (7x~Sj̖P) failed (rc=-5) [ 401.297934][ T5344] udevd[5344]: worker [13064] terminated by signal 33 (Unknown signal 33) [ 401.300670][ T5344] udevd[5344]: worker [13064] failed while handling '/devices/virtual/block/loop7' [ 401.343131][T15831] lo speed is unknown, defaulting to 1000 [ 401.386078][T15855] netlink: 'syz.8.15280': attribute type 4 has an invalid length. [ 401.404140][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 401.552857][ T6102] hid_parser_main: 28 callbacks suppressed [ 401.552871][ T6102] hid-generic 0006:0004:0009.000E: unknown main item tag 0x0 [ 401.557408][ T6102] hid-generic 0006:0004:0009.000E: unknown main item tag 0x0 [ 401.559769][ T6102] hid-generic 0006:0004:0009.000E: unknown main item tag 0x0 [ 401.569195][ T6102] hid-generic 0006:0004:0009.000E: hidraw1: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 401.597183][T15883] fido_id[15883]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 401.617069][T15890] bridge_slave_0: left allmulticast mode [ 401.619525][T15890] bridge_slave_0: left promiscuous mode [ 401.622213][T15890] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.786257][ T12] wlan1: Selected IBSS BSSID 00:8d:8d:ff:00:00 based on configured SSID [ 402.096177][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 402.353687][ T6102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 402.513153][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 402.686287][ T6049] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 402.769867][T10222] wlan1: Trigger new scan to find an IBSS to join [ 403.199173][ T6102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 403.305172][ T10] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 403.465138][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 403.469052][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 403.477693][ T10] usb 11-1: config index 0 descriptor too short (expected 23569, got 27) [ 403.480496][ T10] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.484320][ T10] usb 11-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 403.487615][ T10] usb 11-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 403.490192][ T10] usb 11-1: Manufacturer: syz [ 403.493124][ T10] usb 11-1: config 0 descriptor?? [ 403.496859][ T6102] usb 14-1: new high-speed USB device number 10 using dummy_hcd [ 403.550353][ T10] rc_core: IR keymap rc-hauppauge not found [ 403.552356][ T10] Registered IR keymap rc-empty [ 403.556109][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0 [ 403.564858][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0/input45 [ 403.658911][ T6102] usb 14-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x3D, changing to 0xD [ 403.662531][ T6102] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 198, changing to 11 [ 403.667000][ T6102] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 42683, setting to 1024 [ 403.674247][ T6102] usb 14-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 403.677195][ T6102] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.686557][ T6102] usb 14-1: Product: syz [ 403.687955][ T6102] usb 14-1: Manufacturer: syz [ 403.689809][ T6102] usb 14-1: SerialNumber: syz [ 403.693025][ T6102] usb 14-1: config 0 descriptor?? [ 403.695161][T16001] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 403.714458][T15977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.718942][T15977] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 403.776459][ T10] usb 11-1: USB disconnect, device number 11 [ 403.839254][ T6151] usb 13-1: new high-speed USB device number 10 using dummy_hcd [ 403.916948][T16001] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 403.999725][ T6151] usb 13-1: Using ep0 maxpacket: 8 [ 404.002638][ T6151] usb 13-1: config 179 has an invalid interface number: 65 but max is 0 [ 404.005215][ T6151] usb 13-1: config 179 has no interface number 0 [ 404.007224][ T6151] usb 13-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 404.011031][ T6151] usb 13-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 404.014531][ T6151] usb 13-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 404.017982][ T6151] usb 13-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 404.022048][ T6151] usb 13-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 404.026204][ T6151] usb 13-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 404.029052][ T6151] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.034162][T16035] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 404.139117][ T6151] usb 14-1: USB disconnect, device number 10 [ 404.270241][ T6049] input: Generic X-Box pad as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:179.65/input/input46 [ 404.432008][T16090] netlink: 'syz.5.15344': attribute type 11 has an invalid length. [ 404.556358][ T6102] usb 13-1: USB disconnect, device number 10 [ 404.556391][ C3] xpad 13-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 404.561205][ C3] dummy_hcd dummy_hcd.8: timer fired with no URBs pending? [ 404.844436][ T10] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 405.015548][ T10] usb 10-1: Using ep0 maxpacket: 32 [ 405.019088][ T10] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.022773][ T10] usb 10-1: config 0 has no interfaces? [ 405.024579][ T10] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 405.027654][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.031548][ T10] usb 10-1: config 0 descriptor?? [ 405.253934][ T10] usb 10-1: USB disconnect, device number 15 [ 405.422649][ T35] block nbd3: Possible stuck request ffff8880281c8000: control (read@0,1024B). Runtime 30 seconds [ 405.426927][ T35] block nbd3: Possible stuck request ffff8880281c8200: control (read@1024,1024B). Runtime 30 seconds [ 405.430381][ T35] block nbd3: Possible stuck request ffff8880281c8400: control (read@2048,1024B). Runtime 30 seconds [ 405.434448][ T35] block nbd3: Possible stuck request ffff8880281c8600: control (read@3072,1024B). Runtime 30 seconds [ 405.481918][T16174] tmpfs: Invalid uid '0x00000000ffffffff' [ 405.549394][T16180] tun0: tun_chr_ioctl cmd 1074025675 [ 405.551511][T16180] tun0: persist disabled [ 405.776455][T16209] netlink: 16 bytes leftover after parsing attributes in process `syz.6.15383'. [ 405.878527][T16221] netlink: 56 bytes leftover after parsing attributes in process `syz.6.15387'. [ 405.945176][T16227] misc userio: Can't change port type on an already running userio instance [ 406.082326][T16241] bond0: entered promiscuous mode [ 406.084046][T16241] bond_slave_0: entered promiscuous mode [ 406.087187][T16241] @0: entered promiscuous mode [ 406.088925][T16241] bridge_slave_1: entered promiscuous mode [ 406.091995][T16241] bond0: left promiscuous mode [ 406.093590][T16241] bond_slave_0: left promiscuous mode [ 406.095502][T16241] @0: left promiscuous mode [ 406.097214][T16241] bridge_slave_1: left promiscuous mode [ 406.275618][ T40] kauditd_printk_skb: 149 callbacks suppressed [ 406.275629][ T40] audit: type=1400 audit(2000000650.322:68408): avc: denied { create } for pid=16254 comm="syz.8.15397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 406.282893][T16255] netlink: 64 bytes leftover after parsing attributes in process `syz.8.15397'. [ 406.285935][ T40] audit: type=1400 audit(2000000650.331:68409): avc: denied { write } for pid=16254 comm="syz.8.15397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 406.294871][ T40] audit: type=1400 audit(2000000650.331:68410): avc: denied { nlmsg_write } for pid=16254 comm="syz.8.15397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 406.331443][ T6151] usb 10-1: new high-speed USB device number 16 using dummy_hcd [ 406.356445][ T40] audit: type=1400 audit(2000000650.406:68411): avc: denied { name_connect } for pid=16258 comm="syz.8.15399" dest=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 406.455652][ T40] audit: type=1400 audit(2000000650.490:68412): avc: denied { create } for pid=16265 comm="syz.8.15402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 406.464281][ T40] audit: type=1400 audit(2000000650.490:68413): avc: denied { ioctl } for pid=16265 comm="syz.8.15402" path="socket:[141249]" dev="sockfs" ino=141249 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 406.502601][ T40] audit: type=1400 audit(2000000650.546:68414): avc: denied { recv } for pid=16265 comm="syz.8.15402" saddr=127.0.0.1 src=38474 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 406.512925][ T6151] usb 10-1: Using ep0 maxpacket: 16 [ 406.516177][ T40] audit: type=1400 audit(2000000650.556:68415): avc: denied { ioctl } for pid=16235 comm="syz.5.15392" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 406.519381][ T6151] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 97, changing to 7 [ 406.529395][ T6151] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 24929, setting to 1024 [ 406.532553][ T40] audit: type=1400 audit(2000000650.565:68416): avc: denied { create } for pid=16271 comm="syz.9.15404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 406.534928][ T6151] usb 10-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 406.542804][ T6151] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.546404][ T6151] usb 10-1: Product: syz [ 406.548200][ T6151] usb 10-1: Manufacturer: syz [ 406.550128][ T6151] usb 10-1: SerialNumber: syz [ 406.552394][ T40] audit: type=1400 audit(2000000650.584:68417): avc: denied { bind } for pid=16271 comm="syz.9.15404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 406.559975][ T6151] usb 10-1: config 0 descriptor?? [ 406.577327][ T6151] hub 10-1:0.0: bad descriptor, ignoring hub [ 406.579872][ T6151] hub 10-1:0.0: probe with driver hub failed with error -5 [ 406.585447][ T6151] input: syz syz as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input48 [ 406.795436][ T24] net_ratelimit: 17 callbacks suppressed [ 406.795448][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 406.800079][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 406.921050][T16306] netlink: 8 bytes leftover after parsing attributes in process `syz.9.15414'. [ 406.962413][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 406.965881][ T6270] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.095973][T16328] netlink: 12 bytes leftover after parsing attributes in process `syz.8.15425'. [ 407.305960][T16349] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 407.373523][T16356] netlink: 20 bytes leftover after parsing attributes in process `syz.8.15436'. [ 407.629054][T16388] netlink: 8 bytes leftover after parsing attributes in process `syz.8.15450'. [ 407.646942][ T6102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.708966][T16400] netlink: 'syz.5.15456': attribute type 9 has an invalid length. [ 407.738523][T16407] netlink: 'syz.5.15458': attribute type 11 has an invalid length. [ 407.741061][T16407] netlink: 44 bytes leftover after parsing attributes in process `syz.5.15458'. [ 407.893390][T16433] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.897265][T16433] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.900294][T16433] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.904215][T16433] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 407.993344][ T12] wlan1: Trigger new scan to find an IBSS to join [ 408.042716][ T29] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 408.053039][ T143] usb 14-1: new high-speed USB device number 11 using dummy_hcd [ 408.070776][T16445] input: syz0 as /devices/virtual/input/input49 [ 408.147482][T16451] lo speed is unknown, defaulting to 1000 [ 408.224119][ T143] usb 14-1: Using ep0 maxpacket: 8 [ 408.228200][ T143] usb 14-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 408.231128][ T143] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.241777][ T143] pvrusb2: Hardware description: Terratec Grabster AV400 [ 408.244179][ T143] pvrusb2: ********** [ 408.247418][ T143] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 408.250709][ T143] pvrusb2: Important functionality might not be entirely working. [ 408.253196][ T143] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 408.257483][ T143] pvrusb2: ********** [ 408.454013][ T2492] pvrusb2: Invalid write control endpoint [ 408.481018][ T6102] usb 13-1: new high-speed USB device number 11 using dummy_hcd [ 408.481064][ T2492] pvrusb2: Invalid write control endpoint [ 408.485316][ T2492] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 408.488378][ T2492] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 408.490881][ T2492] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 408.494796][ T2492] pvrusb2: Device being rendered inoperable [ 408.497267][ T2492] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 408.500166][ T2492] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 408.506615][ T2492] pvrusb2: Attached sub-driver cx25840 [ 408.509227][ T2492] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 408.514453][ T2492] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 408.641407][ T6102] usb 13-1: Using ep0 maxpacket: 32 [ 408.649691][ T6102] usb 13-1: config 0 has an invalid interface number: 209 but max is 0 [ 408.655548][ T6102] usb 13-1: config 0 has no interface number 0 [ 408.657499][ T6102] usb 13-1: config 0 interface 209 has no altsetting 0 [ 408.661630][ T6102] usb 13-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23 [ 408.664945][ T6102] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.667446][ T6102] usb 13-1: Product: syz [ 408.669055][ T6102] usb 13-1: Manufacturer: syz [ 408.670545][ T6102] usb 13-1: SerialNumber: syz [ 408.673029][T16416] pvrusb2: Attempted to execute control transfer when device not ok [ 408.682157][ T6049] usb 14-1: USB disconnect, device number 11 [ 408.683752][ T6102] usb 13-1: config 0 descriptor?? [ 408.912559][T16451] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15475'. [ 408.928137][ T6102] usb 13-1: USB disconnect, device number 11 [ 409.069781][ T12] wlan1: Creating new IBSS network, BSSID 36:d0:a5:62:43:fe [ 409.187051][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 409.481999][T16555] Attempt to restore checkpoint with obsolete wellknown handles [ 409.492946][T16557] netlink: 28 bytes leftover after parsing attributes in process `syz.5.15492'. [ 409.789832][T16601] could not open pipe file descriptor [ 410.295915][T16661] overlayfs: failed to clone lowerpath [ 410.497056][T16685] vcan0: entered allmulticast mode [ 410.685900][T16709] SELinux: security_context_str_to_sid () failed with errno=-22 [ 410.690719][ T24] usb 10-1: USB disconnect, device number 16 [ 410.768301][T16717] block device autoloading is deprecated and will be removed. [ 411.582759][ T10] usb 14-1: new high-speed USB device number 12 using dummy_hcd [ 411.602346][T16833] __nla_validate_parse: 6 callbacks suppressed [ 411.602357][T16833] netlink: 20 bytes leftover after parsing attributes in process `syz.6.15600'. [ 411.636830][ T40] kauditd_printk_skb: 232 callbacks suppressed [ 411.636842][ T40] audit: type=1400 audit(2000000655.343:68650): avc: denied { read } for pid=16836 comm="syz.6.15603" dev="nsfs" ino=4026533382 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 411.646932][ T40] audit: type=1400 audit(2000000655.343:68651): avc: denied { open } for pid=16836 comm="syz.6.15603" path="net:[4026533382]" dev="nsfs" ino=4026533382 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 411.657299][T11074] usb 10-1: new high-speed USB device number 17 using dummy_hcd [ 411.662458][ T40] audit: type=1400 audit(2000000655.343:68652): avc: denied { create } for pid=16836 comm="syz.6.15603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 411.669722][ T40] audit: type=1400 audit(2000000655.343:68653): avc: denied { bind } for pid=16836 comm="syz.6.15603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 411.675997][ T40] audit: type=1400 audit(2000000655.343:68654): avc: denied { write } for pid=16836 comm="syz.6.15603" path="socket:[146828]" dev="sockfs" ino=146828 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 411.683589][ T40] audit: type=1400 audit(2000000655.362:68655): avc: denied { create } for pid=16838 comm="syz.6.15604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 411.690512][ T40] audit: type=1400 audit(2000000655.362:68656): avc: denied { create } for pid=16838 comm="syz.6.15604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 411.696573][ T40] audit: type=1400 audit(2000000655.362:68657): avc: denied { recv } for pid=5920 comm="sshd-session" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=38474 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 411.733040][ T40] audit: type=1400 audit(2000000655.436:68658): avc: denied { mount } for pid=16844 comm="syz.8.15607" name="/" dev="9p" ino=72095479 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 411.744044][ T10] usb 14-1: too many configurations: 9, using maximum allowed: 8 [ 411.747515][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.750414][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.762412][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.765771][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.768995][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.772476][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.775548][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.775645][ T40] audit: type=1400 audit(2000000655.474:68659): avc: denied { read } for pid=16848 comm="syz.6.15608" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 411.778424][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.789639][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.793158][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.796092][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.799856][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.802961][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.805888][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.809944][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.813397][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.817257][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.825137][T11074] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 411.832127][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.835107][T11074] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.838900][T11074] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 411.843687][T11074] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 411.846620][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.849408][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.852954][T11074] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.855536][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.858880][ T10] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 411.862379][T11074] usb 10-1: config 0 descriptor?? [ 411.871192][ T10] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 411.874842][ T10] usb 14-1: config 0 interface 0 has no altsetting 0 [ 411.884919][ T10] usb 14-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 411.888082][ T10] usb 14-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 411.890851][ T10] usb 14-1: Product: syz [ 411.892275][ T10] usb 14-1: Manufacturer: syz [ 411.894006][ T10] usb 14-1: SerialNumber: syz [ 411.903621][ T10] usb 14-1: config 0 descriptor?? [ 411.909280][ T10] yurex 14-1:0.0: USB YUREX device now attached to Yurex #0 [ 412.020775][T16878] syzkaller1: entered promiscuous mode [ 412.023823][T16878] syzkaller1: entered allmulticast mode [ 412.183997][ C0] usb 14-1: yurex_control_callback - control failed: -71 [ 412.190877][ T10] usb 14-1: USB disconnect, device number 12 [ 412.194794][ T10] yurex 14-1:0.0: USB YUREX #0 now disconnected [ 412.308297][T11074] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 412.523724][ C3] net_ratelimit: 17 callbacks suppressed [ 412.523738][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 412.574527][ T29] usb 10-1: USB disconnect, device number 17 [ 412.792604][ T6151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 413.104836][T16968] syzkaller1: entered promiscuous mode [ 413.106662][T16968] syzkaller1: entered allmulticast mode [ 413.208436][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 413.432722][ T24] usb 14-1: new high-speed USB device number 13 using dummy_hcd [ 413.593439][ T24] usb 14-1: Using ep0 maxpacket: 16 [ 413.600233][ T24] usb 14-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 413.603993][ T24] usb 14-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 413.607034][ T24] usb 14-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 413.611015][ T24] usb 14-1: config 1 interface 0 has no altsetting 0 [ 413.615102][ T24] usb 14-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 413.617963][ T24] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.620745][ T24] usb 14-1: Product: syz [ 413.622746][ T24] usb 14-1: Manufacturer: syz [ 413.625414][ T24] usb 14-1: SerialNumber: syz [ 413.646584][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 413.828455][ T10] usb 10-1: new high-speed USB device number 18 using dummy_hcd [ 413.859574][ T24] usblp 14-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 414.001113][ T10] usb 10-1: config index 0 descriptor too short (expected 23569, got 27) [ 414.003750][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 414.007711][ T10] usb 10-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 414.010729][ T10] usb 10-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 414.013264][ T10] usb 10-1: Manufacturer: syz [ 414.016234][ T10] usb 10-1: config 0 descriptor?? [ 414.063780][ T10] rc_core: IR keymap rc-hauppauge not found [ 414.065927][ T10] Registered IR keymap rc-empty [ 414.068401][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0 [ 414.072964][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input51 [ 414.240977][T17010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 414.245288][T17010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 414.279122][ T10] usb 10-1: USB disconnect, device number 18 [ 414.321367][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 414.674982][ T24] usb 14-1: USB disconnect, device number 13 [ 414.680387][ T24] usblp0: removed [ 414.748198][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 415.011982][T17105] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.122020][T17105] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.196132][T17105] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.331180][T17105] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.433141][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 415.458278][T17133] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.15691'. [ 415.480399][ T9367] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.494472][ T9367] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.513496][ T9367] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.535340][ T9367] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.836695][T17194] netlink: 'syz.8.15714': attribute type 29 has an invalid length. [ 415.840683][T17194] netlink: 'syz.8.15714': attribute type 29 has an invalid length. [ 415.844754][T17194] netlink: 44 bytes leftover after parsing attributes in process `syz.8.15714'. [ 415.861195][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 416.043187][ T6049] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 416.085696][ T53] usb 10-1: new low-speed USB device number 19 using dummy_hcd [ 416.269979][ T53] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 416.272716][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 416.276330][ T53] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 416.280438][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 416.285172][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 416.291307][ T53] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 416.294050][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 416.297616][ T53] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 416.302799][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 416.307456][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 416.317960][ T53] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 416.321488][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 416.330148][ T53] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 416.335373][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 416.340039][ T53] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 416.347329][ T53] usb 10-1: string descriptor 0 read error: -22 [ 416.350096][ T53] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 416.353423][ T53] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.360608][ T53] adutux 10-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 416.545200][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 416.636992][ T9] usb 10-1: USB disconnect, device number 19 [ 416.790227][T17274] gre0: Master is either lo or non-ether device [ 417.008383][ T40] kauditd_printk_skb: 245 callbacks suppressed [ 417.008394][ T40] audit: type=1400 audit(2000000660.364:68905): avc: denied { create } for pid=17290 comm="syz.9.15742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 417.019315][ T40] audit: type=1400 audit(2000000660.373:68906): avc: denied { create } for pid=17290 comm="syz.9.15742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 417.025340][ T40] audit: type=1400 audit(2000000660.373:68907): avc: denied { write } for pid=17290 comm="syz.9.15742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 417.034409][ T40] audit: type=1400 audit(2000000660.392:68908): avc: denied { read write } for pid=11955 comm="syz-executor" name="loop9" dev="devtmpfs" ino=667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 417.042062][ T40] audit: type=1400 audit(2000000660.392:68909): avc: denied { open } for pid=11955 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 417.052011][ T40] audit: type=1400 audit(2000000660.392:68910): avc: denied { ioctl } for pid=11955 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=667 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 417.062168][ T40] audit: type=1400 audit(2000000660.401:68911): avc: denied { read write } for pid=17292 comm="syz.9.15743" name="vhost-vsock" dev="devtmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 417.069892][ T40] audit: type=1400 audit(2000000660.401:68912): avc: denied { open } for pid=17292 comm="syz.9.15743" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 417.077480][ T40] audit: type=1400 audit(2000000660.401:68913): avc: denied { ioctl } for pid=17292 comm="syz.9.15743" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 417.085785][ T40] audit: type=1400 audit(2000000660.420:68914): avc: denied { egress } for pid=9 comm="kworker/0:0" saddr=fe80::1c daddr=ff02::2 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 417.180867][T17306] tipc: Started in network mode [ 417.182529][T17306] tipc: Node identity 2, cluster identity 4711 [ 417.184371][T17306] tipc: Node number set to 2 [ 417.450015][T17335] lo speed is unknown, defaulting to 1000 [ 417.669859][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.6.15764'. [ 417.743005][ T9] usb 14-1: new high-speed USB device number 14 using dummy_hcd [ 417.914073][ T9] usb 14-1: Using ep0 maxpacket: 8 [ 417.918545][ T9] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 417.922654][ T9] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 417.927182][ T9] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 417.931294][ T9] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 417.937127][ T9] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 417.940847][ T9] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.095755][ C3] net_ratelimit: 2 callbacks suppressed [ 418.095767][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 418.161466][ T9] usb 14-1: GET_CAPABILITIES returned 0 [ 418.163333][ T9] usbtmc 14-1:16.0: can't read capabilities [ 418.274677][T17401] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.362889][T17401] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.382630][ T9] usb 14-1: USB disconnect, device number 14 [ 418.448960][T17401] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.599649][T17401] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.744078][T10222] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.753312][ T1144] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.762272][ T1144] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.770908][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 418.772084][ T12] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.879450][T17435] tipc: Resetting bearer [ 418.952236][T17444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 418.958027][T17444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 418.962166][ C1] ================================================================== [ 418.964715][ C1] BUG: KASAN: double-free in inet_sock_destruct+0x597/0x830 [ 418.967099][ C1] Free of addr ffff8880284e7a00 by task syz.8.15778/17442 [ 418.969528][ C1] [ 418.971422][ C1] CPU: 1 UID: 0 PID: 17442 Comm: syz.8.15778 Tainted: G L syzkaller #0 PREEMPT(full) [ 418.971439][ C1] Tainted: [L]=SOFTLOCKUP [ 418.971443][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 418.971451][ C1] Call Trace: [ 418.971455][ C1] [ 418.971460][ C1] dump_stack_lvl+0x116/0x1f0 [ 418.971472][ C1] print_report+0xcd/0x630 [ 418.971486][ C1] ? __virt_addr_valid+0x81/0x610 [ 418.971496][ C1] ? __phys_addr+0xe8/0x180 [ 418.971505][ C1] ? inet_sock_destruct+0x597/0x830 [ 418.971518][ C1] kasan_report_invalid_free+0xb8/0xe0 [ 418.971531][ C1] ? inet_sock_destruct+0x597/0x830 [ 418.971545][ C1] ? inet_sock_destruct+0x597/0x830 [ 418.971557][ C1] check_slab_allocation+0xc3/0xf0 [ 418.971568][ C1] kfree+0x21d/0x6e0 [ 418.971583][ C1] ? inet_sock_destruct+0x597/0x830 [ 418.971597][ C1] ? inet_sock_destruct+0x597/0x830 [ 418.971609][ C1] inet_sock_destruct+0x597/0x830 [ 418.971621][ C1] ? inet6_cleanup_sock+0x10b/0x200 [ 418.971632][ C1] ? __pfx_sctp_v6_destruct_sock+0x10/0x10 [ 418.971643][ C1] __sk_destruct+0x85/0xbc0 [ 418.971656][ C1] sk_destruct+0xc2/0xf0 [ 418.971668][ C1] __sk_free+0xf4/0x3e0 [ 418.971680][ C1] sk_free+0x6a/0x90 [ 418.971696][ C1] sctp_endpoint_destroy_rcu+0xd3/0x100 [ 418.971708][ C1] ? rcu_core+0x797/0x15f0 [ 418.971722][ C1] rcu_core+0x79c/0x15f0 [ 418.971737][ C1] ? __pfx_rcu_core+0x10/0x10 [ 418.971753][ C1] handle_softirqs+0x219/0x950 [ 418.971769][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 418.971784][ C1] __irq_exit_rcu+0x109/0x170 [ 418.971798][ C1] irq_exit_rcu+0x9/0x30 [ 418.971811][ C1] sysvec_apic_timer_interrupt+0x57/0xc0 [ 418.971827][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 418.971838][ C1] RIP: 0033:0x7f39dda4d728 [ 418.971846][ C1] Code: 40 00 41 89 fb 44 8d 56 04 4c 8d 0d f2 48 38 00 89 f0 4c 8d 05 e9 28 38 00 89 c2 81 e2 ff 1f 00 00 49 8b 0c d1 48 39 f1 74 28 <48> 85 c9 74 29 45 38 1c 10 75 23 83 c0 01 44 39 d0 75 dc 48 89 f0 [ 418.971857][ C1] RSP: 002b:00007fff15739208 EFLAGS: 00000287 [ 418.971865][ C1] RAX: 000000008ab58b25 RBX: 00007f39de915720 RCX: ffffffff81bb8b25 [ 418.971872][ C1] RDX: 0000000000000b25 RSI: ffffffff8ab58b25 RDI: 0000000000000001 [ 418.971878][ C1] RBP: ffffffff8ab58b25 R08: 00007f39dddd0000 R09: 00007f39dddd2000 [ 418.971885][ C1] R10: 000000008ab58b29 R11: 0000000000000001 R12: 0000000000000001 [ 418.971891][ C1] R13: 0000000000000000 R14: ffffffff8ab58b25 R15: 000000000001032f [ 418.971897][ C1] ? sctp_bind_addr_state+0xb5/0x1d0 [ 418.971913][ C1] ? sctp_bind_addr_state+0xb5/0x1d0 [ 418.971935][ C1] ? audit_log_vformat+0xc5/0x8a0 [ 418.971957][ C1] ? sctp_bind_addr_state+0xb5/0x1d0 [ 418.971973][ C1] [ 418.971977][ C1] [ 419.059524][ C1] Allocated by task 17440: [ 419.060989][ C1] kasan_save_stack+0x33/0x60 [ 419.062530][ C1] kasan_save_track+0x14/0x30 [ 419.064096][ C1] __kasan_kmalloc+0xaa/0xb0 [ 419.065637][ C1] __kmalloc_noprof+0x33d/0x910 [ 419.067228][ C1] cipso_v4_sock_setattr+0xbb/0x4c0 [ 419.068906][ C1] netlbl_conn_setattr+0x4b8/0x620 [ 419.070575][ C1] selinux_netlbl_socket_connect_locked+0x14d/0x220 [ 419.072703][ C1] selinux_netlbl_socket_connect+0x26/0x40 [ 419.074623][ C1] selinux_socket_connect+0x64/0x80 [ 419.076525][ C1] security_socket_connect+0xc6/0x240 [ 419.078711][ C1] __sys_connect_file+0x8f/0x1a0 [ 419.080777][ C1] __sys_connect+0x13b/0x160 [ 419.082733][ C1] __x64_sys_connect+0x72/0xb0 [ 419.084728][ C1] do_syscall_64+0xcd/0xf80 [ 419.086657][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.089113][ C1] [ 419.090268][ C1] Freed by task 17442: [ 419.092054][ C1] kasan_save_stack+0x33/0x60 [ 419.094121][ C1] kasan_save_track+0x14/0x30 [ 419.096143][ C1] kasan_save_free_info+0x3b/0x60 [ 419.098255][ C1] __kasan_slab_free+0x5f/0x80 [ 419.099803][ C1] kfree+0x2f8/0x6e0 [ 419.101074][ C1] inet_sock_destruct+0x597/0x830 [ 419.102690][ C1] __sk_destruct+0x85/0xbc0 [ 419.104156][ C1] sk_destruct+0xc2/0xf0 [ 419.105546][ C1] __sk_free+0xf4/0x3e0 [ 419.106894][ C1] sk_free+0x6a/0x90 [ 419.108160][ C1] sctp_endpoint_destroy_rcu+0xd3/0x100 [ 419.109923][ C1] rcu_core+0x79c/0x15f0 [ 419.111341][ C1] handle_softirqs+0x219/0x950 [ 419.112858][ C1] __irq_exit_rcu+0x109/0x170 [ 419.114372][ C1] irq_exit_rcu+0x9/0x30 [ 419.115728][ C1] sysvec_apic_timer_interrupt+0x57/0xc0 [ 419.117501][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 419.119390][ C1] [ 419.120166][ C1] The buggy address belongs to the object at ffff8880284e7a00 [ 419.120166][ C1] which belongs to the cache kmalloc-64 of size 64 [ 419.124493][ C1] The buggy address is located 0 bytes inside of [ 419.124493][ C1] 64-byte region [ffff8880284e7a00, ffff8880284e7a40) [ 419.128500][ C1] [ 419.129268][ C1] The buggy address belongs to the physical page: [ 419.131270][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x284e7 [ 419.133992][ C1] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 419.136307][ C1] page_type: f5(slab) [ 419.137630][ C1] raw: 00fff00000000000 ffff88801b4428c0 ffffea0000ced7c0 dead000000000003 [ 419.140285][ C1] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 419.142954][ C1] page dumped because: kasan: bad access detected [ 419.144951][ C1] page_owner tracks the page as allocated [ 419.146747][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5345, tgid 5345 (udevadm), ts 26750940177, free_ts 26750878105 [ 419.152309][ C1] post_alloc_hook+0x1af/0x220 [ 419.153838][ C1] get_page_from_freelist+0xd0b/0x31a0 [ 419.155541][ C1] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 419.157389][ C1] alloc_pages_mpol+0x1fb/0x550 [ 419.158937][ C1] new_slab+0x2c3/0x430 [ 419.160261][ C1] ___slab_alloc+0xe18/0x1c90 [ 419.161766][ C1] __slab_alloc.constprop.0+0x63/0x110 [ 419.163482][ C1] __kmalloc_noprof+0x4fc/0x910 [ 419.165031][ C1] tomoyo_encode2+0x100/0x3e0 [ 419.166532][ C1] tomoyo_encode+0x29/0x50 [ 419.167934][ C1] tomoyo_realpath_from_path+0x18f/0x6e0 [ 419.169691][ C1] tomoyo_path_perm+0x274/0x460 [ 419.171217][ C1] security_inode_getattr+0x116/0x290 [ 419.172904][ C1] vfs_statx+0x121/0x3f0 [ 419.174329][ C1] vfs_fstatat+0x7b/0xf0 [ 419.175725][ C1] __do_sys_newfstatat+0x97/0x120 [ 419.177413][ C1] page last free pid 5345 tgid 5345 stack trace: [ 419.179547][ C1] __free_frozen_pages+0x7df/0x1170 [ 419.181199][ C1] inode_doinit_with_dentry+0xaca/0x12e0 [ 419.182966][ C1] selinux_d_instantiate+0x26/0x30 [ 419.184558][ C1] security_d_instantiate+0x142/0x1a0 [ 419.186185][ C1] d_splice_alias_ops+0x92/0x840 [ 419.187751][ C1] kernfs_iop_lookup+0x23f/0x2d0 [ 419.189311][ C1] __lookup_slow+0x251/0x460 [ 419.190790][ C1] lookup_slow+0x50/0x70 [ 419.192129][ C1] path_lookupat+0x5e9/0xc40 [ 419.193659][ C1] filename_lookup+0x224/0x5f0 [ 419.195176][ C1] do_readlinkat+0xce/0x3a0 [ 419.196601][ C1] __x64_sys_readlink+0x78/0xc0 [ 419.198136][ C1] do_syscall_64+0xcd/0xf80 [ 419.199572][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.201422][ C1] [ 419.202196][ C1] Memory state around the buggy address: [ 419.203960][ C1] ffff8880284e7900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 419.206456][ C1] ffff8880284e7980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 419.208934][ C1] >ffff8880284e7a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 419.211409][ C1] ^ [ 419.212695][ C1] ffff8880284e7a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 419.215175][ C1] ffff8880284e7b00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 419.217666][ C1] ================================================================== [ 419.220357][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 419.222607][ C1] CPU: 1 UID: 0 PID: 17442 Comm: syz.8.15778 Tainted: G L syzkaller #0 PREEMPT(full) [ 419.226002][ C1] Tainted: [L]=SOFTLOCKUP [ 419.227366][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 419.230695][ C1] Call Trace: [ 419.231755][ C1] [ 419.232699][ C1] dump_stack_lvl+0x3d/0x1f0 [ 419.234244][ C1] vpanic+0x640/0x6f0 [ 419.235517][ C1] ? inet_sock_destruct+0x597/0x830 [ 419.237147][ C1] panic+0xca/0xd0 [ 419.238328][ C1] ? __pfx_panic+0x10/0x10 [ 419.239789][ C1] ? inet_sock_destruct+0x597/0x830 [ 419.241535][ C1] ? trace_irq_enable.constprop.0+0x2f/0x110 [ 419.243498][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 419.245117][ C1] check_panic_on_warn+0xab/0xb0 [ 419.246701][ C1] end_report+0x107/0x160 [ 419.248071][ C1] kasan_report_invalid_free+0xc8/0xe0 [ 419.249793][ C1] ? inet_sock_destruct+0x597/0x830 [ 419.251430][ C1] ? inet_sock_destruct+0x597/0x830 [ 419.253072][ C1] check_slab_allocation+0xc3/0xf0 [ 419.254714][ C1] kfree+0x21d/0x6e0 [ 419.255953][ C1] ? inet_sock_destruct+0x597/0x830 [ 419.257706][ C1] ? inet_sock_destruct+0x597/0x830 [ 419.259459][ C1] inet_sock_destruct+0x597/0x830 [ 419.261040][ C1] ? inet6_cleanup_sock+0x10b/0x200 [ 419.262689][ C1] ? __pfx_sctp_v6_destruct_sock+0x10/0x10 [ 419.264518][ C1] __sk_destruct+0x85/0xbc0 [ 419.265978][ C1] sk_destruct+0xc2/0xf0 [ 419.267321][ C1] __sk_free+0xf4/0x3e0 [ 419.268641][ C1] sk_free+0x6a/0x90 [ 419.269896][ C1] sctp_endpoint_destroy_rcu+0xd3/0x100 [ 419.271632][ C1] ? rcu_core+0x797/0x15f0 [ 419.273060][ C1] rcu_core+0x79c/0x15f0 [ 419.274444][ C1] ? __pfx_rcu_core+0x10/0x10 [ 419.275937][ C1] handle_softirqs+0x219/0x950 [ 419.277459][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 419.279127][ C1] __irq_exit_rcu+0x109/0x170 [ 419.280604][ C1] irq_exit_rcu+0x9/0x30 [ 419.281956][ C1] sysvec_apic_timer_interrupt+0x57/0xc0 [ 419.283726][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 419.285640][ C1] RIP: 0033:0x7f39dda4d728 [ 419.287056][ C1] Code: 40 00 41 89 fb 44 8d 56 04 4c 8d 0d f2 48 38 00 89 f0 4c 8d 05 e9 28 38 00 89 c2 81 e2 ff 1f 00 00 49 8b 0c d1 48 39 f1 74 28 <48> 85 c9 74 29 45 38 1c 10 75 23 83 c0 01 44 39 d0 75 dc 48 89 f0 [ 419.292992][ C1] RSP: 002b:00007fff15739208 EFLAGS: 00000287 [ 419.294924][ C1] RAX: 000000008ab58b25 RBX: 00007f39de915720 RCX: ffffffff81bb8b25 [ 419.297387][ C1] RDX: 0000000000000b25 RSI: ffffffff8ab58b25 RDI: 0000000000000001 [ 419.299858][ C1] RBP: ffffffff8ab58b25 R08: 00007f39dddd0000 R09: 00007f39dddd2000 [ 419.302321][ C1] R10: 000000008ab58b29 R11: 0000000000000001 R12: 0000000000000001 [ 419.304812][ C1] R13: 0000000000000000 R14: ffffffff8ab58b25 R15: 000000000001032f [ 419.307290][ C1] ? sctp_bind_addr_state+0xb5/0x1d0 [ 419.308957][ C1] ? sctp_bind_addr_state+0xb5/0x1d0 [ 419.310639][ C1] ? audit_log_vformat+0xc5/0x8a0 [ 419.312229][ C1] ? sctp_bind_addr_state+0xb5/0x1d0 [ 419.313907][ C1] [ 419.315920][ C1] Kernel Offset: disabled [ 419.317280][ C1] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:58:38 Registers: info registers vcpu 0 CPU#0 RAX=00000000002d2b21 RBX=0000000000000000 RCX=ffffffff8b7766d9 RDX=0000000000000000 RSI=ffffffff8dacb6f9 RDI=ffffffff8bf2a580 RBP=fffffbfff1c12f68 RSP=ffffffff8e007df8 R8 =0000000000000001 R9 =ffffed100d48673d R10=ffff88806a4339eb R11=ffffffff8e098670 R12=0000000000000000 R13=ffffffff8e097b40 R14=ffffffff908878d0 R15=0000000000000000 RIP=ffffffff8b774dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68fd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f39de9aaf98 CR3=000000005fa8e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff15739560 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8531e005 RDI=ffffffff9aee5bc0 RBP=ffffffff9aee5b80 RSP=ffffc900057975f0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2065657246 R12=0000000000000000 R13=000000000000005d R14=ffffffff9aee5b80 R15=ffffffff8531dfa0 RIP=ffffffff8531e02f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00005555618c4500 ffffffff 00c00000 GS =0000 ffff8880d69fd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000110c2c973f CR3=00000000591b2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff812c065f ffffffff812c0643 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff812c0643 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39ddc151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39dddba4a8 00007f39dddba4a0 00007f39dddba498 00007f39dddba470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39de91d100 00007f39dddba460 00007f39dddba478 00007f39dddba4c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39dddba4b8 00007f39dddba4b0 00007f39dddba4a8 00007f39dddba4a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000002daa1d RBX=0000000000000002 RCX=ffffffff8b7766d9 RDX=0000000000000000 RSI=ffffffff8dacb6f9 RDI=ffffffff8bf2a580 RBP=ffffed1003b5a930 RSP=ffffc90000187de8 R8 =0000000000000001 R9 =ffffed100d4c673d R10=ffff88806a6339eb R11=ffff88801dad54b0 R12=0000000000000002 R13=ffff88801dad4980 R14=ffffffff908878d0 R15=0000000000000000 RIP=ffffffff8b774dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6afd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2fc1aff8 CR3=00000000588ce000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cae15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cae1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cae15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cae1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cae150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cae151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cafba4a8 00007f91cafba4a0 00007f91cafba498 00007f91cafba470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cbb1d100 00007f91cafba460 00007f91cafba478 00007f91cafba4c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f91cafba4b8 00007f91cafba4b0 00007f91cafba4a8 00007f91cafba4a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffffffff91319aea RBX=ffffffff90a899a0 RCX=dffffc0000000000 RDX=1ffffffff2151334 RSI=0000000000000000 RDI=ffffffff90a89988 RBP=ffffffff90a89988 RSP=ffffc900045ef488 R8 =ffffffff91319b38 R9 =00000000d4260f5e R10=0000000000000002 R11=00000000000142bc R12=ffffffff90a899b8 R13=ffffffff8242bceb R14=ffffffff90a89988 R15=ffffffff90a89988 RIP=ffffffff816cac20 RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f0207cf46c0 ffffffff 00c00000 GS =0000 ffff8880d6bfd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0207cf3f98 CR3=00000000554cb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffec7f4b230 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0206e15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0206e1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0206e15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0206e1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0206e150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0206e151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000114 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000114 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000