last executing test programs: 1m5.237576699s ago: executing program 2 (id=47): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000002, 0x40010, r0, 0x8000000) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x118, &(0x7f0000000080)=0x1, 0x0, 0x4) (async) mlockall(0x1) (async) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x23, &(0x7f0000000000), 0x4) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFBR(r5, 0x8940, &(0x7f00000001c0)=@add_del={0x2, &(0x7f0000000180)='syzkaller0\x00'}) (async) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[@ANYBLOB="180000001500010029bd7000fedbdf252d"], 0x18}, 0x1, 0x0, 0x0, 0xc011}, 0x20000000) (async) sendmsg$inet(r3, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r7, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x30, r6, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x64}, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0xb, 0x43}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810) (async) syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) (async) recvmsg$unix(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)}, 0x40002320) 1m5.235974876s ago: executing program 2 (id=48): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r0 = userfaultfd(0x801) munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$SNDCTL_MIDI_INFO(r1, 0xc074510c, &(0x7f0000000500)={"b419029e64e70068a5aeb82a97926371143708e30f34550ed5af796b6b66"}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) write$sndseq(0xffffffffffffffff, &(0x7f00000006c0)=[{0xe, 0x7e, 0xe, 0xfd, @time={0x2, 0x100001}, {}, {0xe1, 0xfd}, @connect={{0x81, 0x2}, {0xd, 0x10}}}], 0x1c) r3 = fanotify_init(0x8, 0x80000) write$binfmt_elf64(r3, &(0x7f00000006c0)=ANY=[@ANYBLOB="7f454c4622"], 0x18) syz_io_uring_setup(0x57e4, &(0x7f0000000000)={0x0, 0xfffb, 0x0, 0xfffffffb, 0x359}, &(0x7f0000000100), &(0x7f0000000080)) close_range(r0, r0, 0x0) 1m5.167760273s ago: executing program 2 (id=50): r0 = socket$inet6(0xa, 0x80002, 0x404) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a8, 0x0, 0x940c, 0x3002, 0x0, 0x2c0, 0x328, 0x3d8, 0x3d8, 0x328, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0, 0x4001}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308) 1m5.166863505s ago: executing program 2 (id=52): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x1169c3, 0x12) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r2) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x1, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x79}], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) preadv(r4, &(0x7f0000000b40)=[{&(0x7f00000006c0)=""/151, 0x97}], 0x1, 0x9, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) fcntl$setlease(r5, 0x400, 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000400)=[0x8], 0x0, 0x0, 0x1}}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000810500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="14d00400000000001c00128009000100626f6e64000000000c000280080014000080"], 0x3c}, 0x1, 0x0, 0x0, 0x2200c002}, 0x40800) 1m5.100458267s ago: executing program 2 (id=56): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x189) chdir(&(0x7f0000000080)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x42) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0) 1m5.009923945s ago: executing program 2 (id=58): r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000380)=ANY=[], 0x0) r3 = syz_io_uring_complete(0x0) setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000000180)={0x8, @local, 0x4e23, 0x2, 'rr\x00', 0x3c, 0x3, 0x63}, 0x2c) r4 = fsopen(&(0x7f0000000000)='iso9660\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) setsockopt$MRT_PIM(r3, 0x0, 0xcf, &(0x7f0000000240)=0x2, 0x4) r5 = fsmount(r4, 0x1, 0x0) fchdir(r5) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) write$cgroup_pressure(r5, &(0x7f00000001c0)={'full', 0x20, 0x2, 0x20, 0xffffffff}, 0x2f) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) 50.008197229s ago: executing program 32 (id=58): r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000380)=ANY=[], 0x0) r3 = syz_io_uring_complete(0x0) setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000000180)={0x8, @local, 0x4e23, 0x2, 'rr\x00', 0x3c, 0x3, 0x63}, 0x2c) r4 = fsopen(&(0x7f0000000000)='iso9660\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) setsockopt$MRT_PIM(r3, 0x0, 0xcf, &(0x7f0000000240)=0x2, 0x4) r5 = fsmount(r4, 0x1, 0x0) fchdir(r5) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) write$cgroup_pressure(r5, &(0x7f00000001c0)={'full', 0x20, 0x2, 0x20, 0xffffffff}, 0x2f) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) 37.540619193s ago: executing program 1 (id=95): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4) r2 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'vxcan1\x00', {0x2, 0x4e20, @local}}) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xde}], 0x1}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="7ab673863c3e0b3dadb2a112370d7a38c27f9ad981c045bd1f6be4e120e5adc61b14507dcfdbf3578f", @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=r2], 0x34c}, 0x1, 0x0, 0x0, 0xd1}, 0x4000014) 30.047775829s ago: executing program 1 (id=95): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4) r2 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'vxcan1\x00', {0x2, 0x4e20, @local}}) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xde}], 0x1}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="7ab673863c3e0b3dadb2a112370d7a38c27f9ad981c045bd1f6be4e120e5adc61b14507dcfdbf3578f", @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=r2], 0x34c}, 0x1, 0x0, 0x0, 0xd1}, 0x4000014) 23.718212279s ago: executing program 1 (id=95): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4) r2 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'vxcan1\x00', {0x2, 0x4e20, @local}}) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xde}], 0x1}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="7ab673863c3e0b3dadb2a112370d7a38c27f9ad981c045bd1f6be4e120e5adc61b14507dcfdbf3578f", @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=r2], 0x34c}, 0x1, 0x0, 0x0, 0xd1}, 0x4000014) 16.418654497s ago: executing program 1 (id=95): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4) r2 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'vxcan1\x00', {0x2, 0x4e20, @local}}) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xde}], 0x1}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="7ab673863c3e0b3dadb2a112370d7a38c27f9ad981c045bd1f6be4e120e5adc61b14507dcfdbf3578f", @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=r2], 0x34c}, 0x1, 0x0, 0x0, 0xd1}, 0x4000014) 15.010079907s ago: executing program 0 (id=691): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0xffea, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 15.009706899s ago: executing program 0 (id=693): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="02"], 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r5, 0x2, 0x0, 0x80000001, &(0x7f0000000200)=[0x0], 0x13, 0x0, 0xfffffffffffffffd, 0x0, 0x0}, 0x61) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r7, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 14.896580936s ago: executing program 0 (id=695): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (fail_nth: 38) 14.707757975s ago: executing program 0 (id=698): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff0200000000000000000000000000010000000000000000000000000000000085ffffffffffffff860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 9.577348521s ago: executing program 1 (id=95): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4) r2 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'vxcan1\x00', {0x2, 0x4e20, @local}}) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xde}], 0x1}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="7ab673863c3e0b3dadb2a112370d7a38c27f9ad981c045bd1f6be4e120e5adc61b14507dcfdbf3578f", @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=r2], 0x34c}, 0x1, 0x0, 0x0, 0xd1}, 0x4000014) 9.256236173s ago: executing program 0 (id=698): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff0200000000000000000000000000010000000000000000000000000000000085ffffffffffffff860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 1.99937493s ago: executing program 1 (id=95): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4) r2 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'vxcan1\x00', {0x2, 0x4e20, @local}}) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xde}], 0x1}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="7ab673863c3e0b3dadb2a112370d7a38c27f9ad981c045bd1f6be4e120e5adc61b14507dcfdbf3578f", @ANYRES16=r0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=r2], 0x34c}, 0x1, 0x0, 0x0, 0xd1}, 0x4000014) 1.503241836s ago: executing program 0 (id=698): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff0200000000000000000000000000010000000000000000000000000000000085ffffffffffffff860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 1.460223892s ago: executing program 4 (id=750): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x4000000, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1.459972168s ago: executing program 4 (id=751): r0 = socket$kcm(0x10, 0x2, 0x0) timer_create(0x2, &(0x7f00000000c0)={0x0, 0x25, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, &(0x7f0000000180)) timer_getoverrun(r1) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x8000000, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.400308414s ago: executing program 4 (id=753): sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2402c010}, 0x20000040) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) r0 = io_uring_setup(0x3569, &(0x7f00000000c0)={0x0, 0xa2bd, 0x0, 0x0, 0xe8}) r1 = io_uring_setup(0x67bb, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x0, 0x0, r0}) r2 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000140)) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000180)={@multicast2, @dev={0xac, 0x14, 0x14, 0x2d}, 0x1, 0x1, [@private=0xa010101]}, 0x14) io_uring_enter(r1, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, 0x0, 0x0) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) 1.048178151s ago: executing program 3 (id=762): ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000080)=0x80) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x1, 0x203, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x10001, 0x9, 0x10000000, 0x0, 0x20}, 0x1}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x401) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000840)={0x0, 0x0, 0x31b}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340)) r4 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000040)={0x1, r4}) mmap$dsp(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000000, 0x30, r4, 0x0) 949.377096ms ago: executing program 3 (id=763): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_virtio(0x0, 0x0, 0x0, 0x800040, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d76697274696f2c6e6f78617474722c756e616d653d5e2c6e6f657874656e642c64656275671d3078303030303030303030303030303030362c6163636573733d757365722c63616368653d6c6f6f7365"]) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xe8c}, 0x2a, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', 'load '}, 0x1a, 0xffffffffffffffff) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4\n\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|') 889.789125ms ago: executing program 3 (id=764): r0 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="a905000000007464000100000000000000e5c06417e436a106993e1e5ad8311dabcd25ca", 0x24}], 0x1}}], 0x1, 0x24000004) (async, rerun: 32) r1 = syz_open_dev$swradio(&(0x7f0000002440), 0x1, 0x2) (rerun: 32) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000d80)="0000000000000001ff6943b80000000800000028f2000000008607000000ebcd1f63dd65dd530700a28f2cbf86f474fad8cb594ed9fabe9ec277bb8d", 0x3c, r2) (async) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000002680)={0x18000000, 0x5}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@allocspi={0x104, 0x16, 0x1, 0x70bd26, 0x25dfdbff, {{{@in6=@mcast2, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x4e20, 0x0, 0x4e23, 0x8, 0xa, 0x20, 0xa0, 0x2f, 0x0, 0xffffffffffffffff}, {@in=@remote, 0x4d2, 0x33}, @in=@remote, {0xfffffffffffffff8, 0x3, 0x3ec, 0x2, 0x7, 0x6, 0xe, 0x8}, {0xe374, 0xfffffffffffffffc, 0x6, 0xf377}, {0x7f, 0x0, 0x2}, 0x70bd2c, 0x3504, 0x2, 0x2, 0x2}, 0x0, 0x1b1d}, [@lastused={0xc, 0xf, 0xfffffffffffffff8}]}, 0x104}, 0x1, 0x0, 0x0, 0x4004000}, 0x40040c0) 889.509343ms ago: executing program 3 (id=765): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd, 0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x800}]}}]}, 0x38}}, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0xfc, 0x0, 0x1, 0xffffffff}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) 328.927838ms ago: executing program 4 (id=766): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'bond_slave_0\x00', 0x0}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000140)) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffe3}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_ECN={0x8}]}}]}, 0x3c}}, 0x20000004) getsockopt$inet_tcp_int(r1, 0x6, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x8}, &(0x7f00000000c0)=0x8) 270.040658ms ago: executing program 4 (id=767): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) (async) r1 = epoll_create(0xe1) (async) syz_emit_ethernet(0x0, 0x0, 0x0) (async) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x2}}}}]}, 0x40}}, 0x4080) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x20000006}) 210.24542ms ago: executing program 4 (id=768): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r4) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000240)={0x30, r5, 0x503, 0x70bd2a, 0x25cfdbfe, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0xf, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0xaf6}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 336.987µs ago: executing program 3 (id=769): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x8040000, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 0s ago: executing program 3 (id=770): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/asound/timers\x00', 0x0, 0x0) preadv(r1, &(0x7f0000004ec0)=[{&(0x7f0000000180)=""/79, 0x4f}], 0x1, 0x0, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x20, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) r6 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$FBIOPUT_CON2FBMAP(r6, 0x4610, &(0x7f0000000180)={0x1}) (async) ioctl$FBIOPUT_CON2FBMAP(r6, 0x4610, &(0x7f0000000000)={0x1, 0x1}) (async, rerun: 32) syz_extract_tcp_res(&(0x7f0000000000)={0x41424344}, 0x5, 0x3ff) (rerun: 32) write$tun(r1, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @void, @ipv4=@tcp={{0x39, 0x4, 0x1, 0x2b, 0x111c, 0x65, 0x0, 0x2, 0x6, 0x0, @local, @private=0x5, {[@noop, @cipso={0x86, 0xe, 0x2, [{0x1, 0x8, "b96c99d85e31"}]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x34, 0xe8, 0x3, 0xa, [{@empty, 0x800}, {@broadcast, 0xea1}, {@private=0xa010100, 0x998d}, {@multicast1, 0xf}, {@local, 0xaf0}, {@local, 0x5}]}, @lsrr={0x83, 0xb, 0xdd, [@dev={0xac, 0x14, 0x14, 0x25}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @end, @noop, @cipso={0x86, 0x16, 0x3, [{0x2, 0x10, "ca96a038d39e0241a371238a250c"}]}, @cipso={0x86, 0x53, 0x0, [{0x2, 0x11, "ee8aa776e651f28c5ac802fea2bf38"}, {0x7, 0xb, "4b6cd38438189b28e1"}, {0x2, 0x12, "fee6c8c08b49c0dded653d75c0a024c5"}, {0x5, 0x12, "a9990206001e23f6f2b4e7ec3d5da710"}, {0x2, 0xd, "bfa21aa1bdeb18b38d6638"}]}, @rr={0x7, 0x13, 0xc9, [@broadcast, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1, @loopback]}]}}, {{0x4e20, 0x4e20, 0x41424344, r7, 0x1, 0x0, 0xe, 0x2, 0x81, 0x0, 0x2, {[@exp_smc={0xfe, 0x6}, @exp_smc={0xfe, 0x6}, @md5sig={0x13, 0x12, "34f74f2bf41a965214d5e16ff10ad995"}, @window={0x3, 0x3, 0x1}]}}, {"64e282fec82703ce2eb4442dad2da5119c1f88b1a284032249a4b940fc927698e5f8dc6cdf224944fd60b4d262b38703cc05fc3f6b0c5227e27fd0646625a1d35b100b29971b94678becfe00ec9e8e43da642fd6f30ab0730494ac04e6d93d66ec509edc0508d3470349b3f568dafd33d44b39fc8f10348a2448b050bfe1d8dca7da263af0918d74e2a2b919b5648c2c92f578cd7150d0b9e7be3b74593d74c5ba29a742f8d01ee60d891a2706ab6d0b7d07d52228ef5b664f461019c8487ee6c055101ed09b1cac9060d5967024e9fb82756292dbe3ce2b13a5442687be17189881a2f3718e2b34e1d5b56e8f4760848adb93a9373466b76ebea1ff508dbbd7198f2aedf62ffe2cc56ffc9eb7c5786554d5698fdd281d547859174487c5ca1588d8d26338ad27efb154af12be1e21a4d116acd460d43a3d8facf58b4671b190428b1dd671cd84041ac674fc2cdac84a5af8546d42e44f0642f1306f3881a39aa4de3e8db5035ce35d6391d7dcddd651e15aeab78d977bb8e76ae1f82fbdc09c9f6419def9216ff955d478dfafba9a872c37ddd268437cd88395d77190519bfa1cfe6a159c61abb91e09a289e033fc1ff4ff7f73c6ed31fb94319b4c61cbedf8b31cce0735b9835f444f77eef4c369d1186bee17be89a8b6b9f0337f82f1161555c1001a57fd2c44f8b449ef7a15487ba87b985dae38ff133bff397e9c92f1fa7c40c57a5141c02f80bc391789ec279fccf6dfa77b62c855b0148e3f8a825e75c62886414333401f8bf98a6532e5ca3ec5d5e6f2a1646bfa91b1ceacb283facf0197515be04909318cbaa1102199868672b17d28af06502b5e4036fda283fb2d2cdcf71d9446b27dba861fdd9dde933fba2c90e012b926a58816a48e6a5375bc49bdc7c9dad6dc79199b3d44abb7c18da29ba385ea4b4851782539df05508df698386074eefdab08c48196c3101e94755f4cd45e1f4cd4b04dca0d88621d99e86f92db847c9a353445472603265fffc243ec195d176a43a7a7f59f36d0cc9f11ab3fa6dfa84cfd8a587209e9e30e1da80bce8e726b27b714033428a32defda03a550be912dcc1f0c9d5527402a0a9d6e025263ed69ada70f7690d6026008d2e7f5dc15af43980f58b685abfe63737de1ea28ba6225115e53c4d01f11244afe63c068c85780cc994cd0461f5ef4130785aa94408990470077ef2eb9f29ddc70a0169c9f7357ae32169b5bdfeec31ae85003956bd446b19a2bd7d1cba7a267f31c188d90c98e39a8d7f9382962ad8bf847d2f692289e15146b260f2783b65c470318bf7114526f506317ed2265b9ce9be7eeeda5a3593d04eefaf5f0cf45b3b938549eda8a617c303213dfa2ea66396e7a435a4a691cf7521c9f263f56c1e7fb9e265dcb137f8764997c20d54ef06a53cc4889110f232424812030e4993a7e093aa675e32ad416e0d51da5bd08d6290ecf0324c4857e5ec8b33d38a2890b1702518bd05a99a7ed0cec5eed7fcac5cadaeb52e4f3d339eb4ec848ea042def7a88d3a2eb43115f515657070ebf9a276dc6a7df58c5768f80e0d44c09c5bcf1e50d84c56f0e92ca50778033294643dec57c3d96f5441ad61f04e32a299b6970218fae788ad7af0886d125246237fe8d6da5b9f1fe7f312df9343988c8e4dce6a75af9de24527372a747a126c720481d3ce3b9b495e7211aa39aafa44debc4e8b4fcc8c4e50a39e90cbbbe751ad38dadd8f37465e57fec438822b848b86d0c3ddcf5b8380b232540f9716cb8dc6beb0d82749d39c9e2b55ec7d8ddbeb5ffda9f7e61ec04a8fd000cce2de902b6f4f4b8cff468867bd40377a9c62ea02a2e20266f117e62dfa9401fb4930dfb643cc9e80ad9463ea52e7203eb95b4e2fe234f9665db852af8c49c203676a73b52d3e83b0d2293a1305dae391766598b30b1ec8902706cf79de9f242af8d7e2a734af0c68f540fd7285d783f7160ed110a2ba64bb1ac7219aba587b2e578bb69d627ffddee027ad732ecfdc167d995f543745b498bd16522b95500fec7460480a827d8efee2c048e1fade2bb721f36d0e0babe258edcfa5654093fd04db9350b843baedfd105ff5d30ba50eb8338939040c176f4a1f50c01f5ae0d26ec5f1cf0711b1a983523c8aeca33c23a5465977bdf60214855858d5dabdd3524af2bf0cae01bb9a83b664fd9a94b573d10bc27dff28539a7720749066006367fa7dbda0d4315945994ea55d8ad48c53872d132343bbafdb0e3a9ffa409b8adf9678412d5b74d13baea31230f3c07e7c144b796d71feb0e674547c909845b31c41aed83ff4939881698d17490bb2268510b63cbb7cdfc5608c9e0dfe031c104664c5ebfda90d4f170259dfe570d7fde7300aec1a56e03177965c1a5661a444c4e17bee1a3b5dd9bc81032b0bee730e581df9c920e466418befc72f2749cb2773332f3536016239983a2cb73ef9a6edf5ed530e45ea6eeacd06f807d8a35e0c2d6bca95cf5c83f4fe49a5be60a8127db075b25e8e5d54d01c2f22f02ec003ea66a81f68b5f9b287d5e2b0f3a2245cdf8d9bf5ed03eb5a5036ea4032a35e4e33563f9cf3141b28033129be66d2e854d49bea16024927b4f52704f4d2260fcd288bea9de890e9f26c77f2581e2c987be1775d24542c7d592ec921bd735cc0c3c14b6ee2dba4dcb13a4dd5cadce45dd87d3da8b488eae2d695ff72816345339fc421ce4185e2ff396e561e10f1e840ea3c5f0fc0140bdfee06b564babc7f71ba99f15e9a8e91379563f259cf963d5c3c97d63b4704a1155a2679e397c2a4da8da73950e5dc70659362aa7120c4a1bd115f2e9941f045d8cbd6f4b2f15e41e952221c4d69099ba86a5cb9ad2ea57b07632a129b0529fa0692489dab5007da0608226a34d5fa6900cae3cefeff7bd2199e3f91889b8c66b19594e0b3b26658e2b849d4592f569547a6485d573a4615bf034cfb89c8c6072032975d507a7e863dc9373351ebd5195ae95e7879317fced94be0ddd23405a696fc16e1c05b2de8ea7bde3c6a0c20f23e28e3a28f86bb0df18647a2572150cadd305bb16e5a5b32f4b13077bb66556d1c3c1c3f4e17defe19cff34b5ee164d99e9f147c90ae1b4273dbc9d2d740ed7f80a119b55886fba04ff026ae3cc807f09ff87be846d6503e831f58d98513870944addb8ff70ae0de570112b7ef8d9149403af3ef388f2ed7bdcd67b3e4753fa95317d2e95e82e6cf29e73952272983507be9e1e315c775072f4c381b8e891f5547e05ed990d65bf65d04603053fdf6eecf4256c3962e16b59d311172c0cdc19dd8fb3dcf1d7ae1600fd0ae2737677540f422634f455f02e973bb20b8c61f88228b2520d0f30eeb2698ab89ace5b06a226e3af58dab79503fd2b3a288fd4af9ff592ec1f9a2b3fd5245b9f96a2247000c5c9e6fcdf2b22a194c34dc874f4a457bf2d061857fd53d3397c95d2a8dbdaf8d1201532124104deebb424bedd947725ecc0b0716c4aecab3be654316f72b7d5ac8af7a4b62cbd3bc74013b8591187cd4b1ca3651a323babe07004d019e1dfe69dfdaad5e016a40147e1b32e0f965708082be8102003a676fc1fa2c678408810f8769dd47941af26879b3d887fca5babae5efdc3ba2abf4d143b7227362933a24bf7e6a3261537b3673f44db116306e6c7231fcd7e46acfd3d6fc5faab4b103aa59bfffe0c06bbcdab221ecfb9031031dbb40dc007dfaca0a5c9dcdcbcde0199ec4c3b2cc20fae8f12ebb15be72e0296afd4209f48d274b79ce02553b2489a1bb94fe0f85bc091ce01a8f9e528988ec57a294ebb6f848d7e91c99205640155175ae8a2db1ffee5b6b0ccf0caf0662c6fa667089dc6293df173aac102e21eeee194ae2ecd761f297b52f8c91bd23182dab83ac51f9c22dd9d532cbb382b6f1e34a051d8ba4bbfe56af7f4777f867f37b0a95fc19eb65e05859d4616681c26e3f1f1f972b11a02b7ceb4b8bccf3b8617801b0a11f25ce9fcb4258a062155004a64aa361c8230202da87e09c90a786e99c7ed28afe513d5221d24796ac2d4eb789be977611355703428d914eb0442ff45a66b23c995e73a72ad6c1fb84041523918ef79d33e1d7e2f1f95684b94c44dd45518f139d43a28cf136059efb79bc79dee8bd5415a022a3ecd8badf8515f8e6178aa6d2bd2cf0ad691cb0c8b6c5c9fec9d07a05d431160b224b943d51e675d837dc9acf5b20c0eb04e416866be26f609535356bfe3545c2c3a1cadd351d691bee37381cec9f9b6f44dd6f28e6c40433147a39f37a44bbfc37160a0f4302dd0c6dd62a76930b79e931fe78cc7205b607708d1bf92d3dfba3cf139c204f3fc944bd0b1a26adffc07adf3b408ea2b42f25cc30a12aec81f1a24c4f538435f33ddce96814e9c37b46ccb0e1882d9e2eb575536c597fd90fbb8d669fed7a77a592bf380c6d1878216fce730477cda6345cb103e1c09f843d69760fa49aaa7370a9dfde876ed3d8d69ddcc435a078f81bef8f01f4cfe9560ea71db3652a434001aa2ad6412aba2bfa1af277b3d50a8a49d70c80713aa6c38d88bd882b4e9db45706cd1c75214616422be0058ee962091fd68f770ca05d9b8c2ba9dc33af2c44ded288db82874f608b5c813c91b4101859971ac7832547929898b84f6f5d0d8b704ce08ac70f25ba628d83d543bf2a6583183e720c50583892e9c5544ebd757b78688d01e70d95d58fc1dacaf9bfbc5e712eb75df7ee070e0ff258200eb7d23bc5dc4cd15fecf324aeafdb778f0b0716fce51116fe75a08e7f79ad7c3038f025f612308ff968635b4ee013d74b01540c4a03d1ce57a3983a284cecb9be9034b16ea5c4b2b482efb542cd34b858450cbfd375502a81e936f6dad97854a4d231208f057bfdd48fce4a9350d8effb0bd6609ec933d96db73bef830d5d700902855eaa3e216342adc3f53724a3944a16c2a1d97a984c14125537fe352dd95c0392be5dfd2be0f6204d913e091cefd1c29aa60158a17198e69cef832f3969e7614936114fbea57e55e264933601c5002813c3457f06c0f4dce356c06dbfdf79810110eb6b500b1cdbbb78f97dfeb96ac52967dae8fdb237530bcb2b42957c85d6e4d9c78d0cfe9604ca96997f47359f37ae963008f0b71b435747e09ad6f1719e4e09f3f952e7316508ac0858bb9be4fcaaf5dbfd92cd9be2859156e2bf27737b5083d58eb0dce87e4197fa932c17fa4d32e8d084620563ef6f61b6f519740bec8affeda05eb84f6bacb23da79a69dcd2606fe5f458e8475458de0610c778dd75837c035df13046863f6d5f517051e7d6a8b9ab5b321333d231f16ead34582ee49a334bb9492fbae7eb3bc5caf96389d50bbe9ddcff10b0ef765c485bcc821a2512ac402c2ef29c530286fa8596fd3ef1fb830d1dd03fd025296fed40ce2d039dec6ada129b8be24ae32582a0733eb8db8a20f77ad25cbb6a674794a35a3268971a083a63b4803986c38727ac8f2730a5ff4e70d2549023eda7632f41cea6829cb32ee32083b7b630fdc9d564701aa0ac03d122226b5f47999d9b95ddacfa596a68235e58ff89cb21c8156321adb8e72fc9c1b28cecb8caef7c518a52c32adfdc7908b52d65b1f267141e01926c988f130377e50ec74d2dfffa2c2beb23da92dd08667216744240aabf97be19f8027a2171cd7fd52c58d3dec057aa3c0b3ef22c88175f701df696139774ce93559c9d3ba47db8abe3db08f1dec6153e1fae35bb058ab409cad3908f3a19bd113bc78de085b16574059cb9d832958457f5aff"}}}}, 0x1120) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@release={0x4008630a, 0x3}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.625703][ T7772] Call Trace: [ 84.625708][ T7772] [ 84.625715][ T7772] dump_stack_lvl+0x16c/0x1f0 [ 84.625745][ T7772] should_fail_ex+0x512/0x640 [ 84.625768][ T7772] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 84.625796][ T7772] should_failslab+0xc2/0x120 [ 84.625818][ T7772] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 84.625843][ T7772] ? vfs_parse_fs_string+0xc3/0x150 [ 84.625870][ T7772] kmemdup_nul+0x49/0xf0 [ 84.625896][ T7772] vfs_parse_fs_string+0xc3/0x150 [ 84.625920][ T7772] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 84.625949][ T7772] ? ovl_next_opt+0x143/0x1c0 [ 84.625966][ T7772] ? __pfx_ovl_next_opt+0x10/0x10 [ 84.625983][ T7772] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 84.626009][ T7772] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 84.626032][ T7772] ? alloc_fs_context+0x59b/0x9c0 [ 84.626058][ T7772] path_mount+0x13cd/0x2020 [ 84.626086][ T7772] ? kmem_cache_free+0x2d1/0x4d0 [ 84.626105][ T7772] ? __pfx_path_mount+0x10/0x10 [ 84.626131][ T7772] ? putname+0x154/0x1a0 [ 84.626154][ T7772] __x64_sys_mount+0x28d/0x310 [ 84.626187][ T7772] ? __pfx___x64_sys_mount+0x10/0x10 [ 84.626220][ T7772] do_syscall_64+0xcd/0x4c0 [ 84.626252][ T7772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.626269][ T7772] RIP: 0033:0x7f174d58e929 [ 84.626280][ T7772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.626296][ T7772] RSP: 002b:00007f174e3db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 84.626310][ T7772] RAX: ffffffffffffffda RBX: 00007f174d7b5fa0 RCX: 00007f174d58e929 [ 84.626322][ T7772] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 84.626333][ T7772] RBP: 00007f174e3db090 R08: 0000200000000100 R09: 0000000000000000 [ 84.626344][ T7772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 84.626355][ T7772] R13: 0000000000000000 R14: 00007f174d7b5fa0 R15: 00007fffe6fb61e8 [ 84.626377][ T7772] [ 84.851419][ T7797] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (8), value rounded to 0 ms [ 84.975726][ T7815] FAULT_INJECTION: forcing a failure. [ 84.975726][ T7815] name failslab, interval 1, probability 0, space 0, times 0 [ 84.979995][ T7815] CPU: 0 UID: 0 PID: 7815 Comm: syz.3.492 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 84.980017][ T7815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.980027][ T7815] Call Trace: [ 84.980032][ T7815] [ 84.980039][ T7815] dump_stack_lvl+0x16c/0x1f0 [ 84.980082][ T7815] should_fail_ex+0x512/0x640 [ 84.980103][ T7815] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 84.980130][ T7815] should_failslab+0xc2/0x120 [ 84.980153][ T7815] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 84.980176][ T7815] ? rcu_is_watching+0x12/0xc0 [ 84.980193][ T7815] ? ovl_parse_param+0x6ac/0x1570 [ 84.980214][ T7815] kstrdup+0x53/0x100 [ 84.980236][ T7815] ovl_parse_param+0x6ac/0x1570 [ 84.980258][ T7815] ? __pfx_ovl_parse_param+0x10/0x10 [ 84.980275][ T7815] ? trace_kmalloc+0x2b/0xd0 [ 84.980296][ T7815] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 84.980319][ T7815] ? static_key_count+0x5a/0x70 [ 84.980334][ T7815] ? __pfx_ovl_parse_param+0x10/0x10 [ 84.980349][ T7815] vfs_parse_fs_param+0x208/0x3c0 [ 84.980372][ T7815] vfs_parse_fs_string+0xe9/0x150 [ 84.980394][ T7815] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 84.980427][ T7815] ? ovl_next_opt+0x143/0x1c0 [ 84.980448][ T7815] ? __pfx_ovl_next_opt+0x10/0x10 [ 84.980464][ T7815] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 84.980488][ T7815] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 84.980512][ T7815] ? alloc_fs_context+0x59b/0x9c0 [ 84.980538][ T7815] path_mount+0x13cd/0x2020 [ 84.980561][ T7815] ? kmem_cache_free+0x2d1/0x4d0 [ 84.980576][ T7815] ? __pfx_path_mount+0x10/0x10 [ 84.980600][ T7815] ? putname+0x154/0x1a0 [ 84.980625][ T7815] __x64_sys_mount+0x28d/0x310 [ 84.980648][ T7815] ? __pfx___x64_sys_mount+0x10/0x10 [ 84.980678][ T7815] do_syscall_64+0xcd/0x4c0 [ 84.980705][ T7815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.980723][ T7815] RIP: 0033:0x7f389878e929 [ 84.980737][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.980755][ T7815] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 84.980773][ T7815] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 84.980784][ T7815] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 84.980795][ T7815] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 84.980806][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 84.980816][ T7815] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 84.980839][ T7815] [ 85.081144][ T40] audit: type=1400 audit(1751382424.256:400): avc: denied { unmount } for pid=6789 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 85.468576][ T7860] FAULT_INJECTION: forcing a failure. [ 85.468576][ T7860] name failslab, interval 1, probability 0, space 0, times 0 [ 85.472531][ T7860] CPU: 1 UID: 0 PID: 7860 Comm: syz.3.505 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 85.472546][ T7860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.472553][ T7860] Call Trace: [ 85.472557][ T7860] [ 85.472561][ T7860] dump_stack_lvl+0x16c/0x1f0 [ 85.472580][ T7860] should_fail_ex+0x512/0x640 [ 85.472594][ T7860] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 85.472610][ T7860] should_failslab+0xc2/0x120 [ 85.472625][ T7860] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 85.472640][ T7860] ? rcu_watching_snap_stopped_since+0x101/0x110 [ 85.472654][ T7860] ? ovl_parse_param+0x6f0/0x1570 [ 85.472667][ T7860] kstrdup+0x53/0x100 [ 85.472681][ T7860] ovl_parse_param+0x6f0/0x1570 [ 85.472694][ T7860] ? __pfx_ovl_parse_param+0x10/0x10 [ 85.472704][ T7860] ? trace_kmalloc+0x2b/0xd0 [ 85.472719][ T7860] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 85.472734][ T7860] ? static_key_count+0x5a/0x70 [ 85.472745][ T7860] ? __pfx_ovl_parse_param+0x10/0x10 [ 85.472756][ T7860] vfs_parse_fs_param+0x208/0x3c0 [ 85.472772][ T7860] vfs_parse_fs_string+0xe9/0x150 [ 85.472786][ T7860] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 85.472805][ T7860] ? ovl_next_opt+0x143/0x1c0 [ 85.472815][ T7860] ? __pfx_ovl_next_opt+0x10/0x10 [ 85.472824][ T7860] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 85.472839][ T7860] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 85.472855][ T7860] ? alloc_fs_context+0x59b/0x9c0 [ 85.472872][ T7860] path_mount+0x13cd/0x2020 [ 85.472888][ T7860] ? kmem_cache_free+0x2d1/0x4d0 [ 85.472900][ T7860] ? __pfx_path_mount+0x10/0x10 [ 85.472917][ T7860] ? putname+0x154/0x1a0 [ 85.472959][ T7860] __x64_sys_mount+0x28d/0x310 [ 85.472976][ T7860] ? __pfx___x64_sys_mount+0x10/0x10 [ 85.472992][ T7860] ? getname_flags.part.0+0x1c5/0x550 [ 85.473005][ T7860] do_syscall_64+0xcd/0x4c0 [ 85.473021][ T7860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.473032][ T7860] RIP: 0033:0x7f389878e929 [ 85.473041][ T7860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.473052][ T7860] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.473062][ T7860] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 85.473068][ T7860] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 85.473074][ T7860] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 85.473080][ T7860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.473086][ T7860] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 85.473099][ T7860] [ 85.574584][ T7851] /dev/sr0: Can't open blockdev [ 85.661696][ T40] audit: type=1400 audit(1751382424.836:401): avc: denied { watch watch_reads } for pid=7869 comm="syz.3.509" path="/171/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 85.702897][ T40] audit: type=1400 audit(1751382424.876:402): avc: denied { unmount } for pid=5944 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 85.706413][ T7875] overlay: Unknown parameter 'dont_appraise' [ 85.770098][ T75] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.139608][ T6460] usb 5-1: USB disconnect, device number 7 [ 86.458570][ T7888] FAULT_INJECTION: forcing a failure. [ 86.458570][ T7888] name failslab, interval 1, probability 0, space 0, times 0 [ 86.463751][ T7888] CPU: 1 UID: 0 PID: 7888 Comm: syz.3.516 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 86.463768][ T7888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.463775][ T7888] Call Trace: [ 86.463779][ T7888] [ 86.463783][ T7888] dump_stack_lvl+0x16c/0x1f0 [ 86.463815][ T7888] should_fail_ex+0x512/0x640 [ 86.463831][ T7888] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 86.463848][ T7888] should_failslab+0xc2/0x120 [ 86.463863][ T7888] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 86.463878][ T7888] ? ovl_mount_dir+0x26/0x1f0 [ 86.463890][ T7888] kstrdup+0x53/0x100 [ 86.463904][ T7888] ovl_mount_dir+0x26/0x1f0 [ 86.463915][ T7888] ovl_parse_param+0xdaf/0x1570 [ 86.463928][ T7888] ? __pfx_ovl_parse_param+0x10/0x10 [ 86.463939][ T7888] ? trace_kmalloc+0x2b/0xd0 [ 86.463954][ T7888] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 86.463969][ T7888] ? static_key_count+0x5a/0x70 [ 86.463980][ T7888] ? __pfx_ovl_parse_param+0x10/0x10 [ 86.463991][ T7888] vfs_parse_fs_param+0x208/0x3c0 [ 86.464007][ T7888] vfs_parse_fs_string+0xe9/0x150 [ 86.464021][ T7888] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 86.464040][ T7888] ? ovl_next_opt+0x143/0x1c0 [ 86.464050][ T7888] ? __pfx_ovl_next_opt+0x10/0x10 [ 86.464059][ T7888] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 86.464075][ T7888] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 86.464091][ T7888] ? alloc_fs_context+0x59b/0x9c0 [ 86.464108][ T7888] path_mount+0x13cd/0x2020 [ 86.464124][ T7888] ? kmem_cache_free+0x2d1/0x4d0 [ 86.464136][ T7888] ? __pfx_path_mount+0x10/0x10 [ 86.464157][ T7888] ? putname+0x154/0x1a0 [ 86.464182][ T7888] __x64_sys_mount+0x28d/0x310 [ 86.464207][ T7888] ? __pfx___x64_sys_mount+0x10/0x10 [ 86.464237][ T7888] do_syscall_64+0xcd/0x4c0 [ 86.464262][ T7888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.464280][ T7888] RIP: 0033:0x7f389878e929 [ 86.464295][ T7888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.464312][ T7888] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.464329][ T7888] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 86.464340][ T7888] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 86.464350][ T7888] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 86.464361][ T7888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 86.464370][ T7888] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 86.464393][ T7888] [ 86.566666][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.571080][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.577442][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.581431][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.586025][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.658369][ T7908] netlink: 72 bytes leftover after parsing attributes in process `syz.3.521'. [ 86.701499][ T7908] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 86.705745][ T7893] chnl_net:caif_netlink_parms(): no params data found [ 86.789596][ T7893] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.793639][ T7893] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.795996][ T7893] bridge_slave_0: entered allmulticast mode [ 86.798619][ T7893] bridge_slave_0: entered promiscuous mode [ 86.801601][ T7893] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.803983][ T7893] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.806918][ T7893] bridge_slave_1: entered allmulticast mode [ 86.810732][ T7893] bridge_slave_1: entered promiscuous mode [ 86.847240][ T7916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.523'. [ 86.852645][ T7893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.862400][ T7893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.867023][ T40] audit: type=1400 audit(1751382426.046:403): avc: denied { getattr } for pid=7915 comm="syz.3.523" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=19426 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 86.898790][ T7893] team0: Port device team_slave_0 added [ 86.905658][ T7893] team0: Port device team_slave_1 added [ 86.926932][ T34] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 86.936897][ T40] audit: type=1400 audit(1751382426.116:404): avc: denied { mount } for pid=7917 comm="syz.4.524" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 86.945377][ T5933] Bluetooth: hci4: unexpected event 0x34 length: 3 < 6 [ 86.949445][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.951675][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.959883][ T7893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.964141][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.966357][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.975144][ T7893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.986742][ T40] audit: type=1400 audit(1751382426.166:405): avc: denied { connect } for pid=7922 comm="syz.3.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 86.994405][ T40] audit: type=1400 audit(1751382426.166:406): avc: denied { write } for pid=7922 comm="syz.3.526" path="socket:[21914]" dev="sockfs" ino=21914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 87.024654][ T7893] hsr_slave_0: entered promiscuous mode [ 87.026906][ T7893] hsr_slave_1: entered promiscuous mode [ 87.084929][ T34] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 87.088372][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.091392][ T34] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 87.096843][ T34] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 87.099710][ T34] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 87.102253][ T34] usb 5-1: Manufacturer: syz [ 87.106559][ T34] usb 5-1: config 0 descriptor?? [ 87.111620][ T34] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 87.291357][ T7936] FAULT_INJECTION: forcing a failure. [ 87.291357][ T7936] name failslab, interval 1, probability 0, space 0, times 0 [ 87.295387][ T7936] CPU: 3 UID: 0 PID: 7936 Comm: syz.3.531 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 87.295402][ T7936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.295409][ T7936] Call Trace: [ 87.295413][ T7936] [ 87.295418][ T7936] dump_stack_lvl+0x16c/0x1f0 [ 87.295441][ T7936] should_fail_ex+0x512/0x640 [ 87.295455][ T7936] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 87.295470][ T7936] should_failslab+0xc2/0x120 [ 87.295485][ T7936] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 87.295498][ T7936] ? trace_kmalloc+0x2b/0xd0 [ 87.295522][ T7936] ? getname_kernel+0x52/0x370 [ 87.295543][ T7936] getname_kernel+0x52/0x370 [ 87.295559][ T7936] kern_path+0x1d/0x50 [ 87.295572][ T7936] ovl_mount_dir+0x13e/0x1f0 [ 87.295585][ T7936] ovl_parse_param+0xdaf/0x1570 [ 87.295598][ T7936] ? __pfx_ovl_parse_param+0x10/0x10 [ 87.295609][ T7936] ? trace_kmalloc+0x2b/0xd0 [ 87.295623][ T7936] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 87.295638][ T7936] ? static_key_count+0x5a/0x70 [ 87.295649][ T7936] ? __pfx_ovl_parse_param+0x10/0x10 [ 87.295660][ T7936] vfs_parse_fs_param+0x208/0x3c0 [ 87.295677][ T7936] vfs_parse_fs_string+0xe9/0x150 [ 87.295691][ T7936] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 87.295710][ T7936] ? ovl_next_opt+0x143/0x1c0 [ 87.295720][ T7936] ? __pfx_ovl_next_opt+0x10/0x10 [ 87.295729][ T7936] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 87.295745][ T7936] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 87.295761][ T7936] ? alloc_fs_context+0x59b/0x9c0 [ 87.295778][ T7936] path_mount+0x13cd/0x2020 [ 87.295794][ T7936] ? kmem_cache_free+0x2d1/0x4d0 [ 87.295806][ T7936] ? __pfx_path_mount+0x10/0x10 [ 87.295823][ T7936] ? putname+0x154/0x1a0 [ 87.295844][ T7936] __x64_sys_mount+0x28d/0x310 [ 87.295866][ T7936] ? __pfx___x64_sys_mount+0x10/0x10 [ 87.295887][ T7936] ? getname_flags.part.0+0x1c5/0x550 [ 87.295900][ T7936] do_syscall_64+0xcd/0x4c0 [ 87.295917][ T7936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.295928][ T7936] RIP: 0033:0x7f389878e929 [ 87.295937][ T7936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.295947][ T7936] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.295957][ T7936] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 87.295964][ T7936] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 87.295970][ T7936] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 87.295976][ T7936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 87.295982][ T7936] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 87.295995][ T7936] [ 87.296025][ T7936] overlayfs: failed to resolve './file0': -12 [ 87.496902][ T75] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.568205][ T75] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.622299][ T75] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.673278][ T1468] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 87.720902][ T75] bridge_slave_1: left allmulticast mode [ 87.722753][ T75] bridge_slave_1: left promiscuous mode [ 87.724860][ T75] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.728786][ T75] bridge_slave_0: left allmulticast mode [ 87.730579][ T75] bridge_slave_0: left promiscuous mode [ 87.732393][ T75] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.833205][ T1468] usb 8-1: Using ep0 maxpacket: 8 [ 87.836099][ T1468] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 87.839488][ T1468] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 87.842322][ T1468] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.846237][ T1468] usb 8-1: config 0 descriptor?? [ 87.943068][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.947397][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.951402][ T75] bond0 (unregistering): Released all slaves [ 88.254192][ T1468] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 88.259853][ T1468] usb 8-1: USB disconnect, device number 11 [ 88.289960][ T75] hsr_slave_0: left promiscuous mode [ 88.292961][ T75] hsr_slave_1: left promiscuous mode [ 88.296668][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.299157][ T75] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.302366][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.306044][ T75] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.331028][ T75] veth1_macvtap: left promiscuous mode [ 88.333589][ T75] veth0_macvtap: left promiscuous mode [ 88.335993][ T75] veth1_vlan: left promiscuous mode [ 88.338277][ T75] veth0_vlan: left promiscuous mode [ 88.625217][ T5933] Bluetooth: hci0: command tx timeout [ 88.830839][ T75] team0 (unregistering): Port device team_slave_1 removed [ 88.883057][ T75] team0 (unregistering): Port device team_slave_0 removed [ 89.024194][ T40] audit: type=1400 audit(1751382428.206:407): avc: denied { watch } for pid=7954 comm="syz.3.533" path="/187/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="overlay" ino=1130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 89.040210][ T40] audit: type=1400 audit(1751382428.206:408): avc: denied { watch_sb watch_reads } for pid=7954 comm="syz.3.533" path="/187/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="overlay" ino=1130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 89.056355][ T40] audit: type=1400 audit(1751382428.216:409): avc: denied { create } for pid=7954 comm="syz.3.533" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 89.491461][ T7893] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.496166][ T7893] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.500648][ T7893] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.509223][ T7893] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.571558][ T7893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.591626][ T7893] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.599896][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.602723][ T7570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.613751][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.616004][ T7570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.631441][ T7893] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.634315][ T7992] FAULT_INJECTION: forcing a failure. [ 89.634315][ T7992] name failslab, interval 1, probability 0, space 0, times 0 [ 89.636026][ T7893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.639290][ T7992] CPU: 3 UID: 0 PID: 7992 Comm: syz.3.542 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 89.639311][ T7992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.639319][ T7992] Call Trace: [ 89.639338][ T7992] [ 89.639346][ T7992] dump_stack_lvl+0x16c/0x1f0 [ 89.639377][ T7992] should_fail_ex+0x512/0x640 [ 89.639394][ T7992] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 89.639411][ T7992] should_failslab+0xc2/0x120 [ 89.639426][ T7992] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 89.639440][ T7992] ? kasan_quarantine_put+0x10a/0x240 [ 89.639452][ T7992] ? lockdep_hardirqs_on+0x7c/0x110 [ 89.639466][ T7992] ? ovl_do_parse_layer+0x2f/0x10f0 [ 89.639479][ T7992] kstrdup+0x53/0x100 [ 89.639494][ T7992] ovl_do_parse_layer+0x2f/0x10f0 [ 89.639507][ T7992] ? ovl_mount_dir+0x15f/0x1f0 [ 89.639519][ T7992] ovl_parse_param+0xdd9/0x1570 [ 89.639533][ T7992] ? __pfx_ovl_parse_param+0x10/0x10 [ 89.639545][ T7992] ? trace_kmalloc+0x2b/0xd0 [ 89.639560][ T7992] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 89.639576][ T7992] ? static_key_count+0x5a/0x70 [ 89.639587][ T7992] ? __pfx_ovl_parse_param+0x10/0x10 [ 89.639599][ T7992] vfs_parse_fs_param+0x208/0x3c0 [ 89.639616][ T7992] vfs_parse_fs_string+0xe9/0x150 [ 89.639632][ T7992] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 89.639652][ T7992] ? ovl_next_opt+0x143/0x1c0 [ 89.639662][ T7992] ? __pfx_ovl_next_opt+0x10/0x10 [ 89.639672][ T7992] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 89.639689][ T7992] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 89.639705][ T7992] ? alloc_fs_context+0x59b/0x9c0 [ 89.639723][ T7992] path_mount+0x13cd/0x2020 [ 89.639741][ T7992] ? kmem_cache_free+0x2d1/0x4d0 [ 89.639754][ T7992] ? __pfx_path_mount+0x10/0x10 [ 89.639773][ T7992] ? putname+0x154/0x1a0 [ 89.639791][ T7992] __x64_sys_mount+0x28d/0x310 [ 89.639808][ T7992] ? __pfx___x64_sys_mount+0x10/0x10 [ 89.639830][ T7992] do_syscall_64+0xcd/0x4c0 [ 89.639847][ T7992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.639859][ T7992] RIP: 0033:0x7f389878e929 [ 89.639868][ T7992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.639879][ T7992] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.639890][ T7992] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 89.639897][ T7992] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 89.639903][ T7992] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 89.639910][ T7992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 89.639916][ T7992] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 89.639930][ T7992] [ 89.671097][ T1468] usb 5-1: USB disconnect, device number 8 [ 89.756847][ T8007] program syz.0.545 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.769919][ T7893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.783219][ T5978] libceph: connect (1)[c::]:6789 error -101 [ 89.786204][ T5978] libceph: mon0 (1)[c::]:6789 connect error [ 89.793880][ T7893] veth0_vlan: entered promiscuous mode [ 89.801097][ T7893] veth1_vlan: entered promiscuous mode [ 89.819026][ T7893] veth0_macvtap: entered promiscuous mode [ 89.822704][ T7893] veth1_macvtap: entered promiscuous mode [ 89.828334][ T40] audit: type=1400 audit(1751382429.006:410): avc: denied { ioctl } for pid=8013 comm="syz.3.547" path="socket:[22789]" dev="sockfs" ino=22789 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 89.831228][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.847191][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.852001][ T7893] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.855041][ T7893] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.857815][ T7893] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.860492][ T7893] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.892800][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.896187][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.908862][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.911608][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.054456][ T1468] libceph: connect (1)[c::]:6789 error -101 [ 90.056453][ T1468] libceph: mon0 (1)[c::]:6789 connect error [ 90.403292][ T6460] usb 9-1: new low-speed USB device number 2 using dummy_hcd [ 90.563481][ T1468] libceph: connect (1)[c::]:6789 error -101 [ 90.565474][ T1468] libceph: mon0 (1)[c::]:6789 connect error [ 90.574971][ T6460] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.578138][ T6460] usb 9-1: config 0 has no interfaces? [ 90.579848][ T6460] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 90.582681][ T6460] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.586904][ T8007] ceph: No mds server is up or the cluster is laggy [ 90.587044][ T6460] usb 9-1: config 0 descriptor?? [ 90.647191][ T8038] FAULT_INJECTION: forcing a failure. [ 90.647191][ T8038] name failslab, interval 1, probability 0, space 0, times 0 [ 90.651100][ T8038] CPU: 3 UID: 0 PID: 8038 Comm: syz.0.553 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 90.651114][ T8038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.651121][ T8038] Call Trace: [ 90.651125][ T8038] [ 90.651129][ T8038] dump_stack_lvl+0x16c/0x1f0 [ 90.651148][ T8038] should_fail_ex+0x512/0x640 [ 90.651162][ T8038] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 90.651179][ T8038] should_failslab+0xc2/0x120 [ 90.651194][ T8038] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 90.651209][ T8038] ? vfs_parse_fs_string+0xc3/0x150 [ 90.651226][ T8038] kmemdup_nul+0x49/0xf0 [ 90.651241][ T8038] vfs_parse_fs_string+0xc3/0x150 [ 90.651255][ T8038] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 90.651274][ T8038] ? ovl_next_opt+0x143/0x1c0 [ 90.651285][ T8038] ? __pfx_ovl_next_opt+0x10/0x10 [ 90.651295][ T8038] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 90.651310][ T8038] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 90.651330][ T8038] ? alloc_fs_context+0x59b/0x9c0 [ 90.651347][ T8038] path_mount+0x13cd/0x2020 [ 90.651363][ T8038] ? kmem_cache_free+0x2d1/0x4d0 [ 90.651375][ T8038] ? __pfx_path_mount+0x10/0x10 [ 90.651392][ T8038] ? putname+0x154/0x1a0 [ 90.651410][ T8038] __x64_sys_mount+0x28d/0x310 [ 90.651432][ T8038] ? __pfx___x64_sys_mount+0x10/0x10 [ 90.651452][ T8038] ? getname_flags.part.0+0x1c5/0x550 [ 90.651471][ T8038] do_syscall_64+0xcd/0x4c0 [ 90.651495][ T8038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.651506][ T8038] RIP: 0033:0x7f34fc18e929 [ 90.651515][ T8038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.651525][ T8038] RSP: 002b:00007f34fcf0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 90.651536][ T8038] RAX: ffffffffffffffda RBX: 00007f34fc3b5fa0 RCX: 00007f34fc18e929 [ 90.651542][ T8038] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 90.651549][ T8038] RBP: 00007f34fcf0f090 R08: 0000200000000100 R09: 0000000000000000 [ 90.651555][ T8038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 90.651560][ T8038] R13: 0000000000000000 R14: 00007f34fc3b5fa0 R15: 00007ffcf6730098 [ 90.651573][ T8038] [ 90.722608][ C3] vkms_vblank_simulate: vblank timer overrun [ 90.796210][ T8034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.552'. [ 90.802692][ T8034] ip6gre1: entered promiscuous mode [ 90.817283][ T8034] netlink: 36 bytes leftover after parsing attributes in process `syz.4.552'. [ 90.822876][ T1468] usb 9-1: USB disconnect, device number 2 [ 90.983258][ T6460] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 91.134745][ T6460] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 91.138077][ T6460] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.141485][ T6460] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.144601][ T6460] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 91.149417][ T6460] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 91.152205][ T6460] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 91.154842][ T6460] usb 5-1: Manufacturer: syz [ 91.158611][ T6460] usb 5-1: config 0 descriptor?? [ 91.191463][ T8052] netlink: 'syz.3.560': attribute type 2 has an invalid length. [ 91.194101][ T8052] netlink: 784 bytes leftover after parsing attributes in process `syz.3.560'. [ 91.284261][ T8061] FAULT_INJECTION: forcing a failure. [ 91.284261][ T8061] name failslab, interval 1, probability 0, space 0, times 0 [ 91.288290][ T8061] CPU: 3 UID: 0 PID: 8061 Comm: syz.3.563 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 91.288305][ T8061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.288312][ T8061] Call Trace: [ 91.288316][ T8061] [ 91.288320][ T8061] dump_stack_lvl+0x16c/0x1f0 [ 91.288339][ T8061] should_fail_ex+0x512/0x640 [ 91.288354][ T8061] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 91.288370][ T8061] should_failslab+0xc2/0x120 [ 91.288385][ T8061] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 91.288400][ T8061] ? vfs_parse_fs_string+0xc3/0x150 [ 91.288417][ T8061] kmemdup_nul+0x49/0xf0 [ 91.288432][ T8061] vfs_parse_fs_string+0xc3/0x150 [ 91.288446][ T8061] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 91.288465][ T8061] ? ovl_next_opt+0x143/0x1c0 [ 91.288476][ T8061] ? __pfx_ovl_next_opt+0x10/0x10 [ 91.288485][ T8061] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 91.288501][ T8061] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 91.288516][ T8061] ? alloc_fs_context+0x59b/0x9c0 [ 91.288533][ T8061] path_mount+0x13cd/0x2020 [ 91.288550][ T8061] ? kmem_cache_free+0x2d1/0x4d0 [ 91.288562][ T8061] ? __pfx_path_mount+0x10/0x10 [ 91.288579][ T8061] ? putname+0x154/0x1a0 [ 91.288596][ T8061] __x64_sys_mount+0x28d/0x310 [ 91.288612][ T8061] ? __pfx___x64_sys_mount+0x10/0x10 [ 91.288631][ T8061] do_syscall_64+0xcd/0x4c0 [ 91.288647][ T8061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.288659][ T8061] RIP: 0033:0x7f389878e929 [ 91.288667][ T8061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.288677][ T8061] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 91.288687][ T8061] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 91.288694][ T8061] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 91.288700][ T8061] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 91.288706][ T8061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 91.288712][ T8061] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 91.288725][ T8061] [ 91.360111][ C3] vkms_vblank_simulate: vblank timer overrun [ 91.525014][ T8077] macvlan2: entered promiscuous mode [ 91.527278][ T8077] macvlan2: entered allmulticast mode [ 91.566570][ T6460] appleir 0003:05AC:8243.0004: bogus close delimiter [ 91.568774][ T6460] appleir 0003:05AC:8243.0004: item 0 0 2 10 parsing failed [ 91.571329][ T6460] appleir 0003:05AC:8243.0004: parse failed [ 91.573980][ T6460] appleir 0003:05AC:8243.0004: probe with driver appleir failed with error -22 [ 91.631636][ T8079] netlink: 14504 bytes leftover after parsing attributes in process `syz.4.571'. [ 91.710276][ T8086] FAULT_INJECTION: forcing a failure. [ 91.710276][ T8086] name failslab, interval 1, probability 0, space 0, times 0 [ 91.714322][ T8086] CPU: 1 UID: 0 PID: 8086 Comm: syz.4.574 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 91.714336][ T8086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.714343][ T8086] Call Trace: [ 91.714347][ T8086] [ 91.714351][ T8086] dump_stack_lvl+0x16c/0x1f0 [ 91.714369][ T8086] should_fail_ex+0x512/0x640 [ 91.714383][ T8086] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 91.714399][ T8086] should_failslab+0xc2/0x120 [ 91.714414][ T8086] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 91.714429][ T8086] ? ovl_mount_dir+0x26/0x1f0 [ 91.714441][ T8086] kstrdup+0x53/0x100 [ 91.714455][ T8086] ovl_mount_dir+0x26/0x1f0 [ 91.714466][ T8086] ovl_parse_param+0x10ae/0x1570 [ 91.714477][ T8086] ? selinux_fs_context_parse_param+0xd8/0x130 [ 91.714493][ T8086] ? __pfx_ovl_parse_param+0x10/0x10 [ 91.714503][ T8086] ? trace_kmalloc+0x2b/0xd0 [ 91.714518][ T8086] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 91.714533][ T8086] ? static_key_count+0x5a/0x70 [ 91.714544][ T8086] ? __pfx_ovl_parse_param+0x10/0x10 [ 91.714555][ T8086] vfs_parse_fs_param+0x208/0x3c0 [ 91.714571][ T8086] vfs_parse_fs_string+0xe9/0x150 [ 91.714585][ T8086] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 91.714604][ T8086] ? ovl_next_opt+0x143/0x1c0 [ 91.714617][ T8086] ? __pfx_ovl_next_opt+0x10/0x10 [ 91.714628][ T8086] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 91.714643][ T8086] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 91.714659][ T8086] ? alloc_fs_context+0x59b/0x9c0 [ 91.714675][ T8086] path_mount+0x13cd/0x2020 [ 91.714692][ T8086] ? kmem_cache_free+0x2d1/0x4d0 [ 91.714704][ T8086] ? __pfx_path_mount+0x10/0x10 [ 91.714721][ T8086] ? putname+0x154/0x1a0 [ 91.714738][ T8086] __x64_sys_mount+0x28d/0x310 [ 91.714754][ T8086] ? __pfx___x64_sys_mount+0x10/0x10 [ 91.714769][ T8086] ? getname_flags.part.0+0x1c5/0x550 [ 91.714783][ T8086] do_syscall_64+0xcd/0x4c0 [ 91.714798][ T8086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.714809][ T8086] RIP: 0033:0x7f174d58e929 [ 91.714818][ T8086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.714828][ T8086] RSP: 002b:00007f174e3db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 91.714838][ T8086] RAX: ffffffffffffffda RBX: 00007f174d7b5fa0 RCX: 00007f174d58e929 [ 91.714845][ T8086] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 91.714851][ T8086] RBP: 00007f174e3db090 R08: 0000200000000100 R09: 0000000000000000 [ 91.714857][ T8086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 91.714863][ T8086] R13: 0000000000000000 R14: 00007f174d7b5fa0 R15: 00007fffe6fb61e8 [ 91.714876][ T8086] [ 92.094900][ T75] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.922050][ T40] audit: type=1400 audit(1751382432.096:411): avc: denied { ioctl } for pid=8098 comm="syz.3.578" path="socket:[22455]" dev="sockfs" ino=22455 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 92.990196][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.993749][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.996449][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.999018][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.001775][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.024390][ T8111] fuse: Bad value for 'user_id' [ 93.025969][ T8111] fuse: Bad value for 'user_id' [ 93.055733][ T8111] 9pnet: Could not find request transport: tãp [ 93.082961][ T8116] FAULT_INJECTION: forcing a failure. [ 93.082961][ T8116] name failslab, interval 1, probability 0, space 0, times 0 [ 93.087054][ T8116] CPU: 1 UID: 0 PID: 8116 Comm: syz.3.584 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 93.087069][ T8116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.087075][ T8116] Call Trace: [ 93.087079][ T8116] [ 93.087082][ T8116] dump_stack_lvl+0x16c/0x1f0 [ 93.087101][ T8116] should_fail_ex+0x512/0x640 [ 93.087115][ T8116] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 93.087132][ T8116] should_failslab+0xc2/0x120 [ 93.087146][ T8116] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 93.087165][ T8116] ? kasan_quarantine_put+0x10a/0x240 [ 93.087177][ T8116] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.087191][ T8116] ? ovl_do_parse_layer+0x2f/0x10f0 [ 93.087204][ T8116] kstrdup+0x53/0x100 [ 93.087219][ T8116] ovl_do_parse_layer+0x2f/0x10f0 [ 93.087230][ T8116] ? ovl_mount_dir+0x15f/0x1f0 [ 93.087242][ T8116] ovl_parse_param+0x10e3/0x1570 [ 93.087253][ T8116] ? selinux_fs_context_parse_param+0xd8/0x130 [ 93.087268][ T8116] ? __pfx_ovl_parse_param+0x10/0x10 [ 93.087279][ T8116] ? trace_kmalloc+0x2b/0xd0 [ 93.087293][ T8116] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 93.087309][ T8116] ? static_key_count+0x5a/0x70 [ 93.087319][ T8116] ? __pfx_ovl_parse_param+0x10/0x10 [ 93.087331][ T8116] vfs_parse_fs_param+0x208/0x3c0 [ 93.087347][ T8116] vfs_parse_fs_string+0xe9/0x150 [ 93.087361][ T8116] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 93.087380][ T8116] ? ovl_next_opt+0x143/0x1c0 [ 93.087390][ T8116] ? __pfx_ovl_next_opt+0x10/0x10 [ 93.087399][ T8116] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 93.087414][ T8116] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 93.087430][ T8116] ? alloc_fs_context+0x59b/0x9c0 [ 93.087447][ T8116] path_mount+0x13cd/0x2020 [ 93.087464][ T8116] ? kmem_cache_free+0x2d1/0x4d0 [ 93.087476][ T8116] ? __pfx_path_mount+0x10/0x10 [ 93.087493][ T8116] ? putname+0x154/0x1a0 [ 93.087510][ T8116] __x64_sys_mount+0x28d/0x310 [ 93.087526][ T8116] ? __pfx___x64_sys_mount+0x10/0x10 [ 93.087546][ T8116] do_syscall_64+0xcd/0x4c0 [ 93.087561][ T8116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.087572][ T8116] RIP: 0033:0x7f389878e929 [ 93.087581][ T8116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.087591][ T8116] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.087601][ T8116] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 93.087607][ T8116] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 93.087613][ T8116] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 93.087619][ T8116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 93.087625][ T8116] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 93.087638][ T8116] [ 93.108226][ T8106] chnl_net:caif_netlink_parms(): no params data found [ 93.206927][ T8124] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0 [ 93.273592][ T8106] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.276701][ T8106] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.279450][ T8106] bridge_slave_0: entered allmulticast mode [ 93.282590][ T8106] bridge_slave_0: entered promiscuous mode [ 93.287533][ T8106] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.290339][ T8106] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.294276][ T8106] bridge_slave_1: entered allmulticast mode [ 93.297287][ T8106] bridge_slave_1: entered promiscuous mode [ 93.331648][ T8106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.337228][ T8106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.390056][ T8106] team0: Port device team_slave_0 added [ 93.395580][ T8106] team0: Port device team_slave_1 added [ 93.457737][ T8106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.459917][ T8106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.468105][ T8106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.472230][ T8106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.474557][ T8106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.482582][ T8106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.528057][ T8106] hsr_slave_0: entered promiscuous mode [ 93.530271][ T8106] hsr_slave_1: entered promiscuous mode [ 93.532300][ T8106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.536296][ T8106] Cannot create hsr debugfs directory [ 93.570848][ T8148] program syz.3.594 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 93.574745][ T8148] program syz.3.594 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 93.760523][ T34] usb 5-1: USB disconnect, device number 9 [ 93.899331][ T8155] FAULT_INJECTION: forcing a failure. [ 93.899331][ T8155] name failslab, interval 1, probability 0, space 0, times 0 [ 93.904827][ T8155] CPU: 1 UID: 0 PID: 8155 Comm: syz.0.597 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 93.904847][ T8155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.904876][ T8155] Call Trace: [ 93.904882][ T8155] [ 93.904889][ T8155] dump_stack_lvl+0x16c/0x1f0 [ 93.904919][ T8155] should_fail_ex+0x512/0x640 [ 93.904941][ T8155] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 93.904964][ T8155] should_failslab+0xc2/0x120 [ 93.904989][ T8155] __kmalloc_cache_noprof+0x6a/0x3e0 [ 93.905007][ T8155] ? alloc_super+0x52/0xbd0 [ 93.905032][ T8155] alloc_super+0x52/0xbd0 [ 93.905051][ T8155] ? sget_fc+0xd3/0xc20 [ 93.905076][ T8155] sget_fc+0x116/0xc20 [ 93.905097][ T8155] ? __pfx_set_anon_super_fc+0x10/0x10 [ 93.905120][ T8155] ? __pfx_ovl_fill_super+0x10/0x10 [ 93.905138][ T8155] get_tree_nodev+0x28/0x190 [ 93.905158][ T8155] vfs_get_tree+0x8e/0x340 [ 93.905171][ T8155] path_mount+0x1414/0x2020 [ 93.905199][ T8155] ? kmem_cache_free+0x2d1/0x4d0 [ 93.905220][ T8155] ? __pfx_path_mount+0x10/0x10 [ 93.905249][ T8155] ? putname+0x154/0x1a0 [ 93.905277][ T8155] __x64_sys_mount+0x28d/0x310 [ 93.905300][ T8155] ? __pfx___x64_sys_mount+0x10/0x10 [ 93.905328][ T8155] ? getname_flags.part.0+0x1c5/0x550 [ 93.905352][ T8155] do_syscall_64+0xcd/0x4c0 [ 93.905380][ T8155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.905402][ T8155] RIP: 0033:0x7f34fc18e929 [ 93.905417][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.905434][ T8155] RSP: 002b:00007f34fcf0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.905452][ T8155] RAX: ffffffffffffffda RBX: 00007f34fc3b5fa0 RCX: 00007f34fc18e929 [ 93.905463][ T8155] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 93.905474][ T8155] RBP: 00007f34fcf0f090 R08: 0000200000000100 R09: 0000000000000000 [ 93.905486][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 93.905497][ T8155] R13: 0000000000000000 R14: 00007f34fc3b5fa0 R15: 00007ffcf6730098 [ 93.905520][ T8155] [ 94.220437][ T40] audit: type=1400 audit(1751382433.396:412): avc: denied { getopt } for pid=8164 comm="syz.0.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 94.304555][ T75] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.366913][ T75] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.423270][ T838] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 94.424156][ T75] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.549167][ T75] bridge_slave_1: left allmulticast mode [ 94.551042][ T75] bridge_slave_1: left promiscuous mode [ 94.552909][ T75] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.557051][ T75] bridge_slave_0: left allmulticast mode [ 94.558824][ T75] bridge_slave_0: left promiscuous mode [ 94.560723][ T75] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.596412][ T838] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 94.599946][ T838] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.603658][ T838] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.607095][ T838] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 94.612437][ T838] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 94.615516][ T838] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 94.618017][ T838] usb 9-1: Manufacturer: syz [ 94.623495][ T838] usb 9-1: config 0 descriptor?? [ 94.682834][ T8182] FAULT_INJECTION: forcing a failure. [ 94.682834][ T8182] name failslab, interval 1, probability 0, space 0, times 0 [ 94.686830][ T8182] CPU: 2 UID: 0 PID: 8182 Comm: syz.0.609 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 94.686844][ T8182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.686851][ T8182] Call Trace: [ 94.686856][ T8182] [ 94.686860][ T8182] dump_stack_lvl+0x16c/0x1f0 [ 94.686879][ T8182] should_fail_ex+0x512/0x640 [ 94.686892][ T8182] ? __kmalloc_noprof+0xbf/0x510 [ 94.686907][ T8182] ? lsm_blob_alloc+0x68/0x90 [ 94.686916][ T8182] should_failslab+0xc2/0x120 [ 94.686931][ T8182] __kmalloc_noprof+0xd2/0x510 [ 94.686944][ T8182] ? down_write_nested+0x151/0x210 [ 94.686957][ T8182] lsm_blob_alloc+0x68/0x90 [ 94.686967][ T8182] security_sb_alloc+0x28/0x230 [ 94.686979][ T8182] alloc_super+0x23d/0xbd0 [ 94.686992][ T8182] ? sget_fc+0xd3/0xc20 [ 94.687006][ T8182] sget_fc+0x116/0xc20 [ 94.687018][ T8182] ? __pfx_set_anon_super_fc+0x10/0x10 [ 94.687031][ T8182] ? __pfx_ovl_fill_super+0x10/0x10 [ 94.687041][ T8182] get_tree_nodev+0x28/0x190 [ 94.687055][ T8182] vfs_get_tree+0x8e/0x340 [ 94.687066][ T8182] path_mount+0x1414/0x2020 [ 94.687090][ T8182] ? kmem_cache_free+0x2d1/0x4d0 [ 94.687102][ T8182] ? __pfx_path_mount+0x10/0x10 [ 94.687119][ T8182] ? putname+0x154/0x1a0 [ 94.687136][ T8182] __x64_sys_mount+0x28d/0x310 [ 94.687152][ T8182] ? __pfx___x64_sys_mount+0x10/0x10 [ 94.687172][ T8182] do_syscall_64+0xcd/0x4c0 [ 94.687189][ T8182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.687200][ T8182] RIP: 0033:0x7f34fc18e929 [ 94.687208][ T8182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.687219][ T8182] RSP: 002b:00007f34fcf0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 94.687229][ T8182] RAX: ffffffffffffffda RBX: 00007f34fc3b5fa0 RCX: 00007f34fc18e929 [ 94.687235][ T8182] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 94.687241][ T8182] RBP: 00007f34fcf0f090 R08: 0000200000000100 R09: 0000000000000000 [ 94.687247][ T8182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 94.687253][ T8182] R13: 0000000000000000 R14: 00007f34fc3b5fa0 R15: 00007ffcf6730098 [ 94.687266][ T8182] [ 94.834625][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 94.840074][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 94.846051][ T75] bond0 (unregistering): Released all slaves [ 95.023321][ T5933] Bluetooth: hci0: command tx timeout [ 95.032885][ T838] appleir 0003:05AC:8243.0005: bogus close delimiter [ 95.035312][ T838] appleir 0003:05AC:8243.0005: item 0 0 2 10 parsing failed [ 95.037912][ T838] appleir 0003:05AC:8243.0005: parse failed [ 95.039783][ T838] appleir 0003:05AC:8243.0005: probe with driver appleir failed with error -22 [ 95.072285][ T40] audit: type=1400 audit(1751382434.246:413): avc: denied { read } for pid=8197 comm="syz.0.614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 95.223350][ T75] hsr_slave_0: left promiscuous mode [ 95.225626][ T75] hsr_slave_1: left promiscuous mode [ 95.227679][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.230096][ T75] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.232951][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.237385][ T75] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.253030][ T75] veth1_macvtap: left promiscuous mode [ 95.255085][ T75] veth0_macvtap: left promiscuous mode [ 95.256891][ T75] veth1_vlan: left promiscuous mode [ 95.258584][ T75] veth0_vlan: left promiscuous mode [ 95.766514][ T75] team0 (unregistering): Port device team_slave_1 removed [ 95.824177][ T75] team0 (unregistering): Port device team_slave_0 removed [ 95.876511][ T8214] bio_check_eod: 2 callbacks suppressed [ 95.876524][ T8214] syz.0.615: attempt to access beyond end of device [ 95.876524][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.882372][ T8214] gfs2: error -5 reading superblock [ 95.898396][ T8214] syz.0.615: attempt to access beyond end of device [ 95.898396][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.902488][ T8214] gfs2: error -5 reading superblock [ 95.909414][ T8214] syz.0.615: attempt to access beyond end of device [ 95.909414][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.914500][ T8214] gfs2: error -5 reading superblock [ 95.920914][ T8214] syz.0.615: attempt to access beyond end of device [ 95.920914][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.925047][ T8214] gfs2: error -5 reading superblock [ 95.927355][ T8214] syz.0.615: attempt to access beyond end of device [ 95.927355][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.931468][ T8214] gfs2: error -5 reading superblock [ 95.934849][ T8214] syz.0.615: attempt to access beyond end of device [ 95.934849][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.939200][ T8214] gfs2: error -5 reading superblock [ 95.943786][ T8214] syz.0.615: attempt to access beyond end of device [ 95.943786][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.947969][ T8214] gfs2: error -5 reading superblock [ 95.951678][ T8214] syz.0.615: attempt to access beyond end of device [ 95.951678][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.956258][ T8214] gfs2: error -5 reading superblock [ 95.959705][ T8214] syz.0.615: attempt to access beyond end of device [ 95.959705][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.964949][ T8214] gfs2: error -5 reading superblock [ 95.968309][ T8214] syz.0.615: attempt to access beyond end of device [ 95.968309][ T8214] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 95.975891][ T8214] gfs2: error -5 reading superblock [ 95.983584][ T8214] gfs2: error -5 reading superblock [ 95.986184][ T8214] gfs2: error -5 reading superblock [ 95.998012][ T8214] gfs2: error -5 reading superblock [ 96.025874][ T8214] gfs2: error -5 reading superblock [ 96.035901][ T8214] gfs2: error -5 reading superblock [ 96.041449][ T8214] gfs2: error -5 reading superblock [ 96.052877][ T8214] gfs2: error -5 reading superblock [ 96.056175][ T8214] gfs2: error -5 reading superblock [ 96.064233][ T8214] gfs2: error -5 reading superblock [ 96.067266][ T8214] gfs2: error -5 reading superblock [ 96.076544][ T8214] gfs2: error -5 reading superblock [ 96.080393][ T8214] gfs2: error -5 reading superblock [ 96.084358][ T8214] gfs2: error -5 reading superblock [ 96.086887][ T8214] gfs2: error -5 reading superblock [ 96.089181][ T8214] gfs2: error -5 reading superblock [ 96.091410][ T8214] gfs2: error -5 reading superblock [ 96.095198][ T8214] gfs2: error -5 reading superblock [ 96.098033][ T8214] gfs2: error -5 reading superblock [ 96.103860][ T8214] gfs2: error -5 reading superblock [ 96.112302][ T8214] gfs2: error -5 reading superblock [ 96.115543][ T8214] gfs2: error -5 reading superblock [ 96.117901][ T8214] gfs2: error -5 reading superblock [ 96.120253][ T8214] gfs2: error -5 reading superblock [ 96.206074][ T40] audit: type=1400 audit(1751382435.386:414): avc: denied { append } for pid=8221 comm="syz.0.619" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 96.213094][ T40] audit: type=1400 audit(1751382435.386:415): avc: denied { listen } for pid=8221 comm="syz.0.619" lport=60334 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 96.258793][ T40] audit: type=1400 audit(1751382435.436:416): avc: denied { accept } for pid=8221 comm="syz.0.619" lport=60334 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 96.264659][ T8222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.619'. [ 96.265867][ T40] audit: type=1400 audit(1751382435.446:417): avc: denied { setopt } for pid=8221 comm="syz.0.619" lport=60334 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 96.275955][ T40] audit: type=1400 audit(1751382435.446:418): avc: denied { write } for pid=8221 comm="syz.0.619" lport=60334 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 96.307366][ T40] audit: type=1400 audit(1751382435.486:419): avc: denied { getopt } for pid=8217 comm="syz.3.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 96.315377][ T40] audit: type=1400 audit(1751382435.496:420): avc: denied { wake_alarm } for pid=8221 comm="syz.0.619" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 96.321964][ T40] audit: type=1400 audit(1751382435.496:421): avc: denied { call } for pid=8221 comm="syz.0.619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 96.378329][ T8106] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.379717][ T8232] FAULT_INJECTION: forcing a failure. [ 96.379717][ T8232] name failslab, interval 1, probability 0, space 0, times 0 [ 96.384600][ T8232] CPU: 0 UID: 0 PID: 8232 Comm: syz.0.620 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 96.384615][ T8232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.384622][ T8232] Call Trace: [ 96.384626][ T8232] [ 96.384630][ T8232] dump_stack_lvl+0x16c/0x1f0 [ 96.384649][ T8232] should_fail_ex+0x512/0x640 [ 96.384662][ T8232] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 96.384676][ T8232] should_failslab+0xc2/0x120 [ 96.384691][ T8232] __kmalloc_cache_noprof+0x6a/0x3e0 [ 96.384703][ T8232] ? alloc_super+0x52/0xbd0 [ 96.384717][ T8232] alloc_super+0x52/0xbd0 [ 96.384728][ T8232] ? sget_fc+0xd3/0xc20 [ 96.384742][ T8232] sget_fc+0x116/0xc20 [ 96.384754][ T8232] ? __pfx_set_anon_super_fc+0x10/0x10 [ 96.384767][ T8232] ? __pfx_ovl_fill_super+0x10/0x10 [ 96.384777][ T8232] get_tree_nodev+0x28/0x190 [ 96.384791][ T8232] vfs_get_tree+0x8e/0x340 [ 96.384801][ T8232] path_mount+0x1414/0x2020 [ 96.384817][ T8232] ? kmem_cache_free+0x2d1/0x4d0 [ 96.384847][ T8232] ? __pfx_path_mount+0x10/0x10 [ 96.384865][ T8232] ? putname+0x154/0x1a0 [ 96.384882][ T8232] __x64_sys_mount+0x28d/0x310 [ 96.384897][ T8232] ? __pfx___x64_sys_mount+0x10/0x10 [ 96.384917][ T8232] do_syscall_64+0xcd/0x4c0 [ 96.384933][ T8232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.384944][ T8232] RIP: 0033:0x7f34fc18e929 [ 96.384952][ T8232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.384963][ T8232] RSP: 002b:00007f34fcf0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 96.384973][ T8232] RAX: ffffffffffffffda RBX: 00007f34fc3b5fa0 RCX: 00007f34fc18e929 [ 96.384979][ T8232] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 96.384985][ T8232] RBP: 00007f34fcf0f090 R08: 0000200000000100 R09: 0000000000000000 [ 96.384991][ T8232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 96.384997][ T8232] R13: 0000000000000000 R14: 00007f34fc3b5fa0 R15: 00007ffcf6730098 [ 96.385010][ T8232] [ 96.386477][ T8106] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.435069][ T8239] qnx6: unable to read the first superblock [ 96.462817][ T8239] qnx6: unable to read the first superblock [ 96.464129][ T8106] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.465827][ T8239] qnx6: unable to read the first superblock [ 96.471207][ T8106] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.474450][ T8239] program syz.0.622 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 96.521685][ T8106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.531088][ T8106] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.536932][ T7571] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.539848][ T7571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.561817][ T7571] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.564136][ T7571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.676928][ T8106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.696220][ T8106] veth0_vlan: entered promiscuous mode [ 96.702519][ T8106] veth1_vlan: entered promiscuous mode [ 96.719420][ T8106] veth0_macvtap: entered promiscuous mode [ 96.723086][ T8106] veth1_macvtap: entered promiscuous mode [ 96.732716][ T8106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.739711][ T8106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.744148][ T8106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.748739][ T8106] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.751444][ T8106] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.755328][ T8106] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.787218][ T7565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.789780][ T7565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.810466][ T7565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.813411][ T7565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.818523][ T8265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.628'. [ 96.903945][ T8267] 8021q: adding VLAN 0 to HW filter on device bond2 [ 97.092192][ T8277] FAULT_INJECTION: forcing a failure. [ 97.092192][ T8277] name failslab, interval 1, probability 0, space 0, times 0 [ 97.096359][ T8277] CPU: 1 UID: 0 PID: 8277 Comm: syz.3.631 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 97.096376][ T8277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.096383][ T8277] Call Trace: [ 97.096386][ T8277] [ 97.096390][ T8277] dump_stack_lvl+0x16c/0x1f0 [ 97.096409][ T8277] should_fail_ex+0x512/0x640 [ 97.096423][ T8277] ? __kmalloc_noprof+0xbf/0x510 [ 97.096438][ T8277] ? __list_lru_init+0xe8/0x4c0 [ 97.096450][ T8277] should_failslab+0xc2/0x120 [ 97.096464][ T8277] __kmalloc_noprof+0xd2/0x510 [ 97.096480][ T8277] __list_lru_init+0xe8/0x4c0 [ 97.096494][ T8277] alloc_super+0x8bf/0xbd0 [ 97.096510][ T8277] sget_fc+0x116/0xc20 [ 97.096522][ T8277] ? __pfx_set_anon_super_fc+0x10/0x10 [ 97.096535][ T8277] ? __pfx_ovl_fill_super+0x10/0x10 [ 97.096546][ T8277] get_tree_nodev+0x28/0x190 [ 97.096559][ T8277] vfs_get_tree+0x8e/0x340 [ 97.096570][ T8277] path_mount+0x1414/0x2020 [ 97.096586][ T8277] ? kmem_cache_free+0x2d1/0x4d0 [ 97.096598][ T8277] ? __pfx_path_mount+0x10/0x10 [ 97.096615][ T8277] ? putname+0x154/0x1a0 [ 97.096632][ T8277] __x64_sys_mount+0x28d/0x310 [ 97.096648][ T8277] ? __pfx___x64_sys_mount+0x10/0x10 [ 97.096668][ T8277] do_syscall_64+0xcd/0x4c0 [ 97.096684][ T8277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.096695][ T8277] RIP: 0033:0x7f389878e929 [ 97.096703][ T8277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.096714][ T8277] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 97.096723][ T8277] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 97.096730][ T8277] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 97.096736][ T8277] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 97.096742][ T8277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 97.096748][ T8277] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 97.096761][ T8277] [ 97.143440][ T8272] vivid-000: ================= START STATUS ================= [ 97.172802][ T8272] vivid-000: Radio HW Seek Mode: Bounded [ 97.175549][ T8272] vivid-000: Radio Programmable HW Seek: false [ 97.177580][ T8272] vivid-000: RDS Rx I/O Mode: Block I/O [ 97.179386][ T8272] vivid-000: Generate RBDS Instead of RDS: false [ 97.179877][ T6460] usb 9-1: USB disconnect, device number 3 [ 97.181439][ T8272] vivid-000: RDS Reception: true [ 97.185447][ T8272] vivid-000: RDS Program Type: 0 inactive [ 97.187335][ T8272] vivid-000: RDS PS Name: inactive [ 97.189783][ T8272] vivid-000: RDS Radio Text: inactive [ 97.205188][ T8272] vivid-000: RDS Traffic Announcement: false inactive [ 97.208103][ T8272] vivid-000: RDS Traffic Program: false inactive [ 97.210510][ T8272] vivid-000: RDS Music: false inactive [ 97.212605][ T8272] vivid-000: ================== END STATUS ================== [ 97.391215][ T8300] netlink: 'syz.4.640': attribute type 11 has an invalid length. [ 97.391419][ T8299] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 97.395129][ T8300] netlink: 'syz.4.640': attribute type 11 has an invalid length. [ 97.401109][ T8300] netlink: 224 bytes leftover after parsing attributes in process `syz.4.640'. [ 97.426796][ T8302] FAULT_INJECTION: forcing a failure. [ 97.426796][ T8302] name failslab, interval 1, probability 0, space 0, times 0 [ 97.430684][ T8302] CPU: 0 UID: 0 PID: 8302 Comm: syz.3.642 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 97.430699][ T8302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.430706][ T8302] Call Trace: [ 97.430710][ T8302] [ 97.430714][ T8302] dump_stack_lvl+0x16c/0x1f0 [ 97.430733][ T8302] should_fail_ex+0x512/0x640 [ 97.430746][ T8302] ? __kmalloc_noprof+0xbf/0x510 [ 97.430761][ T8302] ? __list_lru_init+0xe8/0x4c0 [ 97.430773][ T8302] should_failslab+0xc2/0x120 [ 97.430788][ T8302] __kmalloc_noprof+0xd2/0x510 [ 97.430800][ T8302] ? lockdep_init_map_type+0x5c/0x280 [ 97.430820][ T8302] __list_lru_init+0xe8/0x4c0 [ 97.430834][ T8302] alloc_super+0x904/0xbd0 [ 97.430850][ T8302] sget_fc+0x116/0xc20 [ 97.430863][ T8302] ? __pfx_set_anon_super_fc+0x10/0x10 [ 97.430875][ T8302] ? __pfx_ovl_fill_super+0x10/0x10 [ 97.430886][ T8302] get_tree_nodev+0x28/0x190 [ 97.430899][ T8302] vfs_get_tree+0x8e/0x340 [ 97.430910][ T8302] path_mount+0x1414/0x2020 [ 97.430927][ T8302] ? kmem_cache_free+0x2d1/0x4d0 [ 97.430939][ T8302] ? __pfx_path_mount+0x10/0x10 [ 97.430956][ T8302] ? putname+0x154/0x1a0 [ 97.430973][ T8302] __x64_sys_mount+0x28d/0x310 [ 97.430989][ T8302] ? __pfx___x64_sys_mount+0x10/0x10 [ 97.431005][ T8302] ? getname_flags.part.0+0x1c5/0x550 [ 97.431018][ T8302] do_syscall_64+0xcd/0x4c0 [ 97.431038][ T8302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.431049][ T8302] RIP: 0033:0x7f389878e929 [ 97.431058][ T8302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.431069][ T8302] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 97.431079][ T8302] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 97.431085][ T8302] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 97.431091][ T8302] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 97.431098][ T8302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 97.431103][ T8302] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 97.431117][ T8302] [ 97.590783][ T8319] geneve2: entered promiscuous mode [ 97.592615][ T8319] geneve2: entered allmulticast mode [ 97.673275][ T6460] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 97.834505][ T8330] FAULT_INJECTION: forcing a failure. [ 97.834505][ T8330] name failslab, interval 1, probability 0, space 0, times 0 [ 97.834669][ T6460] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 97.838414][ T8330] CPU: 0 UID: 0 PID: 8330 Comm: syz.3.654 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 97.838431][ T8330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.838438][ T8330] Call Trace: [ 97.838443][ T8330] [ 97.838447][ T8330] dump_stack_lvl+0x16c/0x1f0 [ 97.838466][ T8330] should_fail_ex+0x512/0x640 [ 97.838479][ T8330] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 97.838495][ T8330] should_failslab+0xc2/0x120 [ 97.838510][ T8330] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 97.838523][ T8330] ? prepare_creds+0x2c/0x7d0 [ 97.838535][ T8330] prepare_creds+0x2c/0x7d0 [ 97.838546][ T8330] ovl_fill_super+0x2c04/0x67a0 [ 97.838558][ T8330] ? __pfx___might_resched+0x10/0x10 [ 97.838571][ T8330] ? rcu_is_watching+0x12/0xc0 [ 97.838584][ T8330] ? find_held_lock+0x2b/0x80 [ 97.838597][ T8330] ? shrinker_register+0x154/0x260 [ 97.838613][ T8330] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 97.838630][ T8330] ? __pfx_ovl_fill_super+0x10/0x10 [ 97.838642][ T8330] ? lockdep_init_map_type+0x5c/0x280 [ 97.838659][ T8330] ? lockdep_init_map_type+0x5c/0x280 [ 97.838675][ T8330] ? __init_swait_queue_head+0xca/0x150 [ 97.838688][ T8330] ? shrinker_register+0x1a8/0x260 [ 97.838702][ T8330] ? sget_fc+0x808/0xc20 [ 97.838716][ T8330] ? __pfx_ovl_fill_super+0x10/0x10 [ 97.838726][ T8330] ? get_tree_nodev+0xda/0x190 [ 97.838738][ T8330] get_tree_nodev+0xda/0x190 [ 97.838751][ T8330] vfs_get_tree+0x8e/0x340 [ 97.838762][ T8330] path_mount+0x1414/0x2020 [ 97.838779][ T8330] ? kmem_cache_free+0x2d1/0x4d0 [ 97.838791][ T8330] ? __pfx_path_mount+0x10/0x10 [ 97.838808][ T8330] ? putname+0x154/0x1a0 [ 97.838825][ T8330] __x64_sys_mount+0x28d/0x310 [ 97.838840][ T8330] ? __pfx___x64_sys_mount+0x10/0x10 [ 97.838856][ T8330] ? getname_flags.part.0+0x1c5/0x550 [ 97.838870][ T8330] do_syscall_64+0xcd/0x4c0 [ 97.838886][ T8330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.838897][ T8330] RIP: 0033:0x7f389878e929 [ 97.838907][ T8330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.838917][ T8330] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 97.838927][ T8330] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 97.838933][ T8330] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 97.838939][ T8330] RBP: 00007f3899662090 R08: 0000200000000100 R09: 0000000000000000 [ 97.838945][ T8330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 97.838951][ T8330] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 97.838964][ T8330] [ 97.928232][ T6460] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.931592][ T6460] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.934647][ T6460] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 97.939398][ T6460] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 97.942857][ T6460] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 97.945567][ T6460] usb 9-1: Manufacturer: syz [ 97.950699][ T6460] usb 9-1: config 0 descriptor?? [ 98.358106][ T6460] appleir 0003:05AC:8243.0006: bogus close delimiter [ 98.360557][ T6460] appleir 0003:05AC:8243.0006: item 0 0 2 10 parsing failed [ 98.363421][ T6460] appleir 0003:05AC:8243.0006: parse failed [ 98.365603][ T6460] appleir 0003:05AC:8243.0006: probe with driver appleir failed with error -22 [ 98.618018][ T8351] netlink: 'syz.0.662': attribute type 5 has an invalid length. [ 98.620453][ T8351] netlink: 'syz.0.662': attribute type 7 has an invalid length. [ 98.628212][ T8351] : entered promiscuous mode [ 98.657319][ T8354] FAULT_INJECTION: forcing a failure. [ 98.657319][ T8354] name failslab, interval 1, probability 0, space 0, times 0 [ 98.661194][ T8354] CPU: 0 UID: 0 PID: 8354 Comm: syz.0.663 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 98.661209][ T8354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.661216][ T8354] Call Trace: [ 98.661220][ T8354] [ 98.661224][ T8354] dump_stack_lvl+0x16c/0x1f0 [ 98.661243][ T8354] should_fail_ex+0x512/0x640 [ 98.661257][ T8354] ? __kmalloc_noprof+0xbf/0x510 [ 98.661271][ T8354] ? lsm_blob_alloc+0x68/0x90 [ 98.661281][ T8354] should_failslab+0xc2/0x120 [ 98.661296][ T8354] __kmalloc_noprof+0xd2/0x510 [ 98.661312][ T8354] lsm_blob_alloc+0x68/0x90 [ 98.661322][ T8354] security_prepare_creds+0x30/0x270 [ 98.661339][ T8354] prepare_creds+0x56f/0x7d0 [ 98.661354][ T8354] ovl_fill_super+0x2c04/0x67a0 [ 98.661366][ T8354] ? __pfx___might_resched+0x10/0x10 [ 98.661380][ T8354] ? rcu_is_watching+0x12/0xc0 [ 98.661393][ T8354] ? find_held_lock+0x2b/0x80 [ 98.661406][ T8354] ? shrinker_register+0x154/0x260 [ 98.661422][ T8354] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 98.661440][ T8354] ? __pfx_ovl_fill_super+0x10/0x10 [ 98.661451][ T8354] ? lockdep_init_map_type+0x5c/0x280 [ 98.661468][ T8354] ? lockdep_init_map_type+0x5c/0x280 [ 98.661484][ T8354] ? __init_swait_queue_head+0xca/0x150 [ 98.661497][ T8354] ? shrinker_register+0x1a8/0x260 [ 98.661512][ T8354] ? sget_fc+0x808/0xc20 [ 98.661526][ T8354] ? __pfx_ovl_fill_super+0x10/0x10 [ 98.661535][ T8354] ? get_tree_nodev+0xda/0x190 [ 98.661547][ T8354] get_tree_nodev+0xda/0x190 [ 98.661561][ T8354] vfs_get_tree+0x8e/0x340 [ 98.661573][ T8354] path_mount+0x1414/0x2020 [ 98.661596][ T8354] ? kmem_cache_free+0x2d1/0x4d0 [ 98.661613][ T8354] ? __pfx_path_mount+0x10/0x10 [ 98.661634][ T8354] ? putname+0x154/0x1a0 [ 98.661651][ T8354] __x64_sys_mount+0x28d/0x310 [ 98.661667][ T8354] ? __pfx___x64_sys_mount+0x10/0x10 [ 98.661683][ T8354] ? getname_flags.part.0+0x1c5/0x550 [ 98.661697][ T8354] do_syscall_64+0xcd/0x4c0 [ 98.661722][ T8354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.661737][ T8354] RIP: 0033:0x7f34fc18e929 [ 98.661746][ T8354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.661756][ T8354] RSP: 002b:00007f34fcf0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 98.661766][ T8354] RAX: ffffffffffffffda RBX: 00007f34fc3b5fa0 RCX: 00007f34fc18e929 [ 98.661773][ T8354] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 98.661779][ T8354] RBP: 00007f34fcf0f090 R08: 0000200000000100 R09: 0000000000000000 [ 98.661785][ T8354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 98.661790][ T8354] R13: 0000000000000000 R14: 00007f34fc3b5fa0 R15: 00007ffcf6730098 [ 98.661804][ T8354] [ 99.413464][ T7565] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.282522][ T8381] FAULT_INJECTION: forcing a failure. [ 100.282522][ T8381] name failslab, interval 1, probability 0, space 0, times 0 [ 100.287770][ T8381] CPU: 3 UID: 0 PID: 8381 Comm: syz.0.673 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 100.287793][ T8381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.287805][ T8381] Call Trace: [ 100.287811][ T8381] [ 100.287818][ T8381] dump_stack_lvl+0x16c/0x1f0 [ 100.287864][ T8381] should_fail_ex+0x512/0x640 [ 100.287892][ T8381] ? __kmalloc_noprof+0xbf/0x510 [ 100.287916][ T8381] ? ovl_fill_super+0x40d/0x67a0 [ 100.287931][ T8381] should_failslab+0xc2/0x120 [ 100.287956][ T8381] __kmalloc_noprof+0xd2/0x510 [ 100.287976][ T8381] ? capable+0xd4/0x110 [ 100.288000][ T8381] ? ovl_fs_params_verify+0x5cd/0xf70 [ 100.288019][ T8381] ? prepare_creds+0x583/0x7d0 [ 100.288039][ T8381] ovl_fill_super+0x40d/0x67a0 [ 100.288055][ T8381] ? __pfx___might_resched+0x10/0x10 [ 100.288077][ T8381] ? rcu_is_watching+0x12/0xc0 [ 100.288099][ T8381] ? find_held_lock+0x2b/0x80 [ 100.288119][ T8381] ? shrinker_register+0x154/0x260 [ 100.288147][ T8381] ? __pfx_ovl_fill_super+0x10/0x10 [ 100.288168][ T8381] ? lockdep_init_map_type+0x5c/0x280 [ 100.288196][ T8381] ? lockdep_init_map_type+0x5c/0x280 [ 100.288222][ T8381] ? __init_swait_queue_head+0xca/0x150 [ 100.288245][ T8381] ? shrinker_register+0x1a8/0x260 [ 100.288266][ T8381] ? sget_fc+0x808/0xc20 [ 100.288285][ T8381] ? __pfx_ovl_fill_super+0x10/0x10 [ 100.288302][ T8381] ? get_tree_nodev+0xda/0x190 [ 100.288321][ T8381] get_tree_nodev+0xda/0x190 [ 100.288344][ T8381] vfs_get_tree+0x8e/0x340 [ 100.288364][ T8381] path_mount+0x1414/0x2020 [ 100.288391][ T8381] ? kmem_cache_free+0x2d1/0x4d0 [ 100.288410][ T8381] ? __pfx_path_mount+0x10/0x10 [ 100.288437][ T8381] ? putname+0x154/0x1a0 [ 100.288463][ T8381] __x64_sys_mount+0x28d/0x310 [ 100.288487][ T8381] ? __pfx___x64_sys_mount+0x10/0x10 [ 100.288520][ T8381] do_syscall_64+0xcd/0x4c0 [ 100.288544][ T8381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.288562][ T8381] RIP: 0033:0x7f34fc18e929 [ 100.288574][ T8381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.288589][ T8381] RSP: 002b:00007f34fcf0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 100.288606][ T8381] RAX: ffffffffffffffda RBX: 00007f34fc3b5fa0 RCX: 00007f34fc18e929 [ 100.288616][ T8381] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 100.288625][ T8381] RBP: 00007f34fcf0f090 R08: 0000200000000100 R09: 0000000000000000 [ 100.288635][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 100.288644][ T8381] R13: 0000000000000000 R14: 00007f34fc3b5fa0 R15: 00007ffcf6730098 [ 100.288667][ T8381] [ 100.382752][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 100.382762][ T40] audit: type=1400 audit(1751382439.556:428): avc: denied { remount } for pid=8379 comm="syz.3.674" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 100.396174][ T40] audit: type=1400 audit(1751382439.576:429): avc: denied { accept } for pid=8379 comm="syz.3.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 100.402244][ T40] audit: type=1400 audit(1751382439.576:430): avc: denied { read } for pid=8379 comm="syz.3.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 100.413291][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.427784][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.432221][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.440683][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.444135][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.446223][ T10] usb 9-1: USB disconnect, device number 4 [ 100.540538][ T8407] FAULT_INJECTION: forcing a failure. [ 100.540538][ T8407] name failslab, interval 1, probability 0, space 0, times 0 [ 100.545941][ T8407] CPU: 1 UID: 0 PID: 8407 Comm: syz.4.684 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 100.545964][ T8407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.545976][ T8407] Call Trace: [ 100.545981][ T8407] [ 100.545989][ T8407] dump_stack_lvl+0x16c/0x1f0 [ 100.546028][ T8407] should_fail_ex+0x512/0x640 [ 100.546050][ T8407] ? __kmalloc_noprof+0xbf/0x510 [ 100.546074][ T8407] ? ovl_fill_super+0x498/0x67a0 [ 100.546092][ T8407] should_failslab+0xc2/0x120 [ 100.546116][ T8407] __kmalloc_noprof+0xd2/0x510 [ 100.546133][ T8407] ? capable+0xd4/0x110 [ 100.546149][ T8407] ? ovl_fs_params_verify+0x501/0xf70 [ 100.546169][ T8407] ? prepare_creds+0x583/0x7d0 [ 100.546187][ T8407] ovl_fill_super+0x498/0x67a0 [ 100.546206][ T8407] ? __pfx___might_resched+0x10/0x10 [ 100.546227][ T8407] ? rcu_is_watching+0x12/0xc0 [ 100.546248][ T8407] ? find_held_lock+0x2b/0x80 [ 100.546269][ T8407] ? shrinker_register+0x154/0x260 [ 100.546301][ T8407] ? __pfx_ovl_fill_super+0x10/0x10 [ 100.546322][ T8407] ? lockdep_init_map_type+0x5c/0x280 [ 100.546348][ T8407] ? lockdep_init_map_type+0x5c/0x280 [ 100.546371][ T8407] ? __init_swait_queue_head+0xca/0x150 [ 100.546390][ T8407] ? shrinker_register+0x1a8/0x260 [ 100.546411][ T8407] ? sget_fc+0x808/0xc20 [ 100.546430][ T8407] ? __pfx_ovl_fill_super+0x10/0x10 [ 100.546445][ T8407] ? get_tree_nodev+0xda/0x190 [ 100.546466][ T8407] get_tree_nodev+0xda/0x190 [ 100.546502][ T8407] vfs_get_tree+0x8e/0x340 [ 100.546519][ T8407] path_mount+0x1414/0x2020 [ 100.546546][ T8407] ? kmem_cache_free+0x2d1/0x4d0 [ 100.546566][ T8407] ? __pfx_path_mount+0x10/0x10 [ 100.546596][ T8407] ? putname+0x154/0x1a0 [ 100.546619][ T8407] __x64_sys_mount+0x28d/0x310 [ 100.546644][ T8407] ? __pfx___x64_sys_mount+0x10/0x10 [ 100.546667][ T8407] ? getname_flags.part.0+0x1c5/0x550 [ 100.546689][ T8407] do_syscall_64+0xcd/0x4c0 [ 100.546715][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.546732][ T8407] RIP: 0033:0x7f174d58e929 [ 100.546746][ T8407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.546762][ T8407] RSP: 002b:00007f174e3db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 100.546778][ T8407] RAX: ffffffffffffffda RBX: 00007f174d7b5fa0 RCX: 00007f174d58e929 [ 100.546789][ T8407] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 100.546799][ T8407] RBP: 00007f174e3db090 R08: 0000200000000100 R09: 0000000000000000 [ 100.546809][ T8407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 100.546820][ T8407] R13: 0000000000000000 R14: 00007f174d7b5fa0 R15: 00007fffe6fb61e8 [ 100.546845][ T8407] [ 100.570239][ T8385] chnl_net:caif_netlink_parms(): no params data found [ 100.686862][ T8421] netlink: 28 bytes leftover after parsing attributes in process `syz.4.688'. [ 100.689749][ T8421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.688'. [ 100.735501][ T8385] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.737794][ T8385] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.740067][ T8385] bridge_slave_0: entered allmulticast mode [ 100.742677][ T8385] bridge_slave_0: entered promiscuous mode [ 100.752405][ T8385] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.754987][ T8385] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.757279][ T8385] bridge_slave_1: entered allmulticast mode [ 100.759869][ T8385] bridge_slave_1: entered promiscuous mode [ 100.774058][ T8433] netlink: 24 bytes leftover after parsing attributes in process `syz.0.693'. [ 100.807434][ T8433] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8433 comm=syz.0.693 [ 100.808179][ T8385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.818386][ T8385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.823333][ T5288] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 100.857810][ T8385] team0: Port device team_slave_0 added [ 100.864685][ T8385] team0: Port device team_slave_1 added [ 100.919363][ T8437] netlink: 24 bytes leftover after parsing attributes in process `syz.4.696'. [ 100.922557][ T8385] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.924847][ T8385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.932848][ T8385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.941867][ T8385] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.944698][ T8385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.954807][ T8385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.984995][ T5288] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 100.988354][ T5288] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.991772][ T5288] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.994978][ T5288] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 100.999917][ T5288] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 101.002847][ T5288] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 101.005658][ T5288] usb 8-1: Manufacturer: syz [ 101.009523][ T5288] usb 8-1: config 0 descriptor?? [ 101.017461][ T8385] hsr_slave_0: entered promiscuous mode [ 101.019634][ T8385] hsr_slave_1: entered promiscuous mode [ 101.074975][ T7565] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.166756][ T40] audit: type=1400 audit(1751382440.346:431): avc: denied { write } for pid=8445 comm="syz.4.700" name="/" dev="9p" ino=35913830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 101.188339][ T40] audit: type=1400 audit(1751382440.366:432): avc: denied { getattr } for pid=8445 comm="syz.4.700" name="/" dev="9p" ino=35913830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 101.188345][ T8446] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 101.189985][ T7565] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.227889][ T5933] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 101.231298][ T5933] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 101.235880][ T5933] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 101.239991][ T5933] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 101.242739][ T5933] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 101.265225][ T7565] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.378681][ T8447] chnl_net:caif_netlink_parms(): no params data found [ 101.401083][ T8458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.703'. [ 101.415831][ T5288] appleir 0003:05AC:8243.0007: bogus close delimiter [ 101.417967][ T5288] appleir 0003:05AC:8243.0007: item 0 0 2 10 parsing failed [ 101.420491][ T5288] appleir 0003:05AC:8243.0007: parse failed [ 101.422401][ T5288] appleir 0003:05AC:8243.0007: probe with driver appleir failed with error -22 [ 101.499399][ T8447] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.502444][ T8447] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.505966][ T8447] bridge_slave_0: entered allmulticast mode [ 101.509771][ T8447] bridge_slave_0: entered promiscuous mode [ 101.513505][ T8467] netlink: 'syz.4.704': attribute type 5 has an invalid length. [ 101.514155][ T8466] netlink: 'syz.4.704': attribute type 5 has an invalid length. [ 101.515457][ T8447] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.515535][ T8447] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.515679][ T8447] bridge_slave_1: entered allmulticast mode [ 101.517013][ T8447] bridge_slave_1: entered promiscuous mode [ 101.580637][ T8447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.583896][ T7565] bridge_slave_1: left allmulticast mode [ 101.586322][ T7565] bridge_slave_1: left promiscuous mode [ 101.588832][ T7565] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.593343][ T7565] bridge_slave_0: left allmulticast mode [ 101.595113][ T7565] bridge_slave_0: left promiscuous mode [ 101.596974][ T7565] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.865558][ T7565] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.869612][ T7565] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.873121][ T7565] bond0 (unregistering): Released all slaves [ 101.894012][ T8447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.929143][ T8447] team0: Port device team_slave_0 added [ 101.932542][ T8447] team0: Port device team_slave_1 added [ 101.974012][ T8447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.976493][ T8447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.984903][ T8447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.989583][ T8447] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.991772][ T8447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.999899][ T8447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.064106][ T8447] hsr_slave_0: entered promiscuous mode [ 102.066334][ T8447] hsr_slave_1: entered promiscuous mode [ 102.068387][ T8447] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.070729][ T8447] Cannot create hsr debugfs directory [ 102.247450][ T7565] hsr_slave_0: left promiscuous mode [ 102.249554][ T7565] hsr_slave_1: left promiscuous mode [ 102.251505][ T7565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.254380][ T7565] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.257981][ T7565] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.260343][ T7565] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.291284][ T7565] veth1_macvtap: left promiscuous mode [ 102.293096][ T7565] veth0_macvtap: left promiscuous mode [ 102.295393][ T7565] veth1_vlan: left promiscuous mode [ 102.297178][ T7565] veth0_vlan: left promiscuous mode [ 102.535144][ T5942] Bluetooth: hci0: command tx timeout [ 102.817372][ T7565] team0 (unregistering): Port device team_slave_1 removed [ 102.882355][ T7565] team0 (unregistering): Port device team_slave_0 removed [ 103.254131][ T5942] Bluetooth: hci1: command tx timeout [ 103.393043][ T8447] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.406728][ T8385] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 103.412926][ T8385] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 103.425447][ T8385] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 103.435023][ T8385] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 103.465339][ T8447] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.510753][ T8385] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.538062][ T8385] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.542677][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.544694][ T7570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.550031][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.551980][ T7570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.571250][ T8447] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.587495][ T5978] usb 8-1: USB disconnect, device number 12 [ 103.642188][ T8493] netlink: 14 bytes leftover after parsing attributes in process `syz.3.706'. [ 103.705250][ T8447] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.717021][ T8385] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.738555][ T8385] veth0_vlan: entered promiscuous mode [ 103.744117][ T8385] veth1_vlan: entered promiscuous mode [ 103.765137][ T8385] veth0_macvtap: entered promiscuous mode [ 103.770464][ T8385] veth1_macvtap: entered promiscuous mode [ 103.781501][ T8385] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.792108][ T8385] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.797792][ T8385] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.801375][ T8385] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.805869][ T8385] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.809394][ T8385] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.881621][ T8447] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.887645][ T8447] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.892250][ T7568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.892370][ T8447] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.894903][ T7568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.908196][ T8447] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.930166][ T7571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.933338][ T7571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.950835][ T8504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.707'. [ 103.954721][ T8504] netlink: 12 bytes leftover after parsing attributes in process `syz.3.707'. [ 104.008189][ T8505] netlink: 20 bytes leftover after parsing attributes in process `syz.3.707'. [ 104.011047][ T8505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.707'. [ 104.106877][ T7565] bond0 (unregistering): Released all slaves [ 104.112894][ T7565] bond1 (unregistering): Released all slaves [ 104.180073][ T7565] bond2 (unregistering): Released all slaves [ 104.376551][ T7565] : left promiscuous mode [ 104.410990][ T8447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.421131][ T8447] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.427722][ T7568] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.430744][ T7568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.438171][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.440417][ T7570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.493430][ T7565] tipc: Disabling bearer [ 104.500841][ T7565] tipc: Left network mode [ 104.580670][ T8447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.607776][ T8447] veth0_vlan: entered promiscuous mode [ 104.612644][ T8447] veth1_vlan: entered promiscuous mode [ 104.665500][ T8447] veth0_macvtap: entered promiscuous mode [ 104.669291][ T8447] veth1_macvtap: entered promiscuous mode [ 104.678667][ T8447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.687614][ T8447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.692849][ T8447] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.696537][ T8447] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.699474][ T8447] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.702210][ T8447] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.733945][ T7565] hsr_slave_0: left promiscuous mode [ 104.736160][ T7565] hsr_slave_1: left promiscuous mode [ 104.751321][ T7565] veth1_macvtap: left promiscuous mode [ 104.753101][ T7565] veth0_macvtap: left promiscuous mode [ 104.755206][ T7565] veth1_vlan: left promiscuous mode [ 104.757890][ T7565] veth0_vlan: left promiscuous mode [ 104.811770][ T8525] netlink: 16 bytes leftover after parsing attributes in process `syz.3.712'. [ 104.867469][ T8526] libceph: resolve '40' (ret=-3): failed [ 104.870830][ T8527] libceph: resolve '40' (ret=-3): failed [ 105.334736][ T5942] Bluetooth: hci1: command tx timeout [ 105.745203][ T7568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.747564][ T7568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.766686][ T7572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.769473][ T7572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.993222][ T61] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 106.154556][ T61] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 106.158036][ T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.161707][ T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.164839][ T61] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 106.169734][ T8531] netlink: 'syz.4.714': attribute type 2 has an invalid length. [ 106.171315][ T61] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 106.172276][ T8531] netlink: 'syz.4.714': attribute type 1 has an invalid length. [ 106.175241][ T61] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 106.175254][ T61] usb 8-1: Manufacturer: syz [ 106.177911][ T61] usb 8-1: config 0 descriptor?? [ 106.184709][ T8531] netlink: 8 bytes leftover after parsing attributes in process `syz.4.714'. [ 106.358716][ T7571] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.584202][ T61] appleir 0003:05AC:8243.0008: bogus close delimiter [ 106.586630][ T61] appleir 0003:05AC:8243.0008: item 0 0 2 10 parsing failed [ 106.590025][ T61] appleir 0003:05AC:8243.0008: parse failed [ 106.591890][ T61] appleir 0003:05AC:8243.0008: probe with driver appleir failed with error -22 [ 106.679352][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.688230][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.692859][ T5943] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.693060][ T5947] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.696573][ T5943] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.700938][ T5943] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.701483][ T5947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.708284][ T5943] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.716100][ T8557] syzkaller1: entered promiscuous mode [ 106.716363][ T5943] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.717924][ T8557] syzkaller1: entered allmulticast mode [ 106.724434][ T5943] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.879382][ T8552] chnl_net:caif_netlink_parms(): no params data found [ 106.924794][ T8554] chnl_net:caif_netlink_parms(): no params data found [ 106.963951][ T8552] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.966640][ T8552] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.969578][ T8552] bridge_slave_0: entered allmulticast mode [ 106.973315][ T8552] bridge_slave_0: entered promiscuous mode [ 106.991376][ T8552] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.993988][ T8552] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.997040][ T8552] bridge_slave_1: entered allmulticast mode [ 107.001423][ T8552] bridge_slave_1: entered promiscuous mode [ 107.047967][ T8552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.056283][ T8552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.116304][ T8552] team0: Port device team_slave_0 added [ 107.118542][ T8554] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.120807][ T8554] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.123048][ T8554] bridge_slave_0: entered allmulticast mode [ 107.126823][ T8554] bridge_slave_0: entered promiscuous mode [ 107.129731][ T8554] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.131886][ T8554] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.134339][ T8554] bridge_slave_1: entered allmulticast mode [ 107.137097][ T8554] bridge_slave_1: entered promiscuous mode [ 107.141259][ T8552] team0: Port device team_slave_1 added [ 107.185805][ T8554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.206759][ T8554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.210277][ T8552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.212989][ T8552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.223082][ T8552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.246604][ T8552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.248799][ T8552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.256668][ T8552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.279308][ T8554] team0: Port device team_slave_0 added [ 107.283682][ T8554] team0: Port device team_slave_1 added [ 107.293574][ T6070] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 107.329158][ T8554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.331257][ T8554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.339665][ T8554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.372498][ T7571] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.381843][ T8554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.384476][ T8554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.393043][ T8554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.400318][ T8552] hsr_slave_0: entered promiscuous mode [ 107.402550][ T8552] hsr_slave_1: entered promiscuous mode [ 107.404625][ T8552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.407344][ T8552] Cannot create hsr debugfs directory [ 107.453371][ T6070] usb 9-1: Using ep0 maxpacket: 32 [ 107.465873][ T6070] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.469674][ T6070] usb 9-1: config 0 has no interfaces? [ 107.485164][ T6070] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 107.488892][ T6070] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 107.492145][ T6070] usb 9-1: Product: syz [ 107.494399][ T6070] usb 9-1: Manufacturer: syz [ 107.496390][ T6070] usb 9-1: SerialNumber: syz [ 107.500901][ T6070] usb 9-1: config 0 descriptor?? [ 107.514286][ T7571] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.523571][ T8554] hsr_slave_0: entered promiscuous mode [ 107.525711][ T8554] hsr_slave_1: entered promiscuous mode [ 107.528213][ T8554] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.530869][ T8554] Cannot create hsr debugfs directory [ 107.587963][ T7571] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.687742][ T8552] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.710281][ T6070] usb 9-1: USB disconnect, device number 5 [ 107.748965][ T7571] bridge_slave_1: left allmulticast mode [ 107.751483][ T7571] bridge_slave_1: left promiscuous mode [ 107.756628][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.761856][ T7571] bridge_slave_0: left allmulticast mode [ 107.765417][ T7571] bridge_slave_0: left promiscuous mode [ 107.767848][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.013623][ T7571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.018929][ T7571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 108.022991][ T7571] bond0 (unregistering): Released all slaves [ 108.336848][ T40] audit: type=1400 audit(1751382447.516:433): avc: denied { read append } for pid=8586 comm="syz.4.723" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 108.345030][ T40] audit: type=1400 audit(1751382447.516:434): avc: denied { open } for pid=8586 comm="syz.4.723" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 108.352748][ T40] audit: type=1400 audit(1751382447.526:435): avc: denied { ioctl } for pid=8586 comm="syz.4.723" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 108.361790][ T7571] hsr_slave_0: left promiscuous mode [ 108.364127][ T7571] hsr_slave_1: left promiscuous mode [ 108.366140][ T7571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.368487][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.371125][ T7571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.373544][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.389667][ T7571] veth1_macvtap: left promiscuous mode [ 108.391535][ T7571] veth0_macvtap: left promiscuous mode [ 108.393736][ T7571] veth1_vlan: left promiscuous mode [ 108.395566][ T7571] veth0_vlan: left promiscuous mode [ 108.768822][ T6975] usb 8-1: USB disconnect, device number 13 [ 108.774603][ T5943] Bluetooth: hci1: command tx timeout [ 108.776654][ T5943] Bluetooth: hci0: command tx timeout [ 108.809317][ T8594] xt_ecn: cannot match TCP bits for non-tcp packets [ 108.909483][ T7571] team0 (unregistering): Port device team_slave_1 removed [ 108.954817][ T8601] usb usb8: usbfs: process 8601 (syz.3.727) did not claim interface 0 before use [ 108.977111][ T7571] team0 (unregistering): Port device team_slave_0 removed [ 109.416920][ T8552] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.429397][ T8610] tipc: Enabling of bearer rejected, failed to enable media [ 109.479633][ T8614] Cannot find del_set index 128 as target [ 109.479637][ T40] audit: type=1400 audit(1751382448.656:436): avc: denied { accept } for pid=8612 comm="syz.3.731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 109.520856][ T8552] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.649173][ T8552] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.996465][ T7571] bridge_slave_1: left allmulticast mode [ 109.998734][ T7571] bridge_slave_1: left promiscuous mode [ 110.001246][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.003260][ T34] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 110.008434][ T7571] bridge_slave_0: left allmulticast mode [ 110.010777][ T7571] bridge_slave_0: left promiscuous mode [ 110.015892][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.164679][ T34] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 110.168026][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.171721][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.174657][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 110.180357][ T34] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 110.183247][ T34] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 110.185767][ T34] usb 8-1: Manufacturer: syz [ 110.188531][ T34] usb 8-1: config 0 descriptor?? [ 110.237649][ T7571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 110.243830][ T7571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 110.250080][ T7571] bond0 (unregistering): Released all slaves [ 110.423534][ T8554] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 110.427807][ T8554] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 110.432562][ T8554] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 110.444599][ T8554] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 110.499659][ T8552] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.507161][ T8552] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.511538][ T8552] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.518383][ T8552] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.544623][ T7571] hsr_slave_0: left promiscuous mode [ 110.546845][ T7571] hsr_slave_1: left promiscuous mode [ 110.548768][ T7571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.551046][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.555790][ T7571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.558134][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.578493][ T7571] veth1_macvtap: left promiscuous mode [ 110.580600][ T7571] veth0_macvtap: left promiscuous mode [ 110.582399][ T7571] veth1_vlan: left promiscuous mode [ 110.584536][ T7571] veth0_vlan: left promiscuous mode [ 110.602701][ T34] appleir 0003:05AC:8243.0009: bogus close delimiter [ 110.605203][ T34] appleir 0003:05AC:8243.0009: item 0 0 2 10 parsing failed [ 110.607792][ T34] appleir 0003:05AC:8243.0009: parse failed [ 110.609712][ T34] appleir 0003:05AC:8243.0009: probe with driver appleir failed with error -22 [ 110.856742][ T5943] Bluetooth: hci1: command tx timeout [ 110.863255][ T5943] Bluetooth: hci0: command tx timeout [ 111.099110][ T7571] team0 (unregistering): Port device team_slave_1 removed [ 111.153411][ T7571] team0 (unregistering): Port device team_slave_0 removed [ 111.483909][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.734'. [ 111.572766][ T8683] Bluetooth: MGMT ver 1.23 [ 111.577102][ T8683] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.736'. [ 111.586251][ T8683] netlink: 32 bytes leftover after parsing attributes in process `syz.4.736'. [ 111.691156][ T8554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.718994][ T8554] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.723021][ T8552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.731287][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.733599][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.746202][ T8552] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.750115][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.752354][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.768713][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.770902][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.787609][ T7565] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.789881][ T7565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.926352][ T8554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.948905][ T8552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.957941][ T8554] veth0_vlan: entered promiscuous mode [ 111.966576][ T8554] veth1_vlan: entered promiscuous mode [ 111.982099][ T8552] veth0_vlan: entered promiscuous mode [ 111.989250][ T8554] veth0_macvtap: entered promiscuous mode [ 111.994172][ T8552] veth1_vlan: entered promiscuous mode [ 111.997470][ T8554] veth1_macvtap: entered promiscuous mode [ 112.007247][ T8554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.018284][ T8554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.026440][ T8554] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.029179][ T8554] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.031873][ T8554] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.035027][ T8554] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.039073][ T8552] veth0_macvtap: entered promiscuous mode [ 112.045627][ T8552] veth1_macvtap: entered promiscuous mode [ 112.074146][ T7565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.076655][ T7565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.088512][ T8552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.096816][ T8552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.099435][ T7565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.101252][ T8552] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.101879][ T7565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.105452][ T8552] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.109907][ T8552] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.112611][ T8552] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.180762][ T7565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.183289][ T7565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.204764][ T7572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.207180][ T7572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.770892][ T29] usb 8-1: USB disconnect, device number 14 [ 112.799855][ T8703] openvswitch: netlink: Message has 4 unknown bytes. [ 112.828015][ T8703] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 113.205236][ T8709] tipc: Enabling of bearer rejected, failed to enable media [ 113.563024][ T8727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 113.714668][ T8731] tmpfs: Unknown parameter 'DŽ:Ú' [ 113.760448][ T7572] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.340339][ T8742] netlink: 'syz.4.751': attribute type 2 has an invalid length. [ 114.398897][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 114.402441][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 114.405176][ T5933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 114.408464][ T5933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 114.411812][ T5933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.436736][ T5943] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 114.439951][ T5943] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 114.442723][ T5943] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 114.446166][ T5943] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 114.448993][ T5943] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 114.527233][ T8761] binfmt_misc: register: failed to install interpreter file ./file0 [ 114.532451][ T8761] x_tables: duplicate underflow at hook 1 [ 114.573960][ T8771] netlink: 48 bytes leftover after parsing attributes in process `syz.3.757'. [ 114.575435][ T8770] netlink: 48 bytes leftover after parsing attributes in process `syz.3.757'. [ 114.577232][ T8771] netlink: 48 bytes leftover after parsing attributes in process `syz.3.757'. [ 114.579225][ T8750] chnl_net:caif_netlink_parms(): no params data found [ 114.620324][ T8754] chnl_net:caif_netlink_parms(): no params data found [ 114.697526][ T8750] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.699735][ T8750] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.701950][ T8750] bridge_slave_0: entered allmulticast mode [ 114.706449][ T8750] bridge_slave_0: entered promiscuous mode [ 114.710608][ T8750] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.712863][ T8750] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.715278][ T8750] bridge_slave_1: entered allmulticast mode [ 114.719080][ T8750] bridge_slave_1: entered promiscuous mode [ 114.761507][ T40] audit: type=1400 audit(1751382453.936:437): avc: denied { append } for pid=8790 comm="syz.3.762" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 114.763733][ T8791] program syz.3.762 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 114.815216][ T8750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.815349][ T8795] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 114.818983][ T8754] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.827416][ T8795] CIFS mount error: No usable UNC path provided in device string! [ 114.827416][ T8795] [ 114.830629][ T8754] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.832888][ T8795] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 114.836743][ T8754] bridge_slave_0: entered allmulticast mode [ 114.841699][ T8754] bridge_slave_0: entered promiscuous mode [ 114.848200][ T8750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.852880][ T8754] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.855396][ T8754] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.857678][ T8754] bridge_slave_1: entered allmulticast mode [ 114.860310][ T8754] bridge_slave_1: entered promiscuous mode [ 114.866167][ T8797] raw_sendmsg: syz.3.764 forgot to set AF_INET. Fix it! [ 114.911606][ T8750] team0: Port device team_slave_0 added [ 114.930090][ T8754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.935341][ T8750] team0: Port device team_slave_1 added [ 114.938584][ T8754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.993888][ T8754] team0: Port device team_slave_0 added [ 115.012096][ T8750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.014661][ T8750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.022772][ T8750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.027885][ T8754] team0: Port device team_slave_1 added [ 115.048156][ T8750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.050395][ T8750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.059797][ T8750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.079874][ T8754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.082035][ T8754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.090520][ T8754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.095177][ T8754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.097355][ T8754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.104935][ T8754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.120503][ T7572] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.165529][ T8750] hsr_slave_0: entered promiscuous mode [ 115.167703][ T8750] hsr_slave_1: entered promiscuous mode [ 115.216555][ T8754] hsr_slave_0: entered promiscuous mode [ 115.218847][ T8754] hsr_slave_1: entered promiscuous mode [ 115.220918][ T8754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 115.223276][ T8754] Cannot create hsr debugfs directory [ 115.251526][ T7572] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.394177][ T7572] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.504290][ T40] audit: type=1400 audit(1751382454.686:438): avc: denied { block_suspend } for pid=8805 comm="syz.4.767" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 115.517987][ T7572] bridge_slave_1: left allmulticast mode [ 115.520197][ T7572] bridge_slave_1: left promiscuous mode [ 115.522483][ T7572] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.527886][ T7572] bridge_slave_0: left allmulticast mode [ 115.529632][ T7572] bridge_slave_0: left promiscuous mode [ 115.531411][ T7572] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.814921][ T7572] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.819477][ T7572] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.823068][ T7572] bond0 (unregistering): Released all slaves [ 115.856287][ T40] audit: type=1400 audit(1751382455.036:439): avc: denied { read } for pid=8820 comm="syz.3.770" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 115.863597][ T40] audit: type=1400 audit(1751382455.036:440): avc: denied { open } for pid=8820 comm="syz.3.770" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 115.863621][ T40] audit: type=1400 audit(1751382455.046:441): avc: denied { ioctl } for pid=8820 comm="syz.3.770" path="/dev/fb1" dev="devtmpfs" ino=640 ioctlcmd=0x4610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 115.899557][ T8821] ================================================================== [ 115.899567][ T8821] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x15d4/0x17b0 [ 115.899585][ T8821] Write of size 8 at addr ffffc90005211000 by task syz.3.770/8821 [ 115.899593][ T8821] [ 115.899599][ T8821] CPU: 3 UID: 0 PID: 8821 Comm: syz.3.770 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 115.899612][ T8821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 115.899619][ T8821] Call Trace: [ 115.899623][ T8821] [ 115.899628][ T8821] dump_stack_lvl+0x116/0x1f0 [ 115.899644][ T8821] print_report+0xcd/0x680 [ 115.899658][ T8821] ? __virt_addr_valid+0x81/0x610 [ 115.899671][ T8821] ? sys_fillrect+0x15d4/0x17b0 [ 115.899681][ T8821] kasan_report+0xe0/0x110 [ 115.899695][ T8821] ? sys_fillrect+0x15d4/0x17b0 [ 115.899706][ T8821] sys_fillrect+0x15d4/0x17b0 [ 115.899717][ T8821] ? __pfx_sys_fillrect+0x10/0x10 [ 115.899730][ T8821] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 115.899742][ T8821] ? fb_copy_cmap+0x2ad/0x360 [ 115.899755][ T8821] bit_clear_margins+0x2f4/0x4c0 [ 115.899770][ T8821] ? __pfx_bit_clear_margins+0x10/0x10 [ 115.899785][ T8821] ? fb_get_color_depth+0x120/0x250 [ 115.899800][ T8821] fbcon_clear_margins.constprop.0+0x1d0/0x290 [ 115.899814][ T8821] fbcon_switch+0xa01/0x14c0 [ 115.899829][ T8821] ? __pfx_fbcon_switch+0x10/0x10 [ 115.899845][ T8821] ? __pfx_bit_cursor+0x10/0x10 [ 115.899858][ T8821] ? fbcon_cursor+0x409/0x5f0 [ 115.899871][ T8821] ? is_console_locked+0x9/0x20 [ 115.899885][ T8821] ? con_is_visible+0x65/0x150 [ 115.899897][ T8821] redraw_screen+0x2be/0x760 [ 115.899909][ T8821] ? __pfx_vc_do_resize+0x10/0x10 [ 115.899921][ T8821] ? __pfx_redraw_screen+0x10/0x10 [ 115.899935][ T8821] fbcon_set_disp+0x7d4/0xe40 [ 115.899948][ T8821] set_con2fb_map+0x703/0x1060 [ 115.899963][ T8821] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 115.899978][ T8821] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 115.899993][ T8821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.900006][ T8821] do_fb_ioctl+0x328/0x7e0 [ 115.900015][ T8821] ? __pfx_do_fb_ioctl+0x10/0x10 [ 115.900026][ T8821] ? do_vfs_ioctl+0x523/0x1a60 [ 115.900044][ T8821] ? selinux_file_ioctl+0x180/0x270 [ 115.900059][ T8821] fb_ioctl+0xe5/0x150 [ 115.900067][ T8821] ? __pfx_fb_ioctl+0x10/0x10 [ 115.900076][ T8821] __x64_sys_ioctl+0x18b/0x210 [ 115.900087][ T8821] do_syscall_64+0xcd/0x4c0 [ 115.900102][ T8821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.900120][ T8821] RIP: 0033:0x7f389878e929 [ 115.900129][ T8821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.900139][ T8821] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.900149][ T8821] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 115.900156][ T8821] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000007 [ 115.900162][ T8821] RBP: 00007f3898810b39 R08: 0000000000000000 R09: 0000000000000000 [ 115.900168][ T8821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.900175][ T8821] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 115.900184][ T8821] [ 115.900188][ T8821] [ 115.900192][ T8821] The buggy address belongs to the virtual mapping at [ 115.900192][ T8821] [ffffc90004f11000, ffffc90005212000) created by: [ 115.900192][ T8821] drm_gem_shmem_vmap_locked+0x4bc/0x720 [ 115.900206][ T8821] [ 115.900209][ T8821] Memory state around the buggy address: [ 115.900214][ T8821] ffffc90005210f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.900222][ T8821] ffffc90005210f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.900229][ T8821] >ffffc90005211000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 115.900234][ T8821] ^ [ 115.900239][ T8821] ffffc90005211080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 115.900246][ T8821] ffffc90005211100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 115.900251][ T8821] ================================================================== [ 115.900257][ T8821] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 115.900263][ T8821] CPU: 3 UID: 0 PID: 8821 Comm: syz.3.770 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 115.900276][ T8821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 115.900282][ T8821] Call Trace: [ 115.900285][ T8821] [ 115.900289][ T8821] dump_stack_lvl+0x3d/0x1f0 [ 115.900303][ T8821] panic+0x71c/0x800 [ 115.900317][ T8821] ? __pfx_panic+0x10/0x10 [ 115.900333][ T8821] ? __pfx__printk+0x10/0x10 [ 115.900341][ T8821] ? rcu_is_watching+0x12/0xc0 [ 115.900355][ T8821] ? check_panic_on_warn+0x1f/0xb0 [ 115.900371][ T8821] ? sys_fillrect+0x15d4/0x17b0 [ 115.900380][ T8821] check_panic_on_warn+0xab/0xb0 [ 115.900396][ T8821] end_report+0x107/0x170 [ 115.900409][ T8821] kasan_report+0xee/0x110 [ 115.900423][ T8821] ? sys_fillrect+0x15d4/0x17b0 [ 115.900435][ T8821] sys_fillrect+0x15d4/0x17b0 [ 115.900447][ T8821] ? __pfx_sys_fillrect+0x10/0x10 [ 115.900459][ T8821] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 115.900471][ T8821] ? fb_copy_cmap+0x2ad/0x360 [ 115.900484][ T8821] bit_clear_margins+0x2f4/0x4c0 [ 115.900499][ T8821] ? __pfx_bit_clear_margins+0x10/0x10 [ 115.900514][ T8821] ? fb_get_color_depth+0x120/0x250 [ 115.900529][ T8821] fbcon_clear_margins.constprop.0+0x1d0/0x290 [ 115.900543][ T8821] fbcon_switch+0xa01/0x14c0 [ 115.900558][ T8821] ? __pfx_fbcon_switch+0x10/0x10 [ 115.900574][ T8821] ? __pfx_bit_cursor+0x10/0x10 [ 115.900588][ T8821] ? fbcon_cursor+0x409/0x5f0 [ 115.900601][ T8821] ? is_console_locked+0x9/0x20 [ 115.900615][ T8821] ? con_is_visible+0x65/0x150 [ 115.900626][ T8821] redraw_screen+0x2be/0x760 [ 115.900639][ T8821] ? __pfx_vc_do_resize+0x10/0x10 [ 115.900673][ T8821] ? __pfx_redraw_screen+0x10/0x10 [ 115.900689][ T8821] fbcon_set_disp+0x7d4/0xe40 [ 115.900702][ T8821] set_con2fb_map+0x703/0x1060 [ 115.900717][ T8821] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 115.900732][ T8821] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 115.900747][ T8821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.900759][ T8821] do_fb_ioctl+0x328/0x7e0 [ 115.900768][ T8821] ? __pfx_do_fb_ioctl+0x10/0x10 [ 115.900779][ T8821] ? do_vfs_ioctl+0x523/0x1a60 [ 115.900796][ T8821] ? selinux_file_ioctl+0x180/0x270 [ 115.900811][ T8821] fb_ioctl+0xe5/0x150 [ 115.900819][ T8821] ? __pfx_fb_ioctl+0x10/0x10 [ 115.900828][ T8821] __x64_sys_ioctl+0x18b/0x210 [ 115.900839][ T8821] do_syscall_64+0xcd/0x4c0 [ 115.900854][ T8821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.900864][ T8821] RIP: 0033:0x7f389878e929 [ 115.900871][ T8821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.900881][ T8821] RSP: 002b:00007f3899662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.900891][ T8821] RAX: ffffffffffffffda RBX: 00007f38989b5fa0 RCX: 00007f389878e929 [ 115.900898][ T8821] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000007 [ 115.900904][ T8821] RBP: 00007f3898810b39 R08: 0000000000000000 R09: 0000000000000000 [ 115.900910][ T8821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.900916][ T8821] R13: 0000000000000000 R14: 00007f38989b5fa0 R15: 00007ffd697dda08 [ 115.900926][ T8821] [ 115.901585][ T8821] Kernel Offset: disabled VM DIAGNOSIS: 15:07:35 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff888022cec880 RSI=ffffffff81607d78 RDI=ffffffff93d20080 RBP=0000000000000000 RSP=ffffc90000007fd0 R8 =0000000000000001 R9 =fffffbfff27a4010 R10=ffffffff93d20087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc357172740 ffffffff 00c00000 GS =0000 ffff8880d6752000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055ce0bb7c000 CR3=0000000029422000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffefff0 Opmask01=0000000000002000 Opmask02=00000000bf77fff7 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ce0bb7a44c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c660fea900000002 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc357346b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 199921015283a9bd 00000000000080fe ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 ffffffffffffff88 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 803e000400000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80410004803e0004 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000e002400000001 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000003e800002710 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff8880391a2440 RSI=ffffffff81607d78 RDI=ffffffff93d20080 RBP=0000000000000001 RSP=ffffc900006a0fd0 R8 =0000000000000001 R9 =fffffbfff27a4010 R10=ffffffff93d20087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f174e3db6c0 ffffffff 00c00000 GS =0000 ffff8880d6852000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000001000 CR3=0000000055d01000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffe6fb6570 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff88801e29c880 RSI=ffffffff81607d78 RDI=ffffffff93d20080 RBP=0000000000000002 RSP=ffffc90000648fd0 R8 =0000000000000001 R9 =fffffbfff27a4010 R10=ffffffff93d20087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6952000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffd697dce80 CR3=0000000055d01000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 007864696f697270 2e6f6972705f7465 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d784488 00007f174d784480 00007f174d784478 00007f174d784450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174e2ed100 00007f174d784440 00007f174d780004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d784498 00007f174d784490 00007f174d784488 00007f174d784480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bfc25 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc900061e7178 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043 R12=0000000000000000 R13=0000000000000035 R14=ffffffff9b0882e0 R15=ffffffff855bfbc0 RIP=ffffffff855bfc4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f38996626c0 ffffffff 00c00000 GS =0000 ffff8880d6a52000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000001600 CR3=000000004ebb2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 007864696f697270 2e6f6972705f7465 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d611c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d784488 00007f174d784480 00007f174d784478 00007f174d784450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174e2ed100 00007f174d784440 00007f174d780004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f174d784498 00007f174d784490 00007f174d784488 00007f174d784480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000