last executing test programs: 5.000936198s ago: executing program 3 (id=1696): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000780)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000040)={0x1d, r2, 0x3}, 0x18) syz_genetlink_get_family_id$mptcp(0x0, r1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x1f}}}, 0x24}}, 0x0) 4.889530634s ago: executing program 3 (id=1697): writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000200)}], 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0xfffffff7, 0x0, 0xf2, 0x80000000}, 0x10) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a008000000000000000000008000200ffffffff080001"], 0x2c}}, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}, {&(0x7f0000000700)="1964e0a185603eb40f125a56b858f893e096e7ba5bc5d4e3f74422d20f8624ede2999462d23f4b4e3c7b9d15c41d76abd6ad5b3d78fc0ec1896d750876935f8f3c28972a8f41e2e8b2a3f0346532ffec6811193268c087e276af3ca94b57cae55e99cb509ecfa2c7dbeba33b2dbc788e3864cdb16071cd314c0c393ef1e870b881a05dca975836e50b12759fe8adf87582a0b8116211371a47e5e8cf49d7c0b49354cf30296af927d7d3cc0192899b71ef3c7e902260", 0xb6}, {&(0x7f0000001080)="5ef76e6bcfd3b7a2bd351cc5c7e6cb25a3a4f7902dacf463e7a8c8380bdb6ae14c45d92840732e91ea8a3200b4c97cffe248bb5ec56ee12cf6fb38aa5b6857aea1f519a5440fd2cfcb658d59b4dab87bd99048e2ff685ab131cd92ca4196eaed1fad6ca965fad1e5d6c19eb1e80a3240c99220a3a40199d98f8c51409aeed45fd65acbf4c3ab89b8dd16f6cc3d487b0823309377bec123129918d809e271807d304e4beba77bac5fdd307b5359eb43ff1c908aa8c8b329b366327c643ece2bbef34046e7cf509a49e56ba1b297bbba89eb0ac7df319721090184d7c73a1de1dd3e8d2cac01b699879eeabebf2d3962cf843f50e63fb18c23e769985c42a52a9ada168b05ce50b735f9659f740125e91b720b1892825ebe3c6d4eefc68e2ab67a54fcb4ff8b542dc0ba02ecde4e7d09a3f2b774ee9167e9ddd37c8ca36d84a22f0ed9499d84cef344316411fa50361bc3d818893dc2f8fc6c4a015a8d6960aec7aae4b0bc4026e0cc38060a2652bc3630cabcea1ecbbc89f2abb54612d7cf8b16208ab6ea6bf9c073fce037ef36586ac8bb568fa33cf49980611ddf06359d556ca8332f115b75db88f23a9d3848978093d78707a4e33a5c4247988b40283ce38722efa011ccb695c347c805bcaf8d0ba75c0905645d7a2647a422e49ec0584428fef4815a3ec1d44aa02b1318aa23d085cd72f35eacee1eaaa0d1537f470faf120c2e8aa7b0250f26ef380768ff0981163e1644487d5c881c02abc611423371f655b1fc01033be05e9937e648fd7335c9f0f3e461f700d6ce79cb64fd1668c4ef8cc2004caf45fa3dac04a6f69d945b76fb0f6bd338f5be2fc3c187719c0c997abb47845910799bb9a166c621743486516ca275de683489c874013e1602bc9e8375a3e52b91f94e737dddb6fbdb53ce6e5fdbe87b584d26b76f358b93578e060cbdd4fbd4b20ec465e6ef7793e1ee192efcf1152f79b6260c558505decf3284a04043306c9fb51f3204e549734a5b7dad1a43934412668f254f98089faa84ede10128fec80fe733035e9bef21e63c616758926b401b62d36d637935f68a2ba001d3195e9ada584dfcdb1b25ac6a8a0fcca296d6535bdad876596b9d46362bc8745785fd139818a66d88a45d5dccfcbc5d011c902e982544e1e370ff2165df5073561ca0e618918775b8388b91367838492edda840fe3c68e2a64560e89bc72f368c87153a23f02ab8956236889686280c85d3d907b7cfb60808912d544c2aafda4e20a1003296f543ca61e08c930c60913aea9276927bd721f00981237f7e83dd48a8796c4a4c92571b8030dbc97351df244711becdaf7b0e66407de0f390b5c413adad55555a825f1260ac579b05634f5c2b62fc2929a8cbe84af72043d6729d37d02dff3ed3da8c0586873ff7144ca83891cb3abda96795213da225bf3ca80a9a88a3c7b5f6eac6a800b27d8d0abe7788dabe42d4379b9494665c4ee94e1232bc43a8a309f09d1f3e5e274cd442d2257e5ce95b8dbe604b906c421db61124bb528376cff06c6fe50df689aa4436641ee64a7b4cd4373b28470cb7d2a1e68a4477b88559660d63571baeae60f21dde6d4dd0cf9297ac0c2d635b7378bb087c7dbe82d4dc42972d4f40eed92ac881f39fcd3382990109646f0f2e5ef6f558fbec533b3641bb8cb8842596001eb7dbf57fecb47bb162087b5519a2f1cce862ed0c26a9a0223869691c752d62f1157ae22167888b168adf23f6615176ae133988d9f24156f4f6779c25a89e45d3741145d179204c864c648a49c19019dfcefe200a7c34667e49810e4d8599d08313d96aa5fbb0b71d7ddc023f4caddf81b012aafebbb9465ef7f46a9f7adedaa6a966fb2c754f88bb099915edb747fed2d0c124d44d7c25f942c1c2bee7808e295917797d4dbec39231c4dad25e42ed13d5e437373844e456a4223317446cb9225db1b32ddb4e0be0333e84bdc3b8f5e58bbb9135f24ae467ab3d1994d1c0b8407578667e9a4eb16d01877911c03f0f3f0918f44abc6e199a2a897e1da79ac0956f2da229c9fb7c347d246f5fc9867f9ce6e612810601ee9fa18dc010b84f2b8852116f73e000b057f1ee7271ada282ae1cc55430420989beac8022ed5841de0aba73cac3c384b7e86fcd998d2f2ac2c552f7ee8d7af28c96d2dfbba6c9f26ce3521fde45518ef2342dc490758e0279c413c99d7d52a8060d77003b15a0f8047a861361072a1eb57087a0bf52ea71fe1d7c1b0332fda34ec68ee4251b733f87f6e71d695c6518b6e2a2aa57e3fb89a64d6502211305f18679881b8a82d310c07b1e945bbf11f686b88d40b6c87da0baa27070e46f7183f114d0d15dc31beb04c9275de01091dca671260b89aa0114de6e519933b801101ea1da716c86074aea54756d37db9438baeed166b1c5295e6d627cfa711ae24e55e242e17c8a0e77e671b9c4545f52d594854baeba246c2bc7e790cf8e2df6b4dcf3ef1f3eb26086cc4b300f652263c4a28ac710ef321cb638d362b5601efefac673752851bf232f487aa14776db41f5a3ef9f4e34d449bbbe5446402c05eff1b02b9d96e005a3f0f48f3ef5eb0406debe91ec9af79d6716a618b40fed54498012abe724c568f12f45732fc2ed7c5249299b2a192de7ac8d1f56f40827e690cc970064b1f8dc7ccc0dba26d0a71cc4bd0e04558b5bd630b391718dc893177858557dadf7df30a7584764096b9c59bef93efbaee6bf150a19bed58a4b322d8cb7d6e933e8", 0x7a6}], 0x7}}], 0x1, 0x4048841) close_range(r1, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x4, {0x2}}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x60}}}}]}]}, 0x70}}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="64f32e673e450f35b91a0900000f32490fc7a80030000066baf80cb8500f5c8fef66bafc0cedf20f019f98734b5f66baf80cb86805008eef66bafc0c66b8000066efb803000000ef410f47f52626430f01c8660fd1590866b2d104b800000000ef", 0x61}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 4.780401529s ago: executing program 3 (id=1698): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendto$inet(r0, &(0x7f0000000440)="c132", 0x2, 0x4008804, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000001500)="b25b365c0254a7c6fc7ea6155a71b613b02d1645aab67271075189c3540c4dd19ebfb3c4acf87f2eeb258e62cc6ae96db360d874500cb86b4185ee533bf708", 0x3f}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f00000028c0)='\v', 0x1}, {&(0x7f0000000400)="8a", 0x1}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{0x0}, {&(0x7f0000000540)="f2e6", 0x2}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}, {&(0x7f0000001600)="f2964dd1", 0x4}, {&(0x7f0000001340)="f4", 0x1}, {&(0x7f0000000500)="01", 0x1}, {&(0x7f0000000280)="87", 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000140)='N', 0x1}, {&(0x7f0000000340)="e4", 0x1}], 0x2}}], 0x4, 0x4000000) 4.77973931s ago: executing program 3 (id=1699): r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000001c0), 0x80040, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDCTL_DSP_RESET(r1, 0x5000, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_connect(0x5, 0x3d, &(0x7f0000000100)=ANY=[@ANYRESHEX=r1, @ANYRES64=r0], 0x0) epoll_create1(0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) poll(&(0x7f0000000040)=[{r2, 0x44}], 0x1, 0x8) 3.570158556s ago: executing program 3 (id=1740): mount(0x0, 0x0, &(0x7f0000000000)='autofs\x00', 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x22001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(r1) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000840)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x102) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r2, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 3.199814496s ago: executing program 3 (id=1747): syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[@ANYBLOB="12011001000000202505a8a440000102030109021b000101ff20cd090400fd440701013d0905010220"], 0x0) syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0) syz_usb_control_io(r1, &(0x7f00000015c0)={0x2c, 0x0, &(0x7f0000001480)=ANY=[], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_ep_read(r1, 0x1, 0x0, 0x0) syz_usb_disconnect(r1) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, &(0x7f0000000040)='(', 0x1) syz_usb_disconnect(r1) mkdir(&(0x7f0000000100)='./bus\x00', 0x118) mount(0x0, &(0x7f0000000380)='./bus\x00', &(0x7f0000000440)='ramfs\x00', 0x98400, 0x0) r3 = syz_usb_connect$cdc_ecm(0x4, 0x5e, &(0x7f0000000200)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4c, 0x1, 0x1, 0xf9, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x5, 0x3, 0x2, 0x6, 0x0, 0x4, {{0x8, 0x24, 0x6, 0x0, 0x0, "874d10"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0xffffff8c, 0xff01, 0x1, 0x5}, [@obex={0x5, 0x24, 0x15, 0x7}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0xc6, 0x8, 0xe}}], {{0x9, 0x5, 0x82, 0x2, 0x10, 0xc, 0x7f, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x8, 0x8, 0x80}}}}}]}}]}}, &(0x7f0000000900)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x200, 0x3, 0x73, 0xc3, 0x40, 0x2}, 0x17, &(0x7f0000000300)={0x5, 0xf, 0x17, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x7, 0x3, 0x8000}, @wireless={0xb, 0x10, 0x1, 0x8, 0x11, 0x0, 0x10, 0x864, 0xc1}]}, 0xa, [{0xa4, &(0x7f0000000500)=@string={0xa4, 0x3, "1eea6b20313fee84c5b54ef2806194731b0d069b33da636607a416393bed1e3129013c7dfe8a7ae81ad8391a9fa9571e66fb9051526363aa23f2cba69a8079d40cf44d1ba2da4f3230465520b5e3f7944ed9b0c4356af08d4e46a1de6efad40b548d51637847c622368b5ed14513479a3fb961f39602a31d6c861427e8d290a09071d65c94b041055961abb867f94b72c9223cdea02b2022b4816af4bebd75d69f99"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x44d}}, {0x1c, &(0x7f00000003c0)=@string={0x1c, 0x3, "ea4d9de649b3592931ae3c445b54d34ca1b34e8085e6df299bf0"}}, {0xb6, &(0x7f00000005c0)=@string={0xb6, 0x3, "d49f10149f05f618ca99737138e453110e338c42677a0dd3ccfebacd22baac8685f0a67b3948d36ec1f166369ebc6042905c037abe2ec3cf73e69aae58357451762ad94461a00f622eaea3f21b156c52772ca283d0479b4668c95656f1a5b4ca4af135fdee1680d86e184003b29f1bee55da8f411e875ad992eb891bfd3d40350b212a13411515067596ab6ee11e24a96852b2a3b93909e7ff965320823ca234b9524a7e01d98fbf8bf7da3c57cefcea4df951b2"}}, {0x52, &(0x7f0000000680)=@string={0x52, 0x3, "8ae66049e96cb33616394ceb7020a055d5ad6d7a8a98096b16532332a1dd27138631bcab86851cac171bada5c784eb22058df59471e5f6559ac4cac87f96f01fa14cdc0139851d193b2101ce1b12ffbe"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x81a}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x143a}}, {0xf2, &(0x7f0000000740)=@string={0xf2, 0x3, "39228d8666d3d70c3750ac32ca2166827501b8e187ddb7185a04ac6cdb9e9836fe6df15a836508a6f5a985da4e3d516e47c498a3372b7d426dd3a0580846941b3adfe20d6265b8fa10f1d6e65ef833d4f7da499a579cf62049c26863d641eab0796b1b039838652664b1925b083134ff7196c7ea5d65e3d9f75bd313372c5417ee9bca2e83e944474af28d379c330391fb09f565b63fe8d5236899fb093660e785db39c3ad9390a501bcd3cc65442c95a2f04f47c9bcc84fc136080729362c00c34a66269c13d4634df689a879d2d8797469053d5a941b82b36c0ade101ad5a98195e2dea457f1a42d630ad45fbba371"}}, {0x78, &(0x7f0000000840)=@string={0x78, 0x3, "6f1a2f40d1f6c4f13a2abbd7a9678b09a12e074ea415643fd297a02d99b1879725a20cfe68219d491814d4c0aca7aff525e2328b64fbb8faed6085785f9a5e92f7b87cdc4606bd25e045551c08bb35d0878a3c8b76f91608d3161a611af5ac04c70fec3debb66d102f3166f5c65e11e856b7df867d4d"}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4}}]}) syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000ac0)={0x14, &(0x7f00000009c0)={0x20, 0x5, 0x82, {0x82, 0x1, "63ad1588e300c9b85b059adea35ad373bce044f1bbd337b48e397ff07b4d1c0b71a93c0ca804d12e3eafb3a9b783640ff2d30ef73601eec99bc72cd014e27a4ba12b4e5f3166ed6530a273dac240331e2b97176ae9633f478db598748b81099164704fa55d0b577f697b051e22d7fc0f5f8fe2decb4b588d08dd7a4e7bf4ff10"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c40)={0x1c, &(0x7f0000000b00)={0x60, 0x15, 0xa9, "da1f6951ba2bc3bebaa5ba8e45f97c1bf8a6c332ea1ddf0934750c88a9e87b43fb6dad65cad40cec1f061c13c87368d6dfba393ef4751795b1df07e53d422354c45d31f856d70866955483a87b13d79f1b238e97e9383196b3dcf67f3f98c60ecf398b29b918c62ad00ecb886d9dda41b38085d71744314d85db2745b8bf0e7d0c262fa5f2e6eaefefae9cc35254218b32c58010664e7481f0034cf2d66445faf27701181680f86d14"}, &(0x7f0000000bc0)={0x0, 0xa, 0x1, 0x52}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x9}}) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f0000000140)='./bus\x00', 0x36) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x700, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1.140574242s ago: executing program 2 (id=1766): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x4a, &(0x7f0000000340)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @empty, @void, {@mpls_mc={0x8848, {[], @ipv6=@tcp={0x2, 0x6, '@d.', 0x14, 0x6, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, @mcast1, {[], {{0x4e20, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x80, 0x8000, 0x0, 0x2}}}}}}}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 990.885716ms ago: executing program 2 (id=1767): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0xf4, r1, 0xe701ac47a3d23ccd, 0x0, 0x2, {}, [@NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x18}]}, 0xf4}, 0x1, 0x0, 0x0, 0x2008c880}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r3, r2, 0x2}, 0x10) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r3, r2, 0x2, 0x0, @void}, 0x10) dup3(r3, r4, 0x80000) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9, 0x8}}, './file0\x00'}) sendmsg$IPSET_CMD_SAVE(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x8, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x8801}, 0x41) 940.858391ms ago: executing program 2 (id=1768): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x50, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "01959e56da"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4091}, 0x0) (fail_nth: 9) 940.740456ms ago: executing program 2 (id=1769): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x50, r2, 0x20d, 0x70bd2d, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x50}, 0x1, 0x0, 0x0, 0x890}, 0x20000000) 810.891963ms ago: executing program 2 (id=1771): socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$netlink(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 810.20143ms ago: executing program 2 (id=1773): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2}, 0x50) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r1, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents64(r3, &(0x7f00000063c0)=""/1024, 0x400) syz_fuse_handle_req(r1, &(0x7f00000067c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 398.691434ms ago: executing program 0 (id=1779): r0 = socket(0x1, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 340.84486ms ago: executing program 0 (id=1780): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400000013000100000000000000000006"], 0x14}], 0x1}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)=@newlink={0x54, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21015}, [@IFLA_XDP={0x2c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}, @IFLA_XDP_FD={0x8, 0x1, r2}, @IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FD={0x8, 0x1, r2}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x5}]}, @IFLA_GROUP={0x8}]}, 0x54}}, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0x9361, 0x0) 340.594784ms ago: executing program 0 (id=1782): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$FOU_CMD_ADD(r0, 0x0, 0x20000000) 280.519121ms ago: executing program 0 (id=1783): mount(0x0, 0x0, &(0x7f0000000000)='autofs\x00', 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x22001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(r1) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000840)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x102) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) chdir(&(0x7f0000000140)='./file0\x00') r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 280.296693ms ago: executing program 1 (id=1784): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x50, r0, 0x801, 0x3000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "01959e56da"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4091}, 0x0) 220.47363ms ago: executing program 1 (id=1785): r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000001c0), 0x80040, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDCTL_DSP_RESET(r1, 0x5000, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) poll(&(0x7f0000000040)=[{r2, 0x44}], 0x1, 0x8) 220.267207ms ago: executing program 1 (id=1786): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000cc0)={0x1, @pix={0xb, 0xff2, 0x34325241, 0x3, 0x10001, 0xbb, 0x4, 0x2, 0xfdfd, 0x6, 0x2, 0x4}}) 160.770662ms ago: executing program 1 (id=1787): open(&(0x7f0000000140)='./file0\x00', 0xec40, 0x12) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) r3 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0xb8d2, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) close_range(r1, r0, 0x2) recvfrom$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x20000000) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 156.770261ms ago: executing program 0 (id=1788): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x20e40, 0x100) (fail_nth: 9) 156.629876ms ago: executing program 0 (id=1789): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000104000000000700000000000000", @ANYRES32=r1, @ANYBLOB="00001700000000001c003780"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 413.546µs ago: executing program 1 (id=1790): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000020", 0x5, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00'}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0x1, 0x44) 0s ago: executing program 1 (id=1791): sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, 0x0, 0x40000) request_key(&(0x7f0000000200)='big_key\x00', 0x0, 0x0, 0x0) syz_open_dev$dri(0x0, 0x1, 0x680081) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000140), 0x2, 0x102) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x1, 0x0, 0x1b}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0x40186f40, 0x20000502) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000040), 0x2, r4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r4], &(0x7f0000000200), &(0x7f00000000c0)=[r5], &(0x7f0000000340)}) kernel console output (not intermixed with test programs): etlink: 4 bytes leftover after parsing attributes in process `syz.0.1053'. [ 93.141752][ T8962] SELinux: security_context_str_to_sid () failed with errno=-22 [ 93.149404][ T8962] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.289391][ T8985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1072'. [ 93.305042][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 93.305053][ T39] audit: type=1400 audit(1738295596.701:560): avc: denied { mounton } for pid=8982 comm="syz.3.1071" path="/276/file0" dev="tmpfs" ino=1482 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 93.341163][ T8988] lo speed is unknown, defaulting to 1000 [ 93.756379][ T9012] netlink: 'syz.1.1082': attribute type 10 has an invalid length. [ 93.760379][ T9012] team0: left allmulticast mode [ 93.763704][ T9012] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.766115][ T9012] team0: entered allmulticast mode [ 93.768106][ T9012] bond0: (slave team0): Enslaving as an active interface with an up link [ 93.961324][ T9022] netlink: 'syz.1.1086': attribute type 10 has an invalid length. [ 93.973954][ T9022] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 93.980596][ T9022] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 93.982846][ T9022] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 93.991980][ T9026] netlink: 'syz.2.1087': attribute type 28 has an invalid length. [ 93.994919][ T9026] netlink: 'syz.2.1087': attribute type 3 has an invalid length. [ 93.999402][ T5943] Bluetooth: hci3: unexpected event for opcode 0x0401 [ 94.041504][ T9032] nfs4: Unknown parameter 'rd' [ 94.043469][ T39] audit: type=1400 audit(1738298157.434:561): avc: denied { map } for pid=9031 comm="syz.1.1090" path="socket:[26017]" dev="sockfs" ino=26017 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 94.258303][ T73] ip6_tnl_xmit_ctl: 6 callbacks suppressed [ 94.258340][ T73] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.273148][ T39] audit: type=1400 audit(1738298157.664:562): avc: denied { ioctl } for pid=9056 comm="syz.0.1100" path="socket:[26103]" dev="sockfs" ino=26103 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 94.281135][ T9061] netlink: 'syz.2.1102': attribute type 29 has an invalid length. [ 94.288557][ T9061] netlink: 'syz.2.1102': attribute type 29 has an invalid length. [ 94.291755][ T9061] netlink: 'syz.2.1102': attribute type 29 has an invalid length. [ 94.316538][ T5943] Bluetooth: hci3: unexpected event for opcode 0x2043 [ 94.317917][ T73] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.321724][ T9068] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 94.357852][ T8] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.360692][ T56] IPVS: starting estimator thread 0... [ 94.381913][ T39] audit: type=1400 audit(1738298157.774:563): avc: denied { append } for pid=9077 comm="syz.2.1108" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 94.391453][ T39] audit: type=1400 audit(1738298157.784:564): avc: denied { map } for pid=9077 comm="syz.2.1108" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 94.399517][ T39] audit: type=1400 audit(1738298157.784:565): avc: denied { execute } for pid=9077 comm="syz.2.1108" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 94.457861][ T73] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.461244][ T9074] IPVS: using max 39 ests per chain, 93600 per kthread [ 94.487841][ T56] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.554694][ T9101] fuse: Unknown parameter 'rootmo' [ 94.588373][ T73] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.601280][ T9089] lo speed is unknown, defaulting to 1000 [ 94.617086][ T9109] FAULT_INJECTION: forcing a failure. [ 94.617086][ T9109] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.621339][ T9109] CPU: 2 UID: 0 PID: 9109 Comm: syz.3.1121 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 94.621352][ T9109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.621357][ T9109] Call Trace: [ 94.621361][ T9109] [ 94.621364][ T9109] dump_stack_lvl+0x16c/0x1f0 [ 94.621391][ T9109] should_fail_ex+0x50a/0x650 [ 94.621420][ T9109] _copy_from_user+0x2e/0xd0 [ 94.621436][ T9109] ucma_write+0x129/0x330 [ 94.621445][ T9109] ? __pfx_ucma_write+0x10/0x10 [ 94.621454][ T9109] ? bpf_lsm_file_permission+0x9/0x10 [ 94.621464][ T9109] ? security_file_permission+0x71/0x210 [ 94.621477][ T9109] ? rw_verify_area+0xcf/0x680 [ 94.621490][ T9109] ? __pfx_ucma_write+0x10/0x10 [ 94.621498][ T9109] vfs_write+0x24c/0x1150 [ 94.621511][ T9109] ? __fget_files+0x1fc/0x3a0 [ 94.621520][ T9109] ? __pfx_lock_release+0x10/0x10 [ 94.621533][ T9109] ? __pfx_vfs_write+0x10/0x10 [ 94.621546][ T9109] ? lock_acquire+0x2f/0xb0 [ 94.621557][ T9109] ? __fget_files+0x40/0x3a0 [ 94.621566][ T9109] ? __fget_files+0x206/0x3a0 [ 94.621577][ T9109] ksys_write+0x207/0x250 [ 94.621590][ T9109] ? __pfx_ksys_write+0x10/0x10 [ 94.621606][ T9109] do_syscall_64+0xcd/0x250 [ 94.621616][ T9109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.621629][ T9109] RIP: 0033:0x7f020558cda9 [ 94.621636][ T9109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.621645][ T9109] RSP: 002b:00007f02063ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 94.621654][ T9109] RAX: ffffffffffffffda RBX: 00007f02057a5fa0 RCX: 00007f020558cda9 [ 94.621659][ T9109] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000003 [ 94.621664][ T9109] RBP: 00007f02063ad090 R08: 0000000000000000 R09: 0000000000000000 [ 94.621669][ T9109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.621674][ T9109] R13: 0000000000000000 R14: 00007f02057a5fa0 R15: 00007ffe2501f6c8 [ 94.621685][ T9109] [ 94.657864][ T3231] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.717929][ T3231] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.735983][ T9121] mmap: syz.3.1125 (9121) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.782924][ T9124] overlay: Unknown parameter 'dont_hash' [ 94.807968][ T8] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.812471][ T39] audit: type=1400 audit(1738298158.204:566): avc: denied { create } for pid=9123 comm="syz.3.1126" name="#1d" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 94.820200][ T39] audit: type=1400 audit(1738298158.204:567): avc: denied { link } for pid=9123 comm="syz.3.1126" name="#1d" dev="tmpfs" ino=1567 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 94.826694][ T39] audit: type=1400 audit(1738298158.204:568): avc: denied { rename } for pid=9123 comm="syz.3.1126" name="#1e" dev="tmpfs" ino=1567 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 94.898227][ T5315] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 94.957752][ T73] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 95.121048][ T73] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.124370][ T73] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 95.127276][ T73] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 95.131796][ T73] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.134410][ T73] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.136849][ T73] usb 7-1: Product: 㐊 [ 95.138258][ T73] usb 7-1: Manufacturer: ᐌ [ 95.139685][ T73] usb 7-1: SerialNumber: 쉶釒萣쫍䍁迌所矄撋챥䵻ⱄ뜹宐䂲던ꩿ煰ꄭ⦖᭑嫥ᮑ쒲趋뙚蜆彬憑⿦硫蓀䉉ﺰ囗㴣涪Խ唟㟆ᭁ힭段桱ි祴ᒅ쑿刪귖怶掆䊦軧ⶇ⡁廢熄䢑琵㏳㰼ꢽꞔ鈈襇♪곅皌갻騺䊣旴券㶆跬줼㭔톥ು᧠믋㔫퇵䂳덏峚葍킍⛚㮵⠠⃡䤄뎵殜 [ 95.372923][ T9142] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=9142 comm=syz.0.1134 [ 95.390247][ T9117] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 95.399218][ T9117] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.429739][ T9142] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 95.474627][ T9117] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 95.478559][ T9117] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.572283][ T9117] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 95.575295][ T9117] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.626913][ T9155] fuse: Bad value for 'group_id' [ 95.628511][ T9155] fuse: Bad value for 'group_id' [ 95.653135][ T9117] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 95.655991][ T9117] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.739017][ T9117] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.741425][ T9117] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.748587][ T9117] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.751022][ T9117] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.756055][ T9117] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.758475][ T9117] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.763450][ T9117] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.765865][ T9117] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.776355][ T73] cdc_ncm 7-1:1.0: bind() failure [ 95.779607][ T73] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 95.781526][ T73] cdc_ncm 7-1:1.1: bind() failure [ 95.784305][ T73] usb 7-1: USB disconnect, device number 6 [ 96.370601][ T39] audit: type=1400 audit(1738298159.764:569): avc: denied { bind } for pid=9174 comm="syz.1.1144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 96.605623][ T9213] tmpfs: Unknown parameter 'quWtY*]*%Q%*hGuQ5Zwm1/y' [ 97.340049][ T9276] __nla_validate_parse: 7 callbacks suppressed [ 97.340059][ T9276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1162'. [ 97.400936][ T9285] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 97.403896][ T9285] macvtap1: entered promiscuous mode [ 97.405964][ T9285] macvtap1: entered allmulticast mode [ 97.407584][ T9285] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 97.415353][ T9285] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 97.420598][ T9285] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 97.455399][ T9291] lo speed is unknown, defaulting to 1000 [ 97.459715][ T9291] lo speed is unknown, defaulting to 1000 [ 97.461606][ T9291] lo speed is unknown, defaulting to 1000 [ 97.500242][ T9291] infiniband sz1: set active [ 97.502572][ T73] lo speed is unknown, defaulting to 1000 [ 97.507785][ T9291] infiniband sz1: added lo [ 97.510500][ T9296] netlink: 'syz.1.1168': attribute type 10 has an invalid length. [ 97.521577][ T9291] RDS/IB: sz1: added [ 97.523322][ T9291] smc: adding ib device sz1 with port count 1 [ 97.525269][ T9291] smc: ib device sz1 port 1 has pnetid [ 97.528924][ T8] lo speed is unknown, defaulting to 1000 [ 97.532659][ T9291] lo speed is unknown, defaulting to 1000 [ 97.575007][ T9291] lo speed is unknown, defaulting to 1000 [ 97.600214][ T9306] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1173'. [ 97.607019][ T9306] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1173'. [ 97.621917][ T9291] lo speed is unknown, defaulting to 1000 [ 97.672140][ T9313] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9313 comm=syz.2.1174 [ 97.673613][ T9291] lo speed is unknown, defaulting to 1000 [ 97.898472][ T9334] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9334 comm=syz.0.1184 [ 97.921381][ T9338] FAULT_INJECTION: forcing a failure. [ 97.921381][ T9338] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.925172][ T9338] CPU: 2 UID: 0 PID: 9338 Comm: syz.0.1186 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 97.925184][ T9338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.925190][ T9338] Call Trace: [ 97.925193][ T9338] [ 97.925197][ T9338] dump_stack_lvl+0x16c/0x1f0 [ 97.925210][ T9338] should_fail_ex+0x50a/0x650 [ 97.925230][ T9338] _copy_from_user+0x2e/0xd0 [ 97.925244][ T9338] copy_msghdr_from_user+0x99/0x160 [ 97.925256][ T9338] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 97.925272][ T9338] ___sys_sendmsg+0xff/0x1e0 [ 97.925283][ T9338] ? __pfx____sys_sendmsg+0x10/0x10 [ 97.925298][ T9338] ? __pfx_lock_release+0x10/0x10 [ 97.925310][ T9338] ? trace_lock_acquire+0x14e/0x1f0 [ 97.925324][ T9338] ? __fget_files+0x206/0x3a0 [ 97.925336][ T9338] __sys_sendmsg+0x16e/0x220 [ 97.925346][ T9338] ? __pfx___sys_sendmsg+0x10/0x10 [ 97.925364][ T9338] do_syscall_64+0xcd/0x250 [ 97.925375][ T9338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.925387][ T9338] RIP: 0033:0x7f1d03f8cda9 [ 97.925398][ T9338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.925406][ T9338] RSP: 002b:00007f1d04ed4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.925416][ T9338] RAX: ffffffffffffffda RBX: 00007f1d041a5fa0 RCX: 00007f1d03f8cda9 [ 97.925421][ T9338] RDX: 0000000004008094 RSI: 0000000020001200 RDI: 0000000000000004 [ 97.925426][ T9338] RBP: 00007f1d04ed4090 R08: 0000000000000000 R09: 0000000000000000 [ 97.925431][ T9338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.925436][ T9338] R13: 0000000000000000 R14: 00007f1d041a5fa0 R15: 00007fff4bcf08e8 [ 97.925447][ T9338] [ 97.963920][ T9342] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1188'. [ 97.984671][ T9342] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1188'. [ 98.094107][ T9356] input: syz1 as /devices/virtual/input/input21 [ 98.707775][ T73] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 98.873374][ T9377] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=9377 comm=syz.0.1203 [ 98.878800][ T73] usb 6-1: Using ep0 maxpacket: 8 [ 98.882247][ T73] usb 6-1: config 2 has an invalid interface number: 120 but max is 3 [ 98.884575][ T73] usb 6-1: config 2 has an invalid interface number: 140 but max is 3 [ 98.888224][ T73] usb 6-1: config 2 has an invalid interface number: 4 but max is 3 [ 98.890470][ T73] usb 6-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 98.892887][ T73] usb 6-1: config 2 has an invalid interface number: 250 but max is 3 [ 98.895150][ T73] usb 6-1: config 2 has an invalid descriptor of length 199, skipping remainder of the config [ 98.899362][ T73] usb 6-1: config 2 has no interface number 0 [ 98.901171][ T73] usb 6-1: config 2 has no interface number 1 [ 98.902911][ T73] usb 6-1: config 2 has no interface number 2 [ 98.904626][ T73] usb 6-1: config 2 has no interface number 3 [ 98.906360][ T73] usb 6-1: config 2 interface 120 altsetting 4 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 98.909476][ T73] usb 6-1: config 2 interface 120 altsetting 4 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 98.912822][ T73] usb 6-1: config 2 interface 120 altsetting 4 endpoint 0x87 has invalid maxpacket 5556, setting to 64 [ 98.915986][ T73] usb 6-1: config 2 interface 120 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 98.920396][ T73] usb 6-1: config 2 interface 120 altsetting 4 endpoint 0x8 has an invalid bInterval 118, changing to 7 [ 98.923532][ T73] usb 6-1: config 2 interface 120 altsetting 4 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 98.926646][ T73] usb 6-1: config 2 interface 120 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 98.929879][ T73] usb 6-1: config 2 interface 120 altsetting 4 has a duplicate endpoint with address 0x1, skipping [ 98.932970][ T73] usb 6-1: config 2 interface 120 altsetting 4 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 98.936080][ T73] usb 6-1: config 2 interface 120 altsetting 4 has a duplicate endpoint with address 0x5, skipping [ 98.940389][ T73] usb 6-1: config 2 interface 120 altsetting 4 has a duplicate endpoint with address 0x8D, skipping [ 98.943397][ T73] usb 6-1: config 2 interface 120 altsetting 4 has a duplicate endpoint with address 0x4, skipping [ 98.954398][ T73] usb 6-1: config 2 interface 120 altsetting 4 has 15 endpoint descriptors, different from the interface descriptor's value: 14 [ 98.954613][ T9379] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 98.958208][ T73] usb 6-1: config 2 interface 140 altsetting 5 endpoint 0xE has invalid maxpacket 72, setting to 64 [ 98.958223][ T73] usb 6-1: config 2 interface 140 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 98.958233][ T73] usb 6-1: config 2 interface 140 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 98.961034][ T9379] SELinux: failed to load policy [ 98.963987][ T73] usb 6-1: config 2 interface 140 altsetting 5 has a duplicate endpoint with address 0xA, skipping [ 98.974428][ T73] usb 6-1: config 2 interface 140 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 98.977498][ T73] usb 6-1: config 2 interface 140 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 98.981128][ T73] usb 6-1: config 2 interface 140 altsetting 5 has a duplicate endpoint with address 0x5, skipping [ 98.984135][ T73] usb 6-1: config 2 interface 4 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 98.986999][ T73] usb 6-1: config 2 interface 4 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 98.989977][ T73] usb 6-1: config 2 interface 4 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 98.992840][ T73] usb 6-1: config 2 interface 4 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 98.995769][ T73] usb 6-1: config 2 interface 4 altsetting 1 has a duplicate endpoint with address 0x1, skipping [ 98.998755][ T73] usb 6-1: config 2 interface 250 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 99.001635][ T73] usb 6-1: config 2 interface 250 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 99.004553][ T73] usb 6-1: config 2 interface 250 altsetting 3 has an endpoint descriptor with address 0x6B, changing to 0xB [ 99.007784][ T73] usb 6-1: config 2 interface 250 altsetting 3 has a duplicate endpoint with address 0xB, skipping [ 99.010696][ T73] usb 6-1: config 2 interface 250 altsetting 3 has a duplicate endpoint with address 0x7, skipping [ 99.013567][ T73] usb 6-1: config 2 interface 250 altsetting 3 has a duplicate endpoint with address 0x1, skipping [ 99.016523][ T73] usb 6-1: config 2 interface 250 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 99.019633][ T73] usb 6-1: config 2 interface 250 altsetting 3 has 6 endpoint descriptors, different from the interface descriptor's value: 8 [ 99.023192][ T73] usb 6-1: config 2 interface 120 has no altsetting 0 [ 99.025065][ T73] usb 6-1: config 2 interface 140 has no altsetting 0 [ 99.027232][ T73] usb 6-1: config 2 interface 4 has no altsetting 0 [ 99.029206][ T73] usb 6-1: config 2 interface 250 has no altsetting 0 [ 99.038161][ T73] usb 6-1: New USB device found, idVendor=1b3d, idProduct=0143, bcdDevice=b5.c5 [ 99.042671][ T73] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.045026][ T73] usb 6-1: Product: ъ [ 99.046243][ T73] usb 6-1: Manufacturer: 킒犁჌齯ᱧᬬޏ⎄䎡蔾㤧⭷⋐蜳놷켮ʯ쐞ﺂ捝涇᪲泩ꉆ⌽r쾶쯮倜짒ᖰ䇐뺌鯻폺竿鎢∩敲髹竟Քㄮꠤ摉⒉둼ᩔ㕲矽䌲ჳ崥婍蝏︒碚箞ඬ従ﺱ뒧瞕⍪㗲㡳ቺ䴽ਞ뽼楦ꍗ捦ඒꡫ䒝Ḵ砌頡䨨ꟈ鷘鴕쿸Ⱎ譄ྪ옧垳ᖂ삁쑷罱睲ꓠ낦㢶ҿҬ房㙕⳺ [ 99.055699][ T73] usb 6-1: SerialNumber: syz [ 99.058955][ T73] usb 6-1: Interface #120 referenced by multiple IADs [ 99.123405][ T9393] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9393 comm=syz.2.1208 [ 99.268885][ T56] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 99.344194][ T9402] FAULT_INJECTION: forcing a failure. [ 99.344194][ T9402] name failslab, interval 1, probability 0, space 0, times 0 [ 99.348565][ T9402] CPU: 1 UID: 0 PID: 9402 Comm: syz.3.1211 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 99.348577][ T9402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.348583][ T9402] Call Trace: [ 99.348595][ T9402] [ 99.348598][ T9402] dump_stack_lvl+0x16c/0x1f0 [ 99.348623][ T9402] should_fail_ex+0x50a/0x650 [ 99.348640][ T9402] ? fs_reclaim_acquire+0xae/0x150 [ 99.348653][ T9402] ? rds_info_getsockopt+0x376/0x4f0 [ 99.348662][ T9402] should_failslab+0xc2/0x120 [ 99.348672][ T9402] __kmalloc_noprof+0xcb/0x510 [ 99.348681][ T9402] ? __might_fault+0xe3/0x190 [ 99.348693][ T9402] rds_info_getsockopt+0x376/0x4f0 [ 99.348702][ T9402] ? __might_fault+0x13b/0x190 [ 99.348712][ T9402] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 99.348720][ T9402] ? trace_lock_acquire+0x14e/0x1f0 [ 99.348730][ T9402] ? trace_lock_acquire+0x14e/0x1f0 [ 99.348740][ T9402] ? lock_acquire+0x2f/0xb0 [ 99.348752][ T9402] ? __might_fault+0xe3/0x190 [ 99.348761][ T9402] ? __might_fault+0xe3/0x190 [ 99.348773][ T9402] rds_getsockopt+0x173/0x2d0 [ 99.348783][ T9402] ? __pfx_rds_getsockopt+0x10/0x10 [ 99.348795][ T9402] do_sock_getsockopt+0x3fe/0x800 [ 99.348809][ T9402] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 99.348821][ T9402] ? lock_acquire+0x2f/0xb0 [ 99.348831][ T9402] ? __fget_files+0x40/0x3a0 [ 99.348841][ T9402] ? __fget_files+0x206/0x3a0 [ 99.348851][ T9402] __sys_getsockopt+0x12f/0x260 [ 99.348864][ T9402] __x64_sys_getsockopt+0xbd/0x160 [ 99.348873][ T9402] ? do_syscall_64+0x91/0x250 [ 99.348882][ T9402] ? lockdep_hardirqs_on+0x7c/0x110 [ 99.348895][ T9402] do_syscall_64+0xcd/0x250 [ 99.348904][ T9402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.348921][ T9402] RIP: 0033:0x7f020558cda9 [ 99.348929][ T9402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.348937][ T9402] RSP: 002b:00007f02063ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 99.348946][ T9402] RAX: ffffffffffffffda RBX: 00007f02057a5fa0 RCX: 00007f020558cda9 [ 99.348951][ T9402] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003 [ 99.348957][ T9402] RBP: 00007f02063ad090 R08: 0000000020000000 R09: 0000000000000000 [ 99.348962][ T9402] R10: 0000000020032580 R11: 0000000000000246 R12: 0000000000000001 [ 99.348967][ T9402] R13: 0000000000000000 R14: 00007f02057a5fa0 R15: 00007ffe2501f6c8 [ 99.348977][ T9402] [ 99.426067][ C1] vkms_vblank_simulate: vblank timer overrun [ 99.431548][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 99.431557][ T39] audit: type=1400 audit(1738300722.827:576): avc: denied { bind } for pid=9404 comm="syz.3.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 99.439649][ T39] audit: type=1400 audit(1738300722.827:577): avc: denied { read } for pid=9404 comm="syz.3.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 99.447759][ T56] usb 5-1: Using ep0 maxpacket: 8 [ 99.450420][ T56] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 99.452639][ T56] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.455283][ T56] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.458423][ T56] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.461751][ T56] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.465555][ T56] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 99.468105][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.673991][ T56] usb 5-1: usb_control_msg returned -32 [ 99.675666][ T56] usbtmc 5-1:16.0: can't read capabilities [ 99.688354][ T35] usb 5-1: USB disconnect, device number 5 [ 99.697695][ T5943] Bluetooth: hci0: command 0x040f tx timeout [ 99.903321][ T9426] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1219'. [ 99.913707][ T9426] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1219'. [ 100.309967][ T39] audit: type=1400 audit(1738300723.707:578): avc: denied { accept } for pid=9437 comm="syz.3.1222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 100.480118][ T9453] netlink: 'syz.2.1228': attribute type 10 has an invalid length. [ 100.482874][ T9453] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.485118][ T9453] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.491902][ T9453] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.494010][ T9453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.496394][ T9453] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.498442][ T9453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.504204][ T9453] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 100.511561][ T39] audit: type=1400 audit(1738300723.907:579): avc: denied { map } for pid=9452 comm="syz.2.1228" path="/dev/iommu" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 100.518314][ T39] audit: type=1400 audit(1738300723.907:580): avc: denied { nlmsg_write } for pid=9452 comm="syz.2.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 100.567758][ T8] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 100.717799][ T8] usb 8-1: Using ep0 maxpacket: 16 [ 100.721884][ T8] usb 8-1: unable to get BOS descriptor or descriptor too short [ 100.725848][ T8] usb 8-1: config 1 interface 0 has no altsetting 0 [ 100.735488][ T8] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1c06, bcdDevice= 0.40 [ 100.738390][ T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.740787][ T8] usb 8-1: Product: syz [ 100.742014][ T8] usb 8-1: Manufacturer: syz [ 100.743400][ T8] usb 8-1: SerialNumber: syz [ 100.990179][ T8] usbhid 8-1:1.0: can't add hid device: -71 [ 100.992069][ T8] usbhid 8-1:1.0: probe with driver usbhid failed with error -71 [ 100.995832][ T8] usb 8-1: USB disconnect, device number 3 [ 101.049899][ T9478] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1238'. [ 101.127009][ T9493] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9493 comm=syz.2.1241 [ 101.132273][ T9493] netlink: 'syz.2.1241': attribute type 1 has an invalid length. [ 101.144775][ T9493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.157082][ T9493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.159780][ T9493] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 101.163602][ T9493] bond1: (slave vcan1): Error -95 calling set_mac_address [ 101.399528][ T9500] kvm: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xa00000000 [ 101.414328][ T9500] kvm: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x250000f7ff [ 101.418395][ T9500] kvm: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x250000ffff [ 101.464795][ T73] ftdi_sio 6-1:2.120: FTDI USB Serial Device converter detected [ 101.469396][ T73] ftdi_sio ttyUSB0: unknown device type: 0xb5c5 [ 101.475677][ T73] ftdi_sio 6-1:2.140: FTDI USB Serial Device converter detected [ 101.475987][ T9500] kvm: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x250000ffff [ 101.478418][ T73] ftdi_sio ttyUSB1: unknown device type: 0xb5c5 [ 101.481858][ T9500] kvm: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x250000f7ff [ 101.484561][ T73] ftdi_sio 6-1:2.4: FTDI USB Serial Device converter detected [ 101.487454][ T73] ftdi_sio ttyUSB2: unknown device type: 0xb5c5 [ 101.490744][ T9500] kvm: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x250000ffff [ 101.491815][ T73] ftdi_sio 6-1:2.250: FTDI USB Serial Device converter detected [ 101.495924][ T73] ftdi_sio ttyUSB3: unknown device type: 0xb5c5 [ 101.498406][ T9500] kvm_intel: kvm [9498]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x250000f7ff [ 101.500119][ T73] usb 6-1: USB disconnect, device number 6 [ 101.511900][ T73] ftdi_sio 6-1:2.120: device disconnected [ 101.515108][ T73] ftdi_sio 6-1:2.140: device disconnected [ 101.517894][ T73] ftdi_sio 6-1:2.4: device disconnected [ 101.520463][ T73] ftdi_sio 6-1:2.250: device disconnected [ 101.770036][ T39] audit: type=1400 audit(1738300725.167:581): avc: denied { write } for pid=9514 comm="syz.3.1249" name="ptp1" dev="devtmpfs" ino=1288 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 101.950495][ T39] audit: type=1400 audit(1738300725.347:582): avc: denied { read } for pid=9524 comm="getty" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 102.028952][ T39] audit: type=1400 audit(1738300725.427:583): avc: denied { write } for pid=9529 comm="syz.0.1253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 syzkaller syzkaller login: [ 102.287829][ T56] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 102.369644][ T9565] Cannot find add_set index 0 as target [ 102.437780][ T56] usb 5-1: Using ep0 maxpacket: 8 [ 102.440961][ T56] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 102.444960][ T56] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.448118][ T56] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 102.450938][ T56] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 102.454841][ T56] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.459151][ T56] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 102.461720][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.536706][ T9590] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 102.539883][ T9590] macvtap1: entered promiscuous mode [ 102.542254][ T9590] macvtap1: entered allmulticast mode [ 102.547264][ T9590] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 102.671018][ T56] usb 5-1: GET_CAPABILITIES returned 0 [ 102.672926][ T56] usbtmc 5-1:16.0: can't read capabilities [ 102.676553][ T56] usb 5-1: USB disconnect, device number 6 [ 102.734225][ T9601] netlink: 576 bytes leftover after parsing attributes in process `syz.2.1275'. [ 102.920623][ T9607] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1278'. [ 102.945700][ T9613] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1279'. [ 102.977715][ T834] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 103.053998][ T9625] erspan0: entered promiscuous mode [ 103.055557][ T9625] erspan0: entered allmulticast mode [ 103.059126][ T9625] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1285'. [ 103.061681][ T9625] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1285'. [ 103.066008][ T9625] tmpfs: Bad value for 'nr_inodes' [ 103.078998][ T9629] netdevsim netdevsim3: Direct firmware load for # failed with error -2 [ 103.082675][ T9629] netdevsim netdevsim3: Falling back to sysfs fallback for: # [ 103.127729][ T834] usb 6-1: Invalid ep0 maxpacket: 16 [ 103.257777][ T834] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 103.309419][ T39] audit: type=1400 audit(1738300726.707:584): avc: denied { name_bind } for pid=9638 comm="syz.2.1290" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 103.309744][ T9639] sctp: [Deprecated]: syz.2.1290 (pid 9639) Use of struct sctp_assoc_value in delayed_ack socket option. [ 103.309744][ T9639] Use struct sctp_sack_info instead [ 103.372363][ T9643] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1292'. [ 103.394250][ T39] audit: type=1400 audit(1738300726.787:585): avc: denied { execheap } for pid=9642 comm="syz.2.1292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 103.409348][ T834] usb 6-1: Invalid ep0 maxpacket: 16 [ 103.411248][ T834] usb usb6-port1: attempt power cycle [ 103.747734][ T834] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 103.769355][ T834] usb 6-1: Invalid ep0 maxpacket: 16 [ 103.857726][ T73] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 103.899089][ T834] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 103.918366][ T834] usb 6-1: Invalid ep0 maxpacket: 16 [ 103.920090][ T834] usb usb6-port1: unable to enumerate USB device [ 103.997718][ T73] usb 7-1: device descriptor read/64, error -71 [ 104.056963][ T9668] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1301'. [ 104.060030][ T9668] FAULT_INJECTION: forcing a failure. [ 104.060030][ T9668] name failslab, interval 1, probability 0, space 0, times 0 [ 104.063631][ T9668] CPU: 2 UID: 0 PID: 9668 Comm: syz.3.1301 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 104.063643][ T9668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.063648][ T9668] Call Trace: [ 104.063652][ T9668] [ 104.063656][ T9668] dump_stack_lvl+0x16c/0x1f0 [ 104.063681][ T9668] should_fail_ex+0x50a/0x650 [ 104.063699][ T9668] ? fs_reclaim_acquire+0xae/0x150 [ 104.063712][ T9668] ? nfnl_err_add+0x4e/0x2d0 [ 104.063723][ T9668] should_failslab+0xc2/0x120 [ 104.063733][ T9668] __kmalloc_cache_noprof+0x68/0x410 [ 104.063749][ T9668] nfnl_err_add+0x4e/0x2d0 [ 104.063760][ T9668] nfnetlink_rcv_batch+0xe42/0x24e0 [ 104.063778][ T9668] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 104.063792][ T9668] ? avc_has_perm_noaudit+0x119/0x3a0 [ 104.063812][ T9668] ? avc_has_perm_noaudit+0x143/0x3a0 [ 104.063837][ T9668] ? __nla_parse+0x40/0x60 [ 104.063847][ T9668] nfnetlink_rcv+0x3c3/0x430 [ 104.063857][ T9668] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 104.063871][ T9668] netlink_unicast+0x53c/0x7f0 [ 104.063882][ T9668] ? __pfx_netlink_unicast+0x10/0x10 [ 104.063895][ T9668] netlink_sendmsg+0x8b8/0xd70 [ 104.063907][ T9668] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.063921][ T9668] ____sys_sendmsg+0xaaf/0xc90 [ 104.063935][ T9668] ? copy_msghdr_from_user+0x10b/0x160 [ 104.063946][ T9668] ? __pfx_____sys_sendmsg+0x10/0x10 [ 104.063966][ T9668] ___sys_sendmsg+0x135/0x1e0 [ 104.063977][ T9668] ? __pfx____sys_sendmsg+0x10/0x10 [ 104.063992][ T9668] ? __pfx_lock_release+0x10/0x10 [ 104.064005][ T9668] ? trace_lock_acquire+0x14e/0x1f0 [ 104.064019][ T9668] ? __fget_files+0x206/0x3a0 [ 104.064031][ T9668] __sys_sendmsg+0x16e/0x220 [ 104.064041][ T9668] ? __pfx___sys_sendmsg+0x10/0x10 [ 104.064059][ T9668] do_syscall_64+0xcd/0x250 [ 104.064070][ T9668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.064083][ T9668] RIP: 0033:0x7f020558cda9 [ 104.064090][ T9668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.064099][ T9668] RSP: 002b:00007f02063ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.064108][ T9668] RAX: ffffffffffffffda RBX: 00007f02057a5fa0 RCX: 00007f020558cda9 [ 104.064114][ T9668] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 104.064119][ T9668] RBP: 00007f02063ad090 R08: 0000000000000000 R09: 0000000000000000 [ 104.064123][ T9668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.064128][ T9668] R13: 0000000000000000 R14: 00007f02057a5fa0 R15: 00007ffe2501f6c8 [ 104.064139][ T9668] [ 104.277782][ T73] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 104.417722][ T73] usb 7-1: device descriptor read/64, error -71 [ 104.530500][ T73] usb usb7-port1: attempt power cycle [ 104.815379][ T9693] fuse: Unknown parameter '00000000000040000' [ 104.823557][ T9693] qnx6: unable to read the first superblock [ 104.899203][ T73] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 104.928729][ T73] usb 7-1: device descriptor read/8, error -71 [ 105.177792][ T73] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 105.208501][ T73] usb 7-1: device descriptor read/8, error -71 [ 105.223777][ T39] audit: type=1400 audit(1738300728.617:586): avc: denied { mount } for pid=9701 comm="syz.3.1315" name="/" dev="9p" ino=37617932 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 105.328903][ T73] usb usb7-port1: unable to enumerate USB device [ 105.363623][ T39] audit: type=1400 audit(1738300728.757:587): avc: denied { unmount } for pid=5932 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 105.764009][ T9710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 105.768686][ T9710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 105.771264][ T9710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 105.773732][ T9710] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 105.776203][ T9710] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 105.784867][ T39] audit: type=1400 audit(1738300729.177:588): avc: denied { read append } for pid=9713 comm="syz.3.1321" name="usbmon4" dev="devtmpfs" ino=749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 105.821395][ T9709] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 105.862466][ T9722] cifs: Unknown parameter 'no9 PG!8E8- ŖEeլ' [ 105.880505][ T39] audit: type=1400 audit(1738300729.277:589): avc: denied { getopt } for pid=9721 comm="syz.0.1325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 106.261238][ T9726] hsr_slave_0: left promiscuous mode [ 106.338780][ T9726] hsr_slave_1: left promiscuous mode [ 106.723538][ T9743] netlink: 'syz.0.1334': attribute type 2 has an invalid length. [ 106.798398][ T9749] CUSE: zero length info key specified [ 107.247686][ T5973] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 107.397761][ T5973] usb 8-1: device descriptor read/64, error -71 [ 107.657828][ T5973] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 107.797780][ T5973] usb 8-1: device descriptor read/64, error -71 [ 107.871585][ T9782] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 107.873562][ T9782] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 107.875295][ T9782] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 107.907970][ T5973] usb usb8-port1: attempt power cycle [ 108.247748][ T5973] usb 8-1: new low-speed USB device number 6 using dummy_hcd [ 108.268501][ T5973] usb 8-1: device descriptor read/8, error -71 [ 108.317795][ T73] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 108.468875][ T73] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 108.471391][ T73] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 108.474242][ T73] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 108.476732][ T73] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 108.479838][ T73] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 108.483977][ T73] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 108.486411][ T73] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 108.488762][ T73] usb 7-1: Product: syz [ 108.489924][ T73] usb 7-1: Manufacturer: syz [ 108.494500][ T73] cdc_wdm 7-1:1.0: skipping garbage [ 108.495986][ T73] cdc_wdm 7-1:1.0: skipping garbage [ 108.500280][ T73] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 108.501994][ T73] cdc_wdm 7-1:1.0: Unknown control protocol [ 108.507751][ T5973] usb 8-1: new low-speed USB device number 7 using dummy_hcd [ 108.528079][ T5973] usb 8-1: device descriptor read/8, error -71 [ 108.637958][ T5973] usb usb8-port1: unable to enumerate USB device [ 108.643526][ T9804] __nla_validate_parse: 10 callbacks suppressed [ 108.643537][ T9804] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1354'. [ 108.697311][ T9800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.702931][ T9800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.795587][ T9814] tipc: Enabling of bearer rejected, failed to enable media [ 108.801391][ T9811] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1357'. [ 108.801699][ T9814] gretap1: entered allmulticast mode [ 108.803992][ T9811] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1357'. [ 108.809986][ T9811] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1357'. [ 108.812477][ T9811] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1357'. [ 109.777713][ T5939] Bluetooth: hci0: command 0x040f tx timeout [ 109.815635][ T9823] hpfs: hpfs_map_sector(): read error [ 109.835558][ T9825] netlink: 'syz.0.1362': attribute type 4 has an invalid length. [ 109.840087][ T39] audit: type=1400 audit(1738300733.237:590): avc: denied { create } for pid=9824 comm="syz.0.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 109.840370][ T9825] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1362'. [ 109.845570][ T39] audit: type=1400 audit(1738300733.237:591): avc: denied { write } for pid=9824 comm="syz.0.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 109.857792][ T39] audit: type=1400 audit(1738300733.237:592): avc: denied { nlmsg_write } for pid=9824 comm="syz.0.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 109.868486][ T9823] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 109.898067][ T39] audit: type=1400 audit(1738300733.297:593): avc: denied { accept } for pid=9822 comm="syz.1.1361" path="socket:[29248]" dev="sockfs" ino=29248 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 109.905917][ T9834] netlink: 'syz.3.1365': attribute type 29 has an invalid length. [ 109.929274][ T9836] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1366'. [ 109.937759][ T5939] Bluetooth: hci3: command 0x040f tx timeout [ 109.937781][ T5931] Bluetooth: hci1: command 0x040f tx timeout [ 109.980288][ T9843] netlink: 'syz.1.1369': attribute type 6 has an invalid length. [ 110.013665][ T9846] fuse: Unknown parameter 'droup_id' [ 110.071525][ T9851] FAULT_INJECTION: forcing a failure. [ 110.071525][ T9851] name failslab, interval 1, probability 0, space 0, times 0 [ 110.075168][ T9851] CPU: 1 UID: 0 PID: 9851 Comm: syz.1.1372 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 110.075180][ T9851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 110.075186][ T9851] Call Trace: [ 110.075189][ T9851] [ 110.075193][ T9851] dump_stack_lvl+0x16c/0x1f0 [ 110.075208][ T9851] should_fail_ex+0x50a/0x650 [ 110.075223][ T9851] should_failslab+0xc2/0x120 [ 110.075234][ T9851] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 110.075243][ T9851] ? lockdep_hardirqs_on+0x7c/0x110 [ 110.075257][ T9851] ? __alloc_skb+0x2b1/0x380 [ 110.075269][ T9851] __alloc_skb+0x2b1/0x380 [ 110.075278][ T9851] ? __pfx___alloc_skb+0x10/0x10 [ 110.075286][ T9851] ? rt6_nlmsg_size+0xb0/0x450 [ 110.075300][ T9851] ? rt6_nh_age_exceptions+0x70/0xc0 [ 110.075313][ T9851] ? notifier_call_chain+0x36c/0x410 [ 110.075324][ T9851] ? __pfx_nsim_fib_event_nb+0x10/0x10 [ 110.075337][ T9851] inet6_rt_notify+0xc7/0x260 [ 110.075350][ T9851] fib6_del+0xf56/0x1760 [ 110.075366][ T9851] ? __pfx_fib6_del+0x10/0x10 [ 110.075380][ T9851] ? fib6_ifdown+0xcd/0x8f0 [ 110.075395][ T9851] fib6_clean_node+0x426/0x5b0 [ 110.075408][ T9851] ? __pfx_fib6_clean_node+0x10/0x10 [ 110.075422][ T9851] ? fib6_walk+0x17a/0x370 [ 110.075432][ T9851] ? __pfx_lock_release+0x10/0x10 [ 110.075450][ T9851] fib6_walk_continue+0x44f/0x8d0 [ 110.075463][ T9851] fib6_walk+0x182/0x370 [ 110.075474][ T9851] ? __pfx_fib6_ifdown+0x10/0x10 [ 110.075486][ T9851] fib6_clean_tree+0xd7/0x120 [ 110.075497][ T9851] ? __pfx_fib6_clean_tree+0x10/0x10 [ 110.075511][ T9851] ? __pfx_fib6_clean_node+0x10/0x10 [ 110.075523][ T9851] ? __pfx_fib6_ifdown+0x10/0x10 [ 110.075536][ T9851] ? lock_acquire+0x2f/0xb0 [ 110.075546][ T9851] ? __fib6_clean_all+0xe5/0x2d0 [ 110.075559][ T9851] ? __pfx_fib6_ifdown+0x10/0x10 [ 110.075572][ T9851] __fib6_clean_all+0x100/0x2d0 [ 110.075594][ T9851] rt6_disable_ip+0x2ef/0x940 [ 110.075609][ T9851] ? __wake_up+0x3f/0x60 [ 110.075625][ T9851] ? consume_skb+0x10/0x100 [ 110.075642][ T9851] ? __pfx_rt6_disable_ip+0x10/0x10 [ 110.075666][ T9851] addrconf_ifdown.isra.0+0x126/0x1af0 [ 110.075697][ T9851] ? __pfx_inet6_fill_ifinfo+0x10/0x10 [ 110.075709][ T9851] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 110.075723][ T9851] ? nlmsg_notify+0xac/0x220 [ 110.075732][ T9851] ? nlmsg_notify+0x11e/0x220 [ 110.075744][ T9851] addrconf_notify+0x89a/0x19c0 [ 110.075754][ T9851] ? ip6mr_device_event+0x1bc/0x230 [ 110.075765][ T9851] notifier_call_chain+0xb7/0x410 [ 110.075775][ T9851] ? __pfx_addrconf_notify+0x10/0x10 [ 110.075786][ T9851] call_netdevice_notifiers_info+0xbe/0x140 [ 110.075800][ T9851] netdev_state_change+0x115/0x150 [ 110.075812][ T9851] ? __pfx_netdev_state_change+0x10/0x10 [ 110.075826][ T9851] ? dev_change_flags+0x111/0x160 [ 110.075837][ T9851] do_setlink.constprop.0+0x31fd/0x3f80 [ 110.075852][ T9851] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 110.075861][ T9851] ? lock_acquire.part.0+0x11b/0x380 [ 110.075876][ T9851] ? __mutex_trylock_common+0xea/0x250 [ 110.075890][ T9851] ? __pfx___mutex_trylock_common+0x10/0x10 [ 110.075907][ T9851] ? rtnl_newlink+0x5d9/0x1d60 [ 110.075918][ T9851] ? rcu_is_watching+0x12/0xc0 [ 110.075935][ T9851] ? trace_contention_end+0xee/0x140 [ 110.075948][ T9851] ? __mutex_lock+0x1cc/0xb10 [ 110.075958][ T9851] ? rcu_is_watching+0x12/0xc0 [ 110.075967][ T9851] ? rtnl_newlink+0x5d9/0x1d60 [ 110.075978][ T9851] ? __pfx___mutex_lock+0x10/0x10 [ 110.075987][ T9851] ? cap_capable+0xb3/0x250 [ 110.076017][ T9851] rtnl_newlink+0x1784/0x1d60 [ 110.076032][ T9851] ? __pfx_rtnl_newlink+0x10/0x10 [ 110.076045][ T9851] ? __pfx___lock_acquire+0x10/0x10 [ 110.076057][ T9851] ? cred_has_capability.isra.0+0x192/0x2f0 [ 110.076070][ T9851] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 110.076085][ T9851] ? find_held_lock+0x2d/0x110 [ 110.076096][ T9851] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 110.076106][ T9851] ? __pfx_lock_release+0x10/0x10 [ 110.076118][ T9851] ? trace_lock_acquire+0x14e/0x1f0 [ 110.076131][ T9851] ? __pfx_rtnl_newlink+0x10/0x10 [ 110.076141][ T9851] rtnetlink_rcv_msg+0x95b/0xea0 [ 110.076158][ T9851] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 110.076175][ T9851] netlink_rcv_skb+0x16b/0x440 [ 110.076185][ T9851] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 110.076200][ T9851] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 110.076217][ T9851] ? netlink_deliver_tap+0x1ae/0xd30 [ 110.076230][ T9851] netlink_unicast+0x53c/0x7f0 [ 110.076241][ T9851] ? __pfx_netlink_unicast+0x10/0x10 [ 110.076255][ T9851] netlink_sendmsg+0x8b8/0xd70 [ 110.076267][ T9851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.076282][ T9851] ____sys_sendmsg+0xaaf/0xc90 [ 110.076296][ T9851] ? copy_msghdr_from_user+0x10b/0x160 [ 110.076307][ T9851] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.076327][ T9851] ___sys_sendmsg+0x135/0x1e0 [ 110.076338][ T9851] ? __pfx____sys_sendmsg+0x10/0x10 [ 110.076355][ T9851] ? __pfx_lock_release+0x10/0x10 [ 110.076366][ T9851] ? trace_lock_acquire+0x14e/0x1f0 [ 110.076381][ T9851] ? __fget_files+0x206/0x3a0 [ 110.076394][ T9851] __sys_sendmsg+0x16e/0x220 [ 110.076406][ T9851] ? __pfx___sys_sendmsg+0x10/0x10 [ 110.076425][ T9851] do_syscall_64+0xcd/0x250 [ 110.076436][ T9851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.076449][ T9851] RIP: 0033:0x7f1aa198cda9 [ 110.076457][ T9851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.076466][ T9851] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.076475][ T9851] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 110.076481][ T9851] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 110.076487][ T9851] RBP: 00007f1aa27c7090 R08: 0000000000000000 R09: 0000000000000000 [ 110.076492][ T9851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 110.076497][ T9851] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 110.076509][ T9851] [ 110.086696][ T9851] geneve2: entered allmulticast mode [ 110.244797][ T9851] sit1: entered allmulticast mode [ 110.246540][ T9851] ip6gre2: entered allmulticast mode [ 110.249191][ T56] lo speed is unknown, defaulting to 1000 [ 110.273349][ T9853] Context (ID=0x1) not attached to queue pair (handle=0x4d5:0x0) [ 110.278110][ T73] ip6_tnl_xmit_ctl: 21 callbacks suppressed [ 110.278123][ T73] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 110.484954][ T39] audit: type=1326 audit(1738300733.877:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.494053][ T39] audit: type=1326 audit(1738300733.877:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1aa198b710 code=0x7fc00000 [ 110.500338][ T39] audit: type=1326 audit(1738300733.877:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.506619][ T39] audit: type=1326 audit(1738300733.877:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.512973][ T39] audit: type=1326 audit(1738300733.877:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.519288][ T39] audit: type=1326 audit(1738300733.877:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.525573][ T39] audit: type=1326 audit(1738300733.877:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.531936][ T39] audit: type=1326 audit(1738300733.877:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.538384][ T39] audit: type=1326 audit(1738300733.877:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.544644][ T39] audit: type=1326 audit(1738300733.877:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9862 comm="syz.1.1377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aa198cda9 code=0x7fc00000 [ 110.756290][ T9866] lo speed is unknown, defaulting to 1000 [ 110.759994][ T9866] lo speed is unknown, defaulting to 1000 [ 110.980158][ T73] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 111.030324][ T9882] 9pnet: Limiting 'msize' to 512000 as this is the maximum supported by transport virtio [ 111.069631][ T9882] macvlan0: entered allmulticast mode [ 111.074384][ T9882] syztnl1: entered allmulticast mode [ 111.076074][ T9882] gre1: entered allmulticast mode [ 111.078409][ T9882] bond2: entered allmulticast mode [ 111.145436][ T9888] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1387'. [ 111.192544][ T9892] raw_sendmsg: syz.3.1388 forgot to set AF_INET. Fix it! [ 111.251226][ T35] usb 7-1: USB disconnect, device number 11 [ 111.848773][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1392'. [ 111.887397][ T9906] syzkaller0: entered allmulticast mode [ 111.903622][ T9906] syzkaller0: left allmulticast mode [ 112.017819][ T5943] Bluetooth: hci3: command 0x040f tx timeout [ 112.051438][ T9915] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 112.285192][ T9931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1404'. [ 113.147848][ T5943] Bluetooth: hci0: command 0x040f tx timeout [ 113.368261][ T5943] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 113.371536][ T5943] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 113.423087][ T9971] xt_socket: unknown flags 0x8 [ 113.430724][ T9971] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 113.485420][ T9979] lo speed is unknown, defaulting to 1000 [ 113.492468][ T9979] lo speed is unknown, defaulting to 1000 [ 113.502879][ T9974] lo: left allmulticast mode [ 113.509900][ T9974] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 113.653914][ T9987] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.683848][ T9994] __nla_validate_parse: 1 callbacks suppressed [ 113.683863][ T9994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1424'. [ 113.765017][ T9987] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.831473][ T9987] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.976957][ T9987] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.984959][ T9987] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.991150][ T9987] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.997122][ T9987] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.138094][T10001] FAULT_INJECTION: forcing a failure. [ 114.138094][T10001] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 114.144147][T10001] CPU: 3 UID: 0 PID: 10001 Comm: syz.0.1428 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 114.144168][T10001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.144177][T10001] Call Trace: [ 114.144192][T10001] [ 114.144199][T10001] dump_stack_lvl+0x16c/0x1f0 [ 114.144235][T10001] should_fail_ex+0x50a/0x650 [ 114.144262][T10001] ? __pfx___might_resched+0x10/0x10 [ 114.144288][T10001] should_fail_alloc_page+0xe7/0x130 [ 114.144308][T10001] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 114.144337][T10001] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 114.144357][T10001] ? hlock_class+0x4e/0x130 [ 114.144374][T10001] ? mark_lock+0xb5/0xc60 [ 114.144399][T10001] ? __pfx_mark_lock+0x10/0x10 [ 114.144424][T10001] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 114.144441][T10001] ? hlock_class+0x4e/0x130 [ 114.144459][T10001] ? hlock_class+0x4e/0x130 [ 114.144476][T10001] ? mark_lock+0xb5/0xc60 [ 114.144498][T10001] ? hlock_class+0x4e/0x130 [ 114.144521][T10001] ? hlock_class+0x4e/0x130 [ 114.144538][T10001] ? __lock_acquire+0xcc5/0x3c40 [ 114.144560][T10001] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.144588][T10001] ? policy_nodemask+0xea/0x4e0 [ 114.144609][T10001] alloc_pages_mpol+0x1fc/0x540 [ 114.144649][T10001] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 114.144665][T10001] ? __lock_acquire+0x15a9/0x3c40 [ 114.144690][T10001] folio_alloc_mpol_noprof+0x36/0x2f0 [ 114.144711][T10001] vma_alloc_folio_noprof+0xee/0x1b0 [ 114.144730][T10001] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 114.144748][T10001] ? find_held_lock+0x2d/0x110 [ 114.144769][T10001] do_pte_missing+0x202f/0x3e10 [ 114.144793][T10001] __handle_mm_fault+0x1166/0x2c60 [ 114.144815][T10001] ? __pfx___handle_mm_fault+0x10/0x10 [ 114.144829][T10001] ? follow_page_pte+0x3ac/0x1490 [ 114.144850][T10001] ? __pfx_lock_release+0x10/0x10 [ 114.144891][T10001] handle_mm_fault+0x3fa/0xaa0 [ 114.144913][T10001] __get_user_pages+0x773/0x36f0 [ 114.144949][T10001] ? __pfx___get_user_pages+0x10/0x10 [ 114.144972][T10001] ? down_read_killable+0xcc/0x380 [ 114.144990][T10001] ? __pfx_down_read_killable+0x10/0x10 [ 114.145013][T10001] ? mark_lock+0xb5/0xc60 [ 114.145036][T10001] get_user_pages_unlocked+0x1c2/0x780 [ 114.145071][T10001] ? __pfx_get_user_pages_unlocked+0x10/0x10 [ 114.145096][T10001] ? get_user_pages_fast_only+0xaf/0x100 [ 114.145112][T10001] ? __pfx_get_user_pages_fast_only+0x10/0x10 [ 114.145129][T10001] ? __pfx___might_resched+0x10/0x10 [ 114.145159][T10001] hva_to_pfn+0x8be/0xc20 [ 114.145188][T10001] ? __pfx_hva_to_pfn+0x10/0x10 [ 114.145211][T10001] ? hlock_class+0x4e/0x130 [ 114.145234][T10001] ? find_held_lock+0x2d/0x110 [ 114.145255][T10001] ? xa_load+0x14a/0x2c0 [ 114.145272][T10001] ? __pfx_lock_release+0x10/0x10 [ 114.145298][T10001] kvm_follow_pfn+0x29f/0x3f0 [ 114.145324][T10001] __kvm_faultin_pfn+0x11c/0x1a0 [ 114.145348][T10001] ? __pfx___kvm_faultin_pfn+0x10/0x10 [ 114.145372][T10001] ? __pfx_xa_load+0x10/0x10 [ 114.145395][T10001] ? hlock_class+0x4e/0x130 [ 114.145411][T10001] ? mark_lock+0xb5/0xc60 [ 114.145435][T10001] kvm_mmu_faultin_pfn+0x583/0x2190 [ 114.145468][T10001] ? __pfx_fast_page_fault+0x10/0x10 [ 114.145491][T10001] ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10 [ 114.145514][T10001] ? __pfx___lock_acquire+0x10/0x10 [ 114.145535][T10001] ? __kvm_mmu_topup_memory_cache+0x330/0x600 [ 114.145557][T10001] ? hlock_class+0x4e/0x130 [ 114.145583][T10001] kvm_tdp_page_fault+0x182/0x3d0 [ 114.145604][T10001] kvm_mmu_do_page_fault+0x587/0x6c0 [ 114.145639][T10001] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 114.145667][T10001] ? hlock_class+0x4e/0x130 [ 114.145686][T10001] kvm_mmu_page_fault+0x20f/0x1bd0 [ 114.145711][T10001] ? __pfx___lock_acquire+0x10/0x10 [ 114.145734][T10001] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 114.145752][T10001] ? __pfx_mark_lock+0x10/0x10 [ 114.145779][T10001] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 114.145803][T10001] handle_ept_violation+0x25a/0x640 [ 114.145821][T10001] ? __pfx_handle_ept_violation+0x10/0x10 [ 114.145837][T10001] vmx_handle_exit+0x6a4/0x1a30 [ 114.145862][T10001] vcpu_run+0x3047/0x4f50 [ 114.145889][T10001] ? __pfx_vcpu_run+0x10/0x10 [ 114.145904][T10001] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 114.145925][T10001] ? rcu_is_watching+0x12/0xc0 [ 114.145943][T10001] ? trace_lock_acquire+0x14e/0x1f0 [ 114.145960][T10001] ? __local_bh_enable_ip+0xa4/0x120 [ 114.145982][T10001] ? lockdep_hardirqs_on+0x7c/0x110 [ 114.146005][T10001] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 114.146030][T10001] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 114.146049][T10001] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 114.146082][T10001] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 114.146105][T10001] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 114.146150][T10001] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 114.146178][T10001] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 114.146207][T10001] ? __pfx_lock_release+0x10/0x10 [ 114.146240][T10001] ? selinux_file_ioctl+0x180/0x270 [ 114.146262][T10001] ? selinux_file_ioctl+0xb4/0x270 [ 114.146287][T10001] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 114.146308][T10001] __x64_sys_ioctl+0x190/0x200 [ 114.146333][T10001] do_syscall_64+0xcd/0x250 [ 114.146352][T10001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.146375][T10001] RIP: 0033:0x7f1d03f8cda9 [ 114.146389][T10001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.146404][T10001] RSP: 002b:00007f1d04ed4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 114.146421][T10001] RAX: ffffffffffffffda RBX: 00007f1d041a5fa0 RCX: 00007f1d03f8cda9 [ 114.146432][T10001] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 114.146441][T10001] RBP: 00007f1d04ed4090 R08: 0000000000000000 R09: 0000000000000000 [ 114.146451][T10001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 114.146461][T10001] R13: 0000000000000000 R14: 00007f1d041a5fa0 R15: 00007fff4bcf08e8 [ 114.146485][T10001] [ 114.255120][T10016] syz.1.1434: attempt to access beyond end of device [ 114.255120][T10016] loop1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 114.256274][ C3] vkms_vblank_simulate: vblank timer overrun [ 114.259628][T10016] syz.1.1434: attempt to access beyond end of device [ 114.259628][T10016] loop1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 114.362757][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 114.365632][T10016] syz.1.1434: attempt to access beyond end of device [ 114.365632][T10016] loop1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 114.370354][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 114.373193][T10016] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 114.375419][T10016] UDF-fs: Scanning with blocksize 512 failed [ 114.378468][T10016] syz.1.1434: attempt to access beyond end of device [ 114.378468][T10016] loop1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 114.382225][T10016] syz.1.1434: attempt to access beyond end of device [ 114.382225][T10016] loop1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 114.385937][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 114.389142][T10016] syz.1.1434: attempt to access beyond end of device [ 114.389142][T10016] loop1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 114.393226][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 114.396037][T10016] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 114.398840][T10016] UDF-fs: Scanning with blocksize 1024 failed [ 114.400882][T10016] syz.1.1434: attempt to access beyond end of device [ 114.400882][T10016] loop1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 114.404692][T10016] syz.1.1434: attempt to access beyond end of device [ 114.404692][T10016] loop1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 114.409997][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 114.412917][T10016] syz.1.1434: attempt to access beyond end of device [ 114.412917][T10016] loop1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 114.417896][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 114.420575][T10016] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 114.422749][T10016] UDF-fs: Scanning with blocksize 2048 failed [ 114.424732][T10016] syz.1.1434: attempt to access beyond end of device [ 114.424732][T10016] loop1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 114.428394][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 114.431199][T10016] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 114.433938][T10016] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 114.436141][T10016] UDF-fs: Scanning with blocksize 4096 failed [ 114.438646][T10016] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 114.486429][T10031] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1438'. [ 114.501746][ T5943] Bluetooth: hci3: unexpected event for opcode 0x202a [ 114.717139][T10061] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1451'. [ 114.751988][T10063] netlink: 'syz.3.1452': attribute type 10 has an invalid length. [ 114.755180][T10063] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1452'. [ 114.799870][T10066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.927809][ T56] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 115.090271][ T56] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 115.094242][ T56] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 115.098239][ T56] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 115.106060][ T56] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 115.110205][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.113458][ T56] usb 6-1: Product: syz [ 115.115142][ T56] usb 6-1: Manufacturer: syz [ 115.117038][ T56] usb 6-1: SerialNumber: syz [ 115.334917][ T56] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 115.347921][ T56] usb 6-1: USB disconnect, device number 11 [ 115.353725][ T56] usblp0: removed [ 115.641592][ T39] kauditd_printk_skb: 19895 callbacks suppressed [ 115.641610][ T39] audit: type=1400 audit(1738300739.037:20499): avc: denied { name_connect } for pid=10093 comm="syz.3.1465" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 115.883529][ T39] audit: type=1400 audit(1738300739.277:20500): avc: denied { connect } for pid=10104 comm="syz.1.1469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 116.440183][T10109] netlink: 4420 bytes leftover after parsing attributes in process `syz.1.1470'. [ 116.461648][T10114] netlink: 'syz.2.1471': attribute type 3 has an invalid length. [ 116.468873][ T39] audit: type=1400 audit(1738300739.867:20501): avc: denied { create } for pid=10113 comm="syz.2.1471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 116.493354][ T39] audit: type=1400 audit(1738300739.887:20502): avc: denied { read } for pid=10115 comm="syz.1.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 116.617367][T10136] sch_tbf: burst 19872 is lower than device lo mtu (39799) ! [ 116.655893][T10132] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode broadcast(3) [ 116.715782][T10148] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.726151][T10143] syz.0.1482 (10143): drop_caches: 2 [ 116.896233][T10159] tun0: tun_chr_ioctl cmd 1074025675 [ 116.898460][T10159] tun0: persist enabled [ 116.899890][T10159] tun0: tun_chr_ioctl cmd 1074025675 [ 116.901445][T10159] tun0: persist disabled [ 116.967798][ T834] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 116.970844][ T8] usb 7-1: new low-speed USB device number 12 using dummy_hcd [ 117.098194][ T8] usb 7-1: device descriptor read/64, error -71 [ 117.117687][ T834] usb 8-1: Using ep0 maxpacket: 8 [ 117.121214][ T834] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 117.123761][ T834] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.126635][ T834] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 117.129468][ T834] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 117.132294][ T834] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.135984][ T834] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 117.138742][ T834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.166538][ T39] audit: type=1400 audit(1738300740.557:20503): avc: denied { shutdown } for pid=10168 comm="syz.1.1492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 117.337756][ T8] usb 7-1: new low-speed USB device number 13 using dummy_hcd [ 117.342450][T10171] netlink: 47 bytes leftover after parsing attributes in process `syz.1.1493'. [ 117.345992][ T834] usb 8-1: usb_control_msg returned -32 [ 117.347725][ T834] usbtmc 8-1:16.0: can't read capabilities [ 117.388641][ T5943] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 117.391534][ T5943] Bluetooth: hci1: Injecting HCI hardware error event [ 117.395528][ T5943] Bluetooth: hci1: hardware error 0x00 [ 117.467810][ T8] usb 7-1: device descriptor read/64, error -71 [ 117.588048][ T8] usb usb7-port1: attempt power cycle [ 117.656083][T10183] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1498'. [ 117.660042][T10183] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1498'. [ 117.665361][T10183] erspan0: entered promiscuous mode [ 117.668137][T10183] erspan0: left promiscuous mode [ 117.765264][T10191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1500'. [ 117.795709][T10194] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1501'. [ 117.798477][T10194] bridge: RTM_NEWNEIGH with invalid ether address [ 117.801221][T10194] bridge: RTM_NEWNEIGH with invalid ether address [ 117.947927][ T8] usb 7-1: new low-speed USB device number 14 using dummy_hcd [ 117.969491][ T8] usb 7-1: device descriptor read/8, error -71 [ 118.217779][ T8] usb 7-1: new low-speed USB device number 15 using dummy_hcd [ 118.228984][T10207] ISOFS: Unable to identify CD-ROM format. [ 118.238347][ T8] usb 7-1: device descriptor read/8, error -71 [ 118.347913][ T8] usb usb7-port1: unable to enumerate USB device [ 118.763143][ T39] audit: type=1400 audit(1738300742.157:20504): avc: denied { watch watch_reads } for pid=10208 comm="syz.0.1506" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1066 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 119.057811][ T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 119.217760][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 119.220588][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.223747][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.226561][ T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 119.229253][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.232453][ T8] usb 5-1: config 0 descriptor?? [ 119.327845][ T5973] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 119.467741][ T5943] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 119.479219][ T5973] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 119.482371][ T5973] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 119.486000][ T5973] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 119.489479][ T5973] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 119.492695][ T5973] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 119.496706][ T5973] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 119.499239][ T5973] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 119.501470][ T5973] usb 6-1: Product: syz [ 119.502741][ T5973] usb 6-1: Manufacturer: syz [ 119.506401][ T5973] cdc_wdm 6-1:1.0: skipping garbage [ 119.508030][ T5973] cdc_wdm 6-1:1.0: skipping garbage [ 119.511073][ T5973] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device [ 119.512839][ T5973] cdc_wdm 6-1:1.0: Unknown control protocol [ 119.652735][ T39] audit: type=1400 audit(1738300743.047:20505): avc: denied { relabelfrom } for pid=10214 comm="syz.0.1508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 119.660194][ T39] audit: type=1400 audit(1738300743.047:20506): avc: denied { relabelto } for pid=10214 comm="syz.0.1508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 119.708035][T10226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.712970][T10226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.718095][ T1454] usb 8-1: USB disconnect, device number 8 [ 119.724469][ T6610] usb 6-1: USB disconnect, device number 12 [ 119.729822][ T8] usbhid 5-1:0.0: can't add hid device: -71 [ 119.731600][ T8] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 119.735237][ T8] usb 5-1: USB disconnect, device number 7 [ 120.108791][T10243] Malformed UNC in devname [ 120.108791][T10243] [ 120.110820][T10243] CIFS: VFS: Malformed UNC in devname [ 120.254028][T10246] __nla_validate_parse: 1 callbacks suppressed [ 120.254042][T10246] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1520'. [ 120.322296][T10256] can: request_module (can-proto-0) failed. [ 120.628093][ T6610] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 120.779117][ T6610] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 120.781644][ T6610] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 120.784609][ T6610] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 120.787194][ T6610] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 120.790573][ T6610] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 120.794845][ T6610] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 120.797455][ T6610] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 120.799964][ T6610] usb 6-1: Product: syz [ 120.801193][ T6610] usb 6-1: Manufacturer: syz [ 120.804526][ T6610] cdc_wdm 6-1:1.0: skipping garbage [ 120.806102][ T6610] cdc_wdm 6-1:1.0: skipping garbage [ 120.808986][ T6610] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 120.810765][ T6610] cdc_wdm 6-1:1.0: Unknown control protocol [ 120.847752][ T5989] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 121.007693][ T5989] usb 8-1: Using ep0 maxpacket: 8 [ 121.009691][T10264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.009852][T10264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.017963][ T5989] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 121.021222][ T5989] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 121.024194][ T5989] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 121.026450][ T6610] usb 6-1: USB disconnect, device number 13 [ 121.027344][ T5989] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.033859][ T5989] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 121.036582][ T5989] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.143725][T10297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1541'. [ 121.243187][ T39] audit: type=1400 audit(1738300744.637:20507): avc: denied { getopt } for pid=10281 comm="syz.3.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 121.247315][ T5989] usb 8-1: GET_CAPABILITIES returned 0 [ 121.251398][ T5989] usbtmc 8-1:16.0: can't read capabilities [ 121.451086][ T73] usb 8-1: USB disconnect, device number 9 [ 121.548381][T10306] FAULT_INJECTION: forcing a failure. [ 121.548381][T10306] name failslab, interval 1, probability 0, space 0, times 0 [ 121.552122][T10306] CPU: 2 UID: 0 PID: 10306 Comm: syz.1.1545 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 121.552134][T10306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.552140][T10306] Call Trace: [ 121.552143][T10306] [ 121.552147][T10306] dump_stack_lvl+0x16c/0x1f0 [ 121.552175][T10306] should_fail_ex+0x50a/0x650 [ 121.552192][T10306] ? fs_reclaim_acquire+0xae/0x150 [ 121.552205][T10306] ? tomoyo_encode2+0x100/0x3e0 [ 121.552217][T10306] should_failslab+0xc2/0x120 [ 121.552227][T10306] __kmalloc_noprof+0xcb/0x510 [ 121.552237][T10306] ? d_absolute_path+0x137/0x1b0 [ 121.552247][T10306] ? rcu_is_watching+0x12/0xc0 [ 121.552258][T10306] tomoyo_encode2+0x100/0x3e0 [ 121.552271][T10306] tomoyo_encode+0x29/0x50 [ 121.552282][T10306] tomoyo_realpath_from_path+0x19d/0x720 [ 121.552297][T10306] tomoyo_path_number_perm+0x248/0x590 [ 121.552307][T10306] ? tomoyo_path_number_perm+0x235/0x590 [ 121.552318][T10306] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 121.552339][T10306] ? __pfx_lock_release+0x10/0x10 [ 121.552351][T10306] ? trace_lock_acquire+0x14e/0x1f0 [ 121.552363][T10306] ? lock_acquire+0x2f/0xb0 [ 121.552374][T10306] ? __fget_files+0x40/0x3a0 [ 121.552384][T10306] ? __fget_files+0x206/0x3a0 [ 121.552394][T10306] security_file_ioctl+0x9b/0x240 [ 121.552406][T10306] __x64_sys_ioctl+0xb7/0x200 [ 121.552419][T10306] do_syscall_64+0xcd/0x250 [ 121.552430][T10306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.552443][T10306] RIP: 0033:0x7f1aa198cda9 [ 121.552451][T10306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.552459][T10306] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 121.552468][T10306] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 121.552474][T10306] RDX: 0000000020000300 RSI: 00000000c00c642e RDI: 0000000000000004 [ 121.552479][T10306] RBP: 00007f1aa27c7090 R08: 0000000000000000 R09: 0000000000000000 [ 121.552485][T10306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.552489][T10306] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 121.552501][T10306] [ 121.552509][T10306] ERROR: Out of memory at tomoyo_realpath_from_path. [ 121.728289][T10312] syz.1.1548 (10312): drop_caches: 2 [ 122.131812][T10333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1554'. [ 122.135127][T10333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1554'. [ 122.138663][T10333] netlink: 'syz.3.1554': attribute type 12 has an invalid length. [ 122.366224][ T39] audit: type=1400 audit(1738300745.757:20508): avc: denied { setopt } for pid=10346 comm="syz.3.1561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 122.421487][T10355] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 122.486901][T10361] netlink: 'syz.2.1567': attribute type 4 has an invalid length. [ 122.489792][T10361] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1567'. [ 122.593931][ T39] audit: type=1400 audit(1738300745.987:20509): avc: denied { mounton } for pid=10367 comm="syz.3.1570" path="mnt:[4026533165]" dev="nsfs" ino=4026533165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 122.594708][T10368] overlayfs: missing 'lowerdir' [ 122.680191][T10375] SELinux: Context system_u:object_r:dmesg_exec_t:s0 is not valid (left unmapped). [ 122.687686][ T39] audit: type=1400 audit(1738300746.077:20510): avc: denied { relabelfrom } for pid=10374 comm="syz.3.1572" name="UNIX-STREAM" dev="sockfs" ino=33535 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 122.694623][ T39] audit: type=1400 audit(1738300746.077:20511): avc: denied { relabelto } for pid=10374 comm="syz.3.1572" name="UNIX-STREAM" dev="sockfs" ino=33535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=unix_stream_socket permissive=1 trawcon="system_u:object_r:dmesg_exec_t:s0" [ 122.932070][T10391] syz.1.1578 (10391): drop_caches: 2 [ 123.396475][T10411] syz.3.1587 (10411): drop_caches: 2 [ 123.509313][T10419] openvswitch: netlink: IP tunnel dst address not specified [ 123.547746][T10416] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 123.550081][T10416] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 123.592277][T10426] FAULT_INJECTION: forcing a failure. [ 123.592277][T10426] name failslab, interval 1, probability 0, space 0, times 0 [ 123.596382][T10426] CPU: 0 UID: 0 PID: 10426 Comm: syz.1.1592 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 123.596394][T10426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.596399][T10426] Call Trace: [ 123.596402][T10426] [ 123.596406][T10426] dump_stack_lvl+0x16c/0x1f0 [ 123.596420][T10426] should_fail_ex+0x50a/0x650 [ 123.596433][T10426] ? fs_reclaim_acquire+0xae/0x150 [ 123.596447][T10426] should_failslab+0xc2/0x120 [ 123.596457][T10426] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 123.596478][T10426] ? __alloc_skb+0x2b1/0x380 [ 123.596491][T10426] __alloc_skb+0x2b1/0x380 [ 123.596500][T10426] ? __pfx___alloc_skb+0x10/0x10 [ 123.596511][T10426] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 123.596523][T10426] netlink_alloc_large_skb+0x69/0x130 [ 123.596534][T10426] netlink_sendmsg+0x689/0xd70 [ 123.596546][T10426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 123.596560][T10426] ____sys_sendmsg+0xaaf/0xc90 [ 123.596573][T10426] ? copy_msghdr_from_user+0x10b/0x160 [ 123.596584][T10426] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.596601][T10426] ___sys_sendmsg+0x135/0x1e0 [ 123.596613][T10426] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.596627][T10426] ? __pfx_lock_release+0x10/0x10 [ 123.596640][T10426] ? trace_lock_acquire+0x14e/0x1f0 [ 123.596653][T10426] ? __fget_files+0x206/0x3a0 [ 123.596665][T10426] __sys_sendmsg+0x16e/0x220 [ 123.596676][T10426] ? __pfx___sys_sendmsg+0x10/0x10 [ 123.596693][T10426] do_syscall_64+0xcd/0x250 [ 123.596703][T10426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.596716][T10426] RIP: 0033:0x7f1aa198cda9 [ 123.596723][T10426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.596732][T10426] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.596741][T10426] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 123.596748][T10426] RDX: 0000000004008094 RSI: 0000000020001200 RDI: 0000000000000004 [ 123.596753][T10426] RBP: 00007f1aa27c7090 R08: 0000000000000000 R09: 0000000000000000 [ 123.596758][T10426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.596763][T10426] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 123.596774][T10426] [ 123.709439][T10436] syz.1.1598 (10436): drop_caches: 2 [ 123.812095][T10442] FAULT_INJECTION: forcing a failure. [ 123.812095][T10442] name failslab, interval 1, probability 0, space 0, times 0 [ 123.815813][T10442] CPU: 3 UID: 0 PID: 10442 Comm: syz.2.1600 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 123.815825][T10442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.815831][T10442] Call Trace: [ 123.815834][T10442] [ 123.815837][T10442] dump_stack_lvl+0x16c/0x1f0 [ 123.815851][T10442] should_fail_ex+0x50a/0x650 [ 123.815865][T10442] ? fs_reclaim_acquire+0xae/0x150 [ 123.815878][T10442] ? tomoyo_realpath_from_path+0xb9/0x720 [ 123.815890][T10442] should_failslab+0xc2/0x120 [ 123.815901][T10442] __kmalloc_noprof+0xcb/0x510 [ 123.815910][T10442] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 123.815925][T10442] tomoyo_realpath_from_path+0xb9/0x720 [ 123.815936][T10442] ? tomoyo_path_number_perm+0x235/0x590 [ 123.815946][T10442] ? tomoyo_path_number_perm+0x235/0x590 [ 123.815957][T10442] tomoyo_path_number_perm+0x248/0x590 [ 123.815967][T10442] ? tomoyo_path_number_perm+0x235/0x590 [ 123.815978][T10442] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 123.816003][T10442] ? __pfx_lock_release+0x10/0x10 [ 123.816014][T10442] ? trace_lock_acquire+0x14e/0x1f0 [ 123.816025][T10442] ? lock_acquire+0x2f/0xb0 [ 123.816036][T10442] ? __fget_files+0x40/0x3a0 [ 123.816046][T10442] ? __fget_files+0x206/0x3a0 [ 123.816056][T10442] security_file_ioctl+0x9b/0x240 [ 123.816069][T10442] __x64_sys_ioctl+0xb7/0x200 [ 123.816082][T10442] do_syscall_64+0xcd/0x250 [ 123.816094][T10442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.816106][T10442] RIP: 0033:0x7f3b7c98cda9 [ 123.816114][T10442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.816122][T10442] RSP: 002b:00007f3b7d7d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.816131][T10442] RAX: ffffffffffffffda RBX: 00007f3b7cba5fa0 RCX: 00007f3b7c98cda9 [ 123.816136][T10442] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000008 [ 123.816141][T10442] RBP: 00007f3b7d7d5090 R08: 0000000000000000 R09: 0000000000000000 [ 123.816146][T10442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.816151][T10442] R13: 0000000000000000 R14: 00007f3b7cba5fa0 R15: 00007ffd227bd548 [ 123.816162][T10442] [ 123.816166][T10442] ERROR: Out of memory at tomoyo_realpath_from_path. [ 123.911698][ T39] audit: type=1326 audit(1738305864.303:20512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.2.1604" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b7c98cda9 code=0x0 [ 123.968899][T10458] FAULT_INJECTION: forcing a failure. [ 123.968899][T10458] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 123.972644][T10458] CPU: 2 UID: 0 PID: 10458 Comm: syz.1.1605 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 123.972662][T10458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.972667][T10458] Call Trace: [ 123.972670][T10458] [ 123.972673][T10458] dump_stack_lvl+0x16c/0x1f0 [ 123.972687][T10458] should_fail_ex+0x50a/0x650 [ 123.972703][T10458] _copy_from_iter+0x2a1/0x1560 [ 123.972716][T10458] ? trace_lock_acquire+0x14e/0x1f0 [ 123.972728][T10458] ? __pfx__copy_from_iter+0x10/0x10 [ 123.972741][T10458] ? __virt_addr_valid+0x1a4/0x590 [ 123.972752][T10458] ? __virt_addr_valid+0x5e/0x590 [ 123.972760][T10458] ? __phys_addr_symbol+0x30/0x80 [ 123.972768][T10458] ? __check_object_size+0x488/0x710 [ 123.972781][T10458] pppol2tp_sendmsg+0x444/0x5e0 [ 123.972796][T10458] sock_write_iter+0x4fe/0x5b0 [ 123.972810][T10458] ? __pfx_sock_write_iter+0x10/0x10 [ 123.972827][T10458] ? __pfx_file_has_perm+0x10/0x10 [ 123.972838][T10458] do_iter_readv_writev+0x655/0x950 [ 123.972851][T10458] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 123.972863][T10458] ? selinux_file_permission+0x11f/0x580 [ 123.972878][T10458] ? rw_verify_area+0xcf/0x680 [ 123.972890][T10458] vfs_writev+0x363/0xdd0 [ 123.972901][T10458] ? find_held_lock+0x2d/0x110 [ 123.972912][T10458] ? __pfx_vfs_writev+0x10/0x10 [ 123.972924][T10458] ? find_held_lock+0x2d/0x110 [ 123.972935][T10458] ? __pfx_lock_release+0x10/0x10 [ 123.972946][T10458] ? trace_lock_acquire+0x14e/0x1f0 [ 123.972959][T10458] ? __fget_files+0x206/0x3a0 [ 123.972971][T10458] ? do_writev+0x297/0x340 [ 123.972981][T10458] do_writev+0x297/0x340 [ 123.972993][T10458] ? __pfx_do_writev+0x10/0x10 [ 123.973008][T10458] do_syscall_64+0xcd/0x250 [ 123.973018][T10458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.973030][T10458] RIP: 0033:0x7f1aa198cda9 [ 123.973038][T10458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.973046][T10458] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 123.973054][T10458] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 123.973060][T10458] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000003 [ 123.973065][T10458] RBP: 00007f1aa27c7090 R08: 0000000000000000 R09: 0000000000000000 [ 123.973069][T10458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.973074][T10458] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 123.973085][T10458] [ 124.015027][T10460] program syz.2.1604 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 124.081226][T10466] syz.1.1609 (10466): drop_caches: 2 [ 124.086247][T10468] input: syz0 as /devices/virtual/input/input27 [ 124.237253][ T39] audit: type=1400 audit(1738305864.623:20513): avc: denied { ioctl } for pid=10481 comm="syz.0.1616" path="socket:[33690]" dev="sockfs" ino=33690 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 124.239757][T10482] vlan2: entered promiscuous mode [ 124.246403][T10482] vlan2: entered allmulticast mode [ 124.249340][T10482] vlan0: entered allmulticast mode [ 124.251035][T10482] veth0_vlan: entered allmulticast mode [ 124.252811][T10482] vlan0: entered promiscuous mode [ 124.263107][T10482] team0: Port device vlan2 added [ 124.309810][T10488] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1619'. [ 124.359422][T10494] syz.0.1620 (10494): drop_caches: 2 [ 124.745945][ T39] audit: type=1326 audit(1738305865.133:20514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10506 comm="syz.3.1625" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020558cda9 code=0x7ffc0000 [ 124.757722][ T39] audit: type=1326 audit(1738305865.133:20515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10506 comm="syz.3.1625" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020558cda9 code=0x7ffc0000 [ 124.766312][ T39] audit: type=1326 audit(1738305865.143:20516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10506 comm="syz.3.1625" exe="/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f020558cda9 code=0x7ffc0000 [ 124.774513][T10510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1626'. [ 124.778381][T10510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1626'. [ 124.860679][T10517] syz.2.1629 (10517): drop_caches: 2 [ 124.961883][T10524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1632'. [ 124.966610][T10524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1632'. syzkaller syzkaller login: [ 125.271272][T10496] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 125.286873][T10533] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.289472][T10533] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.291806][T10533] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.294255][T10533] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.297736][ T73] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 125.353998][T10540] syz.1.1638 (10540): drop_caches: 2 [ 125.469516][ T73] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 125.472300][ T73] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 125.475339][ T73] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 125.478124][ T73] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 125.481346][ T73] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 125.485874][ T73] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 125.488665][ T73] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 125.491091][ T73] usb 7-1: Product: syz [ 125.492410][ T73] usb 7-1: Manufacturer: syz [ 125.496897][ T73] cdc_wdm 7-1:1.0: skipping garbage [ 125.498774][ T73] cdc_wdm 7-1:1.0: skipping garbage [ 125.503034][ T73] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 125.504823][ T73] cdc_wdm 7-1:1.0: Unknown control protocol [ 125.617781][ T5943] Bluetooth: hci3: command 0x040f tx timeout [ 125.619325][ T5931] Bluetooth: hci0: command 0x040f tx timeout [ 125.698131][T10529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.700726][T10529] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.706595][ T35] usb 7-1: USB disconnect, device number 16 [ 125.769204][T10558] /dev/sg0: Can't lookup blockdev [ 125.807895][T10560] syz.3.1647 (10560): drop_caches: 2 [ 126.189122][T10583] Invalid ELF header magic: != ELF [ 126.200112][T10596] syz.1.1661 (10596): drop_caches: 2 [ 126.316478][ T39] kauditd_printk_skb: 11 callbacks suppressed [ 126.316488][ T39] audit: type=1400 audit(1738305866.703:20528): avc: denied { create } for pid=10600 comm="syz.3.1663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 126.324242][ T39] audit: type=1400 audit(1738305866.703:20529): avc: denied { ioctl } for pid=10600 comm="syz.3.1663" path="socket:[34485]" dev="sockfs" ino=34485 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 126.372457][T10603] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10603 comm=syz.1.1664 [ 126.376510][T10603] netlink: 'syz.1.1664': attribute type 1 has an invalid length. [ 126.386141][T10603] 8021q: adding VLAN 0 to HW filter on device bond2 [ 126.393952][T10603] 8021q: adding VLAN 0 to HW filter on device bond2 [ 126.396066][T10603] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 126.399831][T10603] bond2: (slave vcan1): Error -95 calling set_mac_address [ 126.413062][T10601] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1663'. [ 126.477664][ T73] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 126.637685][ T73] usb 7-1: Using ep0 maxpacket: 16 [ 126.640749][ T73] usb 7-1: unable to get BOS descriptor or descriptor too short [ 126.643857][ T73] usb 7-1: config 1 interface 0 has no altsetting 0 [ 126.647257][ T73] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1c06, bcdDevice= 0.40 [ 126.649910][ T73] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.652222][ T73] usb 7-1: Product: syz [ 126.653642][ T73] usb 7-1: Manufacturer: syz [ 126.655056][ T73] usb 7-1: SerialNumber: syz [ 126.891357][ T73] usbhid 7-1:1.0: can't add hid device: -71 [ 126.893845][ T73] usbhid 7-1:1.0: probe with driver usbhid failed with error -71 [ 126.898557][ T73] usb 7-1: USB disconnect, device number 17 [ 126.909221][ T6610] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 127.035917][T10629] dccp_invalid_packet: invalid packet type [ 127.062990][ T39] audit: type=1400 audit(1738305867.453:20530): avc: denied { append } for pid=10630 comm="syz.0.1672" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 127.068984][ T6610] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 127.072066][ T6610] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 127.074996][ T6610] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 127.077709][ T6610] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 127.081769][ T6610] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 127.086156][ T6610] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 127.088902][ T6610] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 127.091192][ T6610] usb 8-1: Product: syz [ 127.092404][ T6610] usb 8-1: Manufacturer: syz [ 127.096072][ T6610] cdc_wdm 8-1:1.0: skipping garbage [ 127.098267][ T6610] cdc_wdm 8-1:1.0: skipping garbage [ 127.100303][ T6610] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 127.102029][ T6610] cdc_wdm 8-1:1.0: Unknown control protocol [ 127.210997][T10644] openvswitch: netlink: IP tunnel dst address not specified [ 127.273271][T10648] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1678'. [ 127.276434][T10648] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1678'. [ 127.280070][ T39] audit: type=1400 audit(1738305867.673:20531): avc: denied { ioctl } for pid=10647 comm="syz.0.1678" path="/dev/cpu/3/msr" dev="devtmpfs" ino=93 ioctlcmd=0x9424 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 127.298454][T10621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.302116][T10621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.309074][ T73] usb 8-1: USB disconnect, device number 10 syzkaller syzkaller login: [ 127.458100][ T5973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.482998][T10658] /dev/sg0: Can't lookup blockdev [ 127.575528][T10667] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 127.578678][T10667] macvtap1: entered promiscuous mode [ 127.580511][T10667] macvtap1: entered allmulticast mode [ 127.582549][T10667] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 127.585927][T10667] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 127.588320][T10667] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 127.673457][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1688'. [ 127.708045][ T5931] Bluetooth: hci0: command 0x040f tx timeout [ 127.714249][T10670] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1688'. [ 127.716862][T10670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1688'. [ 127.768875][T10672] syz.2.1689 (10672): drop_caches: 2 [ 127.846803][T10674] input: syz0 as /devices/virtual/input/input30 [ 127.849388][T10674] input: failed to attach handler leds to device input30, error: -6 [ 127.993954][T10682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.034646][T10689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1696'. [ 128.101209][ T6610] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.310701][T10698] lo speed is unknown, defaulting to 1000 [ 128.392131][T10702] CIFS mount error: No usable UNC path provided in device string! [ 128.392131][T10702] [ 128.395094][T10702] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 128.459171][T10709] dlm: non-version read from control device 0 [ 128.527729][ T35] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 128.554287][T10714] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1707'. [ 128.557934][T10714] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32768 sclass=netlink_route_socket pid=10714 comm=syz.0.1707 [ 128.678301][T10734] fuse: Unknown parameter 'gOFWk00000000000000000000' [ 128.704775][T10732] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.707726][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.709581][ T35] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 128.713026][ T35] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 128.716053][ T35] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 128.718827][ T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 128.722003][ T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 128.727966][ T35] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 128.731458][ T35] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 128.733751][ T35] usb 8-1: Product: syz [ 128.735006][ T35] usb 8-1: Manufacturer: syz [ 128.739093][T10737] syz.1.1718 (10737): drop_caches: 2 [ 128.741174][ T35] cdc_wdm 8-1:1.0: skipping garbage [ 128.742864][ T35] cdc_wdm 8-1:1.0: skipping garbage [ 128.750201][ T35] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 128.752534][ T35] cdc_wdm 8-1:1.0: Unknown control protocol [ 128.794763][T10743] syz.2.1721 (10743): drop_caches: 2 [ 128.942053][T10696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.945176][T10696] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.948802][ T35] usb 8-1: USB disconnect, device number 11 [ 129.137871][ T6610] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.455235][T10784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1739'. [ 129.480428][T10786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1741'. [ 129.483989][T10786] FAULT_INJECTION: forcing a failure. [ 129.483989][T10786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.489337][T10786] CPU: 2 UID: 0 PID: 10786 Comm: syz.0.1741 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 129.489349][T10786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.489355][T10786] Call Trace: [ 129.489358][T10786] [ 129.489361][T10786] dump_stack_lvl+0x16c/0x1f0 [ 129.489393][T10786] should_fail_ex+0x50a/0x650 [ 129.489423][T10786] _copy_to_user+0x32/0xd0 [ 129.489446][T10786] simple_read_from_buffer+0xd0/0x160 [ 129.489470][T10786] proc_fail_nth_read+0x198/0x270 [ 129.489491][T10786] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 129.489513][T10786] ? rw_verify_area+0xcf/0x680 [ 129.489531][T10786] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 129.489551][T10786] vfs_read+0x1df/0xbf0 [ 129.489573][T10786] ? __fget_files+0x1fc/0x3a0 [ 129.489587][T10786] ? __pfx___mutex_lock+0x10/0x10 [ 129.489603][T10786] ? __pfx_vfs_read+0x10/0x10 [ 129.489629][T10786] ? __fget_files+0x206/0x3a0 [ 129.489648][T10786] ksys_read+0x12b/0x250 [ 129.489666][T10786] ? __pfx_ksys_read+0x10/0x10 [ 129.489697][T10786] do_syscall_64+0xcd/0x250 [ 129.489712][T10786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.489730][T10786] RIP: 0033:0x7f1d03f8b7bc [ 129.489741][T10786] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 129.489756][T10786] RSP: 002b:00007f1d04ed4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 129.489770][T10786] RAX: ffffffffffffffda RBX: 00007f1d041a5fa0 RCX: 00007f1d03f8b7bc [ 129.489779][T10786] RDX: 000000000000000f RSI: 00007f1d04ed40a0 RDI: 0000000000000004 [ 129.489787][T10786] RBP: 00007f1d04ed4090 R08: 0000000000000000 R09: 0000000000000000 [ 129.489797][T10786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.489805][T10786] R13: 0000000000000000 R14: 00007f1d041a5fa0 R15: 00007fff4bcf08e8 [ 129.489826][T10786] [ 129.574429][T10792] netlink: 'syz.0.1743': attribute type 1 has an invalid length. [ 129.584160][T10792] 8021q: adding VLAN 0 to HW filter on device bond1 [ 129.592181][T10792] bond1: (slave gretap1): making interface the new active one [ 129.595493][T10792] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 129.831083][T10797] netlink: 'syz.0.1746': attribute type 10 has an invalid length. [ 129.833629][T10797] team0: entered promiscuous mode [ 129.835203][T10797] team_slave_0: entered promiscuous mode [ 129.836997][T10797] team_slave_1: entered promiscuous mode [ 129.839105][T10797] team0: entered allmulticast mode [ 129.840664][T10797] team_slave_0: entered allmulticast mode [ 129.842373][T10797] team_slave_1: entered allmulticast mode [ 129.844682][T10797] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 129.937802][ T5943] Bluetooth: hci3: command 0x040f tx timeout [ 130.018316][ T8824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.022727][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.027295][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.107755][ T6610] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 130.190419][ T56] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.270643][ T6610] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 130.273185][ T6610] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 130.276081][ T6610] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 130.278769][ T6610] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 130.281923][ T6610] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 130.289644][ T6610] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 130.292325][ T6610] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 130.294657][ T6610] usb 5-1: Product: syz [ 130.295934][ T6610] usb 5-1: Manufacturer: syz [ 130.304153][ T6610] cdc_wdm 5-1:1.0: skipping garbage [ 130.305766][ T6610] cdc_wdm 5-1:1.0: skipping garbage [ 130.308099][ T6610] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 130.309896][ T6610] cdc_wdm 5-1:1.0: Unknown control protocol [ 130.498630][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.501769][ T39] audit: type=1326 audit(1738305870.893:20532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10801 comm="syz.2.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7c98cda9 code=0x7ffc0000 [ 130.504975][T10799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.509282][ T39] audit: type=1326 audit(1738305870.893:20533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10801 comm="syz.2.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7c98cda9 code=0x7ffc0000 [ 130.511787][T10799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.517889][ T39] audit: type=1326 audit(1738305870.893:20534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10801 comm="syz.2.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f3b7c98cda9 code=0x7ffc0000 [ 130.524721][ T6610] usb 5-1: USB disconnect, device number 8 [ 130.526569][ T39] audit: type=1326 audit(1738305870.893:20535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10801 comm="syz.2.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7c98cda9 code=0x7ffc0000 [ 130.535211][ T39] audit: type=1326 audit(1738305870.893:20536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10801 comm="syz.2.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3b7c98cda9 code=0x7ffc0000 [ 130.542982][ T39] audit: type=1326 audit(1738305870.893:20537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10801 comm="syz.2.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7c98cda9 code=0x7ffc0000 [ 130.574311][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.576605][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.579944][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.582240][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.584498][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.586760][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.589785][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.592132][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.594405][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.596656][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.600229][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.602515][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.604800][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.607210][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.609900][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.612207][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.614684][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.616835][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.619468][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.621828][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.624101][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.626206][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.628743][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.631318][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.633549][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.635779][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.638073][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.640279][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.642518][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.644757][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.647002][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.649298][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.651529][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.653771][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.655991][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.661076][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.663360][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.665657][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.670306][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.672586][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.674832][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.677053][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.679353][ T56] hid-generic 0000:0000:FFFFFFFE.0005: unknown main item tag 0x0 [ 130.687077][ T56] hid-generic 0000:0000:FFFFFFFE.0005: hidraw1: HID v0.00 Device [syz0] on syz0 [ 130.847681][ T73] usb 8-1: new full-speed USB device number 12 using dummy_hcd [ 130.998887][ T73] usb 8-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30 [ 131.002034][ T73] usb 8-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68 [ 131.005875][ T73] usb 8-1: config 1 interface 0 has no altsetting 0 [ 131.009869][ T73] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 131.013370][ T73] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.016331][ T73] usb 8-1: Product: syz [ 131.017993][ T73] usb 8-1: Manufacturer: syz [ 131.019427][ T73] usb 8-1: SerialNumber: syz [ 131.134179][T10822] overlayfs: conflicting options: userxattr,redirect_dir=on [ 131.217811][ T6610] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.296659][T10830] qnx6: unable to read the first superblock [ 131.389704][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 131.389714][ T39] audit: type=1400 audit(1738305871.783:20561): avc: denied { read } for pid=10835 comm="syz.2.1760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 131.567683][ T8] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 131.644356][ T39] audit: type=1400 audit(1738305872.033:20562): avc: denied { read write } for pid=5937 comm="syz-executor" name="loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 131.651320][ T39] audit: type=1400 audit(1738305872.033:20563): avc: denied { open } for pid=5937 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 131.658450][ T39] audit: type=1400 audit(1738305872.033:20564): avc: denied { ioctl } for pid=5937 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 131.719592][ T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 131.723085][ T8] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 131.726904][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 131.731028][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 131.731507][ T6089] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 131.734157][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 131.741434][ T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 131.744136][ T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 131.746403][ T8] usb 5-1: Product: syz [ 131.747925][ T8] usb 5-1: Manufacturer: syz [ 131.751468][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 131.753029][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 131.754996][ T8] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 131.756643][ T8] cdc_wdm 5-1:1.0: Unknown control protocol [ 131.771389][T10850] syz.2.1764 (10850): drop_caches: 2 [ 131.859912][ T6089] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 131.952878][ T8] usb 5-1: USB disconnect, device number 9 [ 132.074957][ T39] audit: type=1400 audit(1738305872.463:20565): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 132.133362][T10864] __nla_validate_parse: 5 callbacks suppressed [ 132.133372][T10864] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1770'. [ 132.193279][T10852] overlayfs: failed to resolve './file1': -2 [ 132.332169][T10873] syz.1.1774 (10873): drop_caches: 2 [ 132.425994][ T39] audit: type=1400 audit(1738305872.813:20566): avc: denied { bind } for pid=10875 comm="syz.1.1775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 132.465966][T10880] FAULT_INJECTION: forcing a failure. [ 132.465966][T10880] name failslab, interval 1, probability 0, space 0, times 0 [ 132.470312][T10880] CPU: 3 UID: 0 PID: 10880 Comm: syz.1.1776 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 132.470324][T10880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.470329][T10880] Call Trace: [ 132.470334][T10880] [ 132.470338][T10880] dump_stack_lvl+0x16c/0x1f0 [ 132.470352][T10880] should_fail_ex+0x50a/0x650 [ 132.470365][T10880] ? fs_reclaim_acquire+0xae/0x150 [ 132.470378][T10880] ? netfs_folioq_alloc+0x86/0x3c0 [ 132.470391][T10880] should_failslab+0xc2/0x120 [ 132.470401][T10880] __kmalloc_cache_noprof+0x68/0x410 [ 132.470414][T10880] ? netfs_alloc_request+0x738/0xbc0 [ 132.470427][T10880] netfs_folioq_alloc+0x86/0x3c0 [ 132.470442][T10880] rolling_buffer_init+0x26/0xb0 [ 132.470455][T10880] netfs_create_write_req+0x106/0x870 [ 132.470464][T10880] ? __pfx_netfs_writepages+0x10/0x10 [ 132.470472][T10880] netfs_writepages+0x1d4/0x8f0 [ 132.470483][T10880] ? __pfx_netfs_writepages+0x10/0x10 [ 132.470493][T10880] ? __pfx___lock_acquire+0x10/0x10 [ 132.470508][T10880] ? __pfx_netfs_writepages+0x10/0x10 [ 132.470517][T10880] do_writepages+0x1b3/0x820 [ 132.470528][T10880] ? find_held_lock+0x2d/0x110 [ 132.470539][T10880] ? __pfx_do_writepages+0x10/0x10 [ 132.470548][T10880] ? wbc_attach_fdatawrite_inode+0x13a/0x190 [ 132.470560][T10880] ? __pfx_lock_release+0x10/0x10 [ 132.470571][T10880] ? do_raw_spin_lock+0x12d/0x2c0 [ 132.470579][T10880] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 132.470587][T10880] ? lock_acquire+0x2f/0xb0 [ 132.470598][T10880] ? wbc_attach_fdatawrite_inode+0x24/0x190 [ 132.470609][T10880] ? do_raw_spin_unlock+0x172/0x230 [ 132.470617][T10880] ? _raw_spin_unlock+0x28/0x50 [ 132.470631][T10880] filemap_fdatawrite_wbc+0x104/0x160 [ 132.470642][T10880] v9fs_mmap_vm_close+0x1ff/0x250 [ 132.470659][T10880] ? __pfx_v9fs_mmap_vm_close+0x10/0x10 [ 132.470686][T10880] ? __pfx_v9fs_mmap_vm_close+0x10/0x10 [ 132.470696][T10880] __mmap_region+0x5bb/0x2760 [ 132.470707][T10880] ? __pfx___mmap_region+0x10/0x10 [ 132.470716][T10880] ? hlock_class+0x4e/0x130 [ 132.470728][T10880] ? hlock_class+0x4e/0x130 [ 132.470736][T10880] ? mark_lock+0xb5/0xc60 [ 132.470749][T10880] ? __pfx_mark_lock+0x10/0x10 [ 132.470759][T10880] ? register_lock_class+0xb1/0x1240 [ 132.470787][T10880] ? mm_get_unmapped_area+0x95/0xe0 [ 132.470803][T10880] mmap_region+0x1ab/0x3f0 [ 132.470815][T10880] do_mmap+0xd8d/0x11b0 [ 132.470829][T10880] ? __pfx_do_mmap+0x10/0x10 [ 132.470842][T10880] ? __pfx_down_write_killable+0x10/0x10 [ 132.470854][T10880] vm_mmap_pgoff+0x203/0x3a0 [ 132.470870][T10880] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 132.470883][T10880] ? __fget_files+0x206/0x3a0 [ 132.470895][T10880] ksys_mmap_pgoff+0x7d/0x5c0 [ 132.470910][T10880] ? __pfx_ksys_write+0x10/0x10 [ 132.470925][T10880] __x64_sys_mmap+0x125/0x190 [ 132.470939][T10880] do_syscall_64+0xcd/0x250 [ 132.470950][T10880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.470962][T10880] RIP: 0033:0x7f1aa198cda9 [ 132.470970][T10880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.470979][T10880] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 132.470988][T10880] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 132.470993][T10880] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000 [ 132.470998][T10880] RBP: 00007f1aa27c7090 R08: ffffffffffffffff R09: 0000000000000000 [ 132.471003][T10880] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000001 [ 132.471008][T10880] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 132.471020][T10880] [ 132.582653][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.584737][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.631342][T10884] QAT: Invalid ioctl -2110754303 [ 132.787770][T10892] syz.0.1783 (10892): drop_caches: 2 [ 132.875467][T10904] FAULT_INJECTION: forcing a failure. [ 132.875467][T10904] name failslab, interval 1, probability 0, space 0, times 0 [ 132.879448][T10904] CPU: 3 UID: 0 PID: 10904 Comm: syz.0.1788 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 132.879459][T10904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.879465][T10904] Call Trace: [ 132.879468][T10904] [ 132.879471][T10904] dump_stack_lvl+0x16c/0x1f0 [ 132.879485][T10904] should_fail_ex+0x50a/0x650 [ 132.879498][T10904] ? fs_reclaim_acquire+0xae/0x150 [ 132.879511][T10904] ? p9_fcall_init+0x97/0x260 [ 132.879523][T10904] should_failslab+0xc2/0x120 [ 132.879532][T10904] __kmalloc_noprof+0xcb/0x510 [ 132.879541][T10904] ? rcu_is_watching+0x12/0xc0 [ 132.879550][T10904] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 132.879564][T10904] p9_fcall_init+0x97/0x260 [ 132.879576][T10904] p9_tag_alloc+0x17a/0x660 [ 132.879590][T10904] ? __pfx_p9_tag_alloc+0x10/0x10 [ 132.879603][T10904] ? __lock_acquire+0x15a9/0x3c40 [ 132.879618][T10904] p9_client_prepare_req+0x19f/0x4d0 [ 132.879632][T10904] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 132.879646][T10904] ? hlock_class+0x4e/0x130 [ 132.879655][T10904] ? mark_lock+0xb5/0xc60 [ 132.879667][T10904] p9_client_rpc+0x1c3/0xc10 [ 132.879681][T10904] ? __pfx_p9_client_rpc+0x10/0x10 [ 132.879695][T10904] ? idr_preload_end+0xc2/0x230 [ 132.879706][T10904] ? __pfx_lock_release+0x10/0x10 [ 132.879717][T10904] ? __pfx_lock_release+0x10/0x10 [ 132.879730][T10904] ? mark_held_locks+0x9f/0xe0 [ 132.879741][T10904] ? rcu_is_watching+0x12/0xc0 [ 132.879752][T10904] p9_client_walk+0x1ac/0x530 [ 132.879762][T10904] ? __pfx_p9_client_walk+0x10/0x10 [ 132.879772][T10904] ? v9fs_fid_lookup+0xe9/0xec0 [ 132.879786][T10904] v9fs_file_open+0x596/0xac0 [ 132.879797][T10904] ? __pfx_v9fs_file_open+0x10/0x10 [ 132.879808][T10904] ? file_set_fsnotify_mode+0x163/0x5d0 [ 132.879821][T10904] do_dentry_open+0x735/0x1c40 [ 132.879835][T10904] ? __pfx_v9fs_file_open+0x10/0x10 [ 132.879845][T10904] ? inode_permission+0xdd/0x5f0 [ 132.879857][T10904] vfs_open+0x82/0x3f0 [ 132.879866][T10904] ? may_open+0x1f2/0x400 [ 132.879878][T10904] path_openat+0x1e88/0x2d80 [ 132.879898][T10904] ? __pfx_path_openat+0x10/0x10 [ 132.879906][T10904] ? __pfx___lock_acquire+0x10/0x10 [ 132.879917][T10904] ? lock_acquire.part.0+0x11b/0x380 [ 132.879928][T10904] ? find_held_lock+0x2d/0x110 [ 132.879938][T10904] do_filp_open+0x20c/0x470 [ 132.879947][T10904] ? __pfx_do_filp_open+0x10/0x10 [ 132.879954][T10904] ? find_held_lock+0x2d/0x110 [ 132.879971][T10904] ? alloc_fd+0x41f/0x760 [ 132.879988][T10904] do_sys_openat2+0x17a/0x1e0 [ 132.879998][T10904] ? __pfx_do_sys_openat2+0x10/0x10 [ 132.880009][T10904] ? __fget_files+0x206/0x3a0 [ 132.880019][T10904] __x64_sys_openat+0x175/0x210 [ 132.880030][T10904] ? __pfx___x64_sys_openat+0x10/0x10 [ 132.880039][T10904] ? ksys_write+0x1ba/0x250 [ 132.880056][T10904] do_syscall_64+0xcd/0x250 [ 132.880066][T10904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.880078][T10904] RIP: 0033:0x7f1d03f8cda9 [ 132.880085][T10904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.880093][T10904] RSP: 002b:00007f1d04ed4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 132.880102][T10904] RAX: ffffffffffffffda RBX: 00007f1d041a5fa0 RCX: 00007f1d03f8cda9 [ 132.880107][T10904] RDX: 0000000000020e40 RSI: 0000000020000280 RDI: ffffffffffffff9c [ 132.880112][T10904] RBP: 00007f1d04ed4090 R08: 0000000000000000 R09: 0000000000000000 [ 132.880117][T10904] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 132.880122][T10904] R13: 0000000000000000 R14: 00007f1d041a5fa0 R15: 00007fff4bcf08e8 [ 132.880133][T10904] [ 133.023809][T10907] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1790'. [ 133.055976][T10909] ubi0: attaching mtd0 [ 133.057921][T10909] ubi0: scanning is finished [ 133.059748][T10909] ================================================================== [ 133.062148][T10909] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x3ac/0x420 [ 133.064567][T10909] Read of size 4 at addr ffff88802aac98d8 by task syz.1.1791/10909 [ 133.067798][T10909] [ 133.068995][T10909] CPU: 0 UID: 0 PID: 10909 Comm: syz.1.1791 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 133.069007][T10909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.069013][T10909] Call Trace: [ 133.069017][T10909] [ 133.069021][T10909] dump_stack_lvl+0x116/0x1f0 [ 133.069035][T10909] print_report+0xc3/0x620 [ 133.069045][T10909] ? __virt_addr_valid+0x5e/0x590 [ 133.069055][T10909] ? __phys_addr+0xc6/0x150 [ 133.069065][T10909] kasan_report+0xd9/0x110 [ 133.069076][T10909] ? notifier_chain_register+0x3ac/0x420 [ 133.069088][T10909] ? notifier_chain_register+0x3ac/0x420 [ 133.069099][T10909] notifier_chain_register+0x3ac/0x420 [ 133.069109][T10909] blocking_notifier_chain_register+0x76/0xd0 [ 133.069120][T10909] ubi_wl_init+0x1018/0x17b0 [ 133.069138][T10909] ubi_attach+0x1b92/0x4c00 [ 133.069154][T10909] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 133.069169][T10909] ? lockdep_init_map_type+0x16d/0x7d0 [ 133.069183][T10909] ? __pfx_ubi_attach+0x10/0x10 [ 133.069197][T10909] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 133.069207][T10909] ubi_attach_mtd_dev+0x158f/0x3590 [ 133.069219][T10909] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 133.069229][T10909] ? __pfx_get_mtd_device+0x10/0x10 [ 133.069242][T10909] ctrl_cdev_ioctl+0x339/0x3d0 [ 133.069252][T10909] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 133.069261][T10909] ? selinux_file_ioctl+0x180/0x270 [ 133.069274][T10909] ? selinux_file_ioctl+0xb4/0x270 [ 133.069287][T10909] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 133.069297][T10909] __x64_sys_ioctl+0x190/0x200 [ 133.069309][T10909] do_syscall_64+0xcd/0x250 [ 133.069320][T10909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.069333][T10909] RIP: 0033:0x7f1aa198cda9 [ 133.069341][T10909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.069350][T10909] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.069359][T10909] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 133.069365][T10909] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000004 [ 133.069370][T10909] RBP: 00007f1aa1a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 133.069376][T10909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.069381][T10909] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 133.069389][T10909] [ 133.069392][T10909] [ 133.078644][T10911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1789'. [ 133.078828][T10909] Allocated by task 7769: [ 133.078836][T10909] kasan_save_stack+0x33/0x60 [ 133.078849][T10909] kasan_save_track+0x14/0x30 [ 133.078857][T10909] __kasan_slab_alloc+0x89/0x90 [ 133.078867][T10909] kmem_cache_alloc_noprof+0x226/0x3d0 [ 133.080291][T10911] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1789'. [ 133.081704][T10909] getname_flags.part.0+0x4c/0x550 [ 133.081721][T10909] __x64_sys_unlink+0xb0/0x110 [ 133.081731][T10909] do_syscall_64+0xcd/0x250 [ 133.081741][T10909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.170933][T10909] [ 133.171645][T10909] Freed by task 7769: [ 133.172810][T10909] kasan_save_stack+0x33/0x60 [ 133.174197][T10909] kasan_save_track+0x14/0x30 [ 133.175562][T10909] kasan_save_free_info+0x3b/0x60 [ 133.177033][T10909] __kasan_slab_free+0x51/0x70 [ 133.178429][T10909] kmem_cache_free+0x2e2/0x4d0 [ 133.179817][T10909] putname+0x13c/0x180 [ 133.181012][T10909] do_unlinkat+0x165/0x760 [ 133.182313][T10909] __x64_sys_unlink+0xc5/0x110 [ 133.183709][T10909] do_syscall_64+0xcd/0x250 [ 133.185038][T10909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.186767][T10909] [ 133.187474][T10909] The buggy address belongs to the object at ffff88802aac9100 [ 133.187474][T10909] which belongs to the cache names_cache of size 4096 [ 133.191441][T10909] The buggy address is located 2008 bytes inside of [ 133.191441][T10909] freed 4096-byte region [ffff88802aac9100, ffff88802aaca100) [ 133.195399][T10909] [ 133.196112][T10909] The buggy address belongs to the physical page: [ 133.198015][T10909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2aac8 [ 133.200517][T10909] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 133.202962][T10909] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 133.205136][T10909] page_type: f5(slab) [ 133.206319][T10909] raw: 00fff00000000040 ffff88801c2e3cc0 dead000000000122 0000000000000000 [ 133.208766][T10909] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 133.211232][T10909] head: 00fff00000000040 ffff88801c2e3cc0 dead000000000122 0000000000000000 [ 133.213718][T10909] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 133.216194][T10909] head: 00fff00000000003 ffffea0000aab201 ffffffffffffffff 0000000000000000 [ 133.218758][T10909] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 133.221354][T10909] page dumped because: kasan: bad access detected [ 133.223231][T10909] page_owner tracks the page as allocated [ 133.224891][T10909] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7769, tgid 7769 (udevd), ts 130706420344, free_ts 130596794604 [ 133.230745][T10909] post_alloc_hook+0x181/0x1b0 [ 133.232147][T10909] get_page_from_freelist+0xfce/0x2f80 [ 133.233765][T10909] __alloc_frozen_pages_noprof+0x221/0x2470 [ 133.235482][T10909] alloc_pages_mpol+0x1fc/0x540 [ 133.236899][T10909] new_slab+0x23d/0x330 [ 133.238242][T10909] ___slab_alloc+0xc5d/0x1720 [ 133.239644][T10909] __slab_alloc.constprop.0+0x56/0xb0 [ 133.241194][T10909] kmem_cache_alloc_noprof+0xfa/0x3d0 [ 133.242792][T10909] getname_flags.part.0+0x4c/0x550 [ 133.244272][T10909] getname+0x8d/0xe0 [ 133.245431][T10909] do_sys_openat2+0x104/0x1e0 [ 133.246830][T10909] __x64_sys_openat+0x175/0x210 [ 133.248247][T10909] do_syscall_64+0xcd/0x250 [ 133.249572][T10909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.251297][T10909] page last free pid 5356 tgid 5356 stack trace: [ 133.253130][T10909] free_frozen_pages+0x6db/0xfb0 [ 133.254581][T10909] __put_partials+0x14c/0x170 [ 133.255963][T10909] qlist_free_all+0x4e/0x120 [ 133.257313][T10909] kasan_quarantine_reduce+0x195/0x1e0 [ 133.258909][T10909] __kasan_slab_alloc+0x69/0x90 [ 133.260327][T10909] __kmalloc_noprof+0x1cd/0x510 [ 133.261780][T10909] tomoyo_realpath_from_path+0xb9/0x720 [ 133.263573][T10909] tomoyo_path_perm+0x276/0x460 [ 133.265161][T10909] security_inode_getattr+0x116/0x290 [ 133.266693][T10909] vfs_fstat+0x4b/0xd0 [ 133.267818][T10909] vfs_fstatat+0xbc/0xf0 [ 133.269000][T10909] __do_sys_newfstatat+0xa2/0x130 [ 133.270440][T10909] do_syscall_64+0xcd/0x250 [ 133.271732][T10909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.273431][T10909] [ 133.274165][T10909] Memory state around the buggy address: [ 133.275782][T10909] ffff88802aac9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.278092][T10909] ffff88802aac9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.280394][T10909] >ffff88802aac9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.282730][T10909] ^ [ 133.284743][T10909] ffff88802aac9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.287072][T10909] ffff88802aac9980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.289368][T10909] ================================================================== [ 133.292263][T10909] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 133.294476][T10909] CPU: 1 UID: 0 PID: 10909 Comm: syz.1.1791 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 133.297461][T10909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.300568][T10909] Call Trace: [ 133.301566][T10909] [ 133.302486][T10909] dump_stack_lvl+0x3d/0x1f0 [ 133.303868][T10909] panic+0x71d/0x800 [ 133.305027][T10909] ? __pfx_panic+0x10/0x10 [ 133.306346][T10909] ? irqentry_exit+0x3b/0x90 [ 133.307707][T10909] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.309228][T10909] ? preempt_schedule_thunk+0x1a/0x30 [ 133.310801][T10909] ? preempt_schedule_common+0x44/0xc0 [ 133.312527][T10909] check_panic_on_warn+0xab/0xb0 [ 133.314088][T10909] end_report+0x117/0x180 [ 133.315347][T10909] kasan_report+0xe9/0x110 [ 133.316673][T10909] ? notifier_chain_register+0x3ac/0x420 [ 133.318325][T10909] ? notifier_chain_register+0x3ac/0x420 [ 133.319976][T10909] notifier_chain_register+0x3ac/0x420 [ 133.321576][T10909] blocking_notifier_chain_register+0x76/0xd0 [ 133.323398][T10909] ubi_wl_init+0x1018/0x17b0 [ 133.324785][T10909] ubi_attach+0x1b92/0x4c00 [ 133.326147][T10909] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 133.327997][T10909] ? lockdep_init_map_type+0x16d/0x7d0 [ 133.329600][T10909] ? __pfx_ubi_attach+0x10/0x10 [ 133.331048][T10909] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 133.332619][T10909] ubi_attach_mtd_dev+0x158f/0x3590 [ 133.334156][T10909] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 133.335772][T10909] ? __pfx_get_mtd_device+0x10/0x10 [ 133.337298][T10909] ctrl_cdev_ioctl+0x339/0x3d0 [ 133.338730][T10909] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 133.340278][T10909] ? selinux_file_ioctl+0x180/0x270 [ 133.341810][T10909] ? selinux_file_ioctl+0xb4/0x270 [ 133.343333][T10909] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 133.344895][T10909] __x64_sys_ioctl+0x190/0x200 [ 133.346314][T10909] do_syscall_64+0xcd/0x250 [ 133.347667][T10909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.349399][T10909] RIP: 0033:0x7f1aa198cda9 [ 133.350726][T10909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.356285][T10909] RSP: 002b:00007f1aa27c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.358707][T10909] RAX: ffffffffffffffda RBX: 00007f1aa1ba5fa0 RCX: 00007f1aa198cda9 [ 133.360999][T10909] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000004 [ 133.363302][T10909] RBP: 00007f1aa1a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 133.365608][T10909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.367907][T10909] R13: 0000000000000000 R14: 00007f1aa1ba5fa0 R15: 00007ffc21d4bbd8 [ 133.370208][T10909] [ 133.371739][T10909] Kernel Offset: disabled [ 133.373030][T10909] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:53:56 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853fcd55 RDI=ffffffff9ab757c0 RBP=ffffffff9ab75780 RSP=ffffc90003f3f4c0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666 R12=0000000000000000 R13=0000000000000073 R14=ffffffff9ab75780 R15=0000000000000000 RIP=ffffffff853fcd7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f1aa27c76c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=00000000548f4000 CR4=00352ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ffffc000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000001f7011641 00000001db710641 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f116c36b00000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a4207ecf76fc316c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2ed2586dd86c8612 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000032647261632f 6972642f7665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000011475142400c 4a51470c5546470c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000262f4d RBX=0000000000000001 RCX=ffffffff8b55c469 RDX=0000000000000000 RSI=ffffffff8b6ceca0 RDI=ffffffff8bd33d20 RBP=ffffed1003b59910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d4e6f7d R10=ffff88806a737beb R11=0000000000000000 R12=0000000000000001 R13=ffff88801dacc880 R14=ffffffff90621410 R15=0000000000000000 RIP=ffffffff8b55d84f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffc21d4c000 CR3=000000002c9ac000 CR4=00352ef0 DR0=0000000000000005 DR1=0000000000000002 DR2=ffffffffffffdfff DR3=3e00000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c1fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000001df8a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555a6a63bd 000055555a6a5d20 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555a7158a1 000055555a715630 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300080007a00300 0800079803000800 0790030008000788 0300000006080607 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0418828392ec0800 0100000408060601 11fc03ffffffff04 07b00300080007a8 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000808060ba80304 08000ba003018004 0b90030980040b80 0308078808050780 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 09880a050b800418 828392f208000100 000408060601128c 0008000bb0030000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010e80041883c392 f808000100000408 06060111de001000 0ee0030010000ed0 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030d80040ec00300 00000a0806038003 0380040eb0030880 040ea00300000008 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0806118003118004 0e90030208000e88 03088208000e8003 0809880a050b8004 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 18828392f2080001 0000040806060112 8c0008000bb00300 00000808060ba803 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=ffff8880230c54d2 RCX=1ffffffff2dd7843 RDX=0000000000000001 RSI=0000000000000002 RDI=ffffffff96ebc218 RBP=0000000000000040 RSP=ffffc90000658c48 R8 =0000000000000000 R9 =fffffbfff2dd6f99 R10=ffffffff96eb7ccf R11=0000000000000009 R12=0000000000000002 R13=ffff8880230c4880 R14=0000000000000053 R15=ffff8880230c54b0 RIP=ffffffff819647d0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555581337500 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f1d04cd56c0 CR3=000000004a078000 CR4=00352ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe2501fa60 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f020560f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f020560f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f020560f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f020560f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f020560f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f020560f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c4 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000167a71 RBX=0000000000000003 RCX=ffffffff8b55c469 RDX=0000000000000000 RSI=ffffffff8b6ceca0 RDI=ffffffff8bd33d20 RBP=ffffed1003b5c488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d526f7d R10=ffff88806a937beb R11=0000000000000000 R12=0000000000000003 R13=ffff88801dae2440 R14=ffffffff90621410 R15=0000000000000000 RIP=ffffffff8b55d84f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2d9843 CR3=0000000028c5a000 CR4=00352ef0 DR0=0000000000000007 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000010 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7ca0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7ca0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7ca0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7ca0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7ca0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7ca0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7d6dd100 00007f3b7cb7c440 00007f3b7cb70004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3b7cb7c498 00007f3b7cb7c490 00007f3b7cb7c488 00007f3b7cb7c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000