last executing test programs: 5.490526047s ago: executing program 1 (id=655): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r2 = io_uring_setup(0x28c4, &(0x7f0000000380)={0x0, 0x533e, 0x200, 0x3, 0xf1}) syz_io_uring_setup(0x3555, &(0x7f0000000440)={0x0, 0x9650, 0x4000, 0x2, 0x35f, 0x0, r2}, &(0x7f0000000200), &(0x7f0000000300)) (async) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_mtu=0x6}) (async) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) (async) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) (async) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) (async) chdir(&(0x7f00000004c0)='./file0\x00') (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) syz_kvm_setup_cpu$x86(r4, r3, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000cc0)={0xcc, r6, 0x10ada85e65c25349, 0x70bd2b, 0x0, {{0x67}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x4}}}}, [@NL80211_ATTR_TID_CONFIG={0xa4, 0x11d, 0x0, 0x1, [{0x4}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xa1}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x6f}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xa2}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x62}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xfb}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x7a}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xa6}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xe9}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb9}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x60f}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xaa}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8000}, 0x6048004) ioctl$KVM_SET_GUEST_DEBUG_x86(r5, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x4, 0xb68c]}}) ioctl$KVM_RUN(r5, 0xae80, 0x0) pivot_root(&(0x7f00000018c0)='./bus\x00', 0x0) llistxattr(&(0x7f0000000340)='./bus\x00', 0x0, 0x0) (async) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) (async) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 5.330028881s ago: executing program 1 (id=658): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x2b, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000001240)="b9ff03076804268c989e14f088a8", 0x0, 0x4068, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008085}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, 0x0, 0x80) 5.329519886s ago: executing program 1 (id=660): mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1) close(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x122) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x3) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000580)=ANY=[@ANYRES16=r1, @ANYRES16=r1, @ANYRESOCT=r1, @ANYRES16=r0, @ANYRESOCT=r1, @ANYRES16], 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0xfffffffffffffff9, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="b80000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000009000128009000100766c616e00000000800002800c0002000e0000000a000000340004800c00010017900000020000000c000100f04ae965cb0b00000c00010004000000002000000c000100001000000900000006000100020000000c0002000a0000000c000000280003800c00010008000000090000000c00010009000000030000000c000100090000000080000008000500", @ANYRES8=r2], 0xb8}}, 0x2) 5.150011547s ago: executing program 1 (id=661): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x110, 0x2, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x3}, [@CTA_NAT_SRC={0x68, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @remote}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0}]}, @CTA_SYNPROXY={0x44, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xf2}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x800}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xbe}]}, @CTA_PROTOINFO={0x50, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x4c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0xff}, @CTA_PROTOINFO_SCTP_STATE={0x5}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xfe9}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x10}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xed8}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x5}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0x844}, 0x6c8278ead8d438fc) 5.080253847s ago: executing program 1 (id=662): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="6000000000000000290000000b000b000008000000000000c910fe8000000000000000000000000000bbc9100000000000000000000000000000000107200000000006000000bb2c0000000000000000000000000000000000000000000000001800000000000000290000000400000000000000000000000801"], 0x180}, 0x0) 5.079921047s ago: executing program 1 (id=663): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x8, 0x800004, 0x60, 0x7f, 0x17, "9f9413a4d68de2d71b63e573229ac6de50806c"}) mount$9p_fd(0x0, &(0x7f0000000280)='./cgroup\x00', &(0x7f0000000340), 0x8401, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) (async) mount$9p_fd(0x0, &(0x7f0000000280)='./cgroup\x00', &(0x7f0000000340), 0x8401, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x6a, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) 3.756586578s ago: executing program 0 (id=688): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f00000003c0), 0x440, 0x0) readv(r0, &(0x7f0000001400)=[{&(0x7f0000001440)=""/4082, 0xff2}], 0x1) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0) write$dsp(r1, &(0x7f0000000000)="8d", 0x1) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd2871000000000000010902"], 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000080)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x200480c0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000700)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x0, 0x73, 0x0, @dev, @local}}}}, 0x0) 2.400006601s ago: executing program 0 (id=702): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0x2}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0xfc, r1, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0xc0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'eth', 0x3a, 'batadv_slave_1\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x30}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x89a}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x263}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x800}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x2, @empty, 0x7fffffff}}}}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4004}, 0x8000) 1.55975519s ago: executing program 0 (id=715): r0 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r3, 0x400, 0x0) close(r3) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) syz_open_pts(r4, 0xc0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1}) io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000100)) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) (async) fcntl$setlease(r3, 0x400, 0x0) (async) close(r3) (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) (async) syz_open_dev$ttys(0xc, 0x2, 0x1) (async) syz_open_pts(r4, 0xc0) (async) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1}) (async) io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0) (async) 1.558009127s ago: executing program 0 (id=716): r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x0, 0x8, 0x3d6}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) ptrace(0x10, r2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.496877411s ago: executing program 0 (id=719): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x3}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0x20, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x426e, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x15d42c77}}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x0, 0x3, 0x4, 0x8, 0xa, 0xffffffffffffffe0, 0x1}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffff9}, @ringbuf_query, @map_fd={0x18, 0xa, 0x1, 0x0, 0x1}, @exit]}, &(0x7f00000002c0)='syzkaller\x00', 0x58, 0x55, &(0x7f0000000300)=""/85, 0x40f00, 0x50, '\x00', 0x0, @tracing=0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x4, 0x6, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000400)=[0x1], &(0x7f0000000440)=[{0x2, 0x5, 0xa, 0x9}, {0x1, 0x3, 0xf, 0x4}], 0x10, 0x5}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r2}, &(0x7f0000000100), &(0x7f0000000540)=r3}, 0x20) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r4, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0x5}, {0x400000b1, 0x0, 0xfffffffffffffffd}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.355361577s ago: executing program 3 (id=722): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f0000000840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x8, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xfc0, 0x66, 0x0, 0xb, 0x4, 0x0, @rand_addr=0x64010101, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f6865e030487"}}, 0xfce) 969.560534ms ago: executing program 3 (id=725): r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x3, 0x0, 0xffffffff, 0x2}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r1) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000280)={'wg2\x00'}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r8, 0x0, 0x8000000000000}, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r7}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000680)={r10, 0x1ff, 0x0, 0x1, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800020], [0x0, 0x1001000, 0x1], [0x0, 0x3, 0xfffffffffefffffc, 0x9]}) bind$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r11, 0x0, 0x0, r12], [0x2b8]}) close_range(r0, 0xffffffffffffffff, 0x0) 878.195208ms ago: executing program 3 (id=726): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="6000000000000000290000000bfff5000008000000000000c910fe8000000000000000000000000000bbc9100000000000000000000000000000000107200000000006000000bb2c0000000000000000000000000000000000000000000000001800000000000000290000000400000000000000000000000801"], 0x180}, 0x0) 878.011549ms ago: executing program 3 (id=727): r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x0, 0x8, 0x3d6}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[], 0x18}}, 0x20004000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) 779.476576ms ago: executing program 3 (id=728): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x2b08}}, 0x4000806) recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2002}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/94, 0x5e}], 0x1}, 0x4}], 0x2, 0x40000002, 0x0) 779.182453ms ago: executing program 3 (id=729): r0 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) (async) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x3, 0x980914, 0x3}) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="050300000000000000000700000008000300", @ANYRES32=r4], 0x1c}}, 0x20000000) (async) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="050300000000000000000700000008000300", @ANYRES32=r4], 0x1c}}, 0x20000000) r5 = socket(0x2, 0x3, 0xff) r6 = creat(&(0x7f0000000100)='./bus\x00', 0x1b) socket$inet_tcp(0x2, 0x1, 0x0) (async) r7 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r7, 0x6, 0xc, 0x0, &(0x7f0000000000)) (async) getsockopt$inet_tcp_int(r7, 0x6, 0xc, 0x0, &(0x7f0000000000)) io_setup(0x2, &(0x7f0000000080)=0x0) r9 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r9, &(0x7f00000001c0)={0xa, 0x0, 0x2, @loopback}, 0x1c) syz_open_dev$I2C(&(0x7f00000000c0), 0x9a5, 0x8800) getsockname$packet(r9, 0x0, &(0x7f0000000140)) (async) getsockname$packet(r9, 0x0, &(0x7f0000000140)) io_submit(r8, 0x1, &(0x7f0000000540)=[&(0x7f0000000140)={0x25, 0x0, 0x41, 0x8, 0x0, r6, 0x0, 0x0, 0x4000, 0x0, 0x0, r6}]) getsockopt$ARPT_SO_GET_ENTRIES(r5, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x5, "9e03765345"}, &(0x7f0000000140)=0x2d) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000036c0)=@newlink={0x54, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4f26c}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x20, 0x16, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x1, 0x4b1, 0x5, 0x8100}}]}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x40) 309.862067ms ago: executing program 0 (id=733): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x8, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0x7ea, 0x66, 0x0, 0xb, 0x4, 0x0, @rand_addr=0x64010101, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eac"}}, 0x7f8) 305.784193ms ago: executing program 2 (id=735): r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x0, 0x8, 0x3d6}, &(0x7f0000010080), &(0x7f0000000000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x14, r2, 0x421, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) 188.710497ms ago: executing program 2 (id=736): mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1) close(0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000580)=ANY=[@ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES16, @ANYRESOCT, @ANYRES16], 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffff9, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="b80000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000009000128009000100766c616e00000000800002800c0002000e0000000a000000340004800c00010017900000020000000c000100f04ae965cb0b00000c00010004000000002000000c000100001000000900000006000100020000000c0002000a0000000c000000280003800c00010008000000090000000c00010009000000030000000c000100090000000080000008000500", @ANYRES8=r0], 0xb8}}, 0x2) 109.459662ms ago: executing program 2 (id=737): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x2b08}}, 0x4000806) recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2002}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/94, 0x5e}], 0x1}, 0x4}], 0x2, 0x40000002, 0x0) 109.247139ms ago: executing program 2 (id=738): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000000008100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000200012800b00010067656e657665000010000280060005004e24000004000e0008000afe", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 177.29µs ago: executing program 2 (id=739): sysinfo(&(0x7f0000000000)=""/255) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xd) ioctl$TCFLSH(r0, 0x540b, 0x2) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000007b80)={0x53, 0xffffffffffffffff, 0x6, 0x1, @scatter={0x1, 0x0, &(0x7f00000079c0)=[{0x0}]}, &(0x7f0000007a00)="de890bb64dc9", 0x0, 0xd, 0x2, 0xffffffffffffffff, 0x0}) 0s ago: executing program 2 (id=740): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="4400000010000104fcfffffffbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="431f07000b02000008000a00", @ANYRES32=r2, @ANYBLOB="08000500", @ANYRES32=r2, @ANYBLOB="140012800b0001006d6163736563"], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103) mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000000)={[{@name={'name', 0x3d, '_\x00\x00\x00\x00\x00'}}]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x208d00, 0x0) kernel console output (not intermixed with test programs): 45][ T6174] comedi: valid board names for c6xdigio driver are: [ 69.114209][ T6174] c6xdigio [ 69.115601][ T6174] comedi: valid board names for aio_iiro_16 driver are: [ 69.118423][ T6174] aio_iiro_16 [ 69.119835][ T6174] comedi: valid board names for aio_aio12_8 driver are: [ 69.123418][ T6174] aio_aio12_8 [ 69.124941][ T6174] aio_ai12_8 [ 69.126346][ T6174] aio_ao12_4 [ 69.127743][ T6174] comedi: valid board names for fl512 driver are: [ 69.130440][ T6174] fl512 [ 69.132025][ T6174] comedi: valid board names for dmm32at driver are: [ 69.134773][ T6174] dmm32at [ 69.136077][ T6174] comedi: valid board names for dt282x driver are: [ 69.136270][ T6179] netlink: 'syz.3.60': attribute type 1 has an invalid length. [ 69.138768][ T6174] dt2821 [ 69.143062][ T6174] dt2821-f [ 69.144450][ T6174] dt2821-g [ 69.145790][ T6174] dt2823 [ 69.147056][ T6174] dt2824-pgh [ 69.148516][ T6174] dt2824-pgl [ 69.149875][ T6174] dt2825 [ 69.151118][ T6174] dt2827 [ 69.154292][ T6174] dt2828 [ 69.155560][ T6174] dt2829 [ 69.156810][ T6174] dt21-ez [ 69.158090][ T6174] dt23-ez [ 69.159414][ T6174] dt24-ez [ 69.160751][ T6174] dt24-ez-pgl [ 69.167496][ T6174] comedi: valid board names for dt2817 driver are: [ 69.171136][ T6174] dt2817 [ 69.173419][ T6174] comedi: valid board names for dt2815 driver are: [ 69.176131][ T6174] dt2815 [ 69.177421][ T6174] comedi: valid board names for dt2814 driver are: [ 69.180131][ T6174] dt2814 [ 69.183304][ T6174] comedi: valid board names for dt2811 driver are: [ 69.186062][ T6174] dt2811-pgh [ 69.187519][ T6174] dt2811-pgl [ 69.189249][ T6174] comedi: valid board names for dt2801 driver are: [ 69.192922][ T6174] dt2801 [ 69.194215][ T6174] comedi: valid board names for das6402 driver are: [ 69.197012][ T6174] das6402-12 [ 69.198454][ T6174] das6402-16 [ 69.199877][ T6174] comedi: valid board names for das1800 driver are: [ 69.206429][ T6174] das-1701st [ 69.217289][ T6174] das-1701st-da [ 69.218900][ T6174] das-1702st [ 69.220388][ T6174] das-1702st-da [ 69.222452][ T6174] das-1702hr [ 69.223733][ T6174] das-1702hr-da [ 69.225171][ T6174] das-1701ao [ 69.226207][ T6174] das-1702ao [ 69.227413][ T6174] das-1801st [ 69.228517][ T6174] das-1801st-da [ 69.229667][ T6174] das-1802st [ 69.230753][ T6174] das-1802st-da [ 69.232029][ T6174] das-1802hr [ 69.233270][ T6174] das-1802hr-da [ 69.234819][ T6174] das-1801hc [ 69.236250][ T6174] das-1802hc [ 69.237803][ T6174] das-1801ao [ 69.239099][ T6174] das-1802ao [ 69.242083][ T6174] comedi: valid board names for das800 driver are: [ 69.244814][ T6174] das-800 [ 69.246146][ T6174] cio-das800 [ 69.247581][ T6174] das-801 [ 69.248948][ T6174] cio-das801 [ 69.250360][ T6174] das-802 [ 69.251945][ T6174] cio-das802 [ 69.253396][ T6174] cio-das802/16 [ 69.254932][ T6174] comedi: valid board names for isa-das08 driver are: [ 69.257246][ T6174] isa-das08 [ 69.258299][ T6174] das08-pgm [ 69.259354][ T6174] das08-pgh [ 69.260427][ T6174] das08-pgl [ 69.261565][ T6174] das08-aoh [ 69.263177][ T6174] das08-aol [ 69.264529][ T6174] das08-aom [ 69.265909][ T6174] das08/jr-ao [ 69.267032][ T6174] das08jr-16-ao [ 69.268190][ T6174] pc104-das08 [ 69.269279][ T6174] das08jr/16 [ 69.270336][ T6174] comedi: valid board names for das16m1 driver are: [ 69.272932][ T6174] das16m1 [ 69.274023][ T6174] comedi: valid board names for dac02 driver are: [ 69.276503][ T6174] dac02 [ 69.277446][ T6174] comedi: valid board names for rti802 driver are: [ 69.284215][ T6174] rti802 [ 69.285492][ T6174] comedi: valid board names for rti800 driver are: [ 69.288191][ T6174] rti800 [ 69.289468][ T6174] rti815 [ 69.290730][ T6174] comedi: valid board names for pcm3724 driver are: [ 69.298156][ T6174] pcm3724 [ 69.300065][ T6174] comedi: valid board names for pcl818 driver are: [ 69.302996][ T6174] pcl818l [ 69.305149][ T6174] pcl818h [ 69.306496][ T6174] pcl818hd [ 69.307851][ T6174] pcl818hg [ 69.309262][ T6174] pcl818 [ 69.310529][ T6174] pcl718 [ 69.314475][ T6174] pcm3718 [ 69.315549][ T6174] comedi: valid board names for pcl816 driver are: [ 69.317940][ T6174] pcl816 [ 69.319168][ T6174] pcl814b [ 69.320510][ T6174] comedi: valid board names for pcl812 driver are: [ 69.323288][ T6174] pcl812 [ 69.324749][ T6174] pcl812pg [ 69.326202][ T6174] acl8112pg [ 69.327613][ T6174] acl8112dg [ 69.329066][ T6174] acl8112hg [ 69.330454][ T6174] a821pgl [ 69.332423][ T6174] a821pglnda [ 69.334118][ T6174] a821pgh [ 69.335451][ T6174] a822pgl [ 69.336882][ T6174] a822pgh [ 69.338179][ T6174] a823pgl [ 69.339460][ T6174] a823pgh [ 69.340761][ T6174] pcl813 [ 69.342175][ T6174] pcl813b [ 69.343790][ T6174] acl8113 [ 69.344929][ T6174] iso813 [ 69.345771][ T6174] acl8216 [ 69.346742][ T6174] a826pg [ 69.347978][ T6174] comedi: valid board names for pcl730 driver are: [ 69.350611][ T6174] pcl730 [ 69.352050][ T6174] iso730 [ 69.353182][ T6174] acl7130 [ 69.354243][ T6174] pcm3730 [ 69.355223][ T6174] pcl725 [ 69.356375][ T6174] p8r8dio [ 69.357421][ T6174] acl7225b [ 69.358589][ T6174] p16r16dio [ 69.359942][ T6174] pcl733 [ 69.361301][ T6174] pcl734 [ 69.365300][ T6174] opmm-1616-xt [ 69.367750][ T6174] pearl-mm-p [ 69.368958][ T6174] ir104-pbf [ 69.369133][ T6190] Cannot find set identified by id 0 to match [ 69.373159][ T6174] comedi: valid board names for pcl726 driver are: [ 69.373172][ T6174] pcl726 [ 69.373179][ T6174] pcl727 [ 69.373185][ T6174] pcl728 [ 69.373191][ T6174] acl6126 [ 69.373198][ T6174] acl6128 [ 69.373204][ T6174] comedi: valid board names for pcl724 driver are: [ 69.373212][ T6174] pcl724 [ 69.373217][ T6174] pcl722 [ 69.373224][ T6174] pcl731 [ 69.373230][ T6174] acl7122 [ 69.373236][ T6174] acl7124 [ 69.373242][ T6174] pet48dio [ 69.373248][ T6174] pcmio48 [ 69.373256][ T6174] onyx-mm-dio [ 69.373262][ T6174] comedi: valid board names for pcl711 driver are: [ 69.373270][ T6174] pcl711 [ 69.373275][ T6174] pcl711b [ 69.373283][ T6174] acl8112hg [ 69.373289][ T6174] acl8112dg [ 69.373295][ T6174] comedi: valid board names for amplc_pc263 driver are: [ 69.409520][ T6174] pc263 [ 69.410753][ T6174] comedi: valid board names for amplc_pc236 driver are: [ 69.413794][ T6174] pc36at [ 69.415082][ T6174] comedi: valid board names for amplc_dio200 driver are: [ 69.417999][ T6174] pc212e [ 69.419276][ T6174] pc214e [ 69.420570][ T6174] pc215e [ 69.422918][ T6174] pc218e [ 69.424184][ T6174] pc272e [ 69.425424][ T6174] comedi: valid board names for comedi_parport driver are: [ 69.428320][ T6174] comedi_parport [ 69.429813][ T6174] comedi: valid board names for comedi_test driver are: [ 69.432822][ T6174] comedi_test [ 69.434223][ T6174] comedi: valid board names for comedi_bond driver are: [ 69.436999][ T6174] comedi_bond [ 69.479405][ T6174] netlink: 'syz.0.58': attribute type 11 has an invalid length. [ 69.487735][ T6174] netlink: 244 bytes leftover after parsing attributes in process `syz.0.58'. [ 69.585454][ T6205] Invalid logical block size (129) [ 69.780758][ T6224] capability: warning: `syz.2.74' uses 32-bit capabilities (legacy support in use) [ 69.788873][ T6224] tipc: Enabling of bearer rejected, failed to enable media [ 69.794121][ T6224] netlink: 40 bytes leftover after parsing attributes in process `syz.2.74'. [ 69.932209][ T40] kauditd_printk_skb: 150 callbacks suppressed [ 69.932219][ T40] audit: type=1400 audit(1765119903.680:251): avc: denied { create } for pid=6242 comm="syz.3.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.973825][ T6247] netlink: 'syz.3.84': attribute type 1 has an invalid length. [ 69.983404][ T40] audit: type=1400 audit(1765119903.730:252): avc: denied { unlink } for pid=6248 comm="syz.0.83" name="#1" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 69.990740][ T40] audit: type=1400 audit(1765119903.730:253): avc: denied { mount } for pid=6248 comm="syz.0.83" name="/" dev="overlay" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 70.007640][ T6247] bond1 (unregistering): Released all slaves [ 70.020187][ T6252] FAULT_INJECTION: forcing a failure. [ 70.020187][ T6252] name failslab, interval 1, probability 0, space 0, times 0 [ 70.027878][ T6252] CPU: 2 UID: 0 PID: 6252 Comm: syz.2.85 Not tainted syzkaller #0 PREEMPT(full) [ 70.027904][ T6252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.027915][ T6252] Call Trace: [ 70.027922][ T6252] [ 70.027929][ T6252] dump_stack_lvl+0x16c/0x1f0 [ 70.027960][ T6252] should_fail_ex+0x512/0x640 [ 70.027980][ T6252] ? __kmalloc_cache_noprof+0x5f/0x800 [ 70.028011][ T6252] should_failslab+0xc2/0x120 [ 70.028034][ T6252] __kmalloc_cache_noprof+0x80/0x800 [ 70.028063][ T6252] ? allocate_cgrp_cset_links+0xca/0x230 [ 70.028089][ T6252] ? allocate_cgrp_cset_links+0xca/0x230 [ 70.028109][ T6252] allocate_cgrp_cset_links+0xca/0x230 [ 70.028152][ T6252] find_css_set+0x785/0x1c70 [ 70.028188][ T6252] ? __pfx_find_css_set+0x10/0x10 [ 70.028233][ T6252] cgroup_migrate_prepare_dst+0x10b/0x7f0 [ 70.028268][ T6252] cgroup_attach_task+0x3cc/0x700 [ 70.028320][ T6252] ? __pfx_cgroup_attach_task+0x10/0x10 [ 70.028367][ T6252] ? get_task_cred+0x189/0x360 [ 70.028396][ T6252] __cgroup1_procs_write.constprop.0+0x2bc/0x430 [ 70.028426][ T6252] ? __pfx___cgroup1_procs_write.constprop.0+0x10/0x10 [ 70.028455][ T6252] ? kernfs_root+0xf8/0x2a0 [ 70.028482][ T6252] cgroup_file_write+0x1ef/0x7a0 [ 70.028505][ T6252] ? __pfx_cgroup1_tasks_write+0x10/0x10 [ 70.028531][ T6252] ? __pfx_cgroup_file_write+0x10/0x10 [ 70.028564][ T6252] kernfs_fop_write_iter+0x3af/0x570 [ 70.028590][ T6252] ? __pfx_cgroup_file_write+0x10/0x10 [ 70.028616][ T6252] vfs_write+0x7d3/0x11d0 [ 70.028641][ T6252] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 70.028672][ T6252] ? __pfx_vfs_write+0x10/0x10 [ 70.028715][ T6252] ksys_write+0x12a/0x250 [ 70.028737][ T6252] ? __pfx_ksys_write+0x10/0x10 [ 70.028767][ T6252] do_syscall_64+0xcd/0xf80 [ 70.028797][ T6252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.028816][ T6252] RIP: 0033:0x7fe20818f7c9 [ 70.028831][ T6252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.028848][ T6252] RSP: 002b:00007fe20906c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 70.028866][ T6252] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 70.028877][ T6252] RDX: 0000000000000012 RSI: 0000200000000300 RDI: 0000000000000004 [ 70.028888][ T6252] RBP: 00007fe20906c090 R08: 0000000000000000 R09: 0000000000000000 [ 70.028899][ T6252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.028908][ T6252] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 70.028934][ T6252] [ 70.209066][ T40] audit: type=1400 audit(1765119903.950:254): avc: denied { read write } for pid=6260 comm="syz.3.88" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 70.212109][ T6263] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio0-cursor) [ 70.216659][ T40] audit: type=1400 audit(1765119903.960:255): avc: denied { open } for pid=6260 comm="syz.3.88" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 70.307225][ T40] audit: type=1400 audit(1765119904.050:256): avc: denied { write } for pid=6267 comm="syz.3.91" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 70.321357][ T40] audit: type=1400 audit(1765119904.050:257): avc: denied { read } for pid=6267 comm="syz.3.91" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 70.331595][ T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 70.362040][ T6276] trusted_key: syz.3.91 sent an empty control message without MSG_MORE. [ 70.493376][ T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 70.496195][ T9] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 70.499393][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 70.505813][ T40] audit: type=1400 audit(1765119904.250:258): avc: denied { write } for pid=6289 comm="syz.0.101" name="001" dev="devtmpfs" ino=751 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 70.508873][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 70.518861][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024 [ 70.524033][ T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 70.527058][ T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 70.529568][ T9] usb 7-1: Product: syz [ 70.530898][ T9] usb 7-1: Manufacturer: syz [ 70.536630][ T6290] usb usb4: usbfs: process 6290 (syz.0.101) did not claim interface 0 before use [ 70.542573][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 70.547713][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 70.552636][ T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 70.554335][ T40] audit: type=1400 audit(1765119904.300:259): avc: denied { setopt } for pid=6291 comm="syz.1.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 70.554550][ T9] cdc_wdm 7-1:1.0: Unknown control protocol [ 70.554972][ T6292] sctp: [Deprecated]: syz.1.102 (pid 6292) Use of int in max_burst socket option deprecated. [ 70.554972][ T6292] Use struct sctp_assoc_value instead [ 70.561785][ T40] audit: type=1400 audit(1765119904.300:260): avc: denied { setopt } for pid=6291 comm="syz.1.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 70.746456][ T6021] usb 7-1: USB disconnect, device number 2 [ 70.771235][ T5947] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 70.921244][ T5947] usb 5-1: device descriptor read/64, error -71 [ 70.991961][ T64] Bluetooth: hci1: command tx timeout [ 71.001700][ T64] Bluetooth: hci0: command tx timeout [ 71.071619][ T64] Bluetooth: hci2: command tx timeout [ 71.081321][ T64] Bluetooth: hci3: command tx timeout [ 71.156511][ T6308] netlink: 'syz.3.108': attribute type 1 has an invalid length. [ 71.181253][ T5947] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 71.273819][ T6311] FAULT_INJECTION: forcing a failure. [ 71.273819][ T6311] name failslab, interval 1, probability 0, space 0, times 0 [ 71.278067][ T6311] CPU: 2 UID: 0 PID: 6311 Comm: syz.3.109 Not tainted syzkaller #0 PREEMPT(full) [ 71.278081][ T6311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.278089][ T6311] Call Trace: [ 71.278093][ T6311] [ 71.278097][ T6311] dump_stack_lvl+0x16c/0x1f0 [ 71.278134][ T6311] should_fail_ex+0x512/0x640 [ 71.278151][ T6311] ? __kmalloc_cache_noprof+0x5f/0x800 [ 71.278171][ T6311] should_failslab+0xc2/0x120 [ 71.278185][ T6311] __kmalloc_cache_noprof+0x80/0x800 [ 71.278203][ T6311] ? allocate_cgrp_cset_links+0xca/0x230 [ 71.278220][ T6311] ? allocate_cgrp_cset_links+0xca/0x230 [ 71.278232][ T6311] allocate_cgrp_cset_links+0xca/0x230 [ 71.278247][ T6311] find_css_set+0x785/0x1c70 [ 71.278267][ T6311] ? __pfx_find_css_set+0x10/0x10 [ 71.278295][ T6311] cgroup_migrate_prepare_dst+0x10b/0x7f0 [ 71.278316][ T6311] cgroup_attach_task+0x3cc/0x700 [ 71.278335][ T6311] ? __pfx_cgroup_attach_task+0x10/0x10 [ 71.278360][ T6311] ? get_task_cred+0x189/0x360 [ 71.278377][ T6311] __cgroup1_procs_write.constprop.0+0x2bc/0x430 [ 71.278395][ T6311] ? __pfx___cgroup1_procs_write.constprop.0+0x10/0x10 [ 71.278412][ T6311] ? kernfs_root+0xf8/0x2a0 [ 71.278428][ T6311] cgroup_file_write+0x1ef/0x7a0 [ 71.278442][ T6311] ? __pfx_cgroup1_tasks_write+0x10/0x10 [ 71.278458][ T6311] ? __pfx_cgroup_file_write+0x10/0x10 [ 71.278477][ T6311] kernfs_fop_write_iter+0x3af/0x570 [ 71.278493][ T6311] ? __pfx_cgroup_file_write+0x10/0x10 [ 71.278508][ T6311] vfs_write+0x7d3/0x11d0 [ 71.278522][ T6311] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 71.278541][ T6311] ? __pfx_vfs_write+0x10/0x10 [ 71.278563][ T6311] ksys_write+0x12a/0x250 [ 71.278576][ T6311] ? __pfx_ksys_write+0x10/0x10 [ 71.278597][ T6311] do_syscall_64+0xcd/0xf80 [ 71.278614][ T6311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.278626][ T6311] RIP: 0033:0x7f186378f7c9 [ 71.278635][ T6311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.278646][ T6311] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.278657][ T6311] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 71.278664][ T6311] RDX: 0000000000000012 RSI: 0000200000000300 RDI: 0000000000000004 [ 71.278670][ T6311] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 71.278676][ T6311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.278685][ T6311] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 71.278706][ T6311] [ 71.297650][ T6313] syzkaller0: entered promiscuous mode [ 71.311247][ T5947] usb 5-1: device descriptor read/64, error -71 [ 71.313805][ T6313] syzkaller0: entered allmulticast mode [ 71.339179][ T6315] Cannot find set identified by id 0 to match [ 71.421819][ T5947] usb usb5-port1: attempt power cycle [ 71.572229][ T64] Bluetooth: hci3: unknown advertising packet type: 0x82 [ 71.572310][ T64] Bluetooth: hci3: Malformed LE Event: 0x02 [ 71.600311][ T6332] FAULT_INJECTION: forcing a failure. [ 71.600311][ T6332] name failslab, interval 1, probability 0, space 0, times 0 [ 71.605500][ T6332] CPU: 3 UID: 0 PID: 6332 Comm: syz.3.120 Not tainted syzkaller #0 PREEMPT(full) [ 71.605515][ T6332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.605522][ T6332] Call Trace: [ 71.605526][ T6332] [ 71.605531][ T6332] dump_stack_lvl+0x16c/0x1f0 [ 71.605551][ T6332] should_fail_ex+0x512/0x640 [ 71.605566][ T6332] should_failslab+0xc2/0x120 [ 71.605586][ T6332] kmem_cache_alloc_node_noprof+0x86/0x800 [ 71.605598][ T6332] ? __alloc_skb+0x156/0x410 [ 71.605613][ T6332] ? __alloc_skb+0x156/0x410 [ 71.605623][ T6332] __alloc_skb+0x156/0x410 [ 71.605634][ T6332] ? __alloc_skb+0x35d/0x410 [ 71.605644][ T6332] ? __pfx___alloc_skb+0x10/0x10 [ 71.605661][ T6332] hci_sock_sendmsg+0x1b0c/0x26b0 [ 71.605680][ T6332] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 71.605699][ T6332] sock_write_iter+0x566/0x610 [ 71.605716][ T6332] ? __pfx_sock_write_iter+0x10/0x10 [ 71.605737][ T6332] ? bpf_lsm_file_permission+0x9/0x10 [ 71.605748][ T6332] ? security_file_permission+0x71/0x210 [ 71.605760][ T6332] ? rw_verify_area+0xcf/0x6c0 [ 71.605773][ T6332] vfs_write+0x7d3/0x11d0 [ 71.605787][ T6332] ? __pfx_sock_write_iter+0x10/0x10 [ 71.605804][ T6332] ? __pfx_vfs_write+0x10/0x10 [ 71.605816][ T6332] ? find_held_lock+0x2b/0x80 [ 71.605842][ T6332] ksys_write+0x1f8/0x250 [ 71.605855][ T6332] ? __pfx_ksys_write+0x10/0x10 [ 71.605872][ T6332] do_syscall_64+0xcd/0xf80 [ 71.605890][ T6332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.605902][ T6332] RIP: 0033:0x7f186378f7c9 [ 71.605910][ T6332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.605921][ T6332] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.605931][ T6332] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 71.605937][ T6332] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004 [ 71.605944][ T6332] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 71.605950][ T6332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.605955][ T6332] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 71.605970][ T6332] [ 71.761269][ T5947] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 71.782288][ T5947] usb 5-1: device descriptor read/8, error -71 [ 71.782824][ T6334] Set syz1 is full, maxelem 6117 reached [ 71.874617][ T6344] netlink: 'syz.3.123': attribute type 1 has an invalid length. [ 71.925881][ T6344] bond1 (unregistering): Released all slaves [ 72.022173][ T5947] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 72.041720][ T5947] usb 5-1: device descriptor read/8, error -71 [ 72.151841][ T5947] usb usb5-port1: unable to enumerate USB device [ 72.257591][ T6364] FAULT_INJECTION: forcing a failure. [ 72.257591][ T6364] name failslab, interval 1, probability 0, space 0, times 0 [ 72.267088][ T6364] CPU: 3 UID: 0 PID: 6364 Comm: syz.3.132 Not tainted syzkaller #0 PREEMPT(full) [ 72.267115][ T6364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.267126][ T6364] Call Trace: [ 72.267133][ T6364] [ 72.267140][ T6364] dump_stack_lvl+0x16c/0x1f0 [ 72.267172][ T6364] should_fail_ex+0x512/0x640 [ 72.267193][ T6364] ? __kmalloc_cache_noprof+0x5f/0x800 [ 72.267224][ T6364] should_failslab+0xc2/0x120 [ 72.267248][ T6364] __kmalloc_cache_noprof+0x80/0x800 [ 72.267289][ T6364] ? allocate_cgrp_cset_links+0xca/0x230 [ 72.267317][ T6364] ? allocate_cgrp_cset_links+0xca/0x230 [ 72.267338][ T6364] allocate_cgrp_cset_links+0xca/0x230 [ 72.267364][ T6364] find_css_set+0x785/0x1c70 [ 72.267398][ T6364] ? __pfx_find_css_set+0x10/0x10 [ 72.267445][ T6364] cgroup_migrate_prepare_dst+0x10b/0x7f0 [ 72.267480][ T6364] cgroup_attach_task+0x3cc/0x700 [ 72.267511][ T6364] ? __pfx_cgroup_attach_task+0x10/0x10 [ 72.267551][ T6364] ? get_task_cred+0x189/0x360 [ 72.267579][ T6364] __cgroup1_procs_write.constprop.0+0x2bc/0x430 [ 72.267608][ T6364] ? __pfx___cgroup1_procs_write.constprop.0+0x10/0x10 [ 72.267637][ T6364] ? kernfs_root+0xf8/0x2a0 [ 72.267663][ T6364] cgroup_file_write+0x1ef/0x7a0 [ 72.267686][ T6364] ? __pfx_cgroup1_tasks_write+0x10/0x10 [ 72.267713][ T6364] ? __pfx_cgroup_file_write+0x10/0x10 [ 72.267746][ T6364] kernfs_fop_write_iter+0x3af/0x570 [ 72.267772][ T6364] ? __pfx_cgroup_file_write+0x10/0x10 [ 72.267799][ T6364] vfs_write+0x7d3/0x11d0 [ 72.267822][ T6364] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 72.267853][ T6364] ? __pfx_vfs_write+0x10/0x10 [ 72.267892][ T6364] ksys_write+0x12a/0x250 [ 72.267912][ T6364] ? __pfx_ksys_write+0x10/0x10 [ 72.267942][ T6364] do_syscall_64+0xcd/0xf80 [ 72.267971][ T6364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.267989][ T6364] RIP: 0033:0x7f186378f7c9 [ 72.268005][ T6364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.268022][ T6364] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.268039][ T6364] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 72.268051][ T6364] RDX: 0000000000000012 RSI: 0000200000000300 RDI: 0000000000000004 [ 72.268062][ T6364] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 72.268072][ T6364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 72.268082][ T6364] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 72.268108][ T6364] [ 72.424211][ T6372] Cannot find set identified by id 0 to match [ 72.548283][ T6383] syzkaller0: entered promiscuous mode [ 72.550458][ T6383] syzkaller0: entered allmulticast mode [ 72.564786][ T6385] FAULT_INJECTION: forcing a failure. [ 72.564786][ T6385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.568940][ T6385] CPU: 2 UID: 0 PID: 6385 Comm: syz.3.140 Not tainted syzkaller #0 PREEMPT(full) [ 72.568954][ T6385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.568961][ T6385] Call Trace: [ 72.568965][ T6385] [ 72.568969][ T6385] dump_stack_lvl+0x16c/0x1f0 [ 72.568989][ T6385] should_fail_ex+0x512/0x640 [ 72.569004][ T6385] _copy_from_iter+0x2a4/0x16c0 [ 72.569019][ T6385] ? __pfx__copy_from_iter+0x10/0x10 [ 72.569031][ T6385] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 72.569051][ T6385] copy_page_from_iter+0xde/0x180 [ 72.569064][ T6385] tun_build_skb.constprop.0+0x2e8/0x1560 [ 72.569081][ T6385] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 72.569093][ T6385] ? arch_stack_walk+0xa6/0x100 [ 72.569116][ T6385] ? _kstrtoull+0x145/0x200 [ 72.569133][ T6385] tun_get_user+0x149c/0x3cc0 [ 72.569150][ T6385] ? __pfx_tun_get_user+0x10/0x10 [ 72.569161][ T6385] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 72.569178][ T6385] ? find_held_lock+0x2b/0x80 [ 72.569196][ T6385] ? tun_get+0x191/0x370 [ 72.569208][ T6385] tun_chr_write_iter+0xdc/0x210 [ 72.569220][ T6385] vfs_write+0x7d3/0x11d0 [ 72.569234][ T6385] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 72.569247][ T6385] ? __pfx_vfs_write+0x10/0x10 [ 72.569259][ T6385] ? find_held_lock+0x2b/0x80 [ 72.569283][ T6385] ksys_write+0x12a/0x250 [ 72.569296][ T6385] ? __pfx_ksys_write+0x10/0x10 [ 72.569313][ T6385] do_syscall_64+0xcd/0xf80 [ 72.569330][ T6385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.569341][ T6385] RIP: 0033:0x7f186378e27f [ 72.569350][ T6385] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 72.569360][ T6385] RSP: 002b:00007f18645a2000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 72.569371][ T6385] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378e27f [ 72.569377][ T6385] RDX: 0000000000000083 RSI: 0000200000000040 RDI: 00000000000000c8 [ 72.569384][ T6385] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 72.569390][ T6385] R10: 0000000000000083 R11: 0000000000000293 R12: 0000000000000001 [ 72.569396][ T6385] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 72.569409][ T6385] [ 72.771106][ T6393] netlink: 'syz.2.144': attribute type 1 has an invalid length. [ 72.799574][ T6397] netlink: 'syz.3.146': attribute type 1 has an invalid length. [ 72.805953][ T6393] bond1 (unregistering): Released all slaves [ 72.851676][ T6397] netlink: 40 bytes leftover after parsing attributes in process `syz.3.146'. [ 72.863740][ T6401] netlink: 'syz.1.147': attribute type 1 has an invalid length. [ 72.884104][ T6401] 8021q: adding VLAN 0 to HW filter on device bond1 [ 72.927353][ T6401] bond1: (slave veth3): Enslaving as an active interface with a down link [ 72.937881][ T6401] bond1: (slave dummy0): making interface the new active one [ 72.945843][ T6401] dummy0: entered promiscuous mode [ 72.948229][ T6401] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 72.957866][ T6409] xt_l2tp: wrong L2TP version: 0 [ 72.974974][ T6404] Set syz1 is full, maxelem 6117 reached [ 73.014380][ T6415] FAULT_INJECTION: forcing a failure. [ 73.014380][ T6415] name failslab, interval 1, probability 0, space 0, times 0 [ 73.016419][ T6413] syzkaller0: entered promiscuous mode [ 73.018467][ T6415] CPU: 2 UID: 0 PID: 6415 Comm: syz.2.153 Not tainted syzkaller #0 PREEMPT(full) [ 73.018481][ T6415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.018488][ T6415] Call Trace: [ 73.018492][ T6415] [ 73.018497][ T6415] dump_stack_lvl+0x16c/0x1f0 [ 73.018517][ T6415] should_fail_ex+0x512/0x640 [ 73.018529][ T6415] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 73.018543][ T6415] should_failslab+0xc2/0x120 [ 73.018557][ T6415] kmem_cache_alloc_node_noprof+0x86/0x800 [ 73.018568][ T6415] ? __alloc_skb+0x156/0x410 [ 73.018583][ T6415] ? __alloc_skb+0x156/0x410 [ 73.018593][ T6415] __alloc_skb+0x156/0x410 [ 73.018603][ T6415] ? __alloc_skb+0x35d/0x410 [ 73.018614][ T6415] ? __pfx___alloc_skb+0x10/0x10 [ 73.018627][ T6415] ? get_current_settings+0xbbe/0xfb0 [ 73.018644][ T6415] ? __pfx_get_current_settings+0x10/0x10 [ 73.018663][ T6415] mgmt_cmd_complete+0x4f/0x570 [ 73.018680][ T6415] set_debug_keys+0x2ba/0x5f0 [ 73.018691][ T6415] ? __pfx_set_debug_keys+0x10/0x10 [ 73.018699][ T6415] ? __hci_dev_get+0x16a/0x2c0 [ 73.018716][ T6415] ? do_raw_read_unlock+0x44/0xe0 [ 73.018732][ T6415] ? _raw_read_unlock+0x28/0x50 [ 73.018747][ T6415] ? __pfx_mgmt_init_hdev+0x10/0x10 [ 73.018765][ T6415] hci_sock_sendmsg+0x1556/0x26b0 [ 73.018783][ T6415] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 73.018802][ T6415] sock_write_iter+0x566/0x610 [ 73.018820][ T6415] ? __pfx_sock_write_iter+0x10/0x10 [ 73.018841][ T6415] ? bpf_lsm_file_permission+0x9/0x10 [ 73.018853][ T6415] ? security_file_permission+0x71/0x210 [ 73.018864][ T6415] ? rw_verify_area+0xcf/0x6c0 [ 73.018877][ T6415] vfs_write+0x7d3/0x11d0 [ 73.018891][ T6415] ? __pfx_sock_write_iter+0x10/0x10 [ 73.018908][ T6415] ? __pfx_vfs_write+0x10/0x10 [ 73.018920][ T6415] ? find_held_lock+0x2b/0x80 [ 73.018945][ T6415] ksys_write+0x1f8/0x250 [ 73.018958][ T6415] ? __pfx_ksys_write+0x10/0x10 [ 73.018975][ T6415] do_syscall_64+0xcd/0xf80 [ 73.018993][ T6415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.019004][ T6415] RIP: 0033:0x7fe20818f7c9 [ 73.019013][ T6415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.019023][ T6415] RSP: 002b:00007fe20906c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 73.019034][ T6415] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 73.019040][ T6415] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004 [ 73.019047][ T6415] RBP: 00007fe20906c090 R08: 0000000000000000 R09: 0000000000000000 [ 73.019053][ T6415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.019059][ T6415] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 73.019073][ T6415] [ 73.131495][ T6413] syzkaller0: entered allmulticast mode [ 73.191058][ T6430] Cannot find del_set index 2 as target [ 73.262238][ T6432] netlink: 228 bytes leftover after parsing attributes in process `syz.2.159'. [ 73.379679][ T6443] netlink: 'syz.1.162': attribute type 1 has an invalid length. [ 73.394906][ T6443] 8021q: adding VLAN 0 to HW filter on device bond2 [ 73.415852][ T6443] veth5: entered promiscuous mode [ 73.419345][ T6443] bond2: (slave veth5): Enslaving as an active interface with a down link [ 73.421383][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.428699][ T6443] vlan2: entered allmulticast mode [ 73.430390][ T6443] bond2: entered allmulticast mode [ 73.433273][ T6443] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 73.562772][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 73.587913][ T6452] process 'syz.2.167' launched './file1' with NULL argv: empty string added [ 73.874915][ T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 74.031272][ T24] usb 6-1: device descriptor read/64, error -71 [ 74.062745][ T6485] FAULT_INJECTION: forcing a failure. [ 74.062745][ T6485] name failslab, interval 1, probability 0, space 0, times 0 [ 74.067711][ T6485] CPU: 2 UID: 0 PID: 6485 Comm: syz.3.175 Tainted: G L syzkaller #0 PREEMPT(full) [ 74.067739][ T6485] Tainted: [L]=SOFTLOCKUP [ 74.067745][ T6485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.067756][ T6485] Call Trace: [ 74.067763][ T6485] [ 74.067770][ T6485] dump_stack_lvl+0x16c/0x1f0 [ 74.067803][ T6485] should_fail_ex+0x512/0x640 [ 74.067828][ T6485] should_failslab+0xc2/0x120 [ 74.067852][ T6485] kmem_cache_alloc_noprof+0x83/0x770 [ 74.067872][ T6485] ? dst_alloc+0x99/0x1a0 [ 74.067897][ T6485] ? __pfx_ip6_dst_gc+0x10/0x10 [ 74.067919][ T6485] ? dst_alloc+0x99/0x1a0 [ 74.067936][ T6485] dst_alloc+0x99/0x1a0 [ 74.067958][ T6485] ip6_pol_route+0x96b/0x1230 [ 74.067981][ T6485] ? __pfx_ip6_pol_route+0x10/0x10 [ 74.068011][ T6485] ? __local_bh_enable_ip+0xa4/0x120 [ 74.068043][ T6485] ? __pfx_ip6_pol_route_input+0x10/0x10 [ 74.068062][ T6485] fib6_rule_lookup+0x536/0x720 [ 74.068084][ T6485] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 74.068115][ T6485] ? nf_nat_ipv6_fn+0xff/0x2e0 [ 74.068136][ T6485] ? __pfx_nf_nat_ipv6_fn+0x10/0x10 [ 74.068161][ T6485] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 74.068186][ T6485] ip6_route_input+0x662/0xc70 [ 74.068211][ T6485] ? __pfx_ip6_route_input+0x10/0x10 [ 74.068230][ T6485] ? lock_acquire+0x179/0x330 [ 74.068284][ T6485] ? sock_wfree+0x11c/0x850 [ 74.068308][ T6485] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 74.068334][ T6485] ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0 [ 74.068360][ T6485] ipv6_rcv+0x1e8/0x650 [ 74.068381][ T6485] ? __pfx_ipv6_rcv+0x10/0x10 [ 74.068400][ T6485] __netif_receive_skb_one_core+0x12d/0x1e0 [ 74.068421][ T6485] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 74.068443][ T6485] ? lock_acquire+0x179/0x330 [ 74.068466][ T6485] ? __phys_addr+0xe8/0x180 [ 74.068486][ T6485] __netif_receive_skb+0x1d/0x160 [ 74.068507][ T6485] netif_receive_skb+0x137/0x760 [ 74.068526][ T6485] ? __pfx_netif_receive_skb+0x10/0x10 [ 74.068562][ T6485] tun_rx_batched.isra.0+0x3ee/0x740 [ 74.068597][ T6485] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 74.068633][ T6485] ? tun_get_user+0x1ded/0x3cc0 [ 74.068650][ T6485] ? rcu_is_watching+0x12/0xc0 [ 74.068680][ T6485] tun_get_user+0x28b2/0x3cc0 [ 74.068712][ T6485] ? __pfx_tun_get_user+0x10/0x10 [ 74.068733][ T6485] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 74.068763][ T6485] ? find_held_lock+0x2b/0x80 [ 74.068791][ T6485] ? tun_get+0x191/0x370 [ 74.068814][ T6485] tun_chr_write_iter+0xdc/0x210 [ 74.068835][ T6485] vfs_write+0x7d3/0x11d0 [ 74.068859][ T6485] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 74.068882][ T6485] ? __pfx_vfs_write+0x10/0x10 [ 74.068901][ T6485] ? find_held_lock+0x2b/0x80 [ 74.068944][ T6485] ksys_write+0x12a/0x250 [ 74.068967][ T6485] ? __pfx_ksys_write+0x10/0x10 [ 74.068996][ T6485] do_syscall_64+0xcd/0xf80 [ 74.069026][ T6485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.069045][ T6485] RIP: 0033:0x7f186378e27f [ 74.069061][ T6485] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 74.069077][ T6485] RSP: 002b:00007f18645a2000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 74.069095][ T6485] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378e27f [ 74.069106][ T6485] RDX: 0000000000000083 RSI: 0000200000000040 RDI: 00000000000000c8 [ 74.069117][ T6485] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 74.069127][ T6485] R10: 0000000000000083 R11: 0000000000000293 R12: 0000000000000001 [ 74.069138][ T6485] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 74.069164][ T6485] [ 74.341288][ T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 74.471295][ T24] usb 6-1: device descriptor read/64, error -71 [ 74.539122][ T6506] syz.2.183 uses obsolete (PF_INET,SOCK_PACKET) [ 74.591553][ T24] usb usb6-port1: attempt power cycle [ 74.727194][ T6524] netlink: 'syz.3.189': attribute type 1 has an invalid length. [ 74.775830][ T6524] 8021q: adding VLAN 0 to HW filter on device bond3 [ 74.779095][ T6524] bond2: (slave bond3): making interface the new active one [ 74.781816][ T6524] bond2: (slave bond3): Enslaving as an active interface with an up link [ 74.942677][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 74.947188][ T6549] FAULT_INJECTION: forcing a failure. [ 74.947188][ T6549] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 74.951874][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.3.199 Tainted: G L syzkaller #0 PREEMPT(full) [ 74.951892][ T6549] Tainted: [L]=SOFTLOCKUP [ 74.951896][ T6549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.951902][ T6549] Call Trace: [ 74.951906][ T6549] [ 74.951910][ T6549] dump_stack_lvl+0x16c/0x1f0 [ 74.951930][ T6549] should_fail_ex+0x512/0x640 [ 74.951944][ T6549] strncpy_from_user+0x3b/0x2e0 [ 74.951956][ T6549] getname_flags.part.0+0x8f/0x550 [ 74.951969][ T6549] __x64_sys_unlink+0xb0/0x110 [ 74.951986][ T6549] do_syscall_64+0xcd/0xf80 [ 74.952004][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.952015][ T6549] RIP: 0033:0x7f186378f7c9 [ 74.952024][ T6549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.952035][ T6549] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 74.952046][ T6549] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 74.952052][ T6549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 74.952058][ T6549] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 74.952065][ T6549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 74.952070][ T6549] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 74.952084][ T6549] [ 74.961720][ T24] usb 6-1: device descriptor read/8, error -71 [ 75.084082][ T40] kauditd_printk_skb: 31 callbacks suppressed [ 75.084092][ T40] audit: type=1400 audit(1765119908.830:292): avc: denied { read write } for pid=6559 comm="syz.2.202" name="vhost-vsock" dev="devtmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 75.092585][ T6560] comedi comedi0: board detection failed [ 75.099447][ T40] audit: type=1400 audit(1765119908.830:293): avc: denied { open } for pid=6559 comm="syz.2.202" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 75.102954][ T6560] loop5: detected capacity change from 0 to 7 [ 75.108723][ T40] audit: type=1400 audit(1765119908.840:294): avc: denied { ioctl } for pid=6559 comm="syz.2.202" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 75.113796][ T5942] Dev loop5: unable to read RDB block 7 [ 75.125583][ T5942] loop5: AHDI p1 p2 p3 [ 75.127700][ T5942] loop5: partition table partially beyond EOD, truncated [ 75.130931][ T5942] loop5: p1 start 1601398130 is beyond EOD, truncated [ 75.134734][ T5942] loop5: p2 start 1702059890 is beyond EOD, truncated [ 75.138509][ T6560] Dev loop5: unable to read RDB block 7 [ 75.140453][ T6560] loop5: AHDI p1 p2 p3 [ 75.142556][ T6560] loop5: partition table partially beyond EOD, truncated [ 75.145443][ T6560] loop5: p1 start 1601398130 is beyond EOD, truncated [ 75.147856][ T6560] loop5: p2 start 1702059890 is beyond EOD, truncated [ 75.202135][ T40] audit: type=1400 audit(1765119908.950:295): avc: denied { read write } for pid=6568 comm="syz.2.206" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 75.210487][ T6569] netlink: 'syz.2.206': attribute type 1 has an invalid length. [ 75.212958][ T6569] netlink: 44 bytes leftover after parsing attributes in process `syz.2.206'. [ 75.221261][ T40] audit: type=1400 audit(1765119908.950:296): avc: denied { open } for pid=6568 comm="syz.2.206" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 75.241388][ T40] audit: type=1400 audit(1765119908.950:297): avc: denied { map } for pid=6568 comm="syz.2.206" path="socket:[12534]" dev="sockfs" ino=12534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 75.248675][ T40] audit: type=1400 audit(1765119908.950:298): avc: denied { map } for pid=6568 comm="syz.2.206" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 75.249966][ T6578] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 75.257965][ T6578] [U] J"—e:ÀÆ" [ 75.260395][ T40] audit: type=1400 audit(1765119908.980:299): avc: denied { read write } for pid=6576 comm="syz.2.211" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 75.261995][ T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 75.270677][ T40] audit: type=1400 audit(1765119908.980:300): avc: denied { open } for pid=6576 comm="syz.2.211" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 75.282684][ T40] audit: type=1400 audit(1765119909.030:301): avc: denied { append } for pid=6577 comm="syz.0.210" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 75.293187][ T24] usb 6-1: device descriptor read/8, error -71 [ 75.317404][ T6581] netlink: 'syz.3.212': attribute type 1 has an invalid length. [ 75.330204][ T6581] netlink: 28 bytes leftover after parsing attributes in process `syz.3.212'. [ 75.387043][ T6590] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2128 sclass=netlink_route_socket pid=6590 comm=syz.2.216 [ 75.393387][ T6592] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6592 comm=syz.3.217 [ 75.411550][ T24] usb usb6-port1: unable to enumerate USB device [ 75.455761][ T6595] netlink: 'syz.3.217': attribute type 1 has an invalid length. [ 75.497069][ T6599] netlink: 'syz.2.219': attribute type 1 has an invalid length. [ 75.505349][ T6595] bond5: (slave bridge1): making interface the new active one [ 75.508028][ T6595] bond5: (slave bridge1): Enslaving as an active interface with an up link [ 75.546439][ T6599] 8021q: adding VLAN 0 to HW filter on device bond2 [ 75.550795][ T6599] bond1: (slave bond2): making interface the new active one [ 75.554508][ T6599] bond1: (slave bond2): Enslaving as an active interface with an up link [ 75.652361][ T6610] FAULT_INJECTION: forcing a failure. [ 75.652361][ T6610] name failslab, interval 1, probability 0, space 0, times 0 [ 75.656862][ T6610] CPU: 2 UID: 0 PID: 6610 Comm: syz.2.222 Tainted: G L syzkaller #0 PREEMPT(full) [ 75.656880][ T6610] Tainted: [L]=SOFTLOCKUP [ 75.656884][ T6610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.656890][ T6610] Call Trace: [ 75.656894][ T6610] [ 75.656898][ T6610] dump_stack_lvl+0x16c/0x1f0 [ 75.656919][ T6610] should_fail_ex+0x512/0x640 [ 75.656932][ T6610] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 75.656945][ T6610] should_failslab+0xc2/0x120 [ 75.656959][ T6610] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 75.656970][ T6610] ? __d_lookup+0x25c/0x4a0 [ 75.656983][ T6610] ? __d_alloc+0x35/0xa80 [ 75.657001][ T6610] ? __d_alloc+0x35/0xa80 [ 75.657016][ T6610] __d_alloc+0x35/0xa80 [ 75.657034][ T6610] d_alloc+0x4a/0x1e0 [ 75.657051][ T6610] lookup_one_qstr_excl+0x175/0x250 [ 75.657062][ T6610] ? mnt_want_write+0x161/0x450 [ 75.657076][ T6610] do_unlinkat+0x27b/0x660 [ 75.657091][ T6610] ? __might_fault+0xe3/0x190 [ 75.657102][ T6610] ? __pfx_do_unlinkat+0x10/0x10 [ 75.657123][ T6610] ? getname_flags.part.0+0x1c5/0x550 [ 75.657135][ T6610] __x64_sys_unlink+0xc5/0x110 [ 75.657151][ T6610] do_syscall_64+0xcd/0xf80 [ 75.657168][ T6610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.657180][ T6610] RIP: 0033:0x7fe20818f7c9 [ 75.657189][ T6610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.657199][ T6610] RSP: 002b:00007fe20906c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 75.657210][ T6610] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 75.657217][ T6610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 75.657223][ T6610] RBP: 00007fe20906c090 R08: 0000000000000000 R09: 0000000000000000 [ 75.657230][ T6610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.657236][ T6610] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 75.657250][ T6610] [ 76.134031][ T6646] program syz.0.235 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 76.138389][ T6646] netlink: 12 bytes leftover after parsing attributes in process `syz.0.235'. [ 76.194468][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.201570][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.221496][ T6649] 8021q: adding VLAN 0 to HW filter on device bond7 [ 76.226910][ T6649] bond6: (slave bond7): making interface the new active one [ 76.230526][ T6649] bond6: (slave bond7): Enslaving as an active interface with an up link [ 76.430840][ T6658] netlink: 152 bytes leftover after parsing attributes in process `syz.0.239'. [ 76.477901][ T6662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2128 sclass=netlink_route_socket pid=6662 comm=syz.3.241 [ 76.546977][ T6666] evm: overlay not supported [ 76.571643][ T6664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.242'. [ 76.625984][ T6671] Cannot find del_set index 2 as target [ 76.721373][ T6679] tipc: Enabling of bearer rejected, failed to enable media [ 76.725346][ T6679] syzkaller0: entered promiscuous mode [ 76.727229][ T6679] syzkaller0: entered allmulticast mode [ 76.911404][ T6690] FAULT_INJECTION: forcing a failure. [ 76.911404][ T6690] name failslab, interval 1, probability 0, space 0, times 0 [ 76.916442][ T6690] CPU: 1 UID: 0 PID: 6690 Comm: syz.3.251 Tainted: G L syzkaller #0 PREEMPT(full) [ 76.916460][ T6690] Tainted: [L]=SOFTLOCKUP [ 76.916464][ T6690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.916471][ T6690] Call Trace: [ 76.916475][ T6690] [ 76.916479][ T6690] dump_stack_lvl+0x16c/0x1f0 [ 76.916500][ T6690] should_fail_ex+0x512/0x640 [ 76.916512][ T6690] ? __kmalloc_noprof+0xca/0x910 [ 76.916535][ T6690] should_failslab+0xc2/0x120 [ 76.916550][ T6690] __kmalloc_noprof+0xeb/0x910 [ 76.916567][ T6690] ? ovl_lookup_layers+0x16d9/0x2920 [ 76.916581][ T6690] ? ovl_lookup_layers+0x16d9/0x2920 [ 76.916591][ T6690] ovl_lookup_layers+0x16d9/0x2920 [ 76.916605][ T6690] ? find_held_lock+0x2b/0x80 [ 76.916624][ T6690] ? __pfx_ovl_lookup_layers+0x10/0x10 [ 76.916637][ T6690] ? find_held_lock+0x2b/0x80 [ 76.916654][ T6690] ? rcu_read_unlock+0x17/0x60 [ 76.916673][ T6690] ovl_lookup+0x459/0x610 [ 76.916684][ T6690] ? __pfx_ovl_lookup+0x10/0x10 [ 76.916694][ T6690] ? rcu_is_watching+0x12/0xc0 [ 76.916707][ T6690] ? do_raw_spin_lock+0x12c/0x2b0 [ 76.916725][ T6690] ? do_raw_spin_unlock+0x172/0x230 [ 76.916740][ T6690] ? _raw_spin_unlock+0x28/0x50 [ 76.916757][ T6690] lookup_one_qstr_excl+0x1d1/0x250 [ 76.916768][ T6690] ? mnt_want_write+0x161/0x450 [ 76.916782][ T6690] do_unlinkat+0x27b/0x660 [ 76.916797][ T6690] ? __might_fault+0xe3/0x190 [ 76.916808][ T6690] ? __pfx_do_unlinkat+0x10/0x10 [ 76.916829][ T6690] ? getname_flags.part.0+0x1c5/0x550 [ 76.916841][ T6690] __x64_sys_unlink+0xc5/0x110 [ 76.916857][ T6690] do_syscall_64+0xcd/0xf80 [ 76.916874][ T6690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.916886][ T6690] RIP: 0033:0x7f186378f7c9 [ 76.916895][ T6690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.916905][ T6690] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 76.916915][ T6690] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 76.916922][ T6690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 76.916928][ T6690] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 76.916934][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.916940][ T6690] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 76.916954][ T6690] [ 77.100246][ T6705] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2128 sclass=netlink_route_socket pid=6705 comm=syz.3.257 [ 77.123811][ T6707] validate_nla: 3 callbacks suppressed [ 77.123822][ T6707] netlink: 'syz.1.258': attribute type 1 has an invalid length. [ 77.138224][ T6709] overlayfs: failed to resolve './file1': -2 [ 77.761042][ T6720] syzkaller1: entered promiscuous mode [ 77.763010][ T6720] syzkaller1: entered allmulticast mode [ 77.779108][ T6724] syzkaller1: entered promiscuous mode [ 77.780885][ T6724] syzkaller1: entered allmulticast mode [ 77.797573][ T6730] Cannot find del_set index 2 as target [ 77.927032][ T6742] netlink: 12 bytes leftover after parsing attributes in process `syz.1.267'. [ 77.953856][ T6745] netlink: 'syz.2.269': attribute type 1 has an invalid length. [ 77.983850][ T6749] FAULT_INJECTION: forcing a failure. [ 77.983850][ T6749] name failslab, interval 1, probability 0, space 0, times 0 [ 77.987815][ T6749] CPU: 0 UID: 0 PID: 6749 Comm: syz.3.268 Tainted: G L syzkaller #0 PREEMPT(full) [ 77.987833][ T6749] Tainted: [L]=SOFTLOCKUP [ 77.987837][ T6749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.987844][ T6749] Call Trace: [ 77.987848][ T6749] [ 77.987852][ T6749] dump_stack_lvl+0x16c/0x1f0 [ 77.987873][ T6749] should_fail_ex+0x512/0x640 [ 77.987885][ T6749] ? __kmalloc_cache_noprof+0x5f/0x800 [ 77.987904][ T6749] should_failslab+0xc2/0x120 [ 77.987919][ T6749] __kmalloc_cache_noprof+0x80/0x800 [ 77.987937][ T6749] ? ovl_encode_real_fh+0xca/0x420 [ 77.987956][ T6749] ? ovl_encode_real_fh+0xca/0x420 [ 77.987972][ T6749] ovl_encode_real_fh+0xca/0x420 [ 77.987989][ T6749] ? __pfx_ovl_encode_real_fh+0x10/0x10 [ 77.988009][ T6749] ovl_lookup_index+0xde/0x800 [ 77.988022][ T6749] ? __pfx_ovl_lookup_index+0x10/0x10 [ 77.988033][ T6749] ? ovl_lookup_layers+0x16d9/0x2920 [ 77.988046][ T6749] ovl_lookup_layers+0x5e1/0x2920 [ 77.988079][ T6749] ? __pfx_ovl_lookup_layers+0x10/0x10 [ 77.988092][ T6749] ? find_held_lock+0x2b/0x80 [ 77.988110][ T6749] ? rcu_read_unlock+0x17/0x60 [ 77.988129][ T6749] ovl_lookup+0x459/0x610 [ 77.988140][ T6749] ? __pfx_ovl_lookup+0x10/0x10 [ 77.988150][ T6749] ? rcu_is_watching+0x12/0xc0 [ 77.988163][ T6749] ? do_raw_spin_lock+0x12c/0x2b0 [ 77.988181][ T6749] ? do_raw_spin_unlock+0x172/0x230 [ 77.988196][ T6749] ? _raw_spin_unlock+0x28/0x50 [ 77.988230][ T6749] lookup_one_qstr_excl+0x1d1/0x250 [ 77.988244][ T6749] ? mnt_want_write+0x161/0x450 [ 77.988258][ T6749] do_unlinkat+0x27b/0x660 [ 77.988273][ T6749] ? __might_fault+0xe3/0x190 [ 77.988284][ T6749] ? __pfx_do_unlinkat+0x10/0x10 [ 77.988306][ T6749] ? getname_flags.part.0+0x1c5/0x550 [ 77.988319][ T6749] __x64_sys_unlink+0xc5/0x110 [ 77.988335][ T6749] do_syscall_64+0xcd/0xf80 [ 77.988352][ T6749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.988363][ T6749] RIP: 0033:0x7f186378f7c9 [ 77.988372][ T6749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.988382][ T6749] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 77.988393][ T6749] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 77.988400][ T6749] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 77.988406][ T6749] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 77.988412][ T6749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 77.988418][ T6749] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 77.988432][ T6749] [ 78.009795][ T6745] 8021q: adding VLAN 0 to HW filter on device bond4 [ 78.084977][ T6745] bond3: (slave bond4): making interface the new active one [ 78.087527][ T6745] bond3: (slave bond4): Enslaving as an active interface with an up link [ 78.193534][ T6766] netlink: 'syz.0.276': attribute type 2 has an invalid length. [ 78.196397][ T6766] netlink: 46 bytes leftover after parsing attributes in process `syz.0.276'. [ 78.213501][ T6771] Cannot find del_set index 2 as target [ 78.245692][ T6773] Cannot find map_set index 65532 as target [ 78.311661][ T6783] FAULT_INJECTION: forcing a failure. [ 78.311661][ T6783] name failslab, interval 1, probability 0, space 0, times 0 [ 78.315707][ T6783] CPU: 1 UID: 0 PID: 6783 Comm: syz.0.284 Tainted: G L syzkaller #0 PREEMPT(full) [ 78.315724][ T6783] Tainted: [L]=SOFTLOCKUP [ 78.315727][ T6783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.315734][ T6783] Call Trace: [ 78.315738][ T6783] [ 78.315742][ T6783] dump_stack_lvl+0x16c/0x1f0 [ 78.315763][ T6783] should_fail_ex+0x512/0x640 [ 78.315775][ T6783] ? __kmalloc_noprof+0xca/0x910 [ 78.315793][ T6783] should_failslab+0xc2/0x120 [ 78.315808][ T6783] __kmalloc_noprof+0xeb/0x910 [ 78.315824][ T6783] ? ovl_encode_real_fh+0x33a/0x420 [ 78.315841][ T6783] ? ovl_get_index_name_fh+0x55/0x190 [ 78.315854][ T6783] ? ovl_get_index_name_fh+0x55/0x190 [ 78.315864][ T6783] ovl_get_index_name_fh+0x55/0x190 [ 78.315876][ T6783] ovl_lookup_index+0x10f/0x800 [ 78.315888][ T6783] ? __pfx_ovl_lookup_index+0x10/0x10 [ 78.315899][ T6783] ? ovl_lookup_layers+0x16d9/0x2920 [ 78.315912][ T6783] ovl_lookup_layers+0x5e1/0x2920 [ 78.315929][ T6783] ? __pfx_ovl_lookup_layers+0x10/0x10 [ 78.315942][ T6783] ? find_held_lock+0x2b/0x80 [ 78.315960][ T6783] ? rcu_read_unlock+0x17/0x60 [ 78.315979][ T6783] ovl_lookup+0x459/0x610 [ 78.315989][ T6783] ? __pfx_ovl_lookup+0x10/0x10 [ 78.315999][ T6783] ? rcu_is_watching+0x12/0xc0 [ 78.316012][ T6783] ? do_raw_spin_lock+0x12c/0x2b0 [ 78.316030][ T6783] ? do_raw_spin_unlock+0x172/0x230 [ 78.316045][ T6783] ? _raw_spin_unlock+0x28/0x50 [ 78.316062][ T6783] lookup_one_qstr_excl+0x1d1/0x250 [ 78.316073][ T6783] ? mnt_want_write+0x161/0x450 [ 78.316087][ T6783] do_unlinkat+0x27b/0x660 [ 78.316102][ T6783] ? __might_fault+0xe3/0x190 [ 78.316113][ T6783] ? __pfx_do_unlinkat+0x10/0x10 [ 78.316133][ T6783] ? getname_flags.part.0+0x1c5/0x550 [ 78.316146][ T6783] __x64_sys_unlink+0xc5/0x110 [ 78.316162][ T6783] do_syscall_64+0xcd/0xf80 [ 78.316179][ T6783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.316190][ T6783] RIP: 0033:0x7fc0df78f7c9 [ 78.316199][ T6783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.316231][ T6783] RSP: 002b:00007fc0e062d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 78.316246][ T6783] RAX: ffffffffffffffda RBX: 00007fc0df9e5fa0 RCX: 00007fc0df78f7c9 [ 78.316254][ T6783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 78.316260][ T6783] RBP: 00007fc0e062d090 R08: 0000000000000000 R09: 0000000000000000 [ 78.316266][ T6783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.316272][ T6783] R13: 00007fc0df9e6038 R14: 00007fc0df9e5fa0 R15: 00007ffc0169eab8 [ 78.316291][ T6783] [ 78.336151][ T6785] syzkaller0: entered promiscuous mode [ 78.353045][ T6786] ip6t_rpfilter: unknown options [ 78.356074][ T6785] syzkaller0: entered allmulticast mode [ 78.451454][ T6788] syzkaller1: entered promiscuous mode [ 78.453390][ T6788] syzkaller1: entered allmulticast mode [ 78.500330][ T6797] netlink: 'syz.0.290': attribute type 1 has an invalid length. [ 78.623077][ T6805] netlink: 'syz.2.293': attribute type 1 has an invalid length. [ 78.658367][ T6813] Cannot find del_set index 2 as target [ 78.701221][ T6814] 8021q: adding VLAN 0 to HW filter on device bond6 [ 78.704227][ T6814] bond5: (slave bond6): making interface the new active one [ 78.705630][ T6817] binder: 6815:6817 ioctl c018620c 200000000040 returned -1 [ 78.706870][ T6814] bond5: (slave bond6): Enslaving as an active interface with an up link [ 78.765340][ T6823] veth0_to_bridge: entered promiscuous mode [ 78.787198][ T6822] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 78.789987][ T6822] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 78.794209][ T6822] overlayfs: missing 'lowerdir' [ 78.799251][ T6825] netlink: 12 bytes leftover after parsing attributes in process `syz.3.300'. [ 78.863433][ T6829] netlink: 'syz.3.303': attribute type 1 has an invalid length. [ 79.230230][ T6815] veth0_to_bridge: left promiscuous mode [ 79.331495][ T6848] tmpfs: Bad value for 'mpol' [ 79.395626][ T6853] Cannot find map_set index 65532 as target [ 79.408601][ T6855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.311'. [ 79.555184][ T6867] Cannot find del_set index 2 as target [ 79.619338][ T6876] netlink: 'syz.1.317': attribute type 1 has an invalid length. [ 79.647146][ T6876] 8021q: adding VLAN 0 to HW filter on device bond5 [ 79.650216][ T6876] bond4: (slave bond5): making interface the new active one [ 79.659310][ T6876] bond4: (slave bond5): Enslaving as an active interface with an up link [ 79.704046][ T6880] netlink: 'syz.0.319': attribute type 1 has an invalid length. [ 79.741307][ T6873] syzkaller1: entered promiscuous mode [ 79.743124][ T6873] syzkaller1: entered allmulticast mode [ 79.832679][ T6889] mkiss: ax0: crc mode is auto. [ 79.994172][ T6903] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size. [ 80.001892][ T6903] IPv6: sit1: Disabled Multicast RS [ 80.021249][ T6906] warning: `syz.1.328' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 80.041612][ T6908] syzkaller0: entered promiscuous mode [ 80.043908][ T6908] syzkaller0: entered allmulticast mode [ 80.336876][ T6930] netlink: 16 bytes leftover after parsing attributes in process `syz.3.335'. [ 80.340676][ T6930] netlink: 52 bytes leftover after parsing attributes in process `syz.3.335'. [ 80.350770][ T6933] Cannot find del_set index 2 as target [ 80.400466][ T40] kauditd_printk_skb: 45 callbacks suppressed [ 80.400481][ T40] audit: type=1400 audit(1765119914.140:347): avc: denied { setattr } for pid=6922 comm="syz.3.335" path="/dev/snd/pcmC0D0p" dev="devtmpfs" ino=1314 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 80.409510][ T6923] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 80.416427][ T40] audit: type=1400 audit(1765119914.160:348): avc: denied { create } for pid=6922 comm="syz.3.335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 80.433328][ T40] audit: type=1400 audit(1765119914.180:349): avc: denied { getopt } for pid=6922 comm="syz.3.335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 80.478586][ T6947] netlink: 'syz.1.342': attribute type 1 has an invalid length. [ 80.518098][ T40] audit: type=1400 audit(1765119914.260:350): avc: denied { ioctl } for pid=6951 comm="syz.3.344" path="socket:[13035]" dev="sockfs" ino=13035 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 80.528003][ T40] audit: type=1400 audit(1765119914.260:351): avc: denied { connect } for pid=6951 comm="syz.3.344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 80.535819][ T40] audit: type=1400 audit(1765119914.260:352): avc: denied { write } for pid=6951 comm="syz.3.344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 80.543842][ T6947] 8021q: adding VLAN 0 to HW filter on device bond7 [ 80.547956][ T6947] bond6: (slave bond7): making interface the new active one [ 80.549251][ T40] audit: type=1400 audit(1765119914.260:353): avc: denied { mounton } for pid=6951 comm="syz.3.344" path="/97/file0" dev="tmpfs" ino=520 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 80.552851][ T6947] bond6: (slave bond7): Enslaving as an active interface with an up link [ 80.590248][ T40] audit: type=1400 audit(1765119914.330:354): avc: denied { read } for pid=6951 comm="syz.3.344" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 80.605837][ T6958] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 80.609367][ T6958] block device autoloading is deprecated and will be removed. [ 80.611432][ T40] audit: type=1400 audit(1765119914.330:355): avc: denied { open } for pid=6951 comm="syz.3.344" path="/97/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 80.620405][ T40] audit: type=1400 audit(1765119914.360:356): avc: denied { ioctl } for pid=6951 comm="syz.3.344" path="/97/file0/file0" dev="fuse" ino=64 ioctlcmd=0x923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 80.662754][ T6952] md: superblock version 12389 not known [ 80.668471][ T6952] md: couldn't set array info. -22 [ 80.734934][ T6975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.350'. [ 80.739214][ T6975] tmpfs: Unknown parameter '00000000000000000000003' [ 80.902102][ T6992] syzkaller0: entered promiscuous mode [ 80.904724][ T6992] syzkaller0: entered allmulticast mode [ 81.096269][ T7012] fuse: Bad value for 'user_id' [ 81.099396][ T7012] fuse: Bad value for 'user_id' [ 81.180872][ T7022] Cannot find del_set index 2 as target [ 81.220259][ T7025] netlink: 'syz.1.365': attribute type 1 has an invalid length. [ 81.392836][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 81.450953][ T7040] FAULT_INJECTION: forcing a failure. [ 81.450953][ T7040] name failslab, interval 1, probability 0, space 0, times 0 [ 81.457351][ T7040] CPU: 0 UID: 0 PID: 7040 Comm: syz.3.371 Tainted: G L syzkaller #0 PREEMPT(full) [ 81.457377][ T7040] Tainted: [L]=SOFTLOCKUP [ 81.457381][ T7040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.457391][ T7040] Call Trace: [ 81.457398][ T7040] [ 81.457405][ T7040] dump_stack_lvl+0x16c/0x1f0 [ 81.457454][ T7040] should_fail_ex+0x512/0x640 [ 81.457493][ T7040] ? fs_reclaim_acquire+0xae/0x150 [ 81.457519][ T7040] should_failslab+0xc2/0x120 [ 81.457540][ T7040] __kmalloc_cache_noprof+0x80/0x800 [ 81.457565][ T7040] ? inode_doinit_use_xattr+0x54/0x410 [ 81.457592][ T7040] ? inode_doinit_use_xattr+0x54/0x410 [ 81.457611][ T7040] inode_doinit_use_xattr+0x54/0x410 [ 81.457638][ T7040] inode_doinit_with_dentry+0x51d/0x12e0 [ 81.457666][ T7040] ? __pfx_inode_doinit_with_dentry+0x10/0x10 [ 81.457694][ T7040] ? kasan_quarantine_put+0x10a/0x240 [ 81.457711][ T7040] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.457737][ T7040] selinux_d_instantiate+0x26/0x30 [ 81.457763][ T7040] security_d_instantiate+0x142/0x1a0 [ 81.457778][ T7040] d_splice_alias_ops+0x92/0x840 [ 81.457803][ T7040] ovl_lookup+0x51e/0x610 [ 81.457821][ T7040] ? __pfx_ovl_lookup+0x10/0x10 [ 81.457834][ T7040] ? rcu_is_watching+0x12/0xc0 [ 81.457856][ T7040] ? do_raw_spin_lock+0x12c/0x2b0 [ 81.457883][ T7040] ? do_raw_spin_unlock+0x172/0x230 [ 81.457905][ T7040] ? _raw_spin_unlock+0x28/0x50 [ 81.457930][ T7040] lookup_one_qstr_excl+0x1d1/0x250 [ 81.457944][ T7040] ? mnt_want_write+0x161/0x450 [ 81.457966][ T7040] do_unlinkat+0x27b/0x660 [ 81.457988][ T7040] ? __might_fault+0xe3/0x190 [ 81.458002][ T7040] ? __pfx_do_unlinkat+0x10/0x10 [ 81.458037][ T7040] ? getname_flags.part.0+0x1c5/0x550 [ 81.458056][ T7040] __x64_sys_unlink+0xc5/0x110 [ 81.458081][ T7040] do_syscall_64+0xcd/0xf80 [ 81.458109][ T7040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.458128][ T7040] RIP: 0033:0x7f186378f7c9 [ 81.458143][ T7040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.458160][ T7040] RSP: 002b:00007f18645a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 81.458177][ T7040] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 81.458186][ T7040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 81.458195][ T7040] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 81.458213][ T7040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 81.458223][ T7040] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 81.458244][ T7040] [ 81.636733][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 81.641310][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 81.645201][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 81.650504][ T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 81.653939][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.667294][ T9] usb 7-1: config 0 descriptor?? [ 81.733656][ T7056] syzkaller0: entered promiscuous mode [ 81.735889][ T7056] syzkaller0: entered allmulticast mode [ 81.835015][ T7064] Cannot find del_set index 2 as target [ 81.856495][ T7066] FAULT_INJECTION: forcing a failure. [ 81.856495][ T7066] name failslab, interval 1, probability 0, space 0, times 0 [ 81.861295][ T7066] CPU: 0 UID: 0 PID: 7066 Comm: syz.0.383 Tainted: G L syzkaller #0 PREEMPT(full) [ 81.861314][ T7066] Tainted: [L]=SOFTLOCKUP [ 81.861318][ T7066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.861325][ T7066] Call Trace: [ 81.861330][ T7066] [ 81.861335][ T7066] dump_stack_lvl+0x16c/0x1f0 [ 81.861379][ T7066] should_fail_ex+0x512/0x640 [ 81.861394][ T7066] should_failslab+0xc2/0x120 [ 81.861411][ T7066] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 81.861426][ T7066] ? sidtab_sid2str_get+0x17a/0x680 [ 81.861441][ T7066] ? kmemdup_noprof+0x29/0x60 [ 81.861452][ T7066] kmemdup_noprof+0x29/0x60 [ 81.861463][ T7066] sidtab_sid2str_get+0x17a/0x680 [ 81.861476][ T7066] sidtab_entry_to_string+0x33/0x110 [ 81.861495][ T7066] security_sid_to_context_core+0x35c/0x640 [ 81.861515][ T7066] selinux_inode_getsecurity+0x2be/0x370 [ 81.861534][ T7066] ? __pfx_selinux_inode_getsecurity+0x10/0x10 [ 81.861557][ T7066] security_inode_getsecurity+0x12f/0x2f0 [ 81.861570][ T7066] vfs_getxattr+0x19e/0x290 [ 81.861587][ T7066] ? __pfx_vfs_getxattr+0x10/0x10 [ 81.861606][ T7066] ovl_xattr_get+0xf4/0x190 [ 81.861619][ T7066] ? __pfx_ovl_xattr_get+0x10/0x10 [ 81.861630][ T7066] ? xattr_resolve_name+0x27b/0x3f0 [ 81.861647][ T7066] ? __pfx_ovl_other_xattr_get+0x10/0x10 [ 81.861657][ T7066] __vfs_getxattr+0x13d/0x1a0 [ 81.861673][ T7066] ? __pfx___vfs_getxattr+0x10/0x10 [ 81.861692][ T7066] inode_doinit_use_xattr+0xb5/0x410 [ 81.861710][ T7066] inode_doinit_with_dentry+0x51d/0x12e0 [ 81.861730][ T7066] ? __pfx_inode_doinit_with_dentry+0x10/0x10 [ 81.861748][ T7066] ? kasan_quarantine_put+0x10a/0x240 [ 81.861760][ T7066] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.861779][ T7066] selinux_d_instantiate+0x26/0x30 [ 81.861796][ T7066] security_d_instantiate+0x142/0x1a0 [ 81.861808][ T7066] d_splice_alias_ops+0x92/0x840 [ 81.861824][ T7066] ovl_lookup+0x51e/0x610 [ 81.861836][ T7066] ? __pfx_ovl_lookup+0x10/0x10 [ 81.861847][ T7066] ? rcu_is_watching+0x12/0xc0 [ 81.861861][ T7066] ? do_raw_spin_lock+0x12c/0x2b0 [ 81.861880][ T7066] ? do_raw_spin_unlock+0x172/0x230 [ 81.861896][ T7066] ? _raw_spin_unlock+0x28/0x50 [ 81.861913][ T7066] lookup_one_qstr_excl+0x1d1/0x250 [ 81.861924][ T7066] ? mnt_want_write+0x161/0x450 [ 81.861939][ T7066] do_unlinkat+0x27b/0x660 [ 81.861954][ T7066] ? __might_fault+0xe3/0x190 [ 81.861965][ T7066] ? __pfx_do_unlinkat+0x10/0x10 [ 81.861987][ T7066] ? getname_flags.part.0+0x1c5/0x550 [ 81.861999][ T7066] __x64_sys_unlink+0xc5/0x110 [ 81.862016][ T7066] do_syscall_64+0xcd/0xf80 [ 81.862034][ T7066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.862047][ T7066] RIP: 0033:0x7fc0df78f7c9 [ 81.862056][ T7066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.862067][ T7066] RSP: 002b:00007fc0e062d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 81.862078][ T7066] RAX: ffffffffffffffda RBX: 00007fc0df9e5fa0 RCX: 00007fc0df78f7c9 [ 81.862085][ T7066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 81.862092][ T7066] RBP: 00007fc0e062d090 R08: 0000000000000000 R09: 0000000000000000 [ 81.862099][ T7066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 81.862105][ T7066] R13: 00007fc0df9e6038 R14: 00007fc0df9e5fa0 R15: 00007ffc0169eab8 [ 81.862120][ T7066] [ 81.862257][ T7066] SELinux: inode_doinit_use_xattr: getxattr returned 12 for dev=overlay ino=10 [ 81.913597][ T7070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.385'. [ 82.047882][ T7073] 8021q: adding VLAN 0 to HW filter on device bond4 [ 82.052107][ T7073] bond3: (slave bond4): making interface the new active one [ 82.061784][ T7073] bond3: (slave bond4): Enslaving as an active interface with an up link [ 82.079994][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.089551][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.093541][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.097985][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.100751][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.103917][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.106385][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.108830][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.112623][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.115922][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 82.131105][ T9] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 82.167224][ T7089] syzkaller0: entered promiscuous mode [ 82.169138][ T7089] syzkaller0: entered allmulticast mode [ 82.292549][ T7100] netlink: 36 bytes leftover after parsing attributes in process `syz.1.396'. [ 82.297887][ T7101] netlink: 36 bytes leftover after parsing attributes in process `syz.1.396'. [ 82.371363][ T6021] usb 7-1: USB disconnect, device number 3 [ 82.457285][ T7120] validate_nla: 1 callbacks suppressed [ 82.457297][ T7120] netlink: 'syz.2.403': attribute type 1 has an invalid length. [ 82.471254][ T941] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 82.485489][ T7120] 8021q: adding VLAN 0 to HW filter on device bond8 [ 82.488960][ T7120] bond7: (slave bond8): making interface the new active one [ 82.491662][ T7120] bond7: (slave bond8): Enslaving as an active interface with an up link [ 82.533933][ T7132] netlink: 'syz.1.402': attribute type 21 has an invalid length. [ 82.561563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 82.623474][ T941] usb 8-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06 [ 82.626291][ T941] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.632779][ T941] usb 8-1: config 0 descriptor?? [ 82.841479][ T7096] binder: 7095:7096 ioctl 4018620d 0 returned -22 [ 82.844708][ T7138] netlink: 'syz.3.394': attribute type 10 has an invalid length. [ 82.850613][ T7138] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.855277][ T7138] bridge_slave_1: left allmulticast mode [ 82.857673][ T7138] bridge_slave_1: left promiscuous mode [ 82.860383][ T7138] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.886432][ T7138] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 82.910044][ T7142] netlink: 'syz.2.408': attribute type 1 has an invalid length. [ 82.914874][ T941] usb 8-1: string descriptor 0 read error: -71 [ 82.927262][ T941] usb-storage 8-1:0.0: USB Mass Storage device detected [ 82.942943][ T941] usb-storage 8-1:0.0: Quirks match for vid 05ab pid 0060: 2 [ 82.955388][ T7142] __nla_validate_parse: 1 callbacks suppressed [ 82.955398][ T7142] netlink: 5 bytes leftover after parsing attributes in process `syz.2.408'. [ 82.970135][ T7142] bond9: (slave geneve2): making interface the new active one [ 82.978176][ T7142] bond9: (slave geneve2): Enslaving as an active interface with an up link [ 82.982052][ T159] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.985744][ T159] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.989251][ T159] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.992927][ T159] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.011461][ T941] usb 8-1: USB disconnect, device number 2 [ 83.054091][ T64] Bluetooth: hci2: Dropping invalid advertising data [ 83.056912][ T64] Bluetooth: hci2: Malformed LE Event: 0x02 [ 83.134190][ T7163] Cannot find del_set index 2 as target [ 83.176800][ T7168] netlink: 'syz.0.417': attribute type 10 has an invalid length. [ 83.180079][ T7168] netlink: 40 bytes leftover after parsing attributes in process `syz.0.417'. [ 83.186315][ T7168] batman_adv: batadv0: Adding interface: virt_wifi0 [ 83.189162][ T7168] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.200294][ T7168] batman_adv: batadv0: Interface activated: virt_wifi0 [ 83.266822][ T7173] tipc: Started in network mode [ 83.268972][ T7173] tipc: Node identity 4, cluster identity 4711 [ 83.271843][ T7173] tipc: Node number set to 4 [ 83.404728][ T7193] xt_ipcomp: unknown flags 1D [ 83.416046][ T7194] netlink: 'syz.1.426': attribute type 1 has an invalid length. [ 83.460430][ T7194] bond9: (slave geneve2): making interface the new active one [ 83.466091][ T7194] bond9: (slave geneve2): Enslaving as an active interface with an up link [ 83.480675][ T5045] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 83.491924][ T5045] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 83.507163][ T5045] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 83.510219][ T73] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 83.567154][ T7204] overlayfs: conflicting options: userxattr,redirect_dir=on [ 83.763176][ T7215] FAULT_INJECTION: forcing a failure. [ 83.763176][ T7215] name failslab, interval 1, probability 0, space 0, times 0 [ 83.769566][ T7215] CPU: 0 UID: 0 PID: 7215 Comm: syz.1.435 Tainted: G L syzkaller #0 PREEMPT(full) [ 83.769594][ T7215] Tainted: [L]=SOFTLOCKUP [ 83.769600][ T7215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.769610][ T7215] Call Trace: [ 83.769616][ T7215] [ 83.769623][ T7215] dump_stack_lvl+0x16c/0x1f0 [ 83.769674][ T7215] should_fail_ex+0x512/0x640 [ 83.769699][ T7215] ? fs_reclaim_acquire+0xae/0x150 [ 83.769726][ T7215] should_failslab+0xc2/0x120 [ 83.769748][ T7215] __kmalloc_noprof+0xeb/0x910 [ 83.769774][ T7215] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 83.769796][ T7215] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 83.769812][ T7215] tomoyo_realpath_from_path+0xc2/0x6e0 [ 83.769832][ T7215] ? tomoyo_profile+0x47/0x60 [ 83.769853][ T7215] tomoyo_path_perm+0x274/0x460 [ 83.769875][ T7215] ? tomoyo_path_perm+0x260/0x460 [ 83.769901][ T7215] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 83.769926][ T7215] ? do_raw_spin_lock+0x12c/0x2b0 [ 83.769950][ T7215] ? __pfx___d_add+0x10/0x10 [ 83.769965][ T7215] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 83.770012][ T7215] ? do_raw_spin_lock+0x12c/0x2b0 [ 83.770041][ T7215] tomoyo_path_unlink+0x91/0xe0 [ 83.770060][ T7215] ? __pfx_tomoyo_path_unlink+0x10/0x10 [ 83.770085][ T7215] security_path_unlink+0x145/0x2b0 [ 83.770111][ T7215] do_unlinkat+0x318/0x660 [ 83.770136][ T7215] ? __pfx_do_unlinkat+0x10/0x10 [ 83.770170][ T7215] ? getname_flags.part.0+0x1c5/0x550 [ 83.770190][ T7215] __x64_sys_unlink+0xc5/0x110 [ 83.770214][ T7215] do_syscall_64+0xcd/0xf80 [ 83.770245][ T7215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.770262][ T7215] RIP: 0033:0x7f9dbc58f7c9 [ 83.770276][ T7215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.770292][ T7215] RSP: 002b:00007f9dbd3ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 83.770309][ T7215] RAX: ffffffffffffffda RBX: 00007f9dbc7e5fa0 RCX: 00007f9dbc58f7c9 [ 83.770320][ T7215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0 [ 83.770330][ T7215] RBP: 00007f9dbd3ec090 R08: 0000000000000000 R09: 0000000000000000 [ 83.770339][ T7215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 83.770349][ T7215] R13: 00007f9dbc7e6038 R14: 00007f9dbc7e5fa0 R15: 00007ffcc26da328 [ 83.770372][ T7215] [ 83.770380][ T7215] ERROR: Out of memory at tomoyo_realpath_from_path. [ 83.824540][ T7217] netlink: 'syz.0.436': attribute type 1 has an invalid length. [ 83.907609][ T7224] netlink: 20 bytes leftover after parsing attributes in process `syz.1.437'. [ 83.996705][ T7221] 8021q: adding VLAN 0 to HW filter on device bond6 [ 84.001064][ T7221] bond5: (slave bond6): making interface the new active one [ 84.005046][ T7221] bond5: (slave bond6): Enslaving as an active interface with an up link [ 84.040442][ T7229] syzkaller0: entered promiscuous mode [ 84.042352][ T7229] syzkaller0: entered allmulticast mode [ 84.251681][ T3843] dummy0: left promiscuous mode [ 84.291318][ T64] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 84.292219][ T7250] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 84.336742][ T7255] Cannot find del_set index 2 as target [ 84.346692][ T941] kernel write not supported for file /video36 (pid: 941 comm: kworker/1:2) [ 84.353822][ T7256] overlayfs: missing 'lowerdir' [ 84.379750][ T7247] syzkaller1: entered promiscuous mode [ 84.382016][ T7247] syzkaller1: entered allmulticast mode [ 84.615095][ T7271] overlayfs: conflicting options: nfs_export=on,index=off [ 84.620475][ T7271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.456'. [ 84.628501][ T7271] fuse: Invalid rootmode [ 84.660676][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.457'. [ 84.721522][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 84.724955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 84.881294][ T6007] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 85.031338][ T6007] usb 7-1: Using ep0 maxpacket: 16 [ 85.038229][ T6007] usb 7-1: config 0 has no interfaces? [ 85.044687][ T6007] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 85.048188][ T6007] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 85.050658][ T6007] usb 7-1: SerialNumber: syz [ 85.054547][ T6007] usb 7-1: config 0 descriptor?? [ 85.189618][ T7290] No source specified [ 85.239459][ T7294] Cannot find del_set index 2 as target [ 85.259347][ T7265] PM: Enabling pm_trace changes system date and time during resume. [ 85.259347][ T7265] PM: Correct system time has to be restored manually after resume. [ 85.284023][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 85.294495][ T7302] pimreg3: entered allmulticast mode [ 85.422306][ T1117] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 85.424587][ T1117] ata1: failed to read log page 10h (errno=-5) [ 85.426660][ T1117] ata1.00: exception Emask 0x1 SAct 0x100 SErr 0x0 action 0x0 [ 85.429142][ T1117] ata1.00: irq_stat 0x40000000 [ 85.430677][ T1117] ata1.00: failed command: WRITE FPDMA QUEUED [ 85.435133][ T1117] ata1.00: cmd 61/18:40:fe:05:10/00:00:00:00:00/40 tag 8 ncq dma 12288 out [ 85.435133][ T1117] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 85.440668][ T1117] ata1.00: status: { DRDY } [ 85.443329][ T1117] ata1.00: error: { ABRT } [ 85.445930][ T40] kauditd_printk_skb: 35 callbacks suppressed [ 85.445942][ T40] audit: type=1400 audit(1765119919.190:392): avc: denied { read write } for pid=7303 comm="syz.3.470" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 85.446570][ T1117] ata1.00: configured for UDMA/100 [ 85.448645][ T40] audit: type=1400 audit(1765119919.190:393): avc: denied { open } for pid=7303 comm="syz.3.470" path="/132/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 85.456776][ T1117] ata1: EH complete [ 85.471567][ T40] audit: type=1400 audit(1765119919.220:394): avc: denied { ioctl } for pid=7303 comm="syz.3.470" path="/132/file0/file0" dev="fuse" ino=64 ioctlcmd=0x5414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 85.472516][ T7304] program syz.3.470 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 85.479258][ T40] audit: type=1400 audit(1765119919.220:395): avc: denied { append } for pid=7303 comm="syz.3.470" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 85.494812][ T5294] Bluetooth: hci1: SCO packet for unknown connection handle 1280 [ 85.532874][ T7304] ata1.00: invalid command format 8 [ 86.033457][ T40] audit: type=1400 audit(1765119919.780:396): avc: denied { ioctl } for pid=7324 comm="syz.1.478" path="/dev/fb1" dev="devtmpfs" ino=640 ioctlcmd=0x4606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 86.123692][ T40] audit: type=1400 audit(1765119919.870:397): avc: denied { map } for pid=7327 comm="syz.0.480" path="/dev/video3" dev="devtmpfs" ino=959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 86.172340][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 86.248376][ T7330] Cannot find del_set index 2 as target [ 86.254322][ T7332] netlink: 'syz.0.481': attribute type 1 has an invalid length. [ 86.286377][ T7332] netlink: 12 bytes leftover after parsing attributes in process `syz.0.481'. [ 86.298284][ T7332] bond7: (slave geneve2): making interface the new active one [ 86.298773][ T1117] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 86.302249][ T7332] bond7: (slave geneve2): Enslaving as an active interface with an up link [ 86.307683][ T73] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.311355][ T1117] ata1: failed to read log page 10h (errno=-5) [ 86.311371][ T1117] ata1.00: exception Emask 0x1 SAct 0x100 SErr 0x0 action 0x0 [ 86.311382][ T1117] ata1.00: irq_stat 0x40000000 [ 86.311391][ T1117] ata1.00: failed command: WRITE FPDMA QUEUED [ 86.314724][ T73] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.324866][ T73] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.328244][ T73] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.341476][ T1117] ata1.00: cmd 61/00:40:36:21:08/01:00:00:00:00/40 tag 8 ncq dma 131072 out [ 86.341476][ T1117] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 86.346912][ T7335] tipc: Started in network mode [ 86.350301][ T7335] tipc: Node identity de2cd56d098a, cluster identity 4711 [ 86.351369][ T1117] ata1.00: status: { DRDY } [ 86.355798][ T7335] tipc: Enabled bearer , priority 0 [ 86.359457][ T7335] syzkaller0: entered promiscuous mode [ 86.361675][ T1117] ata1.00: configured for UDMA/100 [ 86.362108][ T7335] syzkaller0: entered allmulticast mode [ 86.364417][ T1117] ata1: EH complete [ 86.371767][ T7335] tipc: Resetting bearer [ 86.381513][ T7334] tipc: Resetting bearer [ 86.422135][ T7334] tipc: Disabling bearer [ 86.462703][ T60] cfg80211: failed to load regulatory.db [ 86.534722][ T5294] Bluetooth: hci0: ACL packet for unknown connection handle 100 [ 86.661885][ T7349] netlink: 'syz.0.488': attribute type 1 has an invalid length. [ 86.722235][ T7349] 8021q: adding VLAN 0 to HW filter on device bond9 [ 86.726456][ T7349] bond8: (slave bond9): making interface the new active one [ 86.729730][ T7349] bond8: (slave bond9): Enslaving as an active interface with an up link [ 86.737549][ T40] audit: type=1400 audit(1765119920.480:398): avc: denied { read } for pid=7352 comm="syz.3.489" path="socket:[15061]" dev="sockfs" ino=15061 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 86.761387][ T5294] Bluetooth: hci3: unknown advertising packet type: 0x82 [ 86.761412][ T5294] Bluetooth: hci3: Malformed LE Event: 0x02 [ 86.788029][ T7357] Cannot find del_set index 2 as target [ 86.945027][ T40] audit: type=1400 audit(1765119920.690:399): avc: denied { append } for pid=7373 comm="syz.3.498" name="pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 86.956306][ T40] audit: type=1400 audit(1765119920.700:400): avc: denied { getopt } for pid=7373 comm="syz.3.498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 86.956310][ T7374] ======================================================= [ 86.956310][ T7374] WARNING: The mand mount option has been deprecated and [ 86.956310][ T7374] and is ignored by this kernel. Remove the mand [ 86.956310][ T7374] option from the mount to silence this warning. [ 86.956310][ T7374] ======================================================= [ 86.994541][ T7377] FAULT_INJECTION: forcing a failure. [ 86.994541][ T7377] name failslab, interval 1, probability 0, space 0, times 0 [ 86.998966][ T7377] CPU: 0 UID: 0 PID: 7377 Comm: syz.0.499 Tainted: G L syzkaller #0 PREEMPT(full) [ 86.998984][ T7377] Tainted: [L]=SOFTLOCKUP [ 86.998988][ T7377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.998995][ T7377] Call Trace: [ 86.998999][ T7377] [ 86.999004][ T7377] dump_stack_lvl+0x16c/0x1f0 [ 86.999025][ T7377] should_fail_ex+0x512/0x640 [ 86.999038][ T7377] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 86.999051][ T7377] should_failslab+0xc2/0x120 [ 86.999066][ T7377] kmem_cache_alloc_node_noprof+0x86/0x800 [ 86.999076][ T7377] ? copy_process+0x4b5/0x7430 [ 86.999097][ T7377] ? copy_process+0x4b5/0x7430 [ 86.999113][ T7377] copy_process+0x4b5/0x7430 [ 86.999140][ T7377] ? __pfx_copy_process+0x10/0x10 [ 86.999164][ T7377] kernel_clone+0xfc/0x910 [ 86.999174][ T7377] ? __pfx_kernel_clone+0x10/0x10 [ 86.999189][ T7377] ? __mutex_unlock_slowpath+0x161/0x790 [ 86.999208][ T7377] __do_sys_clone+0xce/0x120 [ 86.999217][ T7377] ? __pfx___do_sys_clone+0x10/0x10 [ 86.999232][ T7377] ? ksys_write+0x1ac/0x250 [ 86.999247][ T7377] ? __pfx_ksys_write+0x10/0x10 [ 86.999264][ T7377] do_syscall_64+0xcd/0xf80 [ 86.999281][ T7377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.999293][ T7377] RIP: 0033:0x7fc0df78f7c9 [ 86.999301][ T7377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.999312][ T7377] RSP: 002b:00007fc0e062cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 86.999323][ T7377] RAX: ffffffffffffffda RBX: 00007fc0df9e5fa0 RCX: 00007fc0df78f7c9 [ 86.999330][ T7377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 86.999337][ T7377] RBP: 00007fc0e062d090 R08: 0000000000000000 R09: 0000000000000000 [ 86.999343][ T7377] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 86.999349][ T7377] R13: 00007fc0df9e6038 R14: 00007fc0df9e5fa0 R15: 00007ffc0169eab8 [ 86.999363][ T7377] [ 87.197337][ T7387] netlink: 'syz.0.504': attribute type 1 has an invalid length. [ 87.226770][ T7389] tipc: Enabled bearer , priority 0 [ 87.227155][ T7387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.504'. [ 87.230102][ T7389] syzkaller0: entered promiscuous mode [ 87.236643][ T7389] syzkaller0: entered allmulticast mode [ 87.245918][ T7389] tipc: Resetting bearer [ 87.249730][ T7388] tipc: Resetting bearer [ 87.259312][ T7388] tipc: Disabling bearer [ 87.311413][ T64] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 87.311432][ T5294] Bluetooth: hci4: command 0x1003 tx timeout [ 87.337709][ T24] usb 7-1: USB disconnect, device number 4 [ 87.370298][ T64] Bluetooth: hci0: unknown advertising packet type: 0x82 [ 87.370350][ T64] Bluetooth: hci0: Malformed LE Event: 0x02 [ 87.431567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.486005][ T7403] Cannot find del_set index 2 as target [ 87.511531][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.545261][ T64] Bluetooth: hci0: Unable to find connection with handle 0x0001 [ 87.648953][ T7414] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=7414 comm=syz.0.516 [ 87.731763][ T40] audit: type=1400 audit(1765119922.456:401): avc: denied { prog_run } for pid=7419 comm="syz.0.518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 87.888883][ T7434] FAULT_INJECTION: forcing a failure. [ 87.888883][ T7434] name failslab, interval 1, probability 0, space 0, times 0 [ 87.895993][ T7434] CPU: 0 UID: 0 PID: 7434 Comm: syz.2.523 Tainted: G L syzkaller #0 PREEMPT(full) [ 87.896021][ T7434] Tainted: [L]=SOFTLOCKUP [ 87.896027][ T7434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.896038][ T7434] Call Trace: [ 87.896043][ T7434] [ 87.896064][ T7434] dump_stack_lvl+0x16c/0x1f0 [ 87.896096][ T7434] should_fail_ex+0x512/0x640 [ 87.896151][ T7434] ? kmem_cache_alloc_noprof+0x62/0x770 [ 87.896172][ T7434] should_failslab+0xc2/0x120 [ 87.896194][ T7434] kmem_cache_alloc_noprof+0x83/0x770 [ 87.896211][ T7434] ? prepare_creds+0x2c/0x940 [ 87.896239][ T7434] ? prepare_creds+0x2c/0x940 [ 87.896260][ T7434] prepare_creds+0x2c/0x940 [ 87.896284][ T7434] copy_creds+0xa7/0xa50 [ 87.896309][ T7434] copy_process+0x130f/0x7430 [ 87.896346][ T7434] ? __pfx_copy_process+0x10/0x10 [ 87.896382][ T7434] kernel_clone+0xfc/0x910 [ 87.896399][ T7434] ? __pfx_kernel_clone+0x10/0x10 [ 87.896422][ T7434] ? __mutex_unlock_slowpath+0x161/0x790 [ 87.896451][ T7434] __do_sys_clone+0xce/0x120 [ 87.896466][ T7434] ? __pfx___do_sys_clone+0x10/0x10 [ 87.896491][ T7434] ? ksys_write+0x1ac/0x250 [ 87.896511][ T7434] ? __pfx_ksys_write+0x10/0x10 [ 87.896537][ T7434] do_syscall_64+0xcd/0xf80 [ 87.896562][ T7434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.896579][ T7434] RIP: 0033:0x7fe20818f7c9 [ 87.896592][ T7434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.896608][ T7434] RSP: 002b:00007fe20906bfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 87.896625][ T7434] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 87.896636][ T7434] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 87.896645][ T7434] RBP: 00007fe20906c090 R08: 0000000000000000 R09: 0000000000000000 [ 87.896655][ T7434] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 87.896664][ T7434] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 87.896687][ T7434] [ 87.989072][ T7433] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 88.122724][ T7440] netlink: 'syz.2.526': attribute type 1 has an invalid length. [ 88.182095][ T7445] x_tables: duplicate underflow at hook 1 [ 88.257810][ T7455] netlink: 'syz.3.532': attribute type 1 has an invalid length. [ 88.301735][ T7455] 8021q: adding VLAN 0 to HW filter on device bond10 [ 88.307220][ T7455] bond9: (slave bond10): making interface the new active one [ 88.314435][ T7455] bond9: (slave bond10): Enslaving as an active interface with an up link [ 88.401951][ T7446] tipc: Enabled bearer , priority 0 [ 88.427539][ T7468] Cannot find del_set index 2 as target [ 88.507595][ T7476] netlink: 'syz.2.539': attribute type 1 has an invalid length. [ 88.678541][ T7484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.541'. [ 88.698403][ T7484] bond11: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 88.705214][ T7484] bond11 (unregistering): Released all slaves [ 88.758263][ T7483] syzkaller1: entered promiscuous mode [ 88.760051][ T7483] syzkaller1: entered allmulticast mode [ 88.923481][ T7435] tipc: Disabling bearer [ 89.077443][ T7489] Cannot find map_set index 65532 as target [ 89.083140][ T7489] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=40 sclass=netlink_tcpdiag_socket pid=7489 comm=syz.3.543 [ 89.234253][ T7503] Cannot find del_set index 2 as target [ 89.238494][ T7501] FAULT_INJECTION: forcing a failure. [ 89.238494][ T7501] name failslab, interval 1, probability 0, space 0, times 0 [ 89.244005][ T7501] CPU: 1 UID: 0 PID: 7501 Comm: syz.1.548 Tainted: G L syzkaller #0 PREEMPT(full) [ 89.244032][ T7501] Tainted: [L]=SOFTLOCKUP [ 89.244038][ T7501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.244049][ T7501] Call Trace: [ 89.244066][ T7501] [ 89.244073][ T7501] dump_stack_lvl+0x16c/0x1f0 [ 89.244143][ T7501] should_fail_ex+0x512/0x640 [ 89.244168][ T7501] ? __kmalloc_noprof+0xca/0x910 [ 89.244197][ T7501] should_failslab+0xc2/0x120 [ 89.244220][ T7501] __kmalloc_noprof+0xeb/0x910 [ 89.244246][ T7501] ? lsm_blob_alloc+0x68/0x90 [ 89.244268][ T7501] ? lsm_blob_alloc+0x68/0x90 [ 89.244285][ T7501] lsm_blob_alloc+0x68/0x90 [ 89.244305][ T7501] security_task_alloc+0x2c/0x260 [ 89.244325][ T7501] copy_process+0x2456/0x7430 [ 89.244363][ T7501] ? __pfx_copy_process+0x10/0x10 [ 89.244405][ T7501] kernel_clone+0xfc/0x910 [ 89.244422][ T7501] ? __pfx_kernel_clone+0x10/0x10 [ 89.244448][ T7501] ? __mutex_unlock_slowpath+0x161/0x790 [ 89.244477][ T7501] __do_sys_clone+0xce/0x120 [ 89.244493][ T7501] ? __pfx___do_sys_clone+0x10/0x10 [ 89.244518][ T7501] ? ksys_write+0x1ac/0x250 [ 89.244538][ T7501] ? __pfx_ksys_write+0x10/0x10 [ 89.244566][ T7501] do_syscall_64+0xcd/0xf80 [ 89.244593][ T7501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.244611][ T7501] RIP: 0033:0x7f9dbc58f7c9 [ 89.244626][ T7501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.244642][ T7501] RSP: 002b:00007f9dbd3ebfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 89.244656][ T7501] RAX: ffffffffffffffda RBX: 00007f9dbc7e5fa0 RCX: 00007f9dbc58f7c9 [ 89.244668][ T7501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 89.244678][ T7501] RBP: 00007f9dbd3ec090 R08: 0000000000000000 R09: 0000000000000000 [ 89.244689][ T7501] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 89.244699][ T7501] R13: 00007f9dbc7e6038 R14: 00007f9dbc7e5fa0 R15: 00007ffcc26da328 [ 89.244723][ T7501] [ 89.246812][ T7505] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7505 comm=syz.3.549 [ 89.315620][ T7510] netlink: 'syz.3.549': attribute type 1 has an invalid length. [ 89.357089][ T7505] bond11: (slave bridge2): making interface the new active one [ 89.360765][ T7505] bond11: (slave bridge2): Enslaving as an active interface with an up link [ 89.428545][ T7520] syzkaller0: entered promiscuous mode [ 89.430462][ T7520] syzkaller0: entered allmulticast mode [ 89.551378][ T7528] 8021q: VLANs not supported on gre0 [ 89.579958][ T7530] netlink: 'syz.3.559': attribute type 1 has an invalid length. [ 89.608286][ T7533] Cannot find del_set index 2 as target [ 89.631244][ T7530] 8021q: adding VLAN 0 to HW filter on device bond13 [ 89.636648][ T7530] bond12: (slave bond13): making interface the new active one [ 89.640042][ T7530] bond12: (slave bond13): Enslaving as an active interface with an up link [ 89.702354][ T7540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.563'. [ 89.706170][ T7540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.563'. [ 89.845243][ T7554] Cannot find del_set index 2 as target [ 89.932593][ T7558] netlink: 'syz.1.572': attribute type 1 has an invalid length. [ 89.989723][ T7558] 8021q: adding VLAN 0 to HW filter on device bond11 [ 89.992904][ T7558] bond10: (slave bond11): making interface the new active one [ 89.996240][ T7558] bond10: (slave bond11): Enslaving as an active interface with an up link [ 90.104722][ T7569] input: syz0 as /devices/virtual/input/input6 [ 90.145527][ T941] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 90.164679][ T941] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 90.203107][ T7575] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.576'. [ 90.348906][ T7583] veth0_to_bridge: entered promiscuous mode [ 90.360250][ T7583] netlink: 'syz.1.579': attribute type 30 has an invalid length. [ 90.386073][ C2] ata1: illegal qc_active transition (00000000->00010000) [ 90.454613][ T7597] Cannot find del_set index 2 as target [ 90.457708][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 90.457720][ T40] audit: type=1400 audit(1765119925.196:420): avc: denied { unlink } for pid=7593 comm="syz.2.581" name="#46" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 90.496517][ T7582] veth0_to_bridge: left promiscuous mode [ 90.522678][ T7603] netlink: 'syz.3.583': attribute type 1 has an invalid length. [ 90.584799][ T7610] SELinux: security_context_str_to_sid („) failed with errno=-22 [ 90.595742][ T7603] 8021q: adding VLAN 0 to HW filter on device bond15 [ 90.601856][ T7603] bond14: (slave bond15): making interface the new active one [ 90.608958][ T7603] bond14: (slave bond15): Enslaving as an active interface with an up link [ 90.650604][ T40] audit: type=1400 audit(1765119925.386:421): avc: denied { append } for pid=7618 comm="syz.3.590" name="ptp1" dev="devtmpfs" ino=1288 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 90.673853][ T40] audit: type=1400 audit(1765119925.416:422): avc: denied { bind } for pid=7620 comm="syz.0.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 90.705374][ T1117] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 90.713829][ T1117] ata1.00: configured for UDMA/100 [ 90.816642][ T40] audit: type=1400 audit(1765119925.556:423): avc: denied { view } for pid=7638 comm="syz.2.595" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 90.887816][ T7646] netlink: 'syz.2.597': attribute type 5 has an invalid length. [ 90.897965][ T7646] ip6erspan0: entered promiscuous mode [ 90.938334][ T40] audit: type=1400 audit(1765119925.676:424): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 91.081746][ T40] audit: type=1400 audit(1765119925.826:425): avc: denied { append } for pid=7661 comm="syz.2.601" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 91.102899][ T7662] syzkaller1: entered promiscuous mode [ 91.107024][ T7662] syzkaller1: entered allmulticast mode [ 91.110072][ T7657] overlayfs: statfs failed on './file0' [ 91.151976][ T40] audit: type=1400 audit(1765119925.856:426): avc: denied { override_creds } for pid=7661 comm="syz.2.601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 91.278706][ T7673] netlink: 76 bytes leftover after parsing attributes in process `syz.3.603'. [ 91.386098][ T64] Bluetooth: hci0: unknown advertising packet type: 0x82 [ 91.386119][ T64] Bluetooth: hci0: Dropping invalid advertising data [ 91.391132][ T64] Bluetooth: hci0: unknown advertising packet type: 0x2f [ 91.391155][ T64] Bluetooth: hci0: Malformed LE Event: 0x02 [ 91.467052][ T7691] netlink: 20 bytes leftover after parsing attributes in process `syz.3.607'. [ 91.585952][ T40] audit: type=1400 audit(1765119926.326:427): avc: denied { create } for pid=7700 comm="syz.2.613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 91.598454][ T7701] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 91.606052][ T7705] netlink: 'syz.0.612': attribute type 1 has an invalid length. [ 91.609634][ T40] audit: type=1400 audit(1765119926.336:428): avc: denied { getopt } for pid=7700 comm="syz.2.613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 91.619802][ T7701] CIFS: Unable to determine destination address [ 91.629843][ T7708] FAULT_INJECTION: forcing a failure. [ 91.629843][ T7708] name failslab, interval 1, probability 0, space 0, times 0 [ 91.635236][ T7708] CPU: 1 UID: 0 PID: 7708 Comm: syz.3.614 Tainted: G L syzkaller #0 PREEMPT(full) [ 91.635298][ T7708] Tainted: [L]=SOFTLOCKUP [ 91.635306][ T7708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.635320][ T7708] Call Trace: [ 91.635325][ T7708] [ 91.635332][ T7708] dump_stack_lvl+0x16c/0x1f0 [ 91.635407][ T7708] should_fail_ex+0x512/0x640 [ 91.635431][ T7708] ? kmem_cache_alloc_noprof+0x62/0x770 [ 91.635451][ T7708] should_failslab+0xc2/0x120 [ 91.635472][ T7708] kmem_cache_alloc_noprof+0x83/0x770 [ 91.635488][ T7708] ? prepare_creds+0x2c/0x940 [ 91.635515][ T7708] ? prepare_creds+0x2c/0x940 [ 91.635535][ T7708] prepare_creds+0x2c/0x940 [ 91.635558][ T7708] copy_creds+0xa7/0xa50 [ 91.635583][ T7708] copy_process+0x130f/0x7430 [ 91.635618][ T7708] ? __pfx_copy_process+0x10/0x10 [ 91.635654][ T7708] kernel_clone+0xfc/0x910 [ 91.635670][ T7708] ? __pfx_kernel_clone+0x10/0x10 [ 91.635693][ T7708] ? __mutex_unlock_slowpath+0x161/0x790 [ 91.635722][ T7708] __do_sys_clone+0xce/0x120 [ 91.635737][ T7708] ? __pfx___do_sys_clone+0x10/0x10 [ 91.635760][ T7708] ? ksys_write+0x1ac/0x250 [ 91.635780][ T7708] ? __pfx_ksys_write+0x10/0x10 [ 91.635806][ T7708] do_syscall_64+0xcd/0xf80 [ 91.635831][ T7708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.635848][ T7708] RIP: 0033:0x7f186378f7c9 [ 91.635862][ T7708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.635878][ T7708] RSP: 002b:00007f18645a1fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 91.635894][ T7708] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 91.635905][ T7708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 91.635914][ T7708] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 91.635924][ T7708] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 91.635934][ T7708] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 91.635956][ T7708] [ 91.668694][ T7710] bond11: (slave geneve3): making interface the new active one [ 91.682185][ T40] audit: type=1400 audit(1765119926.416:429): avc: denied { create } for pid=7709 comm="syz.1.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 91.683929][ T7710] bond11: (slave geneve3): Enslaving as an active interface with an up link [ 91.725407][ T7715] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.613' sets config #1 [ 91.732788][ T382] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 91.742326][ T382] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 91.746402][ T382] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 91.749832][ T382] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 91.845911][ T7726] 8021q: adding VLAN 0 to HW filter on device bond17 [ 91.849754][ T7726] bond16: (slave bond17): making interface the new active one [ 91.852442][ T7726] bond16: (slave bond17): Enslaving as an active interface with an up link [ 91.876417][ T7732] tipc: Started in network mode [ 91.878487][ T7732] tipc: Node identity 5afdbf9e4a79, cluster identity 4711 [ 91.881965][ T7732] tipc: Enabled bearer , priority 0 [ 91.893473][ T7732] syzkaller0: entered promiscuous mode [ 91.900126][ T7732] syzkaller0: entered allmulticast mode [ 91.909055][ T7732] tipc: Resetting bearer [ 91.912992][ T7731] tipc: Resetting bearer [ 91.927384][ T7731] tipc: Disabling bearer [ 92.139672][ T7759] FAULT_INJECTION: forcing a failure. [ 92.139672][ T7759] name failslab, interval 1, probability 0, space 0, times 0 [ 92.143974][ T7759] CPU: 3 UID: 0 PID: 7759 Comm: syz.2.633 Tainted: G L syzkaller #0 PREEMPT(full) [ 92.143993][ T7759] Tainted: [L]=SOFTLOCKUP [ 92.143997][ T7759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.144007][ T7759] Call Trace: [ 92.144021][ T7759] [ 92.144026][ T7759] dump_stack_lvl+0x16c/0x1f0 [ 92.144060][ T7759] should_fail_ex+0x512/0x640 [ 92.144077][ T7759] ? __kmalloc_noprof+0xca/0x910 [ 92.144118][ T7759] should_failslab+0xc2/0x120 [ 92.144132][ T7759] __kmalloc_noprof+0xeb/0x910 [ 92.144149][ T7759] ? lsm_blob_alloc+0x68/0x90 [ 92.144164][ T7759] ? lsm_blob_alloc+0x68/0x90 [ 92.144176][ T7759] lsm_blob_alloc+0x68/0x90 [ 92.144189][ T7759] security_task_alloc+0x2c/0x260 [ 92.144201][ T7759] copy_process+0x2456/0x7430 [ 92.144225][ T7759] ? __pfx_copy_process+0x10/0x10 [ 92.144249][ T7759] kernel_clone+0xfc/0x910 [ 92.144260][ T7759] ? __pfx_kernel_clone+0x10/0x10 [ 92.144274][ T7759] ? __mutex_unlock_slowpath+0x161/0x790 [ 92.144293][ T7759] __do_sys_clone+0xce/0x120 [ 92.144303][ T7759] ? __pfx___do_sys_clone+0x10/0x10 [ 92.144318][ T7759] ? ksys_write+0x1ac/0x250 [ 92.144332][ T7759] ? __pfx_ksys_write+0x10/0x10 [ 92.144349][ T7759] do_syscall_64+0xcd/0xf80 [ 92.144366][ T7759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.144377][ T7759] RIP: 0033:0x7fe20818f7c9 [ 92.144391][ T7759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.144402][ T7759] RSP: 002b:00007fe20906bfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 92.144413][ T7759] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 92.144420][ T7759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 92.144427][ T7759] RBP: 00007fe20906c090 R08: 0000000000000000 R09: 0000000000000000 [ 92.144433][ T7759] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 92.144439][ T7759] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 92.144452][ T7759] [ 92.191361][ T941] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 92.192331][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 92.261312][ T941] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 92.535489][ T382] wlan1: Trigger new scan to find an IBSS to join [ 92.596853][ T7783] : renamed from bridge_slave_0 [ 92.625714][ T7787] binder: 7786:7787 ioctl c0306201 2000000003c0 returned -22 [ 92.736464][ T7785] SELinux: failed to load policy [ 92.808559][ T7790] mmap: syz.1.646 (7790) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 93.072318][ T7832] overlayfs: overlapping lowerdir path [ 93.086008][ T7825] bond18: (slave geneve2): making interface the new active one [ 93.088787][ T7825] bond18: (slave geneve2): Enslaving as an active interface with an up link [ 93.104594][ T73] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 93.107468][ T73] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 93.110256][ T73] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 93.114462][ T73] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 93.144621][ T7837] netlink: 284 bytes leftover after parsing attributes in process `syz.2.657'. [ 93.486892][ T7859] xt_hashlimit: overflow, rate too high: 0 [ 93.533920][ T7866] netlink: 360 bytes leftover after parsing attributes in process `syz.0.664'. [ 93.576560][ T7870] validate_nla: 2 callbacks suppressed [ 93.576575][ T7870] netlink: 'syz.0.665': attribute type 1 has an invalid length. [ 93.631139][ T7870] 8021q: adding VLAN 0 to HW filter on device bond13 [ 93.638415][ T7870] bond12: (slave bond13): making interface the new active one [ 93.642169][ T7870] bond12: (slave bond13): Enslaving as an active interface with an up link [ 93.686227][ T7877] netlink: 'syz.0.667': attribute type 1 has an invalid length. [ 94.088027][ T7912] netlink: 'syz.2.675': attribute type 4 has an invalid length. [ 94.092736][ T7912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.675'. [ 94.096696][ T7913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.675'. [ 94.135597][ T7915] netlink: 'syz.2.676': attribute type 1 has an invalid length. [ 94.160447][ T7915] 8021q: adding VLAN 0 to HW filter on device bond13 [ 94.164206][ T7915] bond12: (slave bond13): making interface the new active one [ 94.167186][ T7915] bond12: (slave bond13): Enslaving as an active interface with an up link [ 94.201373][ T7919] tipc: Enabled bearer , priority 0 [ 94.204182][ T7919] syzkaller0: entered promiscuous mode [ 94.206404][ T7919] syzkaller0: entered allmulticast mode [ 94.210837][ T7919] tipc: Resetting bearer [ 94.215049][ T7918] tipc: Resetting bearer [ 94.231154][ T7918] tipc: Disabling bearer [ 94.346688][ T7921] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 94.351275][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 94.351385][ T941] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 94.356087][ T941] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 95.101774][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 95.138068][ T7959] netlink: 'syz.3.691': attribute type 1 has an invalid length. [ 95.158694][ T7959] netlink: 28 bytes leftover after parsing attributes in process `syz.3.691'. [ 95.271217][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 95.276017][ T9] usb 5-1: config 0 has no interfaces? [ 95.278563][ T9] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 95.283104][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.290689][ T9] usb 5-1: config 0 descriptor?? [ 95.505030][ T9] usb 5-1: USB disconnect, device number 6 [ 95.552114][ T5045] wlan1: Trigger new scan to find an IBSS to join [ 95.985863][ T7988] netlink: 'syz.2.700': attribute type 1 has an invalid length. [ 96.009087][ T7988] netlink: 28 bytes leftover after parsing attributes in process `syz.2.700'. [ 96.065920][ T7993] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 96.078524][ T7997] netlink: 'syz.3.704': attribute type 1 has an invalid length. [ 96.103783][ T7997] netlink: 8 bytes leftover after parsing attributes in process `syz.3.704'. [ 96.126005][ T7999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7999 comm=syz.0.702 [ 96.209354][ T8003] netlink: 'syz.3.706': attribute type 10 has an invalid length. [ 96.217377][ T8003] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 96.278829][ T8003] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 96.331534][ T6007] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 96.431291][ T64] Bluetooth: hci2: command 0x0c1a tx timeout [ 96.433626][ T941] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 96.436353][ T941] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 96.481317][ T6007] usb 7-1: Using ep0 maxpacket: 8 [ 96.484481][ T6007] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 96.487935][ T6007] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 96.490970][ T6007] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.494999][ T6007] usb 7-1: config 0 descriptor?? [ 96.558281][ T8018] FAULT_INJECTION: forcing a failure. [ 96.558281][ T8018] name failslab, interval 1, probability 0, space 0, times 0 [ 96.563877][ T8018] CPU: 3 UID: 0 PID: 8018 Comm: syz.3.711 Tainted: G L syzkaller #0 PREEMPT(full) [ 96.563906][ T8018] Tainted: [L]=SOFTLOCKUP [ 96.563913][ T8018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.563924][ T8018] Call Trace: [ 96.563930][ T8018] [ 96.563937][ T8018] dump_stack_lvl+0x16c/0x1f0 [ 96.563988][ T8018] should_fail_ex+0x512/0x640 [ 96.564015][ T8018] ? kmem_cache_alloc_noprof+0x62/0x770 [ 96.564037][ T8018] should_failslab+0xc2/0x120 [ 96.564083][ T8018] kmem_cache_alloc_noprof+0x83/0x770 [ 96.564099][ T8018] ? kmem_cache_alloc_noprof+0x231/0x770 [ 96.564117][ T8018] ? anon_vma_fork+0xe6/0x620 [ 96.564150][ T8018] ? anon_vma_fork+0xe6/0x620 [ 96.564175][ T8018] anon_vma_fork+0xe6/0x620 [ 96.564201][ T8018] ? vm_area_dup+0x5a1/0x8d0 [ 96.564230][ T8018] dup_mmap+0x12d3/0x20e0 [ 96.564264][ T8018] ? __pfx_dup_mmap+0x10/0x10 [ 96.564313][ T8018] copy_process+0x3b9f/0x7430 [ 96.564356][ T8018] ? __pfx_copy_process+0x10/0x10 [ 96.564397][ T8018] kernel_clone+0xfc/0x910 [ 96.564416][ T8018] ? __pfx_kernel_clone+0x10/0x10 [ 96.564443][ T8018] ? __mutex_unlock_slowpath+0x161/0x790 [ 96.564475][ T8018] __do_sys_clone+0xce/0x120 [ 96.564491][ T8018] ? __pfx___do_sys_clone+0x10/0x10 [ 96.564519][ T8018] ? ksys_write+0x1ac/0x250 [ 96.564540][ T8018] ? __pfx_ksys_write+0x10/0x10 [ 96.564570][ T8018] do_syscall_64+0xcd/0xf80 [ 96.564598][ T8018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.564617][ T8018] RIP: 0033:0x7f186378f7c9 [ 96.564631][ T8018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.564648][ T8018] RSP: 002b:00007f18645a1fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 96.564665][ T8018] RAX: ffffffffffffffda RBX: 00007f18639e5fa0 RCX: 00007f186378f7c9 [ 96.564676][ T8018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 96.564687][ T8018] RBP: 00007f18645a2090 R08: 0000000000000000 R09: 0000000000000000 [ 96.564697][ T8018] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 96.564707][ T8018] R13: 00007f18639e6038 R14: 00007f18639e5fa0 R15: 00007ffcac5ae648 [ 96.564734][ T8018] [ 96.706384][ T6007] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 96.715963][ T40] kauditd_printk_skb: 19 callbacks suppressed [ 96.715974][ T40] audit: type=1400 audit(1765119931.456:449): avc: denied { map } for pid=8019 comm="syz.3.712" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 96.726621][ T40] audit: type=1400 audit(1765119931.456:450): avc: denied { ioctl } for pid=8019 comm="syz.3.712" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 96.757348][ T40] audit: type=1400 audit(1765119931.496:451): avc: denied { mount } for pid=8019 comm="syz.3.712" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 96.761754][ T8021] max out of range [ 96.766190][ T40] audit: type=1400 audit(1765119931.496:452): avc: denied { mounton } for pid=8019 comm="syz.3.712" path="/217/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 96.776800][ T40] audit: type=1400 audit(1765119931.506:453): avc: denied { remount } for pid=8019 comm="syz.3.712" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 96.791291][ T40] audit: type=1400 audit(1765119931.516:454): avc: denied { create } for pid=8019 comm="syz.3.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 96.818290][ T40] audit: type=1400 audit(1765119931.556:455): avc: denied { unmount } for pid=5948 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 96.856727][ T8025] netlink: 'syz.3.713': attribute type 1 has an invalid length. [ 96.876471][ T8025] netlink: 28 bytes leftover after parsing attributes in process `syz.3.713'. [ 96.904341][ T40] audit: type=1326 audit(1765119931.646:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7994 comm="syz.2.703" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe20818f7c9 code=0x0 [ 96.912524][ T8028] netlink: 'syz.3.714': attribute type 1 has an invalid length. [ 96.927623][ T40] audit: type=1400 audit(1765119931.666:457): avc: denied { lock } for pid=8030 comm="syz.0.715" path="/dev/ptyq5" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 96.937567][ T8028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.714'. [ 96.956089][ T8036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.959621][ T8036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.018725][ T9] usb 7-1: USB disconnect, device number 5 [ 97.515587][ T40] audit: type=1400 audit(1765119932.256:458): avc: denied { ioctl } for pid=8061 comm="syz.3.725" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 97.534833][ T8062] wg2: entered promiscuous mode [ 97.539456][ T8062] wg2: entered allmulticast mode [ 97.642707][ T8067] netlink: 24 bytes leftover after parsing attributes in process `syz.3.727'. [ 97.646772][ T8067] netlink: 24 bytes leftover after parsing attributes in process `syz.3.727'. [ 97.793307][ T8072] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 97.939959][ T8079] FAULT_INJECTION: forcing a failure. [ 97.939959][ T8079] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 97.945421][ T8079] CPU: 0 UID: 0 PID: 8079 Comm: syz.2.732 Tainted: G L syzkaller #0 PREEMPT(full) [ 97.945451][ T8079] Tainted: [L]=SOFTLOCKUP [ 97.945458][ T8079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.945469][ T8079] Call Trace: [ 97.945476][ T8079] [ 97.945484][ T8079] dump_stack_lvl+0x16c/0x1f0 [ 97.945516][ T8079] should_fail_ex+0x512/0x640 [ 97.945541][ T8079] should_fail_alloc_page+0xe7/0x130 [ 97.945569][ T8079] prepare_alloc_pages+0x401/0x670 [ 97.945597][ T8079] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 97.945616][ T8079] ? __alloc_frozen_pages_noprof+0x292/0x2430 [ 97.945644][ T8079] ? __lock_acquire+0x436/0x2890 [ 97.945666][ T8079] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 97.945683][ T8079] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 97.945704][ T8079] ? __lock_acquire+0x436/0x2890 [ 97.945723][ T8079] ? look_up_lock_class+0x6b/0x130 [ 97.945759][ T8079] ? __lock_acquire+0x436/0x2890 [ 97.945778][ T8079] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 97.945801][ T8079] ? policy_nodemask+0xea/0x4e0 [ 97.945826][ T8079] alloc_pages_mpol+0x1fb/0x550 [ 97.945850][ T8079] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 97.945873][ T8079] ? do_raw_spin_lock+0x12c/0x2b0 [ 97.945897][ T8079] ? find_held_lock+0x2b/0x80 [ 97.945929][ T8079] alloc_pages_noprof+0x131/0x390 [ 97.945954][ T8079] __pmd_alloc+0x3b/0x9c0 [ 97.945976][ T8079] ? __pud_alloc+0x57a/0x760 [ 97.946000][ T8079] huge_pte_alloc+0x41d/0x5b0 [ 97.946031][ T8079] copy_hugetlb_page_range+0x4fe/0x3550 [ 97.946058][ T8079] ? bpf_ksym_find+0x127/0x1c0 [ 97.946089][ T8079] ? unwind_get_return_address+0x59/0xa0 [ 97.946121][ T8079] ? __pfx_copy_hugetlb_page_range+0x10/0x10 [ 97.946155][ T8079] ? __pfx_stack_trace_save+0x10/0x10 [ 97.946177][ T8079] ? stack_depot_save_flags+0x29/0x9b0 [ 97.946201][ T8079] copy_page_range+0x35ac/0x6780 [ 97.946232][ T8079] ? __lock_acquire+0x436/0x2890 [ 97.946257][ T8079] ? __lock_acquire+0x436/0x2890 [ 97.946290][ T8079] ? __lock_acquire+0x436/0x2890 [ 97.946320][ T8079] ? __pfx_copy_page_range+0x10/0x10 [ 97.946356][ T8079] ? __pfx___might_resched+0x10/0x10 [ 97.946372][ T8079] ? __pfx_mas_store+0x10/0x10 [ 97.946393][ T8079] ? dup_mmap+0xba4/0x20e0 [ 97.946415][ T8079] ? down_write+0x14d/0x200 [ 97.946435][ T8079] ? up_write+0x282/0x4e0 [ 97.946456][ T8079] ? __pfx_hugetlb_vm_op_open+0x10/0x10 [ 97.946480][ T8079] dup_mmap+0xbea/0x20e0 [ 97.946512][ T8079] ? __pfx_dup_mmap+0x10/0x10 [ 97.946566][ T8079] copy_process+0x3b9f/0x7430 [ 97.946608][ T8079] ? __pfx_copy_process+0x10/0x10 [ 97.946649][ T8079] kernel_clone+0xfc/0x910 [ 97.946667][ T8079] ? __pfx_kernel_clone+0x10/0x10 [ 97.946694][ T8079] ? __mutex_unlock_slowpath+0x161/0x790 [ 97.946725][ T8079] __do_sys_clone+0xce/0x120 [ 97.946741][ T8079] ? __pfx___do_sys_clone+0x10/0x10 [ 97.946768][ T8079] ? ksys_write+0x1ac/0x250 [ 97.946790][ T8079] ? __pfx_ksys_write+0x10/0x10 [ 97.946819][ T8079] do_syscall_64+0xcd/0xf80 [ 97.946847][ T8079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.946865][ T8079] RIP: 0033:0x7fe20818f7c9 [ 97.946881][ T8079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.946898][ T8079] RSP: 002b:00007fe20906bfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 97.946916][ T8079] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 97.946928][ T8079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 97.946939][ T8079] RBP: 00007fe20906c090 R08: 0000000000000000 R09: 0000000000000000 [ 97.946949][ T8079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 97.946959][ T8079] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 97.946981][ T8079] [ 98.316775][ T8088] 8021q: VLANs not supported on gre0 [ 98.340285][ T8083] syzkaller1: entered promiscuous mode [ 98.343027][ T8083] syzkaller1: entered allmulticast mode [ 98.467272][ C2] sr 2:0:0:0: [sr0] tag#23 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 98.470992][ C2] sr 2:0:0:0: [sr0] tag#23 CDB: opcode=0xde (vendor) de 89 0b b6 4d c9 [ 98.505753][ T8098] netlink: 4 bytes leftover after parsing attributes in process `syz.2.740'. [ 98.512254][ T941] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 98.512793][ T5045] wlan1: Trigger new scan to find an IBSS to join [ 98.514191][ T941] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 98.518437][ T8098] macsec1: entered allmulticast mode [ 98.521558][ C2] ------------[ cut here ]------------ [ 98.521649][ C2] workqueue: cannot queue hci_cmd_timeout on wq hci3 [ 98.521667][ C2] WARNING: kernel/workqueue.c:2251 at 0x0, CPU#2: syz.2.740/8098 [ 98.521685][ C2] Modules linked in: [ 98.521722][ C2] CPU: 2 UID: 0 PID: 8098 Comm: syz.2.740 Tainted: G L syzkaller #0 PREEMPT(full) [ 98.521749][ C2] Tainted: [L]=SOFTLOCKUP [ 98.521770][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.521784][ C2] RIP: 0010:__queue_work+0xca1/0x10e0 [ 98.521812][ C2] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 63 3a 06 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 e0 31 3a 00 90 0f 0b 90 e9 15 f6 [ 98.521829][ C2] RSP: 0018:ffffc90000648be8 EFLAGS: 00010046 [ 98.521839][ C2] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11005874951 [ 98.521847][ C2] RDX: ffff8880361a0978 RSI: ffffffff8a6a7080 RDI: ffffffff908aece0 [ 98.521854][ C2] RBP: ffff88802c3a4a70 R08: 0000000000000005 R09: 0000000000000000 [ 98.521861][ C2] R10: 0000000000000100 R11: ffff888054ec8b30 R12: 1ffff920000c918f [ 98.521868][ C2] R13: ffffffff8184c3c0 R14: 0000000000000101 R15: ffff8880361a0800 [ 98.521875][ C2] FS: 00007fe20906c6c0(0000) GS:ffff8880d6b09000(0000) knlGS:0000000000000000 [ 98.521898][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 98.521908][ C2] CR2: 00007fe20906bf98 CR3: 0000000056a51000 CR4: 0000000000352ef0 [ 98.521915][ C2] Call Trace: [ 98.521919][ C2] [ 98.521927][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.521943][ C2] call_timer_fn+0x19a/0x5a0 [ 98.521957][ C2] ? __pfx_call_timer_fn+0x10/0x10 [ 98.521972][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.521986][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.522001][ C2] ? __run_timers+0x559/0xae0 [ 98.522014][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.522029][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.522046][ C2] __run_timers+0x569/0xae0 [ 98.522063][ C2] ? __pfx___run_timers+0x10/0x10 [ 98.522084][ C2] run_timer_base+0x114/0x190 [ 98.522097][ C2] ? __pfx_run_timer_base+0x10/0x10 [ 98.522112][ C2] run_timer_softirq+0x1a/0x40 [ 98.522125][ C2] handle_softirqs+0x219/0x950 [ 98.522144][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 98.522163][ C2] __irq_exit_rcu+0x109/0x170 [ 98.522179][ C2] irq_exit_rcu+0x9/0x30 [ 98.522193][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 98.522210][ C2] [ 98.522213][ C2] [ 98.522218][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 98.522231][ C2] RIP: 0010:console_flush_one_record+0x995/0xc60 [ 98.522248][ C2] Code: 00 e8 6f 2b 2a 00 9c 5d 81 e5 00 02 00 00 31 ff 48 89 ee e8 8d 03 22 00 48 85 ed 0f 85 8e 01 00 00 e8 af 08 22 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 38 00 0f 84 b4 fe ff ff 4c 89 ef e8 f4 d5 8b [ 98.522259][ C2] RSP: 0018:ffffc900055d6e08 EFLAGS: 00000287 [ 98.522268][ C2] RAX: ffffffff8f0882b8 RBX: 0000000000000001 RCX: ffffc90006ae9000 [ 98.522275][ C2] RDX: 0000000000080000 RSI: ffffffff819cdbc1 RDI: 0000000000000007 [ 98.522282][ C2] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 98.522293][ C2] R10: 0000000000000000 R11: ffff888054ec8b30 R12: 0000000000000000 [ 98.522300][ C2] R13: ffffffff8f0882b8 R14: ffffffff8f088260 R15: dffffc0000000000 [ 98.522311][ C2] ? console_flush_one_record+0x991/0xc60 [ 98.522329][ C2] ? console_flush_one_record+0x991/0xc60 [ 98.522349][ C2] ? __pfx_console_flush_one_record+0x10/0x10 [ 98.522369][ C2] ? is_printk_cpu_sync_owner+0x32/0x40 [ 98.522382][ C2] console_unlock+0xef/0x240 [ 98.522398][ C2] ? __pfx_console_unlock+0x10/0x10 [ 98.522414][ C2] ? lock_acquire+0x179/0x330 [ 98.522432][ C2] vprintk_emit+0x407/0x6b0 [ 98.522449][ C2] ? __pfx_vprintk_emit+0x10/0x10 [ 98.522465][ C2] ? dev_activate+0x63f/0x12d0 [ 98.522479][ C2] ? __dev_change_flags+0x55d/0x6f0 [ 98.522493][ C2] ? rtnl_newlink+0xcad/0x1f50 [ 98.522510][ C2] _printk+0xc7/0x100 [ 98.522523][ C2] ? __pfx__printk+0x10/0x10 [ 98.522539][ C2] ? do_raw_spin_lock+0x12c/0x2b0 [ 98.522556][ C2] __netdev_printk+0x33c/0x480 [ 98.522568][ C2] ? mark_held_locks+0x49/0x80 [ 98.522582][ C2] netdev_info+0xe4/0x120 [ 98.522593][ C2] ? __pfx_netdev_info+0x10/0x10 [ 98.522606][ C2] ? __local_bh_enable_ip+0xa4/0x120 [ 98.522627][ C2] netif_set_allmulti+0x1a9/0x3a0 [ 98.522642][ C2] __dev_change_flags+0x3d0/0x6f0 [ 98.522657][ C2] ? __pfx___dev_change_flags+0x10/0x10 [ 98.522669][ C2] ? alloc_netdev_mqs+0xe17/0x1550 [ 98.522687][ C2] rtnl_configure_link+0xfe/0x280 [ 98.522701][ C2] rtnl_newlink+0xcad/0x1f50 [ 98.522719][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.522732][ C2] ? find_held_lock+0x2b/0x80 [ 98.522748][ C2] ? avc_has_perm_noaudit+0x117/0x3b0 [ 98.522764][ C2] ? avc_has_perm_noaudit+0x149/0x3b0 [ 98.522788][ C2] ? find_held_lock+0x2b/0x80 [ 98.522803][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.522817][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.522830][ C2] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 98.522846][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.522860][ C2] rtnetlink_rcv_msg+0x95e/0xe90 [ 98.522876][ C2] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 98.522893][ C2] ? __lock_acquire+0x436/0x2890 [ 98.522909][ C2] netlink_rcv_skb+0x158/0x420 [ 98.522925][ C2] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 98.522940][ C2] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 98.522960][ C2] ? netlink_deliver_tap+0x1ae/0xd30 [ 98.522978][ C2] netlink_unicast+0x5aa/0x870 [ 98.522996][ C2] ? __pfx_netlink_unicast+0x10/0x10 [ 98.523030][ C2] netlink_sendmsg+0x8c8/0xdd0 [ 98.523062][ C2] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.523096][ C2] ____sys_sendmsg+0xa5d/0xc30 [ 98.523125][ C2] ? copy_msghdr_from_user+0x10a/0x160 [ 98.523139][ C2] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.523158][ C2] ? __pfx_futex_wake_mark+0x10/0x10 [ 98.523171][ C2] ___sys_sendmsg+0x134/0x1d0 [ 98.523185][ C2] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.523199][ C2] ? futex_private_hash_put+0x160/0x1b0 [ 98.523227][ C2] __sys_sendmsg+0x16d/0x220 [ 98.523241][ C2] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.523254][ C2] ? __x64_sys_futex+0x1e0/0x4c0 [ 98.523273][ C2] ? fput+0x70/0xf0 [ 98.523298][ C2] do_syscall_64+0xcd/0xf80 [ 98.523316][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.523327][ C2] RIP: 0033:0x7fe20818f7c9 [ 98.523337][ C2] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.523347][ C2] RSP: 002b:00007fe20906c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.523358][ C2] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 98.523366][ C2] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 98.523372][ C2] RBP: 00007fe208213f91 R08: 0000000000000000 R09: 0000000000000000 [ 98.523379][ C2] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.523385][ C2] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 98.523399][ C2] [ 98.523405][ C2] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 98.523415][ C2] CPU: 2 UID: 0 PID: 8098 Comm: syz.2.740 Tainted: G L syzkaller #0 PREEMPT(full) [ 98.523430][ C2] Tainted: [L]=SOFTLOCKUP [ 98.523434][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.523441][ C2] Call Trace: [ 98.523445][ C2] [ 98.523449][ C2] dump_stack_lvl+0x3d/0x1f0 [ 98.523466][ C2] vpanic+0x640/0x6f0 [ 98.523479][ C2] panic+0xca/0xd0 [ 98.523490][ C2] ? __pfx_panic+0x10/0x10 [ 98.523506][ C2] ? check_panic_on_warn+0x1f/0xb0 [ 98.523519][ C2] check_panic_on_warn+0xab/0xb0 [ 98.523532][ C2] __warn+0x108/0x3c0 [ 98.523545][ C2] __report_bug+0x2a0/0x520 [ 98.523561][ C2] ? __pfx___report_bug+0x10/0x10 [ 98.523575][ C2] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 98.523593][ C2] ? look_up_lock_class+0x6b/0x130 [ 98.523611][ C2] report_bug_entry+0xb2/0x220 [ 98.523625][ C2] ? __queue_work+0xca1/0x10e0 [ 98.523639][ C2] handle_bug+0x18a/0x260 [ 98.523650][ C2] exc_invalid_op+0x17/0x50 [ 98.523661][ C2] asm_exc_invalid_op+0x1a/0x20 [ 98.523671][ C2] RIP: 0010:__queue_work+0xca1/0x10e0 [ 98.523685][ C2] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 63 3a 06 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 e0 31 3a 00 90 0f 0b 90 e9 15 f6 [ 98.523696][ C2] RSP: 0018:ffffc90000648be8 EFLAGS: 00010046 [ 98.523704][ C2] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11005874951 [ 98.523711][ C2] RDX: ffff8880361a0978 RSI: ffffffff8a6a7080 RDI: ffffffff908aece0 [ 98.523718][ C2] RBP: ffff88802c3a4a70 R08: 0000000000000005 R09: 0000000000000000 [ 98.523725][ C2] R10: 0000000000000100 R11: ffff888054ec8b30 R12: 1ffff920000c918f [ 98.523732][ C2] R13: ffffffff8184c3c0 R14: 0000000000000101 R15: ffff8880361a0800 [ 98.523740][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.523757][ C2] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 98.523773][ C2] ? __queue_work+0xc70/0x10e0 [ 98.523790][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.523804][ C2] call_timer_fn+0x19a/0x5a0 [ 98.523817][ C2] ? __pfx_call_timer_fn+0x10/0x10 [ 98.523831][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.523846][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.523860][ C2] ? __run_timers+0x559/0xae0 [ 98.523873][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.523888][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 98.523904][ C2] __run_timers+0x569/0xae0 [ 98.523920][ C2] ? __pfx___run_timers+0x10/0x10 [ 98.523942][ C2] run_timer_base+0x114/0x190 [ 98.523955][ C2] ? __pfx_run_timer_base+0x10/0x10 [ 98.523970][ C2] run_timer_softirq+0x1a/0x40 [ 98.523983][ C2] handle_softirqs+0x219/0x950 [ 98.524002][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 98.524020][ C2] __irq_exit_rcu+0x109/0x170 [ 98.524071][ C2] irq_exit_rcu+0x9/0x30 [ 98.524087][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 98.524102][ C2] [ 98.524106][ C2] [ 98.524110][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 98.524122][ C2] RIP: 0010:console_flush_one_record+0x995/0xc60 [ 98.524139][ C2] Code: 00 e8 6f 2b 2a 00 9c 5d 81 e5 00 02 00 00 31 ff 48 89 ee e8 8d 03 22 00 48 85 ed 0f 85 8e 01 00 00 e8 af 08 22 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 38 00 0f 84 b4 fe ff ff 4c 89 ef e8 f4 d5 8b [ 98.524149][ C2] RSP: 0018:ffffc900055d6e08 EFLAGS: 00000287 [ 98.524158][ C2] RAX: ffffffff8f0882b8 RBX: 0000000000000001 RCX: ffffc90006ae9000 [ 98.524165][ C2] RDX: 0000000000080000 RSI: ffffffff819cdbc1 RDI: 0000000000000007 [ 98.524172][ C2] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 98.524178][ C2] R10: 0000000000000000 R11: ffff888054ec8b30 R12: 0000000000000000 [ 98.524185][ C2] R13: ffffffff8f0882b8 R14: ffffffff8f088260 R15: dffffc0000000000 [ 98.524196][ C2] ? console_flush_one_record+0x991/0xc60 [ 98.524214][ C2] ? console_flush_one_record+0x991/0xc60 [ 98.524235][ C2] ? __pfx_console_flush_one_record+0x10/0x10 [ 98.524255][ C2] ? is_printk_cpu_sync_owner+0x32/0x40 [ 98.524268][ C2] console_unlock+0xef/0x240 [ 98.524284][ C2] ? __pfx_console_unlock+0x10/0x10 [ 98.524304][ C2] ? lock_acquire+0x179/0x330 [ 98.524321][ C2] vprintk_emit+0x407/0x6b0 [ 98.524338][ C2] ? __pfx_vprintk_emit+0x10/0x10 [ 98.524354][ C2] ? dev_activate+0x63f/0x12d0 [ 98.524367][ C2] ? __dev_change_flags+0x55d/0x6f0 [ 98.524380][ C2] ? rtnl_newlink+0xcad/0x1f50 [ 98.524396][ C2] _printk+0xc7/0x100 [ 98.524409][ C2] ? __pfx__printk+0x10/0x10 [ 98.524426][ C2] ? do_raw_spin_lock+0x12c/0x2b0 [ 98.524442][ C2] __netdev_printk+0x33c/0x480 [ 98.524453][ C2] ? mark_held_locks+0x49/0x80 [ 98.524467][ C2] netdev_info+0xe4/0x120 [ 98.524478][ C2] ? __pfx_netdev_info+0x10/0x10 [ 98.524491][ C2] ? __local_bh_enable_ip+0xa4/0x120 [ 98.524512][ C2] netif_set_allmulti+0x1a9/0x3a0 [ 98.524527][ C2] __dev_change_flags+0x3d0/0x6f0 [ 98.524542][ C2] ? __pfx___dev_change_flags+0x10/0x10 [ 98.524554][ C2] ? alloc_netdev_mqs+0xe17/0x1550 [ 98.524582][ C2] rtnl_configure_link+0xfe/0x280 [ 98.524601][ C2] rtnl_newlink+0xcad/0x1f50 [ 98.524626][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.524647][ C2] ? find_held_lock+0x2b/0x80 [ 98.524663][ C2] ? avc_has_perm_noaudit+0x117/0x3b0 [ 98.524679][ C2] ? avc_has_perm_noaudit+0x149/0x3b0 [ 98.524703][ C2] ? find_held_lock+0x2b/0x80 [ 98.524718][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.524732][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.524745][ C2] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 98.524760][ C2] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.524775][ C2] rtnetlink_rcv_msg+0x95e/0xe90 [ 98.524791][ C2] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 98.524808][ C2] ? __lock_acquire+0x436/0x2890 [ 98.524823][ C2] netlink_rcv_skb+0x158/0x420 [ 98.524839][ C2] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 98.524854][ C2] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 98.524875][ C2] ? netlink_deliver_tap+0x1ae/0xd30 [ 98.524892][ C2] netlink_unicast+0x5aa/0x870 [ 98.524909][ C2] ? __pfx_netlink_unicast+0x10/0x10 [ 98.524929][ C2] netlink_sendmsg+0x8c8/0xdd0 [ 98.524947][ C2] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.524967][ C2] ____sys_sendmsg+0xa5d/0xc30 [ 98.524984][ C2] ? copy_msghdr_from_user+0x10a/0x160 [ 98.524998][ C2] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.525017][ C2] ? __pfx_futex_wake_mark+0x10/0x10 [ 98.525029][ C2] ___sys_sendmsg+0x134/0x1d0 [ 98.525045][ C2] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.525059][ C2] ? futex_private_hash_put+0x160/0x1b0 [ 98.525087][ C2] __sys_sendmsg+0x16d/0x220 [ 98.525101][ C2] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.525114][ C2] ? __x64_sys_futex+0x1e0/0x4c0 [ 98.525134][ C2] ? fput+0x70/0xf0 [ 98.525152][ C2] do_syscall_64+0xcd/0xf80 [ 98.525168][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.525179][ C2] RIP: 0033:0x7fe20818f7c9 [ 98.525188][ C2] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.525198][ C2] RSP: 002b:00007fe20906c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.525208][ C2] RAX: ffffffffffffffda RBX: 00007fe2083e5fa0 RCX: 00007fe20818f7c9 [ 98.525215][ C2] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 98.525222][ C2] RBP: 00007fe208213f91 R08: 0000000000000000 R09: 0000000000000000 [ 98.525229][ C2] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.525235][ C2] R13: 00007fe2083e6038 R14: 00007fe2083e5fa0 R15: 00007ffd1c3158b8 [ 98.525249][ C2] [ 98.525896][ C2] Kernel Offset: disabled