last executing test programs: 14.960160143s ago: executing program 1 (id=99): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = dup(r3) mount(&(0x7f0000000240)=@nullb, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='v7\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000005, 0x12, r4, 0x0) r5 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef) bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x804, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc}, 0x48) write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff0215000400000000030006a40e07fff024bb000000", 0x29) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f00000003c0)=""/62, 0x3e}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000400)=[{&(0x7f0000000880)=""/111, 0x6f}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x1f, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000300000000000000ff00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020642500000000002020207b1af8ff00000000bfa10000f5ffffff06010000f8ffffffb702000008000000b7030000ffffff7f850000000600000018000000080000000000000000000000390cfeff010000001811000082bfc10984e2c366e8a56ee74538fb1cd68726d7e1571ece6eb6202797d85bba8e73f93f5f00d2bfca39cd671a34188caef67e8b3d24f62d84061f7dc14d64bfb32f2532265a6dc1ab80a91304230cb3e41d221b9bc0becf655ad078de6d7f7298ebf2a75eb764986f26ed2689c2d8535af3f611931a8fcf4293865369480d23e92d93c540922d7d7f04a2d9c97a52079ecad845fadf2ea384629999", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200000000000085000000860000001746feff00000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x9, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x770d, 0xffffffffffffffff, 0x3, &(0x7f0000000c00)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000c40)=[{0x0, 0x5, 0x10, 0xc}, {0x2, 0x3, 0x10, 0x1}, {0x0, 0x3, 0x1, 0xa}]}, 0x90) r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGREP(r8, 0x80084522, &(0x7f0000001f40)=""/230) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r7, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102372, 0x18fe4}], 0x1, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 14.541405728s ago: executing program 1 (id=105): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x6e4980) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb2b08812cf979db4c3fbcfd5cd2d6e4342ab12bb32c869ebb4d35648bfc1b16"], 0x11) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4138ae84, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) 14.420528529s ago: executing program 1 (id=106): r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000980), 0x400, 0x0) ioctl$CDROM_GET_MCN(r0, 0x1260, 0x0) 14.420063469s ago: executing program 1 (id=107): socket$rxrpc(0x21, 0x2, 0xa) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, 0x0, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x10) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x109e, &(0x7f0000001cc0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd652430d0106821fffc000000000000000000000000000000fe8800000000000000000000000000011103000000000000040100000100c910200100000000000000000000000000000006040380000c0000000000000000000000ffff00000000fe880000000000000000000000000101000000000000000000000000000000004e24000004319078049d548e005ff9bf6e0b1fd35cd5bb8cefce586a23720c1003368e9c274818c09f8bc591e9c9fc3dda13b593cdcd6c8c150a8a8772e7c770853588cd09e40e8d710761c4e0b054bde5d1e25e2d8241fe6b7165e25f482399355bbd68a69223c799eeb174dd36005569e9b01868d49fc89454ad83f1f7c489f3e60260eea1897f1ff1dafe1247a21ce678454ce1d7484def3c202fb3d5df525cb252745aae532600f527b02b682b37d4cdf312fa61374a17c2c30a64b9456c82247a86e47f9416db9379ade2a7bf4a678242d64463fe9d8311760d15882b34e61d663bfafd6afd32c68a9df67fb470cfeeff4ffac3bc4fd2a3bc263dbc3e4a398b1bd95454e974eda85190219202450912025656929be945f236dabb49d3022728da3d98c75d313fa557083f9b1827105fc7f19a3e1a689df1c344dbde657ff19159994979bd14af3baf8d4eb5c438e825a8f4713469b3d00d2059d0c59e62d9d3e7ca477dca33306c25ab3c25544a6e1ce945b70fb436c000608e1256d577affd0c861ddf2a49cee5dd2f222bfd59537238a0bbd6e2d5ae5fb1b12b63e10e3a3a7e2031c4fa552b9e2e9b84c45316460f80f58f97b176a58615c57e10b35bb8f9fec4315e7d7123fe082cab8dec3311ec223de7e9bfddc7a529734054bc084c3eac0cd7d4363ad5d904d3112a1db3ee9c684a680c7e6751b9ce1a7c54bede0ace5e2e273fc93c19b9bf77fb3ceaa7169610f45f4d9bd8c07650f64167174d5ba33268aaaabf6e9c8312b5543071267914f652210fc3747314ca8ea73c78767adfd8c2917c2e3c2748fc1e5437e190cb5067f007caa5ca58e3e2c7a2d85318c70bca73b3807aa087aa6c1a190b900c6df8a644a00309b90189d6491d48365780fcb8108ecfcf53c2859249570e93af8a6590da548a6b3f54596d4f17ea9c838fdb3f4185ca6353dd102492617f20c7df1d99aba272c266c790808de4a85e897104772687b35f4a6557fbf3fb7f651c4569116798d12612c6d082fa236f16df19144d11df7168decea1a33cbae370a280918b8ee31f212577f509b7a9f17c79654110c3f9bb337e5d7869fa82a88c92abfee058905f8ae1ffdcc4243141a86dcb901df474f464766c3a23339d01b27fcf9e7a77cba947427f1291283e7f655844e050f0508b0df63bfdb1c10e5bad47657a2ed3854dcb00dfe46e39da93811b1ce629bc45f13f9372aa730459a51d5c2bc96120054f6ac093bd842763ec0db83548363f0cfd34495e599116e4357046b748ee524fa8376d4485ca6e27bd8e8541e4feda53129e1b7a04e6bb05db2284a937d0b075ee7d3361fd69f558ffe1fa9ac7e7e0286da6f3d3ed3cbcb338f2cca55a492e353bea1f4bc5e60d49d1f6151a51f02e46c21bf4f8a3ffa42620c9695151b409e7c146173e8052cf9f9cf2abddffb2bc52de754dc4a5918e7cfc07c389e537a05aaa31d904723de80a3603448baac212b60ed0addf07086fb11e75ba59eecd05de33d12b1b95ae64875a09febd7caa514c02e31c1c83e6a3535b3353f4ac2ab8fdcef35eaf09182e15cc39b816c3a956124f8ae5ba9f5c6975c53a97b22ddb890ae0c9000ac3a0b56c71f279005d310ccbc4bd0644a672d858d51386cc2b9b574ecf72a85d29e738535daceb258f0a7fce7de55fb541a41ea5094e59d5a9d406a4f9dcf7fe5dcc899358f4ea9073ab8430f08f04ddcd188300e80c4ff3410b87e33226a87caa375904e99073c95e6bd8fe058faca5dd0e3e1cdd81817aab2c44b9b2026f4d65f2178ec2a45845919239d34a1523286312b44ec063d1c877aa542f15453ddd44327537da8579c8000cbe53b9f59731006639676f5348ae9d115be4dd20967d62022bdfc8fe8ecea6ffac764712a0cdbfd16848f8fd8a90490a8d716e285a12263b8f94cfd5999505702373304d50d618039bd7a25fe5b6f71c3ab59c3089c17ec48dab1e320627cf214f7e6e56363a2df63eb61ef0c2177bd5fdb513063c18d5cfb158bd2d57671c1cebe35cc5ada60feaf59300a51266546290cd9a7ec543237b7eb226246a40ff651af7e38d4fa17261252eb1b51fb3f294b0d39ab023c162f57c6f0da0419729801885187b85010ec01c8f753047bbb8b1ba803572d432704b36fbaa62c26678857f5657ce7d743421f8f2b1474d9016410828507e762191596ab42fbafe99b057d3c2d609182a1901e6ae29a62bd4112f42fa3dd9405c170db00a5e846d9a9ecc581effd218397d07284ca83250e082afe76ebd5e5121208e71043aa4da8942065d6ce6bbec00a3b5b78b9c935e7fcca5cbcea50a52c314010ed1dae7eb907909d248864a1091c9ee75ac21d88cf4f5d50083509a72cbe8927e99bf1dae3fc1cc2100983023c0ff78220d8b11220491d419bad6ba75b7be3d00c2cdb8bbd60faa75df577f38649f8df144ecbdd7971b886ffac1e397134227cd97212ab67ce4fe607590a1f4c9343a4d5182946c6d3381cfe8f8c0d8aee94713793c6056d7c6377f3765952815d68ff03f4903386b3b7f2a79334fcdda40beb551e69bd7c03b9a72f8b7545c443a145953c17fad3fa4383b05e97e86c3627305d03e9d708940e92d478aea7f1e6b56298d8bdfff18c6e3850a206f1f7e2c9596ebf00178e173bc823284e086b434d4dc32680c6d5134973573b22398313318ec9111165b5f8b8bf985c33d3b52294d697e24239588a2d4eeb0691dc87394f5ce3eaab0a732f4a24b4795f167319d51da76964aaef7494f3d8f28f34249fb8e0df2e225a72774b5484a0727918eba5915a321b26fb2f24a601210e141b7292d390f76f3e5a6b96b07de51f71ec50981deec88e3423152e2b3737cccbaca99e5920b7fdafb88891e652cada667e899dfdb131f4ec6aa3a56051ab62bd84b9155411764b44337d055760e0682f13f3b66ed6606064ec955ec6d0da9da16be39b68467f30217d7c0bdbe54806e8095837e037b008658283afb6a63ba5e1cef6aa151d3f04d46789d4639ddd99de3549f258748323d928e227be4d3b0fb02180d9f890cec66a51da9075a0c7ccb4eb23219c715383cea6d8fce86375e0399535fd958c70291be3355faf3ed828156457abc427771fa902ae2dc1108a6e61287c00f56151a71d3f1fea7bc244a15f3e5feb31aa98641a473cd3f83ee5559eaa58fc92bef8a0d42e8bcc592e75c21730ba69ed95ae803e7db7cb9ee5778c3c30757881a9e0a362203fd74e24ca39f8cb942bbf21e1da1de8d5da3d93ce6235d26269aa1a8ccda24d655af365d9aee8f78d9829a2dd43b4c5ec0404f37f29e95336709fd0e91bc8333c8b561fdae9ea44af9870706fc60704a5990a5b615591d69dc96f73fdb565d1f5fba32d0f8e374f37e5be09bd729b981f7c8c06d2ca678241255766ee40afece2895749c280d3f3c2d67f24a8b9aa64a56e50c438a038eb02538e905b3a8c62a57bd151022dd2205a98967e3a702aa8516da05145da20083da11a83278e9db04e6650e95e92c9b465c9d41be2187c30789341a6e48e34627feeb452bbfe2a02fffc7c5462b90ac14f3f8474f131f95e4bdab75fc042495070174dd830a9035dc7dc7008448dff5605832feb1e8b82e6c533b030a3fe5e988474faed543c4c95343a6eee06378b1187f3b3dc35b3b8d1720b6c1473edba6b8a612921121bae205cac71ea12f10639fb545f686f2d3edd5167b28deca68683d308b9386e1f8e9f968bebc535c7c41b749b7aa168ea101977565d5e8fbd12f0549bf7244501a608ad66dd6c7f01de5b48a00bb7d7433d354bb95a31d773ecb79f2b1cfe64ca272660714398cb20b98112e29b3ea8b0cd00125c220d06e3ecd8ca6fa5d5831ed7a47cc50b7deb141f69fa96259da700b77fe80cb38bf91eb45a9e5e5a92e24c6a56d0ee340973996967840c5007d68aa4f30fd85fe234ac5e30cee4bc04ae1d253eadfb098f77d5b6a10c443eb4e7e9aba18b88fd0a76b5b67b670ae471922bcaa2c130f604e2033cbe73b61f93416e7389693c794433a4d1e41e1ab2bc8d09e244adcb39d1d69b2e74c577f6c7b1409955ebfb91f9665f218ba27d0e300bc15d7eb49f8c7cc7d5722aaf923aab027bf86469d42faa376baa26751eb6077f1b3785747acc26fd78b490887e3ed477f9c7921ca26a5c86585514cbd880f4d39f8669c091d9351bc1c89c401f9b8cc46bdeccbf6accb4ee5cf7574a826688e41e92b30bc589319b4e2324be886963481ea6e710f8cbde4842a6509f41fd13de46fda9f94f46861ccd1287210d82f35c8ca11fc521b26cb9bc747bcb02acbb4252ed4a7ed139521016dca8d95552e684c8b576ac5e4c4f5997ddf45216c766437599fa07dc625b9d306a1c353b16d68a1e6c333612e7ea832665acad2808db916b717375e580ec0d4e661113928fb3ee86682e1f551afa142feb9e8c13503760b4ae51325c03d67765a5370ed2681cbb9eb812b274d0307b166e06afaa7f8ed75f112c9ec8c225d1b27d222a38faebbb27fca980d08f3014b7e44f01b1af40e0162a243e9e8c7d4d9c9250791b40e012127cd7d1732fb5eba2459ba50958099c52fb6558ab2ff28cb2786be2c523df6304380a09591418eeae3e87b0b5acbe64fe17445dfe653ae016adef009b09c4670b8c395353712dfa0984b1a24e0be7cd73a3118108ca7d8d633d976e5641557c0f630fa690de4045fcefa7188f3ad6055c6d323bb7dc37636901d88a77b47e66faf581f6cb686b6a519af87a8fddf912f4753d216a1c6b73ec8de9b8fd3fef56366e715bc5c7b5885b8f24f5dfa72dc103b5162928e492dfcac0f7e2bac848211c5629ea2f667a9c2dd11c31f3440a4876318953a879c233a7d4e1bcbf3db0fd5ad87a59181d05dab3968b3cdce577f59d7c9a64baa265cb332cb9c6f8795081797c061fd087f2cc6f1844dd775b4cb16f8131775dffe78b5ddcf53ddfb46a8594b765497845676e26d8fd8a98cc92faaa89ac84c5700191a34eb705ef8a24b83c8033f6b85aeb93353b79c7918fed63ed754cdb2c989cefb2a5d4d14dcad0439c40627c5dcda8da84ba8819c4df25740eb26ec53fc2798e7921ae2f71e282f4ac438e3b0796148a09c9912a879b82c564a4eec13d4185287cd8cc05fd832a85c4143a5ed3d6c617f85848fc65b882324380dd429527e7dc6504588a58c62bf6768a617475784e3aadbf131eba111bbdbb066e065c7af3bb064a064748c9de28a4b9679c3b92fce899547219c59adf2c6ede4e5fd9f41a4430d4ba2dcc80d40e6dcb8bff8fa4c685b6d1a8cd273fea052fdaae6223b6ff6871a61717459406eb698243b6479e6b0df9547c9fad6e8bb996b1562e0bae2719db58f326858477cae7441a7d040584b975f24078a5307a3ad250cec27335a8782595a4950871a1ffe0c546c00ae2744f355e4aee294767234f01a90dac504a5b52f09d4d4da44239ac18cbb7d948b117bcf0d253dc3057711bf0a18c9032763b27f8da3c344c029e519e0842326b4b8ebd2e7b0a11e540ae28d5954319516429558fc69f3dcb2481a543377e20d56dd4cc0c1cd7b53ecb8863b8c61940acdbb73c86499ac3288816a34d0d297eb7e545460ec4962541ecd29dd1ead1b8a706e976831d6f59a4e1058ad02a14279f7c75c365ca99d4fa51d7b373e4b4d412749146beb453956f51065b59b4ddc89e432d399dd81a5b5fdc8d1cf2d5fc2009c212d2db113bdd6e5be682111a6e4b0178eab06685d00c0d8a153781a8c52f79d0b7d63fb948e1f5b1f3a6d876357451fbd39633f73e3ac07e67ed62c018149572b4f88657e644ce16d7d85b6cabf825c21c097e177f25ea20270f876e70d25e6929c69581577da5b8f6ea8c138fefe6bf896d7e1f1c6c58dbbc0212ba5fb76a30cbd686e329ba16771de8971cf0b4ac8ebf2ef20f245668f9c64e92a0322ac9381a56eccdd47f9b0a30ffe1ed69d7a551f7626a51ab05b72b2c6c11c99210bbe1e4651afd94a7ff364593dfc5cac93a7527a99a1f2f40c9a4da9429666157acb11f367f3e3c28bba28c5030f546ee0"], 0x0) connect$inet6(r3, &(0x7f00000002c0), 0x1c) syz_emit_ethernet(0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x30, 0x1, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x2}]}, @CTA_STATUS={0x8}]}, 0x30}}, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="040100001a0001000700000000000070afb8bd00000000000000000000000001ff7fffff000002d4e68e884e682113f86671dc000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000662b0000002001000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000014000e00ff0100"/186], 0x104}}, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x440001, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000280)={'netpci0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}}) 13.89910159s ago: executing program 1 (id=110): r0 = socket(0x2, 0x2, 0x67) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x1, @broadcast}, 0x10) (async) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x1, @broadcast}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) (async) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x2) (async) sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x2) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) (async) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') read(r4, &(0x7f0000001a00)=""/177, 0xb1) r5 = open(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) (async) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setpriority(0x2, 0x0, 0x3) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xe, 0x7, 0x6, 0x3, 0x22, r5, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48) (async) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xe, 0x7, 0x6, 0x3, 0x22, r5, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48) write(r5, &(0x7f0000000040)="78eb046387cf51c15fbcc8d2bddbddb0f3fc0013421949927985c4f591d871d7a1509e1160f31f0188694cdb16e060d77f7c715ab5715bb70f286a4591293252873db732a4", 0x45) (async) write(r5, &(0x7f0000000040)="78eb046387cf51c15fbcc8d2bddbddb0f3fc0013421949927985c4f591d871d7a1509e1160f31f0188694cdb16e060d77f7c715ab5715bb70f286a4591293252873db732a4", 0x45) socket$packet(0x11, 0x2, 0x300) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3800eed4294ee59845e8f239480800d25a5e4f68bd3dbb7f3696daba9b49509b29ede4fae733b919f38af47f06d43c1428fa2727c13e4a0d9c88a72a61bb6af0347ca801e66b3b4268fcc8de18464e44ac26f45fac28d5901bc00b91d207505f6dcec74fbfcd563e224d3ed43a74ba3d33a1181ca62400e5faa846e0ef4d82cb54a5d3bda7d720e1a78604c9b3cc2d10f3be2e38f7c8935866c4e3d06cd483e1aeba33cd8527d2d6bf4b2f08c623324ec78dd790a85cb3f0220410a56c1f4caf6771f3918d687e3d548e3d5b4f6318b82e26faa5ea603e3c18b7e89bf0c72f10f1651f31475562884eecbc9684d12c788d24f5373c27f92d341c227b2f9079494b167c", @ANYRES16=r7, @ANYBLOB="01000000000000000000010000000c00060001000000000000000c0002000000000000000000040007800800010000000000"], 0x38}}, 0x0) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001b80)={0x2c, r7, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x2c}}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c) 12.852463342s ago: executing program 1 (id=112): fanotify_init(0x0, 0x8000) r0 = syz_io_uring_setup(0x24f5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_enter(r0, 0x0, 0x400000, 0x1, 0x0, 0x0) io_uring_enter(r0, 0x52e, 0x0, 0x0, 0x0, 0x0) r1 = eventfd2(0x4, 0x1001) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000040)=r1, 0x1) socket$vsock_stream(0x28, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0xc, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001340)=""/102378, 0x7706c522012798af) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r3) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001000010028bd70000000000000000000", @ANYRES32=r7, @ANYBLOB="605183000000001f9826dda89cc1777de01e3d61bbbc0204001980"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_clone(0x20000800, 0x0, 0x2, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(0x0, r8) sendmsg$IEEE802154_LLSEC_SETPARAMS(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3e200000ebe4462b7b538165d39a1d83d800ed6858bab9568f55bcc5f8c00b7c94b97e87edcc7589b892d708b9ff795742f2ddd55697c2cded0966d7caa894f0", @ANYRES16=r9, @ANYBLOB="010000000020000000002500000005002900010000000a0001007770616e30000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x26c002, 0x0) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='children\x00') preadv(r10, &(0x7f0000000040)=[{&(0x7f0000000100)=""/120, 0x78}], 0x1, 0x80000, 0xffffffff) 11.151106227s ago: executing program 3 (id=122): r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000980), 0x400, 0x0) ioctl$CDROM_GET_MCN(r0, 0x5311, 0x0) (fail_nth: 4) 10.366847171s ago: executing program 3 (id=131): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') socket$unix(0x1, 0x5, 0x0) connect$nfc_raw(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000280)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}, {&(0x7f00000001c0)=""/90}], 0x2e, 0x0, 0x0) socket(0x0, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000000380), &(0x7f0000000180)) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) r3 = accept4(r2, 0x0, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)="02", 0x1}], 0x1}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r4, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r4, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) 8.780631644s ago: executing program 3 (id=126): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x6e4980) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb2b08812cf979db4c3fbcfd5cd2d6e4342ab12bb32c869ebb4d35648bfc1b16"], 0x11) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4138ae84, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) 8.637594762s ago: executing program 3 (id=127): sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400008a, 0x0) 8.35148796s ago: executing program 3 (id=129): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) getuid() ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000140)={0x48, 0x5, r5}) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a010200000000000000000100000009000300739c7a320000000014000480080002401a00000008000140000000050900010073797a310000000044000000050a01020000000000000000010000000c00024000000000000000010900010073797a3100000000180004"], 0xcc}}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x1c, r2, 0x200, 0x1000000, 0x0, {{0xa}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) listen(r4, 0x9) 8.24050019s ago: executing program 3 (id=130): syz_io_uring_setup(0x2705, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r1, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="b896a15f48052eec7bc7fe285f228824877bd9d7deef9ae32aa7eaa025f93fb4067ab22fccd16dab6b0416f4b9", 0x2d}], 0x1}}], 0x1, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000200)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@rr={0x44, 0x7, 0x8, [@rand_addr]}, @ssrr={0x89, 0x3, 0xf6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) 6.230049216s ago: executing program 0 (id=140): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = dup(r3) mount(&(0x7f0000000240)=@nullb, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='v7\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000005, 0x12, r4, 0x0) r5 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef) bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x804, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc}, 0x48) write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff0215000400000000030006a40e07fff024bb000000", 0x29) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f00000003c0)=""/62, 0x3e}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000400)=[{&(0x7f0000000880)=""/111, 0x6f}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x1f, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000300000000000000ff00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020642500000000002020207b1af8ff00000000bfa10000f5ffffff06010000f8ffffffb702000008000000b7030000ffffff7f850000000600000018000000080000000000000000000000390cfeff010000001811000082bfc10984e2c366e8a56ee74538fb1cd68726d7e1571ece6eb6202797d85bba8e73f93f5f00d2bfca39cd671a34188caef67e8b3d24f62d84061f7dc14d64bfb32f2532265a6dc1ab80a91304230cb3e41d221b9bc0becf655ad078de6d7f7298ebf2a75eb764986f26ed2689c2d8535af3f611931a8fcf4293865369480d23e92d93c540922d7d7f04a2d9c97a52079ecad845fadf2ea384629999716dcda73dc8e090f6bf", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200000000000085000000860000001746feff00000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x9, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x770d, 0xffffffffffffffff, 0x3, &(0x7f0000000c00)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000c40)=[{0x0, 0x5, 0x10, 0xc}, {0x2, 0x3, 0x10, 0x1}, {0x0, 0x3, 0x1, 0xa}]}, 0x90) r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGREP(r8, 0x80084522, &(0x7f0000001f40)=""/230) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r7, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102372, 0x18fe4}], 0x1, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 5.680441889s ago: executing program 0 (id=142): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x6e4980) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb2b08812cf979db4c3fbcfd5cd2d6e4342ab12bb32c869ebb4d35648bfc1b16"], 0x11) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4138ae84, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) 5.677724081s ago: executing program 0 (id=143): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x7, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000680)=@framed, &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) r4 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r7 = socket(0x1, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_coalesce={0x33, 0x4, 0x2, 0x1, 0x5, 0x5, 0x7c, 0x28f, 0x1, 0x0, 0x400003, 0xcd, 0x9, 0xf, 0x9, 0x40, 0x8002, 0x3, 0x10, 0x81, 0x80000000, 0x9, 0x2}}) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r8 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x880, 0x0) ioctl$FBIO_WAITFORVSYNC(r8, 0x40044620, 0x0) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r9, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r9, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe) shutdown(r9, 0x1) 4.010291573s ago: executing program 2 (id=147): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x6) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={r0, 0x1, 0x6, 0x4}) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x95, 0x8000, r3}) (async, rerun: 64) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') (rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$inet6_icmp(0xa, 0x2, 0x3a) (async, rerun: 32) syz_usb_connect(0x0, 0x24, 0x0, 0x0) (rerun: 32) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000200), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000)) (async) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$netlink(0x10, 0x3, 0x0) (async) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@private2, 0x800, 0x0, 0x3, 0x1}, 0x20) (async) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) (async, rerun: 32) r6 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'veth1_to_bond\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010000100000000000000000007000000a0da2b29187def912a10b3b0548b740018a9daf5f48104b92ca90c6c6c817330905ec2ae800000001b2e16c888212ca183b6e9e29d430b9d2b8aa6bb0c8a28eac48b8c5d7df20b297a47c4844d980076d70b4ddad0877f687ed6a274b39e06077ff0ef31cfb5d1fd05ce9861e1266102876e420619c51fb33eeeb19ea74bfa1c9e1ea710fa236f1dd20af6a45231ec5872217e0a17de14bd34ba31cfd2600300"/195, @ANYRES32=r8, @ANYBLOB="00000000000000001c002b8008000800", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800030010000000"], 0x3c}}, 0x0) (async, rerun: 32) connect$inet6(r5, &(0x7f0000000300)={0xa, 0x0, 0x380000, @loopback}, 0x1c) (async, rerun: 32) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000180)=0x6f) (async, rerun: 64) write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) (rerun: 64) 2.346323841s ago: executing program 2 (id=149): sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(r0, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0) 2.27025356s ago: executing program 2 (id=150): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = dup(r3) mount(&(0x7f0000000240)=@nullb, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='v7\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000005, 0x12, r4, 0x0) r5 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef) bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x804, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc}, 0x48) write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff0215000400000000030006a40e07fff024bb000000", 0x29) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f00000003c0)=""/62, 0x3e}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000400)=[{&(0x7f0000000880)=""/111, 0x6f}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x1f, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000300000000000000ff00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020642500000000002020207b1af8ff00000000bfa10000f5ffffff06010000f8ffffffb702000008000000b7030000ffffff7f850000000600000018000000080000000000000000000000390cfeff010000001811000082bfc10984e2c366e8a56ee74538fb1cd68726d7e1571ece6eb6202797d85bba8e73f93f5f00d2bfca39cd671a34188caef67e8b3d24f62d84061f7dc14d64bfb32f2532265a6dc1ab80a91304230cb3e41d221b9bc0becf655ad078de6d7f7298ebf2a75eb764986f26ed2689c2d8535af3f611931a8fcf4293865369480d23e92d93c540922d7d7f04a2d9c97a52079ecad845fadf2ea384629999716dcda73dc8e090f6bf4e118b2d6a", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200000000000085000000860000001746feff00000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x9, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x770d, 0xffffffffffffffff, 0x3, &(0x7f0000000c00)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000c40)=[{0x0, 0x5, 0x10, 0xc}, {0x2, 0x3, 0x10, 0x1}, {0x0, 0x3, 0x1, 0xa}]}, 0x90) r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGREP(r8, 0x80084522, &(0x7f0000001f40)=""/230) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r7, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102372, 0x18fe4}], 0x1, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 1.61005009s ago: executing program 2 (id=151): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x6e4980) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb2b08812cf979db4c3fbcfd5cd2d6e4342ab12bb32c869ebb4d35648bfc1b16"], 0x11) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4138ae84, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) 1.609679318s ago: executing program 2 (id=152): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="3900000013000b4700bb65e1c3e4ffff0100a20035000000560000022500000019000a00100000ad07fd17e5ffff080c3800", 0x32}], 0x1) readv(r0, &(0x7f0000000b40)=[{&(0x7f0000000040)=""/7, 0x7}, {&(0x7f0000000400)=""/115, 0x73}, {&(0x7f00000004c0)=""/101, 0x65}, {&(0x7f0000001d40)=""/4105, 0x1009}, {0x0}, {&(0x7f0000000640)=""/94, 0x5e}, {&(0x7f0000000800)=""/195, 0xc3}], 0x7) 700.038237ms ago: executing program 2 (id=153): gettid() r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_uring_setup(0x5fb5, &(0x7f0000000300)={0x0, 0xfa29, 0x400, 0x0, 0x4}) socket$pppoe(0x18, 0x1, 0x0) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) timer_create(0x0, 0x0, 0x0) r6 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r6, 0x40305652, &(0x7f00000000c0)={0x3ff, 0x1, 0x2, 0x0, 0x0, 0xfa000, 0x1a5e00}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x21}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x8}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1bc81a00}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xa}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x3, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x4}, {}, {0x4, 0x0, 0x2}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 126.282083ms ago: executing program 0 (id=154): r0 = userfaultfd(0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4800000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000001000058009000100b53fb783ce"], 0x48}}, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000440)={r3}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000}) 126.011324ms ago: executing program 0 (id=155): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) 0s ago: executing program 0 (id=156): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB='trans=virtio,noextend']) (fail_nth: 6) kernel console output (not intermixed with test programs): [ 45.145581][ T39] audit: type=1400 audit(1725511060.554:82): avc: denied { siginh } for pid=5252 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.891295][ T39] audit: type=1400 audit(1725511061.334:83): avc: denied { read } for pid=4816 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 45.899811][ T39] audit: type=1400 audit(1725511061.334:84): avc: denied { append } for pid=4816 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.908013][ T39] audit: type=1400 audit(1725511061.334:85): avc: denied { open } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.919959][ T39] audit: type=1400 audit(1725511061.334:86): avc: denied { getattr } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:2317' (ED25519) to the list of known hosts. [ 48.001625][ T39] audit: type=1400 audit(1725511063.444:87): avc: denied { name_bind } for pid=5294 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 50.366505][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 50.366521][ T39] audit: type=1400 audit(1725511065.814:90): avc: denied { mounton } for pid=5302 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 50.374457][ T5302] cgroup: Unknown subsys name 'net' [ 50.379278][ T39] audit: type=1400 audit(1725511065.814:91): avc: denied { mount } for pid=5302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.390890][ T39] audit: type=1400 audit(1725511065.834:92): avc: denied { unmount } for pid=5302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.533971][ T5302] cgroup: Unknown subsys name 'rlimit' [ 50.687567][ T39] audit: type=1400 audit(1725511066.134:93): avc: denied { setattr } for pid=5302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.696191][ T39] audit: type=1400 audit(1725511066.134:94): avc: denied { create } for pid=5302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.704479][ T39] audit: type=1400 audit(1725511066.134:95): avc: denied { write } for pid=5302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.712015][ T39] audit: type=1400 audit(1725511066.134:96): avc: denied { read } for pid=5302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.719615][ T39] audit: type=1400 audit(1725511066.154:97): avc: denied { mounton } for pid=5302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 50.729106][ T39] audit: type=1400 audit(1725511066.154:98): avc: denied { mount } for pid=5302 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 50.738562][ T39] audit: type=1400 audit(1725511066.164:99): avc: denied { read } for pid=5054 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 50.771868][ T5335] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 51.733811][ T5302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.702911][ T39] kauditd_printk_skb: 5 callbacks suppressed [ 56.702926][ T39] audit: type=1400 audit(1725511072.154:105): avc: denied { execmem } for pid=5338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 57.431859][ T39] audit: type=1400 audit(1725511072.874:106): avc: denied { mounton } for pid=5342 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 57.443460][ T39] audit: type=1400 audit(1725511072.874:107): avc: denied { mount } for pid=5342 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 57.453032][ T39] audit: type=1400 audit(1725511072.874:108): avc: denied { create } for pid=5342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.461407][ T39] audit: type=1400 audit(1725511072.874:109): avc: denied { read write } for pid=5342 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 57.472143][ T39] audit: type=1400 audit(1725511072.874:110): avc: denied { open } for pid=5342 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 57.482830][ T39] audit: type=1400 audit(1725511072.884:111): avc: denied { ioctl } for pid=5342 comm="syz-executor" path="socket:[6215]" dev="sockfs" ino=6215 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.497229][ T5347] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.500889][ T5358] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.504404][ T5358] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.508481][ T5358] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.511456][ T5358] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.514841][ T5358] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.520477][ T5355] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.525683][ T65] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.527879][ T5357] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 57.529261][ T39] audit: type=1400 audit(1725511072.974:112): avc: denied { read } for pid=5342 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.530479][ T65] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.532888][ T5357] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.535758][ T5356] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.537037][ T5356] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.537394][ T5356] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.539049][ T5356] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 57.539598][ T5356] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 57.539910][ T5356] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.541221][ T39] audit: type=1400 audit(1725511072.984:113): avc: denied { open } for pid=5342 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.543154][ T5350] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 57.549152][ T5355] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 57.550424][ T39] audit: type=1400 audit(1725511072.984:114): avc: denied { mounton } for pid=5342 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 57.553561][ T5350] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 57.573091][ T5355] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 57.576365][ T5350] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 57.579864][ T5355] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.602048][ T5355] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.827707][ T5346] chnl_net:caif_netlink_parms(): no params data found [ 57.922636][ T5342] chnl_net:caif_netlink_parms(): no params data found [ 58.080918][ T5346] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.085208][ T5346] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.088516][ T5346] bridge_slave_0: entered allmulticast mode [ 58.092350][ T5346] bridge_slave_0: entered promiscuous mode [ 58.098139][ T5346] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.101149][ T5346] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.104373][ T5346] bridge_slave_1: entered allmulticast mode [ 58.108092][ T5346] bridge_slave_1: entered promiscuous mode [ 58.225959][ T5346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.234504][ T5346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.342123][ T5342] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.345389][ T5342] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.348604][ T5342] bridge_slave_0: entered allmulticast mode [ 58.353525][ T5342] bridge_slave_0: entered promiscuous mode [ 58.357672][ T5345] chnl_net:caif_netlink_parms(): no params data found [ 58.366924][ T5346] team0: Port device team_slave_0 added [ 58.370098][ T5342] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.374809][ T5342] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.377239][ T5342] bridge_slave_1: entered allmulticast mode [ 58.379938][ T5342] bridge_slave_1: entered promiscuous mode [ 58.426044][ T5346] team0: Port device team_slave_1 added [ 58.467734][ T5342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.494212][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.496580][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.505345][ T5346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.531245][ T5352] chnl_net:caif_netlink_parms(): no params data found [ 58.540651][ T5342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.545206][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.548269][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.560278][ T5346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.708921][ T5342] team0: Port device team_slave_0 added [ 58.753647][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.756833][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.759914][ T5345] bridge_slave_0: entered allmulticast mode [ 58.763875][ T5345] bridge_slave_0: entered promiscuous mode [ 58.770882][ T5342] team0: Port device team_slave_1 added [ 58.859902][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.862929][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.866085][ T5345] bridge_slave_1: entered allmulticast mode [ 58.870241][ T5345] bridge_slave_1: entered promiscuous mode [ 58.899108][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.902478][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.913093][ T5342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.937271][ T5346] hsr_slave_0: entered promiscuous mode [ 58.941687][ T5346] hsr_slave_1: entered promiscuous mode [ 59.026399][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.029203][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.038213][ T5342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.080786][ T5352] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.084187][ T5352] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.087424][ T5352] bridge_slave_0: entered allmulticast mode [ 59.091434][ T5352] bridge_slave_0: entered promiscuous mode [ 59.097990][ T5345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.132663][ T5352] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.135707][ T5352] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.138149][ T5352] bridge_slave_1: entered allmulticast mode [ 59.141322][ T5352] bridge_slave_1: entered promiscuous mode [ 59.147316][ T5345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.298764][ T5345] team0: Port device team_slave_0 added [ 59.305744][ T5345] team0: Port device team_slave_1 added [ 59.339182][ T5352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.371768][ T5342] hsr_slave_0: entered promiscuous mode [ 59.375467][ T5342] hsr_slave_1: entered promiscuous mode [ 59.378381][ T5342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.381886][ T5342] Cannot create hsr debugfs directory [ 59.414543][ T5352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.472719][ T5352] team0: Port device team_slave_0 added [ 59.476828][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.479713][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.490432][ T5345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.531457][ T5352] team0: Port device team_slave_1 added [ 59.539061][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.542261][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.553509][ T5354] Bluetooth: hci2: command tx timeout [ 59.554280][ T5355] Bluetooth: hci0: command tx timeout [ 59.556912][ T5345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.632756][ T5355] Bluetooth: hci1: command tx timeout [ 59.632788][ T5354] Bluetooth: hci3: command tx timeout [ 59.692855][ T5352] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.696321][ T5352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.708469][ T5352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.750202][ T5352] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.752799][ T5352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.763503][ T5352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.809139][ T5345] hsr_slave_0: entered promiscuous mode [ 59.811675][ T5345] hsr_slave_1: entered promiscuous mode [ 59.814397][ T5345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.817355][ T5345] Cannot create hsr debugfs directory [ 59.999107][ T5352] hsr_slave_0: entered promiscuous mode [ 60.002075][ T5352] hsr_slave_1: entered promiscuous mode [ 60.005146][ T5352] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.008459][ T5352] Cannot create hsr debugfs directory [ 60.040611][ T5346] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.108357][ T5346] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.115864][ T5346] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 60.151110][ T5346] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 60.260304][ T5342] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.289634][ T5342] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.300587][ T5342] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.318789][ T5342] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.356799][ T5345] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.363124][ T5345] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.385969][ T5345] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.390504][ T5345] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.437249][ T5352] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.444148][ T5352] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.451609][ T5352] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.463498][ T5352] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.614262][ T5342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.621374][ T5346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.673449][ T5346] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.683837][ T5342] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.689793][ T5345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.701244][ T91] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.704875][ T91] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.716323][ T5352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.736805][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.739543][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.746202][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.748957][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.756830][ T5352] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.770403][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.773272][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.787564][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.790553][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.799025][ T5345] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.810319][ T91] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.813388][ T91] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.829120][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.831629][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.874849][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.878382][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.050665][ T5346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.090200][ T5342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.111287][ T5346] veth0_vlan: entered promiscuous mode [ 61.132563][ T5346] veth1_vlan: entered promiscuous mode [ 61.170052][ T5345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.182343][ T5352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.190852][ T5342] veth0_vlan: entered promiscuous mode [ 61.207559][ T5346] veth0_macvtap: entered promiscuous mode [ 61.216134][ T5346] veth1_macvtap: entered promiscuous mode [ 61.223314][ T5342] veth1_vlan: entered promiscuous mode [ 61.248781][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.277855][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.294533][ T5342] veth0_macvtap: entered promiscuous mode [ 61.305358][ T5346] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.309196][ T5346] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.313714][ T5346] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.317389][ T5346] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.326108][ T5342] veth1_macvtap: entered promiscuous mode [ 61.329525][ T5352] veth0_vlan: entered promiscuous mode [ 61.350171][ T5352] veth1_vlan: entered promiscuous mode [ 61.362228][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.366555][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.372919][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.380795][ T5345] veth0_vlan: entered promiscuous mode [ 61.398421][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.405072][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.411032][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.416669][ T5345] veth1_vlan: entered promiscuous mode [ 61.428633][ T5342] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.433118][ T5342] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.437014][ T5342] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.440693][ T5342] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.482399][ T5352] veth0_macvtap: entered promiscuous mode [ 61.506122][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.506304][ T5352] veth1_macvtap: entered promiscuous mode [ 61.510424][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.564533][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.566360][ T5345] veth0_macvtap: entered promiscuous mode [ 61.568055][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.595358][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.596368][ T5345] veth1_macvtap: entered promiscuous mode [ 61.598702][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.604358][ T5352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.608717][ T5352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.613405][ T5352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.617772][ T5352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.623566][ T5352] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.632208][ T5354] Bluetooth: hci0: command tx timeout [ 61.634639][ T5354] Bluetooth: hci2: command tx timeout [ 61.642911][ T5352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.647181][ T5352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.651153][ T5352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.656622][ T5352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.662177][ T5352] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.669353][ T5352] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.673973][ T5352] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.677571][ T5352] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.681205][ T5352] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.699807][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.704923][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.708416][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.712211][ T5355] Bluetooth: hci1: command tx timeout [ 61.712259][ T5355] Bluetooth: hci3: command tx timeout [ 61.718073][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.721723][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.726517][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.731759][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.737274][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.741720][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.745927][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.750213][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.754458][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.758166][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.764451][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.768972][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 61.768980][ T39] audit: type=1400 audit(1725511077.214:123): avc: denied { read write } for pid=5346 comm="syz-executor" name="loop2" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 61.781781][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.786492][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.794465][ T39] audit: type=1400 audit(1725511077.214:124): avc: denied { open } for pid=5346 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 61.805603][ T39] audit: type=1400 audit(1725511077.214:125): avc: denied { ioctl } for pid=5346 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=662 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 61.815292][ T5345] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.817823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.820832][ T5345] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.828880][ T5345] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.832947][ T5345] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.861169][ T39] audit: type=1400 audit(1725511077.304:126): avc: denied { prog_load } for pid=5406 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.884226][ T39] audit: type=1400 audit(1725511077.304:127): avc: denied { bpf } for pid=5406 comm="syz.2.3" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 61.940195][ T39] audit: type=1400 audit(1725511077.384:128): avc: denied { read } for pid=5410 comm="syz.2.5" dev="nsfs" ino=4026532959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 61.943664][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.954045][ T39] audit: type=1400 audit(1725511077.384:129): avc: denied { open } for pid=5410 comm="syz.2.5" path="net:[4026532959]" dev="nsfs" ino=4026532959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 61.957299][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.966882][ T39] audit: type=1400 audit(1725511077.384:130): avc: denied { create } for pid=5410 comm="syz.2.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 61.990331][ T39] audit: type=1400 audit(1725511077.394:131): avc: denied { setopt } for pid=5410 comm="syz.2.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 62.008324][ T39] audit: type=1400 audit(1725511077.444:132): avc: denied { create } for pid=5413 comm="syz.2.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 62.047687][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.051275][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.062722][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.076494][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.104583][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.109278][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.137945][ T5416] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6'. [ 62.252130][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 62.256035][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 62.357613][ T5422] VFS: could not find a valid V7 on nullb0. [ 62.462343][ T5423] mkiss: ax0: crc mode is auto. [ 62.532418][ T5423] netlink: 'syz.0.1': attribute type 4 has an invalid length. [ 62.537424][ T5423] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1'. [ 62.713607][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 62.864442][ T5428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8'. [ 62.946399][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 62.992312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 62.997969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 63.262029][ T5443] VFS: could not find a valid V7 on nullb0. [ 63.389501][ T5447] VFS: could not find a valid V7 on nullb0. [ 63.712024][ T5355] Bluetooth: hci0: command tx timeout [ 63.714607][ T5354] Bluetooth: hci2: command tx timeout [ 63.792048][ T5354] Bluetooth: hci3: command tx timeout [ 63.794308][ T5354] Bluetooth: hci1: command tx timeout [ 64.081104][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 64.377696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 64.381265][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 64.422995][ T5454] VFS: could not find a valid V7 on nullb0. [ 65.353009][ T5476] PKCS7: Unknown OID: [5] (bad) [ 65.355420][ T5476] PKCS7: Only support pkcs7_signedData type [ 65.625365][ T5489] syz.0.22 uses obsolete (PF_INET,SOCK_PACKET) [ 65.675757][ T5489] trusted_key: syz.0.22 sent an empty control message without MSG_MORE. [ 65.702431][ T5484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23'. [ 65.792253][ T5355] Bluetooth: hci0: command tx timeout [ 65.794732][ T5354] Bluetooth: hci2: command tx timeout [ 65.872254][ T5354] Bluetooth: hci1: command tx timeout [ 65.874655][ T5354] Bluetooth: hci3: command tx timeout [ 65.937973][ T5484] capability: warning: `syz.1.23' uses 32-bit capabilities (legacy support in use) [ 66.555303][ T5512] FAULT_INJECTION: forcing a failure. [ 66.555303][ T5512] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 66.561691][ T5512] CPU: 2 UID: 0 PID: 5512 Comm: syz.1.29 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 66.566632][ T5512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.571556][ T5512] Call Trace: [ 66.573061][ T5512] [ 66.574387][ T5512] dump_stack_lvl+0x16c/0x1f0 [ 66.576496][ T5512] should_fail_ex+0x497/0x5b0 [ 66.578635][ T5512] _copy_from_user+0x30/0xf0 [ 66.580693][ T5512] io_register_rsrc+0xce/0x250 [ 66.582836][ T5512] ? __pfx_io_register_rsrc+0x10/0x10 [ 66.585224][ T5512] ? __fget_files+0x256/0x400 [ 66.587550][ T5512] __do_sys_io_uring_register+0xbfc/0x2240 [ 66.590406][ T5512] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 66.593176][ T5512] ? ksys_write+0x1ab/0x260 [ 66.595199][ T5512] ? __pfx_ksys_write+0x10/0x10 [ 66.597341][ T5512] do_syscall_64+0xcd/0x250 [ 66.599363][ T5512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.601956][ T5512] RIP: 0033:0x7fab76f7cef9 [ 66.603878][ T5512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.612309][ T5512] RSP: 002b:00007fab77cda038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 66.615602][ T5512] RAX: ffffffffffffffda RBX: 00007fab77135f80 RCX: 00007fab76f7cef9 [ 66.618590][ T5512] RDX: 0000000020000540 RSI: 000000000000000f RDI: 0000000000000003 [ 66.621215][ T5512] RBP: 00007fab77cda090 R08: 0000000000000000 R09: 0000000000000000 [ 66.624213][ T5512] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001 [ 66.627743][ T5512] R13: 0000000000000000 R14: 00007fab77135f80 R15: 00007ffe9d6a4158 [ 66.631251][ T5512] [ 66.867361][ T39] kauditd_printk_skb: 64 callbacks suppressed [ 66.867376][ T39] audit: type=1400 audit(1725511082.314:197): avc: denied { create } for pid=5516 comm="syz.3.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 66.879760][ T39] audit: type=1400 audit(1725511082.324:198): avc: denied { bind } for pid=5516 comm="syz.3.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 66.889027][ T5517] tipc: Started in network mode [ 66.891283][ T5517] tipc: Node identity ffffffff, cluster identity 4711 [ 66.892705][ T39] audit: type=1400 audit(1725511082.344:199): avc: denied { map_read map_write } for pid=5518 comm="syz.2.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 66.894455][ T5517] tipc: Node number set to 4294967295 [ 66.957720][ T39] audit: type=1400 audit(1725511082.404:200): avc: denied { ioctl } for pid=5522 comm="syz.3.33" path="/dev/raw-gadget" dev="devtmpfs" ino=763 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.146103][ T5527] VFS: could not find a valid V7 on nullb0. [ 67.241941][ T5386] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 67.433817][ T39] audit: type=1400 audit(1725511082.884:201): avc: denied { unmount } for pid=5352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 67.461487][ T5386] usb 8-1: config 1 interface 0 has no altsetting 0 [ 67.467020][ T5386] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 67.470410][ T5386] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.474467][ T5386] usb 8-1: Product: syz [ 67.476401][ T5386] usb 8-1: Manufacturer: syz [ 67.478508][ T5386] usb 8-1: SerialNumber: syz [ 67.548916][ T5533] VFS: could not find a valid V7 on nullb0. [ 67.778300][ T39] audit: type=1400 audit(1725511083.224:202): avc: denied { setopt } for pid=5534 comm="syz.1.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 67.799015][ T39] audit: type=1400 audit(1725511083.244:203): avc: denied { write } for pid=5534 comm="syz.1.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 67.875824][ T39] audit: type=1400 audit(1725511083.324:204): avc: denied { create } for pid=5536 comm="syz.2.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 67.887531][ T5538] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 67.894108][ T39] audit: type=1400 audit(1725511083.344:205): avc: denied { bind } for pid=5536 comm="syz.2.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 67.909442][ T39] audit: type=1400 audit(1725511083.354:206): avc: denied { connect } for pid=5536 comm="syz.2.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 67.931656][ T5538] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.027288][ T5544] FAULT_INJECTION: forcing a failure. [ 68.027288][ T5544] name failslab, interval 1, probability 0, space 0, times 1 [ 68.034541][ T5544] CPU: 1 UID: 0 PID: 5544 Comm: syz.0.40 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 68.038701][ T5544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.042989][ T5544] Call Trace: [ 68.044442][ T5544] [ 68.045659][ T5544] dump_stack_lvl+0x16c/0x1f0 [ 68.047528][ T5544] should_fail_ex+0x497/0x5b0 [ 68.049569][ T5544] ? fs_reclaim_acquire+0xae/0x160 [ 68.051607][ T5544] should_failslab+0xc2/0x120 [ 68.053216][ T5544] __kmalloc_noprof+0xcb/0x400 [ 68.055220][ T5544] bio_kmalloc+0x41/0x70 [ 68.057062][ T5544] blk_rq_map_kern+0x400/0x760 [ 68.059050][ T5544] scsi_execute_cmd+0xc09/0xf40 [ 68.060719][ T5544] ? kasan_save_stack+0x42/0x60 [ 68.062756][ T5544] ? scsi_block_when_processing_errors+0x2c1/0x380 [ 68.065543][ T5544] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 68.067855][ T5544] sr_do_ioctl+0x21c/0x830 [ 68.069799][ T5544] ? __pfx_sr_do_ioctl+0x10/0x10 [ 68.071654][ T5544] sr_get_mcn+0x129/0x210 [ 68.073214][ T5544] ? __pfx_sr_get_mcn+0x10/0x10 [ 68.075282][ T5544] cdrom_ioctl+0x896/0x3290 [ 68.077186][ T5544] ? mark_lock+0xb5/0xc60 [ 68.078657][ T5544] ? __pfx_cdrom_ioctl+0x10/0x10 [ 68.080677][ T5544] ? __pfx_mark_lock+0x10/0x10 [ 68.082740][ T5544] ? trace_rpm_return_int+0x19d/0x220 [ 68.085048][ T5544] ? rpm_resume+0x81d/0x1330 [ 68.086715][ T5544] ? find_held_lock+0x2d/0x110 [ 68.088696][ T5544] ? __pm_runtime_resume+0xc3/0x170 [ 68.090918][ T5544] ? __pfx_lock_release+0x10/0x10 [ 68.092979][ T5544] ? mark_held_locks+0x9f/0xe0 [ 68.094800][ T5544] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 68.097008][ T5544] ? lockdep_hardirqs_on+0x7c/0x110 [ 68.099226][ T5544] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 68.101337][ T5544] ? __pm_runtime_resume+0xc3/0x170 [ 68.103421][ T5544] sr_block_ioctl+0x1b0/0x250 [ 68.105461][ T5544] ? __pfx_sr_block_ioctl+0x10/0x10 [ 68.107507][ T5544] blkdev_ioctl+0x27c/0x6e0 [ 68.109078][ T5544] ? __pfx_blkdev_ioctl+0x10/0x10 [ 68.111224][ T5544] ? selinux_file_ioctl+0xb4/0x270 [ 68.113232][ T5544] ? bpf_lsm_file_ioctl+0x9/0x10 [ 68.115078][ T5544] ? __pfx_blkdev_ioctl+0x10/0x10 [ 68.117241][ T5544] __x64_sys_ioctl+0x193/0x220 [ 68.119220][ T5544] do_syscall_64+0xcd/0x250 [ 68.121157][ T5544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.123476][ T5544] RIP: 0033:0x7f7eb477cef9 [ 68.125045][ T5544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.133145][ T5544] RSP: 002b:00007f7eb55fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.136242][ T5544] RAX: ffffffffffffffda RBX: 00007f7eb4935f80 RCX: 00007f7eb477cef9 [ 68.139553][ T5544] RDX: 0000000000000000 RSI: 0000000000005311 RDI: 0000000000000003 [ 68.142886][ T5544] RBP: 00007f7eb55fe090 R08: 0000000000000000 R09: 0000000000000000 [ 68.146231][ T5544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.149247][ T5544] R13: 0000000000000000 R14: 00007f7eb4935f80 R15: 00007fff4c1ccc58 [ 68.151980][ T5544] [ 68.297400][ T5551] VFS: could not find a valid V7 on nullb0. [ 68.333027][ T5386] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 68.728318][ C0] usblp0: nonzero write bulk status received: -71 [ 68.734866][ T5386] usb 8-1: USB disconnect, device number 2 [ 68.872772][ T5559] netlink: 20 bytes leftover after parsing attributes in process `syz.0.45'. [ 69.174821][ T5570] FAULT_INJECTION: forcing a failure. [ 69.174821][ T5570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 69.180660][ T5570] CPU: 2 UID: 0 PID: 5570 Comm: syz.1.51 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 69.183180][ T5386] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 69.185154][ T5570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.192705][ T5570] Call Trace: [ 69.193850][ T5570] [ 69.194866][ T5570] dump_stack_lvl+0x16c/0x1f0 [ 69.196544][ T5570] should_fail_ex+0x497/0x5b0 [ 69.198239][ T5570] _copy_to_user+0x30/0xc0 [ 69.199827][ T5570] simple_read_from_buffer+0xd0/0x160 [ 69.201734][ T5570] proc_fail_nth_read+0x19e/0x280 [ 69.203851][ T5570] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 69.205930][ T5570] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 69.207947][ T5570] vfs_read+0x1d4/0xbd0 [ 69.209432][ T5570] ? drm_ioctl+0x158/0xc00 [ 69.211159][ T5570] ? __fdget_pos+0xeb/0x180 [ 69.212929][ T5570] ? __pfx_vfs_read+0x10/0x10 [ 69.214819][ T5570] ? __pfx___mutex_lock+0x10/0x10 [ 69.216901][ T5570] ? __fget_files+0x256/0x400 [ 69.218784][ T5570] ksys_read+0x12f/0x260 [ 69.220493][ T5570] ? __pfx_ksys_read+0x10/0x10 [ 69.222461][ T5570] do_syscall_64+0xcd/0x250 [ 69.224224][ T5570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.226336][ T5570] RIP: 0033:0x7fab76f7b93c [ 69.228118][ T5570] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 69.235971][ T5570] RSP: 002b:00007fab77cda030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 69.239603][ T5570] RAX: ffffffffffffffda RBX: 00007fab77135f80 RCX: 00007fab76f7b93c [ 69.243083][ T5570] RDX: 000000000000000f RSI: 00007fab77cda0a0 RDI: 0000000000000004 [ 69.246306][ T5570] RBP: 00007fab77cda090 R08: 0000000000000000 R09: 0000000000000000 [ 69.249154][ T5570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 69.252431][ T5570] R13: 0000000000000000 R14: 00007fab77135f80 R15: 00007ffe9d6a4158 [ 69.255915][ T5570] [ 69.359426][ T5574] VFS: could not find a valid V7 on nullb0. [ 69.383322][ T5386] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 69.389353][ T5386] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 69.392569][ T5386] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.396414][ T5386] usb 8-1: Product: syz [ 69.398267][ T5386] usb 8-1: Manufacturer: syz [ 69.400334][ T5386] usb 8-1: SerialNumber: syz [ 69.462006][ T35] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.609293][ T5523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.616280][ T5523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.619882][ T5523] usblp0: removed [ 69.655125][ T35] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 69.659346][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.664708][ T35] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 69.668415][ T35] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 69.671400][ T35] usb 5-1: Manufacturer: syz [ 69.676209][ T35] usb 5-1: config 0 descriptor?? [ 69.761873][ T35] rc_core: IR keymap rc-hauppauge not found [ 69.764126][ T35] Registered IR keymap rc-empty [ 69.767539][ T35] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 69.772996][ T35] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input5 [ 69.829173][ T5386] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -71 [ 69.836734][ T5386] usb 8-1: USB disconnect, device number 3 [ 69.895360][ T35] usb 5-1: USB disconnect, device number 2 [ 70.453518][ T5596] netlink: 20 bytes leftover after parsing attributes in process `syz.3.58'. [ 70.807272][ T5607] VFS: could not find a valid V7 on nullb0. [ 70.865762][ T5612] overlay: Unknown parameter 'obj_type' [ 71.189511][ T5616] warning: `syz.0.66' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 71.191990][ T8] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 71.209277][ T5618] FAULT_INJECTION: forcing a failure. [ 71.209277][ T5618] name failslab, interval 1, probability 0, space 0, times 0 [ 71.214898][ T5618] CPU: 0 UID: 0 PID: 5618 Comm: syz.1.67 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 71.219694][ T5618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.224422][ T5618] Call Trace: [ 71.225925][ T5618] [ 71.227255][ T5618] dump_stack_lvl+0x16c/0x1f0 [ 71.229372][ T5618] should_fail_ex+0x497/0x5b0 [ 71.231471][ T5618] ? map_id_range_down+0x2b6/0x3a0 [ 71.233756][ T5618] should_failslab+0xc2/0x120 [ 71.235862][ T5618] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 71.238258][ T5618] ? slab_build_skb+0x48/0x400 [ 71.240413][ T5618] slab_build_skb+0x48/0x400 [ 71.242463][ T5618] bpf_prog_test_run_skb+0x356/0x20f0 [ 71.244808][ T5618] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 71.247412][ T5618] ? fput+0x32/0x390 [ 71.249167][ T5618] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 71.251755][ T5618] __sys_bpf+0x10d2/0x4a00 [ 71.253740][ T5618] ? ksys_write+0x21c/0x260 [ 71.255756][ T5618] ? reacquire_held_locks+0x4b0/0x4c0 [ 71.258130][ T5618] ? __pfx___sys_bpf+0x10/0x10 [ 71.260268][ T5618] ? vfs_write+0x14d/0x1140 [ 71.262303][ T5618] ? __mutex_unlock_slowpath+0x164/0x650 [ 71.264814][ T5618] ? fput+0x32/0x390 [ 71.266583][ T5618] ? ksys_write+0x1ab/0x260 [ 71.268609][ T5618] ? __pfx_ksys_write+0x10/0x10 [ 71.270781][ T5618] __x64_sys_bpf+0x78/0xc0 [ 71.272782][ T5618] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.275072][ T5618] do_syscall_64+0xcd/0x250 [ 71.277101][ T5618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.279715][ T5618] RIP: 0033:0x7fab76f7cef9 [ 71.281707][ T5618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.290114][ T5618] RSP: 002b:00007fab77cda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 71.293580][ T5618] RAX: ffffffffffffffda RBX: 00007fab77135f80 RCX: 00007fab76f7cef9 [ 71.297053][ T5618] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 000000000000000a [ 71.300538][ T5618] RBP: 00007fab77cda090 R08: 0000000000000000 R09: 0000000000000000 [ 71.303994][ T5618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.307468][ T5618] R13: 0000000000000000 R14: 00007fab77135f80 R15: 00007ffe9d6a4158 [ 71.310948][ T5618] [ 71.424396][ T8] usb 7-1: config 1 interface 0 has no altsetting 0 [ 71.429017][ T8] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 71.432903][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.436155][ T8] usb 7-1: Product: syz [ 71.438134][ T8] usb 7-1: Manufacturer: syz [ 71.440156][ T8] usb 7-1: SerialNumber: syz [ 71.927318][ T5633] netlink: 20 bytes leftover after parsing attributes in process `syz.3.72'. [ 72.272641][ T8] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 72.394351][ T39] kauditd_printk_skb: 21 callbacks suppressed [ 72.394366][ T39] audit: type=1400 audit(1725511087.844:226): avc: denied { execute } for pid=5646 comm="syz.0.77" path=2F6D656D66643A1033717D329ACEAF03DF795BD9FF5238F41C0869E45ED5FDA90DAC374194A0202864656C6574656429 dev="hugetlbfs" ino=7892 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 72.411674][ T39] audit: type=1400 audit(1725511087.854:227): avc: denied { ioctl } for pid=5646 comm="syz.0.77" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=7893 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 72.438155][ T5648] VFS: could not find a valid V7 on nullb0. [ 72.751943][ T39] audit: type=1400 audit(1725511088.194:228): avc: denied { write } for pid=5634 comm="syz.3.73" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 72.827681][ C1] usblp0: nonzero write bulk status received: -71 [ 72.828027][ T8] usb 7-1: USB disconnect, device number 2 [ 72.836744][ T39] audit: type=1400 audit(1725511088.284:229): avc: denied { create } for pid=5656 comm="syz.1.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 72.838458][ T5657] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 72.854743][ T39] audit: type=1400 audit(1725511088.294:230): avc: denied { ioctl } for pid=5656 comm="syz.1.80" path="socket:[8494]" dev="sockfs" ino=8494 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 72.981730][ T5660] netlink: 20 bytes leftover after parsing attributes in process `syz.1.81'. [ 73.203223][ T8] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 73.236936][ T5669] FAULT_INJECTION: forcing a failure. [ 73.236936][ T5669] name failslab, interval 1, probability 0, space 0, times 0 [ 73.242986][ T5669] CPU: 2 UID: 0 PID: 5669 Comm: syz.1.85 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 73.247404][ T5669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.252112][ T5669] Call Trace: [ 73.253586][ T5669] [ 73.254854][ T5669] dump_stack_lvl+0x16c/0x1f0 [ 73.256923][ T5669] should_fail_ex+0x497/0x5b0 [ 73.258937][ T5669] ? fs_reclaim_acquire+0xae/0x160 [ 73.261123][ T5669] should_failslab+0xc2/0x120 [ 73.263202][ T5669] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 73.265593][ T5669] ? getname_flags.part.0+0x4c/0x550 [ 73.267661][ T5669] getname_flags.part.0+0x4c/0x550 [ 73.269684][ T5669] getname_flags+0x93/0xf0 [ 73.271520][ T5669] user_path_at+0x24/0x60 [ 73.273373][ T5669] __x64_sys_mount+0x1fc/0x320 [ 73.275243][ T5669] ? __pfx___x64_sys_mount+0x10/0x10 [ 73.277510][ T5669] do_syscall_64+0xcd/0x250 [ 73.279170][ T5669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.281799][ T5669] RIP: 0033:0x7fab76f7cef9 [ 73.283751][ T5669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.292153][ T5669] RSP: 002b:00007fab77cda038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 73.295789][ T5669] RAX: ffffffffffffffda RBX: 00007fab77135f80 RCX: 00007fab76f7cef9 [ 73.299048][ T5669] RDX: 0000000020002100 RSI: 00000000200020c0 RDI: 0000000000000000 [ 73.302311][ T5669] RBP: 00007fab77cda090 R08: 0000000020000540 R09: 0000000000000000 [ 73.304983][ T5669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.307427][ T5669] R13: 0000000000000000 R14: 00007fab77135f80 R15: 00007ffe9d6a4158 [ 73.310432][ T5669] [ 73.400851][ T8] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 73.413327][ T8] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 73.417189][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.420658][ T8] usb 7-1: Product: syz [ 73.422950][ T8] usb 7-1: Manufacturer: syz [ 73.424966][ T8] usb 7-1: SerialNumber: syz [ 73.488987][ T39] audit: type=1400 audit(1725511088.934:231): avc: denied { read write } for pid=5672 comm="syz.1.87" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 73.502496][ T39] audit: type=1400 audit(1725511088.934:232): avc: denied { open } for pid=5672 comm="syz.1.87" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 73.513935][ T39] audit: type=1400 audit(1725511088.944:233): avc: denied { mounton } for pid=5672 comm="syz.1.87" path="/34/file0" dev="tmpfs" ino=198 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 73.514056][ T5677] VFS: could not find a valid V7 on nullb0. [ 73.575149][ T39] audit: type=1400 audit(1725511089.024:234): avc: denied { setopt } for pid=5672 comm="syz.1.87" lport=115 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 73.640866][ T39] audit: type=1400 audit(1725511089.084:235): avc: denied { create } for pid=5613 comm="syz.2.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 73.654953][ T5614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.660151][ T5614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.667160][ T5614] usblp0: removed [ 73.929027][ T8] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 73.960583][ T8] usb 7-1: USB disconnect, device number 3 [ 74.012305][ T5685] netlink: 68 bytes leftover after parsing attributes in process `syz.1.91'. [ 74.020714][ T5685] ebt_among: wrong size: 2080 against expected 2280, rounded to 2280 [ 74.141094][ T5694] netlink: 20 bytes leftover after parsing attributes in process `syz.3.92'. [ 74.199176][ T5698] [U] [ 74.200758][ T5698] [U] [ 74.202023][ T5698] [U] [ 74.203289][ T5698] [U] [ 74.205417][ T5698] [U] [ 74.206727][ T5698] [U] [ 74.208019][ T5698] [U] [ 74.209288][ T5698] [U] [ 74.211074][ T5698] [U] [ 74.212386][ T5698] [U] [ 74.213867][ T5698] [U] [ 74.215154][ T5698] [U] [ 74.218442][ T5698] [U] [ 74.219741][ T5698] [U] [ 74.221019][ T5698] [U] [ 74.222281][ T5698] [U] [ 74.224087][ T5698] [U] [ 74.225394][ T5698] [U] [ 74.226661][ T5698] [U] [ 74.227925][ T5698] [U] [ 74.229487][ T5698] [U] [ 74.230800][ T5698] [U] [ 74.232121][ T5698] [U] [ 74.233400][ T5698] [U] [ 74.235845][ T5698] [U] [ 74.237144][ T5698] [U] [ 74.238392][ T5698] [U] [ 74.239663][ T5698] [U] [ 74.241177][ T5698] [U] [ 74.242491][ T5698] [U] [ 74.243752][ T5698] [U] [ 74.245020][ T5698] [U] [ 74.246942][ T5698] [U] [ 74.248249][ T5698] [U] [ 74.249523][ T5698] [U] [ 74.250783][ T5698] [U] [ 74.252587][ T5698] [U] [ 74.253888][ T5698] [U] [ 74.255154][ T5698] [U] [ 74.256439][ T5698] [U] [ 74.257921][ T5698] [U] [ 74.259076][ T5698] [U] [ 74.260300][ T5698] [U] [ 74.261575][ T5698] [U] [ 74.264065][ T5698] [U] [ 74.265373][ T5698] [U] [ 74.266633][ T5698] [U] [ 74.267896][ T5698] [U] [ 74.269395][ T5698] [U] [ 74.270680][ T5698] [U] [ 74.271946][ T5698] [U] [ 74.273225][ T5698] [U] [ 74.275657][ T5698] [U] [ 74.276971][ T5698] [U] [ 74.278236][ T5698] [U] [ 74.279512][ T5698] [U] [ 74.280987][ T5698] [U] [ 74.282279][ T5698] [U] [ 74.283553][ T5698] [U] [ 74.284819][ T5698] [U] [ 74.287412][ T5698] [U] [ 74.288716][ T5698] [U] [ 74.289975][ T5698] [U] [ 74.291236][ T5698] [U] [ 74.293197][ T5698] [U] [ 74.294504][ T5698] [U] [ 74.295768][ T5698] [U] [ 74.297039][ T5698] [U] [ 74.298559][ T5698] [U] [ 74.299852][ T5698] [U] [ 74.301128][ T5698] [U] [ 74.302392][ T5698] [U] [ 74.305027][ T5698] [U] [ 74.306351][ T5698] [U] [ 74.307618][ T5698] [U] [ 74.308836][ T5698] [U] [ 74.310622][ T5698] [U] [ 74.311913][ T5698] [U] [ 74.313188][ T5698] [U] [ 74.314460][ T5698] [U] [ 74.316819][ T5698] [U] [ 74.318118][ T5698] [U] [ 74.319385][ T5698] [U] [ 74.320657][ T5698] [U] [ 74.323567][ T5698] [U] [ 74.324904][ T5698] [U] [ 74.326187][ T5698] [U] [ 74.327451][ T5698] [U] [ 74.331687][ T5698] [U] [ 74.332680][ T5698] [U] [ 74.333819][ T5698] [U] [ 74.335044][ T5698] [U] [ 74.336467][ T5698] [U] [ 74.337664][ T5698] [U] [ 74.338896][ T5698] [U] [ 74.340146][ T5698] [U] [ 74.341497][ T5698] [U] [ 74.342583][ T5698] [U] [ 74.343656][ T5698] [U] [ 74.344747][ T5698] [U] [ 74.347456][ T5698] [U] [ 74.348479][ T5698] [U] [ 74.349641][ T5698] [U] [ 74.350605][ T5698] [U] [ 74.351594][ T5698] [U] [ 74.352563][ T5698] [U] [ 74.353526][ T5698] [U] [ 74.354677][ T5698] [U] [ 74.356680][ T5698] [U] [ 74.357859][ T5698] [U] [ 74.359012][ T5698] [U] [ 74.360144][ T5698] [U] [ 74.361249][ T5698] [U] [ 74.362213][ T5698] [U] [ 74.363347][ T5698] [U] [ 74.364548][ T5698] [U] [ 74.367030][ T5698] [U] [ 74.368272][ T5698] [U] [ 74.369433][ T5698] [U] [ 74.370625][ T5698] [U] [ 74.372646][ T5698] [U] [ 74.373914][ T5698] [U] [ 74.375183][ T5698] [U] [ 74.376300][ T5698] [U] [ 74.377608][ T5698] [U] [ 74.378678][ T5698] [U] [ 74.379857][ T5698] [U] [ 74.663144][ T5710] VFS: could not find a valid V7 on nullb0. [ 74.744062][ T5697] [U] [ 74.830039][ T5719] fuse: Unknown parameter '00000000000000000000' [ 74.986534][ T5724] tipc: Can't bind to reserved service type 1 [ 75.202022][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 75.245366][ T5732] netlink: 20 bytes leftover after parsing attributes in process `syz.1.107'. [ 75.392100][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 75.575006][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 104 [ 75.584264][ T10] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 75.588130][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.591453][ T10] usb 5-1: Product: syz [ 75.607027][ T10] usb 5-1: Manufacturer: syz [ 75.609051][ T10] usb 5-1: SerialNumber: syz [ 75.614008][ T10] usb 5-1: config 0 descriptor?? [ 75.616900][ T5717] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 75.628604][ T10] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input6 [ 75.681971][ C3] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 76.471012][ T5371] usb 5-1: USB disconnect, device number 3 [ 76.963138][ T5764] VFS: could not find a valid V7 on nullb0. [ 76.988092][ T5759] mmap: syz.3.113 (5759) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.058863][ T5765] netlink: 4 bytes leftover after parsing attributes in process `syz.1.112'. [ 77.253112][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.255517][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.455787][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 77.455866][ T39] audit: type=1400 audit(1725511092.904:259): avc: denied { write } for pid=5771 comm="syz.2.117" name="unix" dev="proc" ino=4026533012 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 77.659440][ T39] audit: type=1400 audit(1725511093.104:260): avc: denied { connect } for pid=5771 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 77.678544][ T39] audit: type=1400 audit(1725511093.114:261): avc: denied { name_connect } for pid=5771 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 77.746424][ T39] audit: type=1400 audit(1725511093.194:262): avc: denied { listen } for pid=5771 comm="syz.2.117" lport=38559 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 77.809691][ T39] audit: type=1400 audit(1725511093.254:263): avc: denied { accept } for pid=5771 comm="syz.2.117" lport=38559 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 77.857859][ T39] audit: type=1400 audit(1725511093.304:264): avc: denied { write } for pid=5771 comm="syz.2.117" lport=38559 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 77.880506][ T39] audit: type=1400 audit(1725511093.324:265): avc: denied { mount } for pid=5771 comm="syz.2.117" name="/" dev="ramfs" ino=10415 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 77.923130][ T39] audit: type=1400 audit(1725511093.374:266): avc: denied { unlink } for pid=5771 comm="syz.2.117" name="#1" dev="tmpfs" ino=143 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 77.935723][ T5775] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 78.283600][ T39] audit: type=1400 audit(1725511093.734:267): avc: denied { create } for pid=5782 comm="syz.3.120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 78.291772][ T39] audit: type=1400 audit(1725511093.734:268): avc: denied { ioctl } for pid=5782 comm="syz.3.120" path="/dev/sg0" dev="devtmpfs" ino=707 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 78.429913][ T5791] FAULT_INJECTION: forcing a failure. [ 78.429913][ T5791] name failslab, interval 1, probability 0, space 0, times 0 [ 78.438904][ T5791] CPU: 2 UID: 0 PID: 5791 Comm: syz.3.122 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 78.443216][ T5791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.447859][ T5791] Call Trace: [ 78.449345][ T5791] [ 78.450486][ T5791] dump_stack_lvl+0x16c/0x1f0 [ 78.452306][ T5791] should_fail_ex+0x497/0x5b0 [ 78.454147][ T5791] ? fs_reclaim_acquire+0xae/0x160 [ 78.456397][ T5791] should_failslab+0xc2/0x120 [ 78.458469][ T5791] __kmalloc_noprof+0xcb/0x400 [ 78.460577][ T5791] bio_kmalloc+0x41/0x70 [ 78.462510][ T5791] blk_rq_map_kern+0x400/0x760 [ 78.464646][ T5791] scsi_execute_cmd+0xc09/0xf40 [ 78.466815][ T5791] ? kasan_save_stack+0x42/0x60 [ 78.468947][ T5791] ? scsi_block_when_processing_errors+0x2c1/0x380 [ 78.471762][ T5791] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 78.473987][ T5791] sr_do_ioctl+0x21c/0x830 [ 78.475585][ T5791] ? __pfx_sr_do_ioctl+0x10/0x10 [ 78.477745][ T5791] sr_get_mcn+0x129/0x210 [ 78.479656][ T5791] ? __pfx_sr_get_mcn+0x10/0x10 [ 78.481812][ T5791] cdrom_ioctl+0x896/0x3290 [ 78.483782][ T5791] ? mark_lock+0xb5/0xc60 [ 78.485721][ T5791] ? __pfx_cdrom_ioctl+0x10/0x10 [ 78.487903][ T5791] ? __pfx_mark_lock+0x10/0x10 [ 78.489996][ T5791] ? trace_rpm_return_int+0x19d/0x220 [ 78.492340][ T5791] ? rpm_resume+0x81d/0x1330 [ 78.494384][ T5791] ? find_held_lock+0x2d/0x110 [ 78.496298][ T5791] ? __pm_runtime_resume+0xc3/0x170 [ 78.498055][ T5791] ? __pfx_lock_release+0x10/0x10 [ 78.500107][ T5791] ? mark_held_locks+0x9f/0xe0 [ 78.502199][ T5791] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 78.504772][ T5791] ? lockdep_hardirqs_on+0x7c/0x110 [ 78.507089][ T5791] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 78.509735][ T5791] ? __pm_runtime_resume+0xc3/0x170 [ 78.512093][ T5791] sr_block_ioctl+0x1b0/0x250 [ 78.514221][ T5791] ? __pfx_sr_block_ioctl+0x10/0x10 [ 78.516565][ T5791] blkdev_ioctl+0x27c/0x6e0 [ 78.518627][ T5791] ? __pfx_blkdev_ioctl+0x10/0x10 [ 78.520779][ T5791] ? selinux_file_ioctl+0xb4/0x270 [ 78.522908][ T5791] ? bpf_lsm_file_ioctl+0x9/0x10 [ 78.524933][ T5791] ? __pfx_blkdev_ioctl+0x10/0x10 [ 78.527234][ T5791] __x64_sys_ioctl+0x193/0x220 [ 78.529248][ T5791] do_syscall_64+0xcd/0x250 [ 78.530983][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.533521][ T5791] RIP: 0033:0x7f8fed37cef9 [ 78.535456][ T5791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.542692][ T5791] RSP: 002b:00007f8fee0d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.546171][ T5791] RAX: ffffffffffffffda RBX: 00007f8fed535f80 RCX: 00007f8fed37cef9 [ 78.549510][ T5791] RDX: 0000000000000000 RSI: 0000000000005311 RDI: 0000000000000003 [ 78.552812][ T5791] RBP: 00007f8fee0d7090 R08: 0000000000000000 R09: 0000000000000000 [ 78.555543][ T5791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.558667][ T5791] R13: 0000000000000000 R14: 00007f8fed535f80 R15: 00007ffcc2452378 [ 78.562185][ T5791] [ 80.078511][ T5801] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 80.444964][ T5811] VFS: could not find a valid V7 on nullb0. [ 81.240781][ T5822] netlink: 20 bytes leftover after parsing attributes in process `syz.3.129'. [ 82.144853][ T5837] netlink: 36 bytes leftover after parsing attributes in process `syz.0.135'. [ 82.354447][ T984] cfg80211: failed to load regulatory.db [ 82.473090][ T5841] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 83.037008][ T39] kauditd_printk_skb: 5 callbacks suppressed [ 83.037021][ T39] audit: type=1400 audit(1725511098.484:274): avc: denied { create } for pid=5848 comm="syz.0.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 83.065522][ T39] audit: type=1400 audit(1725511098.494:275): avc: denied { bind } for pid=5848 comm="syz.0.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 83.090884][ T39] audit: type=1400 audit(1725511098.494:276): avc: denied { name_bind } for pid=5848 comm="syz.0.138" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 83.110704][ T39] audit: type=1400 audit(1725511098.494:277): avc: denied { node_bind } for pid=5848 comm="syz.0.138" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 83.152164][ T39] audit: type=1400 audit(1725511098.514:278): avc: denied { listen } for pid=5848 comm="syz.0.138" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 83.171039][ T39] audit: type=1400 audit(1725511098.524:279): avc: denied { connect } for pid=5848 comm="syz.0.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 83.193042][ T39] audit: type=1400 audit(1725511098.524:280): avc: denied { name_connect } for pid=5848 comm="syz.0.138" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 83.202557][ T39] audit: type=1400 audit(1725511098.544:281): avc: denied { accept } for pid=5848 comm="syz.0.138" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 83.315424][ T5845] netdevsim netdevsim2: Direct firmware load for  failed with error -2 [ 83.319438][ T5845] netdevsim netdevsim2: Falling back to sysfs fallback for:  [ 83.463618][ T5855] VFS: could not find a valid V7 on nullb0. [ 84.566348][ T39] audit: type=1400 audit(1725511100.014:282): avc: denied { map } for pid=5863 comm="syz.2.144" path="/dev/video3" dev="devtmpfs" ino=882 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 85.394306][ T5867] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 86.133269][ T39] audit: type=1400 audit(1725511101.584:283): avc: denied { ioctl } for pid=5870 comm="syz.2.147" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 87.360307][ T5880] VFS: could not find a valid V7 on nullb0. [ 87.403005][ T5355] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.407186][ T5355] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.410597][ T5355] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.414563][ T5355] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.419133][ T5355] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 87.422757][ T5355] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.709642][ T5881] chnl_net:caif_netlink_parms(): no params data found [ 88.016585][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.019758][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.023422][ T5881] bridge_slave_0: entered allmulticast mode [ 88.027279][ T5881] bridge_slave_0: entered promiscuous mode [ 88.033865][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.037035][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.040164][ T5881] bridge_slave_1: entered allmulticast mode [ 88.044964][ T5881] bridge_slave_1: entered promiscuous mode [ 88.243163][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.249988][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.508888][ T5881] team0: Port device team_slave_0 added [ 88.514409][ T5881] team0: Port device team_slave_1 added [ 88.584828][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.587724][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.598594][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.614812][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.634674][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.645481][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.459194][ T5881] hsr_slave_0: entered promiscuous mode [ 89.466663][ T5902] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 89.473758][ T5881] hsr_slave_1: entered promiscuous mode [ 89.480969][ T5881] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.483264][ T5354] Bluetooth: hci4: command tx timeout [ 89.489039][ T5881] Cannot create hsr debugfs directory [ 89.555171][ T5904] FAULT_INJECTION: forcing a failure. [ 89.555171][ T5904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.560789][ T5904] CPU: 2 UID: 0 PID: 5904 Comm: syz.0.156 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 89.565327][ T5904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.570022][ T5904] Call Trace: [ 89.571615][ T5904] [ 89.572991][ T5904] dump_stack_lvl+0x16c/0x1f0 [ 89.575676][ T5904] should_fail_ex+0x497/0x5b0 [ 89.577783][ T5904] _copy_from_user+0x30/0xf0 [ 89.579783][ T5904] copy_mount_options+0x76/0x190 [ 89.581986][ T5904] __x64_sys_mount+0x1ad/0x320 [ 89.584085][ T5904] ? __pfx___x64_sys_mount+0x10/0x10 [ 89.586643][ T5904] do_syscall_64+0xcd/0x250 [ 89.588710][ T5904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.591303][ T5904] RIP: 0033:0x7f7eb477cef9 [ 89.593285][ T5904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.601724][ T5904] RSP: 002b:00007f7eb55fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.605564][ T5904] RAX: ffffffffffffffda RBX: 00007f7eb4935f80 RCX: 00007f7eb477cef9 [ 89.609006][ T5904] RDX: 00000000200004c0 RSI: 0000000020000480 RDI: 00000000200001c0 [ 89.612229][ T5904] RBP: 00007f7eb55fe090 R08: 0000000020001000 R09: 0000000000000000 [ 89.615641][ T5904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.619139][ T5904] R13: 0000000000000000 R14: 00007f7eb4935f80 R15: 00007fff4c1ccc58 [ 89.622689][ T5904] [ 89.632328][ C3] ================================================================== [ 89.636404][ C3] BUG: KASAN: slab-use-after-free in __lock_acquire+0x2de0/0x3cb0 [ 89.640062][ C3] Read of size 8 at addr ffff888021afc018 by task syslogd/4816 [ 89.645744][ C3] [ 89.646916][ C3] CPU: 3 UID: 0 PID: 4816 Comm: syslogd Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 89.651706][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.656840][ C3] Call Trace: [ 89.658613][ C3] [ 89.659991][ C3] dump_stack_lvl+0x116/0x1f0 [ 89.662284][ C3] print_report+0xc3/0x620 [ 89.664414][ C3] ? __virt_addr_valid+0x5e/0x590 [ 89.667094][ C3] ? __phys_addr+0xc6/0x150 [ 89.669282][ C3] kasan_report+0xd9/0x110 [ 89.671398][ C3] ? __lock_acquire+0x2de0/0x3cb0 [ 89.673609][ C3] ? __lock_acquire+0x2de0/0x3cb0 [ 89.675894][ C3] __lock_acquire+0x2de0/0x3cb0 [ 89.678333][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 89.680950][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 89.683311][ C3] lock_acquire+0x1b1/0x560 [ 89.685635][ C3] ? p9_req_put+0xaf/0x250 [ 89.687795][ C3] ? __pfx_lock_acquire+0x10/0x10 [ 89.690263][ C3] ? __pfx_lock_release+0x10/0x10 [ 89.692564][ C3] _raw_spin_lock_irqsave+0x3a/0x60 [ 89.695038][ C3] ? p9_req_put+0xaf/0x250 [ 89.697025][ C3] p9_req_put+0xaf/0x250 [ 89.699176][ C3] req_done+0x1e7/0x2f0 [ 89.701385][ C3] ? __pfx_req_done+0x10/0x10 [ 89.703826][ C3] ? __pfx_req_done+0x10/0x10 [ 89.705876][ C3] vring_interrupt+0x31b/0x400 [ 89.707884][ C3] ? __pfx_vring_interrupt+0x10/0x10 [ 89.709961][ C3] __handle_irq_event_percpu+0x229/0x7c0 [ 89.712200][ C3] handle_irq_event+0xab/0x1e0 [ 89.714497][ C3] handle_edge_irq+0x263/0xd10 [ 89.717216][ C3] __common_interrupt+0xdf/0x250 [ 89.720614][ C3] common_interrupt+0x52/0xd0 [ 89.722489][ C3] asm_common_interrupt+0x26/0x40 [ 89.724490][ C3] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 89.726840][ C3] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 6a 23 50 f6 48 89 df e8 82 a0 50 f6 e8 6d 7f 79 f6 fb bf 01 00 00 00 b2 13 42 f6 65 8b 05 33 4e ea 74 85 c0 74 06 5b c3 cc cc cc cc [ 89.734461][ C3] RSP: 0018:ffffc90000908eb8 EFLAGS: 00000206 [ 89.736857][ C3] RAX: 00000000000156b4 RBX: ffff88806a92a840 RCX: 1ffffffff2d2d756 [ 89.739961][ C3] RDX: 0000000000000000 RSI: ffffffff8b4cd740 RDI: 0000000000000001 [ 89.743105][ C3] RBP: 1ffff920001211d9 R08: 0000000000000001 R09: fffffbfff2d244f7 [ 89.747131][ C3] R10: ffffffff969227bf R11: 0000000000000000 R12: 0000000000000001 [ 89.750841][ C3] R13: 0000000080000101 R14: ffffffff8da0a0c8 R15: 0000000000000003 [ 89.754620][ C3] ? _raw_spin_unlock_irq+0x23/0x50 [ 89.757025][ C3] run_timer_base+0x119/0x190 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 89.759157][ C3] ? __pfx_run_timer_base+0x10/0x10 [ 89.761754][ C3] run_timer_softirq+0x1a/0x40 [ 89.764022][ C3] handle_softirqs+0x216/0x8f0 [ 89.766180][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 89.768678][ C3] irq_exit_rcu+0xbb/0x120 [ 89.770627][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 89.773382][ C3] [ 89.774693][ C3] [ 89.776025][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 89.780075][ C3] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 89.786236][ C3] Code: be b0 01 00 00 e8 a0 ff ff ff 31 c0 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 65 48 8b 15 a4 1a 78 7e 65 8b 05 a5 1a 78 7e a9 00 01 [ 89.809744][ C3] RSP: 0018:ffffc900044e7478 EFLAGS: 00000212 [ 89.812311][ C3] RAX: 0000000000000000 RBX: ffffffff9082a980 RCX: ffffffff813cd424 [ 89.815612][ C3] RDX: ffff88802cdd4880 RSI: ffffffff88e569d6 RDI: 0000000000000006 [ 89.818677][ C3] RBP: ffffffff9082a9a0 R08: 0000000000000006 R09: ffffffff88e569d6 [ 89.822133][ C3] R10: ffffffff88e569b7 R11: 0000000000000000 R12: ffffffff88e569d6 [ 89.825694][ C3] R13: ffffffff88e569b7 R14: dffffc0000000000 R15: ffffffff9082a990 [ 89.829242][ C3] ? sock_read_iter+0x2a7/0x3c0 [ 89.831219][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 89.833181][ C3] ? sock_read_iter+0x2a7/0x3c0 [ 89.835123][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 89.837316][ C3] ? __orc_find+0xc4/0x130 [ 89.839337][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 89.841555][ C3] ? unwind_next_frame+0x51/0x23a0 [ 89.843873][ C3] __orc_find+0x63/0x130 [ 89.845808][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 89.848028][ C3] unwind_next_frame+0x335/0x23a0 [ 89.850305][ C3] ? sock_read_iter+0x2c7/0x3c0 [ 89.852538][ C3] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 89.855314][ C3] arch_stack_walk+0x100/0x170 [ 89.857495][ C3] ? sock_read_iter+0x2c7/0x3c0 [ 89.859700][ C3] ? skb_free_head+0x108/0x1d0 [ 89.861906][ C3] stack_trace_save+0x95/0xd0 [ 89.864066][ C3] ? __pfx_stack_trace_save+0x10/0x10 [ 89.866503][ C3] ? __pfx_mark_lock+0x10/0x10 [ 89.868689][ C3] kasan_save_stack+0x33/0x60 [ 89.870828][ C3] ? kasan_save_stack+0x33/0x60 [ 89.873046][ C3] ? kasan_save_track+0x14/0x30 [ 89.875256][ C3] ? kasan_save_free_info+0x3b/0x60 [ 89.877454][ C3] ? poison_slab_object+0xf7/0x160 [ 89.879501][ C3] ? __kasan_slab_free+0x32/0x50 [ 89.881495][ C3] ? kfree+0x12a/0x3b0 [ 89.883309][ C3] ? skb_free_head+0x108/0x1d0 [ 89.885499][ C3] ? skb_release_data+0x75c/0x980 [ 89.887787][ C3] ? consume_skb+0xd0/0x160 [ 89.889872][ C3] ? __unix_dgram_recvmsg+0x821/0xe50 [ 89.892313][ C3] ? unix_dgram_recvmsg+0xd0/0x110 [ 89.894626][ C3] ? sock_recvmsg+0x1f6/0x250 [ 89.896754][ C3] ? sock_read_iter+0x2c7/0x3c0 [ 89.898972][ C3] kasan_save_track+0x14/0x30 [ 89.901128][ C3] kasan_save_free_info+0x3b/0x60 [ 89.903405][ C3] poison_slab_object+0xf7/0x160 [ 89.905658][ C3] __kasan_slab_free+0x32/0x50 [ 89.907485][ C3] kfree+0x12a/0x3b0 [ 89.909057][ C3] ? skb_free_head+0x108/0x1d0 [ 89.911181][ C3] skb_free_head+0x108/0x1d0 [ 89.913276][ C3] skb_release_data+0x75c/0x980 [ 89.915494][ C3] consume_skb+0xd0/0x160 [ 89.917452][ C3] __unix_dgram_recvmsg+0x821/0xe50 [ 89.919857][ C3] ? __pfx___unix_dgram_recvmsg+0x10/0x10 [ 89.922465][ C3] ? sock_has_perm+0x25a/0x2f0 [ 89.924653][ C3] ? __pfx_avc_has_perm+0x10/0x10 [ 89.926963][ C3] unix_dgram_recvmsg+0xd0/0x110 [ 89.929235][ C3] sock_recvmsg+0x1f6/0x250 [ 89.931303][ C3] sock_read_iter+0x2c7/0x3c0 [ 89.933444][ C3] ? __pfx_sock_read_iter+0x10/0x10 [ 89.935760][ C3] ? bpf_lsm_file_permission+0x9/0x10 [ 89.938199][ C3] ? security_file_permission+0x98/0xc0 [ 89.940689][ C3] vfs_read+0xa39/0xbd0 [ 89.942580][ C3] ? __pfx_vfs_read+0x10/0x10 [ 89.944719][ C3] ? rcu_is_watching+0x12/0xc0 [ 89.946760][ C3] ? __fget_light+0x173/0x210 [ 89.948761][ C3] ksys_read+0x1f8/0x260 [ 89.950463][ C3] ? __pfx_ksys_read+0x10/0x10 [ 89.952392][ C3] do_syscall_64+0xcd/0x250 [ 89.954221][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.956574][ C3] RIP: 0033:0x7f65c8ef7b6a [ 89.958359][ C3] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 89.966924][ C3] RSP: 002b:00007ffd1f593ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 89.970671][ C3] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f65c8ef7b6a [ 89.974233][ C3] RDX: 00000000000000ff RSI: 00005574b070c300 RDI: 0000000000000000 [ 89.977589][ C3] RBP: 00005574b070c2c0 R08: 0000000000000001 R09: 0000000000000000 [ 89.981116][ C3] R10: 00007f65c90963a3 R11: 0000000000000246 R12: 00005574b070c35b [ 89.984669][ C3] R13: 00005574b070c300 R14: 0000000000000000 R15: 00007f65c90daa80 [ 89.988222][ C3] [ 89.989634][ C3] [ 89.990726][ C3] Allocated by task 5904: [ 89.992683][ C3] kasan_save_stack+0x33/0x60 [ 89.994853][ C3] kasan_save_track+0x14/0x30 [ 89.997058][ C3] __kasan_kmalloc+0xaa/0xb0 [ 89.999168][ C3] p9_client_create+0xcf/0x1210 [ 90.001382][ C3] v9fs_session_init+0x1f8/0x1a80 [ 90.003656][ C3] v9fs_mount+0xc6/0xa50 [ 90.005604][ C3] legacy_get_tree+0x109/0x220 [ 90.007774][ C3] vfs_get_tree+0x8f/0x380 [ 90.009795][ C3] path_mount+0x14e6/0x1f20 [ 90.011855][ C3] __x64_sys_mount+0x294/0x320 [ 90.014030][ C3] do_syscall_64+0xcd/0x250 [ 90.016096][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.018771][ C3] [ 90.019872][ C3] Freed by task 5904: [ 90.021684][ C3] kasan_save_stack+0x33/0x60 [ 90.023830][ C3] kasan_save_track+0x14/0x30 [ 90.025942][ C3] kasan_save_free_info+0x3b/0x60 [ 90.028223][ C3] poison_slab_object+0xf7/0x160 [ 90.030585][ C3] __kasan_slab_free+0x32/0x50 [ 90.032764][ C3] kfree+0x12a/0x3b0 [ 90.034531][ C3] p9_client_create+0xaaa/0x1210 [ 90.036788][ C3] v9fs_session_init+0x1f8/0x1a80 [ 90.039035][ C3] v9fs_mount+0xc6/0xa50 [ 90.040955][ C3] legacy_get_tree+0x109/0x220 [ 90.043109][ C3] vfs_get_tree+0x8f/0x380 [ 90.045121][ C3] path_mount+0x14e6/0x1f20 [ 90.047142][ C3] __x64_sys_mount+0x294/0x320 [ 90.049242][ C3] do_syscall_64+0xcd/0x250 [ 90.051274][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.053901][ C3] [ 90.054977][ C3] The buggy address belongs to the object at ffff888021afc000 [ 90.054977][ C3] which belongs to the cache kmalloc-512 of size 512 [ 90.061011][ C3] The buggy address is located 24 bytes inside of [ 90.061011][ C3] freed 512-byte region [ffff888021afc000, ffff888021afc200) [ 90.066934][ C3] [ 90.068000][ C3] The buggy address belongs to the physical page: [ 90.070839][ C3] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21afc [ 90.074691][ C3] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 90.078420][ C3] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 90.081517][ C3] page_type: 0xfdffffff(slab) [ 90.083370][ C3] raw: 00fff00000000040 ffff88801ac42c80 0000000000000000 dead000000000001 [ 90.087151][ C3] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 90.090945][ C3] head: 00fff00000000040 ffff88801ac42c80 0000000000000000 dead000000000001 [ 90.094751][ C3] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 90.098504][ C3] head: 00fff00000000002 ffffea000086bf01 ffffffffffffffff 0000000000000000 [ 90.102286][ C3] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 90.105679][ C3] page dumped because: kasan: bad access detected [ 90.108171][ C3] page_owner tracks the page as allocated [ 90.110375][ C3] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5042, tgid 5042 (S40network), ts 31753779546, free_ts 31322037403 [ 90.118355][ C3] post_alloc_hook+0x2d1/0x350 [ 90.120532][ C3] get_page_from_freelist+0x1351/0x2e50 [ 90.122979][ C3] __alloc_pages_noprof+0x22b/0x2460 [ 90.125341][ C3] alloc_slab_page+0x4e/0xf0 [ 90.127379][ C3] new_slab+0x84/0x260 [ 90.129209][ C3] ___slab_alloc+0xdac/0x1870 [ 90.131297][ C3] __slab_alloc.constprop.0+0x56/0xb0 [ 90.133676][ C3] __kmalloc_noprof+0x367/0x400 [ 90.135847][ C3] tomoyo_init_log+0x13ca/0x2180 [ 90.138047][ C3] tomoyo_supervisor+0x30c/0xea0 [ 90.140261][ C3] tomoyo_path_permission+0x270/0x3b0 [ 90.142642][ C3] tomoyo_path_perm+0x35e/0x450 [ 90.144814][ C3] security_inode_getattr+0xf4/0x160 [ 90.147068][ C3] vfs_fstat+0x53/0xd0 [ 90.148894][ C3] vfs_fstatat+0x146/0x160 [ 90.150871][ C3] __do_sys_newfstatat+0xa2/0x130 [ 90.153045][ C3] page last free pid 4843 tgid 4843 stack trace: [ 90.155819][ C3] free_unref_page+0x64a/0xe40 [ 90.158012][ C3] rcu_core+0x828/0x16b0 [ 90.159777][ C3] handle_softirqs+0x216/0x8f0 [ 90.161894][ C3] irq_exit_rcu+0xbb/0x120 [ 90.163898][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 90.166419][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 90.169178][ C3] [ 90.170253][ C3] Memory state around the buggy address: [ 90.172745][ C3] ffff888021afbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.176305][ C3] ffff888021afbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.179853][ C3] >ffff888021afc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.183410][ C3] ^ [ 90.185605][ C3] ffff888021afc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.189127][ C3] ffff888021afc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.192552][ C3] ================================================================== [ 90.195630][ C3] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 90.198829][ C3] CPU: 3 UID: 0 PID: 4816 Comm: syslogd Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 [ 90.203386][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.207832][ C3] Call Trace: [ 90.209154][ C3] [ 90.210451][ C3] dump_stack_lvl+0x3d/0x1f0 [ 90.212540][ C3] panic+0x6dc/0x7c0 [ 90.214260][ C3] ? __pfx_panic+0x10/0x10 [ 90.216166][ C3] ? rcu_is_watching+0x12/0xc0 [ 90.218295][ C3] ? __pfx_lock_release+0x10/0x10 [ 90.220547][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 90.222809][ C3] check_panic_on_warn+0xab/0xb0 [ 90.225025][ C3] end_report+0x117/0x180 [ 90.226967][ C3] kasan_report+0xe9/0x110 [ 90.228944][ C3] ? __lock_acquire+0x2de0/0x3cb0 [ 90.231258][ C3] ? __lock_acquire+0x2de0/0x3cb0 [ 90.233554][ C3] __lock_acquire+0x2de0/0x3cb0 [ 90.235732][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 90.238056][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 90.240385][ C3] lock_acquire+0x1b1/0x560 [ 90.242458][ C3] ? p9_req_put+0xaf/0x250 [ 90.244459][ C3] ? __pfx_lock_acquire+0x10/0x10 [ 90.246476][ C3] ? __pfx_lock_release+0x10/0x10 [ 90.248605][ C3] _raw_spin_lock_irqsave+0x3a/0x60 [ 90.250952][ C3] ? p9_req_put+0xaf/0x250 [ 90.252958][ C3] p9_req_put+0xaf/0x250 [ 90.254847][ C3] req_done+0x1e7/0x2f0 [ 90.256716][ C3] ? __pfx_req_done+0x10/0x10 [ 90.258815][ C3] ? __pfx_req_done+0x10/0x10 [ 90.260988][ C3] vring_interrupt+0x31b/0x400 [ 90.263046][ C3] ? __pfx_vring_interrupt+0x10/0x10 [ 90.265419][ C3] __handle_irq_event_percpu+0x229/0x7c0 [ 90.267923][ C3] handle_irq_event+0xab/0x1e0 [ 90.270063][ C3] handle_edge_irq+0x263/0xd10 [ 90.272237][ C3] __common_interrupt+0xdf/0x250 [ 90.274483][ C3] common_interrupt+0x52/0xd0 [ 90.276621][ C3] asm_common_interrupt+0x26/0x40 [ 90.278764][ C3] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 90.281073][ C3] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 6a 23 50 f6 48 89 df e8 82 a0 50 f6 e8 6d 7f 79 f6 fb bf 01 00 00 00 b2 13 42 f6 65 8b 05 33 4e ea 74 85 c0 74 06 5b c3 cc cc cc cc [ 90.289499][ C3] RSP: 0018:ffffc90000908eb8 EFLAGS: 00000206 [ 90.292187][ C3] RAX: 00000000000156b4 RBX: ffff88806a92a840 RCX: 1ffffffff2d2d756 [ 90.295626][ C3] RDX: 0000000000000000 RSI: ffffffff8b4cd740 RDI: 0000000000000001 [ 90.298765][ C3] RBP: 1ffff920001211d9 R08: 0000000000000001 R09: fffffbfff2d244f7 [ 90.302187][ C3] R10: ffffffff969227bf R11: 0000000000000000 R12: 0000000000000001 [ 90.305700][ C3] R13: 0000000080000101 R14: ffffffff8da0a0c8 R15: 0000000000000003 [ 90.309236][ C3] ? _raw_spin_unlock_irq+0x23/0x50 [ 90.311589][ C3] run_timer_base+0x119/0x190 [ 90.313695][ C3] ? __pfx_run_timer_base+0x10/0x10 [ 90.315993][ C3] run_timer_softirq+0x1a/0x40 [ 90.318038][ C3] handle_softirqs+0x216/0x8f0 [ 90.320166][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 90.322525][ C3] irq_exit_rcu+0xbb/0x120 [ 90.324545][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 90.327039][ C3] [ 90.328365][ C3] [ 90.329689][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 90.332337][ C3] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 90.335035][ C3] Code: be b0 01 00 00 e8 a0 ff ff ff 31 c0 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 65 48 8b 15 a4 1a 78 7e 65 8b 05 a5 1a 78 7e a9 00 01 [ 90.343427][ C3] RSP: 0018:ffffc900044e7478 EFLAGS: 00000212 [ 90.346132][ C3] RAX: 0000000000000000 RBX: ffffffff9082a980 RCX: ffffffff813cd424 [ 90.349612][ C3] RDX: ffff88802cdd4880 RSI: ffffffff88e569d6 RDI: 0000000000000006 [ 90.353085][ C3] RBP: ffffffff9082a9a0 R08: 0000000000000006 R09: ffffffff88e569d6 [ 90.356572][ C3] R10: ffffffff88e569b7 R11: 0000000000000000 R12: ffffffff88e569d6 [ 90.360047][ C3] R13: ffffffff88e569b7 R14: dffffc0000000000 R15: ffffffff9082a990 [ 90.363526][ C3] ? sock_read_iter+0x2a7/0x3c0 [ 90.365729][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 90.367904][ C3] ? sock_read_iter+0x2a7/0x3c0 [ 90.370082][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 90.372239][ C3] ? __orc_find+0xc4/0x130 [ 90.374237][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 90.376401][ C3] ? unwind_next_frame+0x51/0x23a0 [ 90.378663][ C3] __orc_find+0x63/0x130 [ 90.380567][ C3] ? sock_read_iter+0x2c6/0x3c0 [ 90.382726][ C3] unwind_next_frame+0x335/0x23a0 [ 90.385019][ C3] ? sock_read_iter+0x2c7/0x3c0 [ 90.387188][ C3] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 90.389923][ C3] arch_stack_walk+0x100/0x170 [ 90.392083][ C3] ? sock_read_iter+0x2c7/0x3c0 [ 90.394237][ C3] ? skb_free_head+0x108/0x1d0 [ 90.396370][ C3] stack_trace_save+0x95/0xd0 [ 90.398464][ C3] ? __pfx_stack_trace_save+0x10/0x10 [ 90.400839][ C3] ? __pfx_mark_lock+0x10/0x10 [ 90.402972][ C3] kasan_save_stack+0x33/0x60 [ 90.405073][ C3] ? kasan_save_stack+0x33/0x60 [ 90.407222][ C3] ? kasan_save_track+0x14/0x30 [ 90.409405][ C3] ? kasan_save_free_info+0x3b/0x60 [ 90.411703][ C3] ? poison_slab_object+0xf7/0x160 [ 90.413994][ C3] ? __kasan_slab_free+0x32/0x50 [ 90.416191][ C3] ? kfree+0x12a/0x3b0 [ 90.417978][ C3] ? skb_free_head+0x108/0x1d0 [ 90.420013][ C3] ? skb_release_data+0x75c/0x980 [ 90.422225][ C3] ? consume_skb+0xd0/0x160 [ 90.424250][ C3] ? __unix_dgram_recvmsg+0x821/0xe50 [ 90.426617][ C3] ? unix_dgram_recvmsg+0xd0/0x110 [ 90.428849][ C3] ? sock_recvmsg+0x1f6/0x250 [ 90.430951][ C3] ? sock_read_iter+0x2c7/0x3c0 [ 90.433145][ C3] kasan_save_track+0x14/0x30 [ 90.435239][ C3] kasan_save_free_info+0x3b/0x60 [ 90.437478][ C3] poison_slab_object+0xf7/0x160 [ 90.439685][ C3] __kasan_slab_free+0x32/0x50 [ 90.441824][ C3] kfree+0x12a/0x3b0 [ 90.443569][ C3] ? skb_free_head+0x108/0x1d0 [ 90.445725][ C3] skb_free_head+0x108/0x1d0 [ 90.447851][ C3] skb_release_data+0x75c/0x980 [ 90.449956][ C3] consume_skb+0xd0/0x160 [ 90.451662][ C3] __unix_dgram_recvmsg+0x821/0xe50 [ 90.453703][ C3] ? __pfx___unix_dgram_recvmsg+0x10/0x10 [ 90.456016][ C3] ? sock_has_perm+0x25a/0x2f0 [ 90.457902][ C3] ? __pfx_avc_has_perm+0x10/0x10 [ 90.459892][ C3] unix_dgram_recvmsg+0xd0/0x110 [ 90.462098][ C3] sock_recvmsg+0x1f6/0x250 [ 90.464130][ C3] sock_read_iter+0x2c7/0x3c0 [ 90.466148][ C3] ? __pfx_sock_read_iter+0x10/0x10 [ 90.468276][ C3] ? bpf_lsm_file_permission+0x9/0x10 [ 90.470676][ C3] ? security_file_permission+0x98/0xc0 [ 90.473116][ C3] vfs_read+0xa39/0xbd0 [ 90.474983][ C3] ? __pfx_vfs_read+0x10/0x10 [ 90.477088][ C3] ? rcu_is_watching+0x12/0xc0 [ 90.479222][ C3] ? __fget_light+0x173/0x210 [ 90.481331][ C3] ksys_read+0x1f8/0x260 [ 90.483290][ C3] ? __pfx_ksys_read+0x10/0x10 [ 90.485466][ C3] do_syscall_64+0xcd/0x250 [ 90.487498][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.490006][ C3] RIP: 0033:0x7f65c8ef7b6a [ 90.491987][ C3] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 90.500425][ C3] RSP: 002b:00007ffd1f593ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 90.503945][ C3] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f65c8ef7b6a [ 90.507468][ C3] RDX: 00000000000000ff RSI: 00005574b070c300 RDI: 0000000000000000 [ 90.510685][ C3] RBP: 00005574b070c2c0 R08: 0000000000000001 R09: 0000000000000000 [ 90.513749][ C3] R10: 00007f65c90963a3 R11: 0000000000000246 R12: 00005574b070c35b [ 90.516814][ C3] R13: 00005574b070c300 R14: 0000000000000000 R15: 00007f65c90daa80 [ 90.519995][ C3] [ 90.521921][ C3] Kernel Offset: disabled [ 90.523854][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:38:25 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffc90003927b80 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff84b8cf34 RDI=ffffc90003927b80 RBP=ffffffff84b8cf20 RSP=ffffc90000007f60 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc90000007ff8 R12=0000000000000000 R13=dffffc0000000000 R14=0000000000000000 R15=ffffc90003927b48 RIP=ffffffff84b8cf5d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fab77cda6c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b31e02ff8 CR3=0000000051ce8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307e4f ffffffff81307e4f ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307e4f ffffffff81307e4f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff81307e4f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efee3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979effc1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813de0a0 ffffffff813ddcd5 ffffffff8132dff5 ffffffff8132dfc3 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f249866d100 00007f2497aff440 00007f2400040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2497aff498 00007f2497aff490 00007f2497aff488 00007f2497aff480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 0000000000000000 0000000000000000 0000000000000138 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff8162fbe8 RDX=0000000000000000 RSI=ffffffff8bb0f900 RDI=ffffffff8b16f194 RBP=ffffed1003b58910 RSP=ffffc90000187de8 R8 =0000000000000000 R9 =fffffbfff202886b R10=ffffffff9014435f R11=0000000000000000 R12=000000000003db0c R13=ffff88801dac4880 R14=ffffffff90144358 R15=0000000000000000 RIP=ffffffff81930b02 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002011b000 CR3=0000000051ce8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff82046d9f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efe5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979efee3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24979effc1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2497aff488 00007f2497aff480 00007f2497aff478 00007f2497aff450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f249866d100 00007f2497aff440 00007f2497aff458 00007f2497aff4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2497aff498 00007f2497aff490 00007f2497aff488 00007f2497aff480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 0000000000000000 0000000000000000 0000000000000138 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=ffff88806a837ec8 RCX=ffffffff81f5f5ea RDX=0000000000000000 RSI=ffffffff8bb0f900 RDI=ffffffff8d7c9b90 RBP=0000000000000002 RSP=ffffc9000cf77580 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000080000001 R13=0000000000000001 R14=0000000000000001 R15=ffffc9000cf77ab8 RIP=ffffffff81721fc0 RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020001000 CR3=000000000db7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=00000000000000ff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 646e657478656f6e 2c6f69747269763d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb47efe42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb47efe4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb47efe49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb47efe5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb47efee3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb47effc1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb48ff488 00007f7eb48ff480 00007f7eb48ff478 00007f7eb48ff450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb546d100 00007f7eb48ff440 00007f7eb48ff458 00007f7eb48ff4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7eb48ff498 00007f7eb48ff490 00007f7eb48ff488 00007f7eb48ff480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8502eb25 RDI=ffffffff9a5b2f20 RBP=ffffffff9a5b2ee0 RSP=ffffc900009083f8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000073 R14=ffffffff8502eac0 R15=0000000000000000 RIP=ffffffff8502eb4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f65c8da3500 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555566c285c8 CR3=0000000031cd0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000005000001 Opmask01=0000000003070000 Opmask02=0000000006000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe857744e0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c5f5f0045544156 4952505f4342494c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000042494c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e6f63007325 203a726f72726520 64656e7275746572 2072657672657300 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40514b4a46005600 051f574a57574005 41404b5750514057 0557405357405600 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 303030300000313d 6564617373693a72 5f6d2061656b633a 735f6f633d643d65 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030303000000024 6564616265693020 55622020656b6330 7320646337643d20 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7e646569790a0024 676f666865787a2a 6f627e2a6f7c6665 792a6e667f657d2a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 796b66697e2a7e55 676e6b7973793078 55676e6b79737930 7e656578377e726f ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000