last executing test programs: 2.207156215s ago: executing program 1 (id=962): setresgid(0x0, 0xffffffffffffffff, 0xee00) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x3, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x350bae1a, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x7, 0xf2, 0x10, 0x5, 0x8, 0x10001, 0x401, 0x80000000, 0x2401, 0x3ca5, 0x1, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x3, 0xa, 0x0, 0x10000, 0x401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x1, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffe, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0x0, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x8000, 0x2, 0xb, 0x6, 0x4fa4, 0x80000002, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0x1, 0x3, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0xf7a, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x1, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x101, 0x5, 0x63, 0x4, 0x8001, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x6, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0x6688, 0x45e3, 0x5, 0x7, 0x1, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0x667, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x9, 0x6, 0xfffffffa, 0x2, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x2, 0x80000004, 0x29, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x7, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xc, 0x6, 0x7, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x101, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x6, 0x1, 0xa9c, 0x9, 0x9, 0x1, 0x2, 0x5, 0x1000, 0x5, 0x1ff, 0x9, 0x3, 0x3, 0x10001, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x8, 0x4, 0x8000005, 0x3, 0x4b5f, 0x6, 0xa, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x5, 0x4, 0xfff, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x7f, 0x4, 0x2, 0x80000000, 0xd, 0x3, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0x9, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xfff, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x6, 0x4b15, 0x10000, 0x1, 0x9, 0x1, 0xd, 0x9, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x8, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x0, 0x3, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x8, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x28, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x80000001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x1c00, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x1, 0x30, 0xffffff7e, 0x1, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x4000, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0xfffffffa, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x9, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x8000002, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbf8, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x8, 0x3, 0x6, 0x80000000, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x8, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0x0, 0x924, 0x6, 0x100, 0x1, 0x5, 0xffff351b, 0x8, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x1, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x5, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x5, 0x6330, 0x0, 0x6, 0xea, 0x0, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x2ec, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x8, 0x3, 0xe, 0x1, 0x1, 0xc, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af88, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x7fff, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x8, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xdd, 0x8, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x8, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x7, 0x2, 0x2, 0x43, 0x3ff, 0x8, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r4, 0x400448e6, &(0x7f0000000080)) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x20040880) r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r6, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000400)="3bcbdb0fcfa026557d2ea2b0fa34b7b3ddf4e60fe678186210e935989ea66d3c5479ca82428e90b96b3635a98e39939ef5109511d949224164c044f18fb4d64db5c0404f01b99fba50263ee03e82a28fcd751660b0cab68a62a8b6eac29946c988fc747092d35e9352d8442feece96b4ee481cf95a8feb6ec3d6e5cff03f59eb97136d7cb400c1d0ed4ed9b83090abb113aa4e9260695700"/166, 0xa6}, {&(0x7f0000000980)="742f311a83a225186454bcfd09e48b60d703de616d0e6f11523b39000158bc", 0x1f}], 0x2}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001400)="1c2789bd018bf77308ae7ed990e4b63b8cf1cf4ae822f1f84abd5420339c722aa7f6d87f5926c484455c67b7a9259ac3f36154b6526320d83fe72e5f5370550de0307d8ad13d192e7d5c14f8b2367b1db7dbe02629646be253b07a1245dce1a721576750f3f574ce4ac91827528289acb0089c83a39827b4d9f231ad23f382e2f3d86880015b84a6d3740029d6ffbbf61ae415dc51a6ebd3010000000000008067a9e4abdbbe90455d28993254ab9fa2c5d561ee0000000000000000000ce572ae0de0745310890497fd77693dff252cd2d3ca44d653adb996df2d4657df02890a35dc7dca300162746af9f2e03e2ea4cb0ac9689db83d6b0b923ddd63724bc8de54e76d67a16ccf6a6e80b55db62db33092f95ece822b728612a43ec79780fd217a580abcf20011c47885ddbdd82efd3dd8f815fbc7db3c6b21a513d73d6712b4c7e9cfe8306a5c", 0x148}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000001180)="52348b", 0x3}], 0x1}}], 0x3, 0x40090) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r6, &(0x7f00000002c0)="92", 0x189, 0x10008095, 0x0, 0x0) sendto$inet(r6, &(0x7f0000000180)="8d473802d637450d251c65591cf72114983aea4fcd31ab62ab2388c05c85dc0ad0bc584d39d0e90087effb1b6940b8478c206ea230675a95bee5d8a56146b0e313a276d43ea5ae7d45f472cebd03e5addc547140cfa91e28a469706bd24998805ae06dd2c0fb16c0d83ce06f09bd097b356c0715977c46a8ad4fcdf39a38be", 0x7f, 0x4000, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10) ppoll(&(0x7f0000000080)=[{r4, 0x1290}, {r5, 0x88}, {r3, 0x20}, {r1, 0x2020}, {0xffffffffffffffff, 0x4000}, {r6, 0x20a}], 0x6, &(0x7f0000001280), &(0x7f00000012c0)={[0x8]}, 0x8) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r7}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff4000/0xc000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 2.034847562s ago: executing program 1 (id=967): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.903027273s ago: executing program 1 (id=970): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), 0x0, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.548990734s ago: executing program 1 (id=976): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 1.23010256s ago: executing program 1 (id=979): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.074977487s ago: executing program 1 (id=984): fsopen(&(0x7f0000000080)='omfs\x00', 0x1) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "48b603de"}]}}, 0x0}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xc1480, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) modify_ldt$write2(0x11, &(0x7f00000000c0)={0x56, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000040)={{@host, 0x2bd4356e}, @any, 0x0, 0x5, 0xffff, 0x2, 0x3, 0x8, 0xe00}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x8000000000000001, 0x8, 0x0, 0x8, 0x10001, 0x80000000000002, 0x6, 0x10007ffffe]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.028376792s ago: executing program 2 (id=986): ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x0, 0xfffffffc, 0x8, 0x7, 0x200, &(0x7f0000000980)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f800000000000000089069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a57c7c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b21a8fa65f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 969.5945ms ago: executing program 2 (id=987): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 829.960628ms ago: executing program 2 (id=989): bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1c, 0x5, 0x10001, 0x8001, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x50) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000280), r1) sendmsg$rds(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@rdma_args={0x48, 0x114, 0x1, {{0x800, 0x3}, {0x0}, &(0x7f0000000100)=[{&(0x7f00000003c0)=""/176, 0xb0}], 0x1, 0x0, 0x9}}], 0x48, 0x8000}, 0x4000000) socket(0x10, 0x803, 0x0) r2 = io_uring_setup(0x6ddd, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x0, 0x1}, 0x20) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/4\x00') read$FUSE(r3, &(0x7f0000002280)={0x2020}, 0x2020) syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002240), 0x20000) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000004380)={0x1, 0x3, 0x101, 0x0, 0x4}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x412000, 0x0) ioctl$FS_IOC_GETFLAGS(r5, 0x5437, 0x0) fcntl$setstatus(r5, 0x4, 0x2000) r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x641, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r6, 0x18, &(0x7f0000000180)={0x0, r0, 0x35, {0x6, 0x47}, 0x7f}, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ_RESET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, 0x15, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4004004) syz_clone3(&(0x7f0000000080)={0x2d008400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$GIO_UNISCRNMAP(r5, 0x4b69, &(0x7f0000000000)=""/221) r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x5, 0x10009, 0x35314241, 0x3, 0x0, 0xff, 0x0, 0x6, 0x1, 0x4, 0x1, 0x4}}) socket$kcm(0x10, 0x2, 0x0) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000240)) 619.518047ms ago: executing program 0 (id=992): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 618.012371ms ago: executing program 2 (id=994): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f3f000000170a001700000000040037000d00110001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1) r1 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000000)={0x0, 0x1, 0x0, "d2ea61bf62041dae026ed8ebee414554307c83d774dfc0fb62602f9a84c3bbe4", 0x32315559}) (async) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x75507}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IP6TABLES={0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x20008010) (async) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card0/oss_mixer\x00', 0x101100, 0x0) read$proc_mixer(r4, &(0x7f00000002c0)=""/254, 0xfe) (async) writev(r1, &(0x7f0000000180)=[{0x0}, {&(0x7f0000000040)="b845d9", 0x3}], 0x2) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x6, &(0x7f0000000000)=[{0x5, 0x1, 0x4, 0x81}, {0xffff, 0x8, 0x4, 0x3}, {0x9, 0x2, 0x5a, 0x8}, {0x5, 0xee, 0x6a, 0x4}, {0x2, 0x4, 0x2, 0x8}, {0x8, 0x8, 0x3, 0x8}]}) 539.336517ms ago: executing program 0 (id=996): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0) r0 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 539.114951ms ago: executing program 2 (id=997): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 337.76296ms ago: executing program 0 (id=1000): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b72, 0x0) 336.787715ms ago: executing program 2 (id=1001): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x5}, 0x4) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000500)=@generic={0x2, 0x100000, 0x8}) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000640)=""/196, 0xc4) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x20a0, 0x4287, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb, 0x90, 0xff, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x7, {0x9, 0x21, 0x2, 0x8, 0x1, {0x22, 0x563}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xf, 0x2, 0x3}}}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x310, 0x0, 0x10, 0x4, 0x8, 0x6}, 0x5, &(0x7f0000000280)={0x5, 0xf, 0x5}, 0x2, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x2809}}, {0xfb, &(0x7f00000003c0)=@string={0xfb, 0x3, "daaf90a0189b1e230583672f0a7cf6d999ed1c44fcabaed53537a3031ce8f6496e48d8eee5d11b5a68e07ca0d5e070cc8988d3f272b2c15f1f2ccbba49191ce41279ce96ea68571844958a8b4d13083a3765d659c23e53cd1080ea953aab44ce46de2ec6923d0afdf827ab43b38e4b5a2e020e0be7a1d25c288bcbaff1324b0d213e3d018617f5636b85fcf985733b633718d04d2283406b0177aacc4d4d92aaad3c5a4a858b0f4980be2be1dd8d9dcd31a71d50fa3e69e5a838ab5941ebaf41d9f88f89f57e1ff999d0df15d2fd8a6fd114b10147c8b5fa99a5cbd48827a31ba56f27dd7918db9d7cef065cd6013413b98cea9a98c8a0882d"}}]}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r3, 0x6, 0x21, &(0x7f0000000200)="24fc911e918c74ad7a0e599e17a90ecabe833ca12054887f4142a64471dbe048", 0x20) syz_usb_disconnect(r1) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x9, 0x60, 0x8a, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x24, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x2, 0xce, 0x1, {0x7, 0x25, 0x1, 0x81, 0x9, 0xffff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x6, 0x70, 0x9, {0x7, 0x25, 0x1, 0x83, 0x81, 0x1}}}}}}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0xf0f000, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"}) syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x140, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}]}, @CTA_NAT_DST={0x54, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010102}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @loopback}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}]}, @CTA_TUPLE_REPLY={0x90, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @mcast2}}}]}, @CTA_SEQ_ADJ_REPLY={0x34, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7ff}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x81}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x3}]}]}, 0x140}}, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x5}, 0x4) (async) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000500)=@generic={0x2, 0x100000, 0x8}) (async) syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async) read$char_usb(r2, &(0x7f0000000640)=""/196, 0xc4) (async) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x20a0, 0x4287, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb, 0x90, 0xff, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x7, {0x9, 0x21, 0x2, 0x8, 0x1, {0x22, 0x563}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xf, 0x2, 0x3}}}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x310, 0x0, 0x10, 0x4, 0x8, 0x6}, 0x5, &(0x7f0000000280)={0x5, 0xf, 0x5}, 0x2, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x2809}}, {0xfb, &(0x7f00000003c0)=@string={0xfb, 0x3, "daaf90a0189b1e230583672f0a7cf6d999ed1c44fcabaed53537a3031ce8f6496e48d8eee5d11b5a68e07ca0d5e070cc8988d3f272b2c15f1f2ccbba49191ce41279ce96ea68571844958a8b4d13083a3765d659c23e53cd1080ea953aab44ce46de2ec6923d0afdf827ab43b38e4b5a2e020e0be7a1d25c288bcbaff1324b0d213e3d018617f5636b85fcf985733b633718d04d2283406b0177aacc4d4d92aaad3c5a4a858b0f4980be2be1dd8d9dcd31a71d50fa3e69e5a838ab5941ebaf41d9f88f89f57e1ff999d0df15d2fd8a6fd114b10147c8b5fa99a5cbd48827a31ba56f27dd7918db9d7cef065cd6013413b98cea9a98c8a0882d"}}]}) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) setsockopt$inet_tcp_buf(r3, 0x6, 0x21, &(0x7f0000000200)="24fc911e918c74ad7a0e599e17a90ecabe833ca12054887f4142a64471dbe048", 0x20) (async) syz_usb_disconnect(r1) (async) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x9, 0x60, 0x8a, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x24, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x2, 0xce, 0x1, {0x7, 0x25, 0x1, 0x81, 0x9, 0xffff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x6, 0x70, 0x9, {0x7, 0x25, 0x1, 0x83, 0x81, 0x1}}}}}}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) (async) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) (async) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) (async) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0xf0f000, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"}) (async) syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0) (async) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x140, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}]}, @CTA_NAT_DST={0x54, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010102}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @loopback}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}]}, @CTA_TUPLE_REPLY={0x90, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @mcast2}}}]}, @CTA_SEQ_ADJ_REPLY={0x34, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7ff}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x81}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x3}]}]}, 0x140}}, 0x0) (async) 336.581145ms ago: executing program 3 (id=1002): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x137942, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x800, 0xc5, &(0x7f0000000100)="ba4d669073576e0133a2db10119865ff969a2190e0b971fa9a3cd4b73a318c4df364b4ef0173907626aa8563f2d3d8a9e58d7ad36078897110a0b2613dd31be74ffe159804f158113dc533063d8500c4c185ecf13b088838b63c286e1e3cc73796c23f082b61bd6c771bdfb21ef3d5f01480c703b9997047e9130a39c115dc96e3790004c8486ef9267aac73fe59d266311efbfcbccc90fc30e9a47197c1bf5645d631c24e5a724430f47ffdaf3452b95dc2b2e14ca3d2d8d5d2ea5368c10a9769021a570f", 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$bt_hci(r2, 0x0, 0x2, &(0x7f0000000240)=""/108, &(0x7f00000002c0)=0x6c) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x3}) 279.60751ms ago: executing program 0 (id=1003): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 279.430495ms ago: executing program 3 (id=1004): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 219.629836ms ago: executing program 3 (id=1005): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000380)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40046307, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 185.032083ms ago: executing program 3 (id=1006): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, 0x0) chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0xee01, &(0x7f0000000480)={0x3, 0x40001, 0x2000200000a95c, 0x100000000000a, 0x7fffffff, 0x80000001, 0x0, 0xfffffffffffffffe, 0x800000dd}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0xee01, &(0x7f0000000480)={0x3, 0x40001, 0x2000200000a95c, 0x100000000000a, 0x7fffffff, 0x80000001, 0x0, 0xfffffffffffffffe, 0x800000dd}) 129.994446ms ago: executing program 3 (id=1007): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000100), 0x105200, 0x0) ioctl$CDROM_LOCKDOOR(r1, 0x5329, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@newtaction={0x64, 0x30, 0xb25, 0x0, 0x0, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x8, 0x0, 0x20000000}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000480)=ANY=[@ANYRES32=r0], 0x0) 77.159302ms ago: executing program 0 (id=1008): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000300000000732000000000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="023b000d0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1b, 0x4, &(0x7f0000000fc0)=ANY=[@ANYRES64=r0, @ANYBLOB="8fdd02dc1e9b3503335256aa5138102ec8102783176cfb0c0a7268a8e808698f8bb2bc1fd87a3dd1fdbd41f822973b498578740302fb112c61c7d3e83a5847608e3f14d0ad277628eff09f491959a47a0ac71bb67bcc12f5335688c0da5357c88ce7a1840eb0e92954d126a2ae11d1c08f766a7141dd4a9200c95ff2b7cc0eae5448eb45545a280901c6243194f0678caa7ae9746c368f5d3fd4739c4143984d8f5f554433ec4423d716c7c49b7ba887733c6935e439fc481701ef94425438b1455357a51d35f9b7f44ab142d79b095c3b836f399eaa99c7169a9ad3c5a4be5c9db001998fb48e9887cc9da28b1a4e606c94d4ef3cdc914b5d52dbfc4bc6de010d86b89cd58abb561e06d313c49ad9fe59d5cab4ff12456321041c6046ac6181b7222285653110fd7096b6387fa7683185f00b06a75df8821aa2b9f53ae75eadfccfc916e0de5692d135d4ab16f00067fbf3e97afe8109c29a87d45b08687125d05070fafdf670950e0a0dbd4be4d7e632d7bfe6b5978ac08c05904b145ef1cb6059ae87d001509e8f7cbc7ce90a2e821cfd8d730194c6c6e50deeee0570bc50a69d4ec0190d007f4a9a62f7e10d2d5383269b42973df364662367db8cfe8248b255bc508a2b481dc734c68b344cb9392373f797bcacc2332278a5397dc053969699c1ff051843a95b722a73a493060e602ebb22c95c9353b343ca8899d1149d17aab5dc821d898043596ec5bc2b91893512f917c421985e86428851ae00b53eb5ec3ddd13be3ff7a82a2584d150df426138577eaf423cb8c91ec058bd64dcffc9a8e70d2e8307c3df12900377bbbf6f3737b3fa5b02aa477c662ee324cd408f44fdcf081533843d14f032269319963a35f8d38867f8037a0876b3f5c5b4746298eef69760f268887ecdfdb3e250a87644d45cb083e22eb2656364f7d4306bbcc230ce3b9b78bdb5b685560747aaeac618c253ca8d2c0334d6d35a3d4b39d6ba3b24aaa9f2806748368cc515ec5ebe12be1cc6fe2ed4be48e626277e5742fa0d820eb94bf1e4b5c4fa47a93a2ae54cfd107f0d2e359575827dcf0f6cb63de0966db673ee0f0d806a6a7b076604425988da80df99157f65a08133edb019f5dcd7dd8db7174cbdd88ca938845fedb85df0c22526db87ac86559243feeb298fac7df262d1e6323ddbc48467c04c730bc549939d9823eabfcf6415bb0edcca56bdcdf6efd489841659c84e4f79f37efdcc99650fb1cf1a5b97a541315179d3f59a4e5d587d39ba78f67311beae329c2ee5f953a3f59ef45975832b37c3379a41fda5460deb3c8ed97400e73a0f7ae7d49767b0abaaccbca53b573d8be05f70b9cfbb1689bc50c1fdc2113fe390a521221f0891fa0b5f407d40f34dc6d8da74dd291e6b6da497ff7e734ec4a3a3118985c5160b0f82bbe0b7aa9bd2e836aeaae636f39a5f40273c3615c01de0c6f079e49063bd08f80b2c0272e78dd1569364878a0bdd96d16ac55d9c2dd548be21fcd22eff4bd52474c40ff1fb044e720220414ef38983242bf4ca55e2c8bdb6a37e2f9e0cabad859b43c5908f074fef5a1d88a8dcf349791b40733f12be8380cb085ce0f3dfef0798aa1c75df0ad7a128f3333c8286a2ecc58d59533fcf67b522c9b237fb86b4d62c7bf630bf92d1176b97792daea23bb12421fb1c5596bc3b3bf35ab034dcf907463f3821f166161d33472764dc657fb3c00040e24f486fb1747806f304b3ea112449c477ca87f2d9565a9685b7f788916c52a905bec14b7aba2a1c546df2c81d27792e30d9b1299a7742f5428747d94a1d339d6d612028f07d5895ad4eb5ee2acd543f6beb93771d1229509ecc8868b2eb8b934ba97453e643f1229a4927a494ff3f83a68354fdc71664f6e0b00e042116587ad4eb42ae899ce76d3e5f7397b25ac0694dd3b1d7296de05fc60cc31f9b94a8c430fa0a0fb5f49c7610825dd3e28e9aa614c145ab339ac0e433bd819707545682a91e188f378fe05124fea7ac7e737114afe583ce52deb2752f295e589b086a57bbb527531d8a765dc2c14c3a5f9be3f0603210a4980691b127a624b0828c5d98017040df099c3114c1caeb174ece1b97e5238199e884691355505c3023cb9c3f388889352576854090d95bec2686c5c82c31f6858215fb27c29a7bdd05ab01ee2e1813c1a3814cda5cf233f2a606c26ef5abec018860372850c3d7723febca1651aacf241d3f3449592fc694c8f269cc86986f4c2e5a211b4005b6cc3b947eb2d26b26f70f509c2a0debc090bf02ce0215a6d4785c33831d61d9bfb3bfee91d6296ab378c8a35171c38314bc2ac7971bacbdcc61a21a7c2682ed192f3ea8ec37d3ea0a04cd306defe47e92a60bcc63487dae6d8a9258d02f45ae82ccd7723ec7f677a33971d10e5182dbd6e3f3dfcefbe6c20417ad3b131f39b60ac555a00f23031fb69170a06271a406962b492ca9d2780c48e208fdcf6d96476cd8dcdc286ed7b58a36bcb236a10fdb05335d9fc2ccffca59a1a1bcefb2ef32140c104782e21dc2ed32c0766fab5c9e93832444e423df942e31f4eba9b1b7c172e7b2a647a5be3e1a9d7601672a2c04ade99689af41e1d99da97b77d5ba0150b858001a9c6f8b48e3ea075877758933ced3f3b5c2af8c8394c16f5145dfb255c40baef2a03c6336cfc4f6b5c9306c16c8e980142efdc2bce2d18af2f4f03d4cecc7a7b65be2c42111b2a5943c166faa92ad2e7d2c93bb27e7d11b32274da0f382b3bc63463833c05cf6267ac60f8fb846342798db8b9aa84fcca75130d45d45fb72779ca3fef6f1d1ba0b4ab223a2978aed54f04623e549caea2c3185962f259e9d7f9faf53f0909c7f71e84ef36b3ef3ea4c4df1d7545a83dd156f2766ca6d33a03cc8f67d82261e772c1819b2733b6d74a7f438e3152e67853851279652814f150f81dde594207438cd25ff6a7ba2d9c1b5cd3e2cc83fd80322df14bc7b8934d1b432c8e8c96b0fc31f00b865945c3ddedfc6e2c8a081cd66ff02803a0f0411d37ff5a3f1c7a0453842bb2ba1d1e5476a12716195e7503757252ddd19f4448907d54b2b80a891e10010bf3b4d1f04e0b4b91182e27b346d3f0dc6b07d1c2676ce42ad30fefee21ff621b75c3439618442b58b665bde0839b92aaa9827e84e6c0623b96e05f64e201870f8c2f3587201253a0fb850bcc25274d587703411bcc6c89540281a0eef4e981a9a206a14c1cba96ae3e72d015d1a2fd7411894a2ee0bcb5d8a15e84ff794f4ae23c0aa41a15127800ac4dc40863dccb23f3853687e00c314b7173b02cbc0d8259bc3cc9de8ac9842b95355f2dc027d369d9396b2e77bb59dde3c16e2537694b65981239780bd927077ffc8b3230cb0800eb3a798a9684e2661a9008b8db48ddd6eaeddd8a387351863188386f6d13923ec6de26344cdf91159161fd402edae588c580a1da22d2090848c0c59453b5c78e6793c9ed75de1cf56800d2a5e1f7498853b39b1eaf96983055cbc8293a38e4867960e8afe6c333555c7ca92aecc2f6ef3db043db038ed1a52b630c2d91faa0a64e8ff3f4439a9dc96f17c71cd75f709119de0dea469f545c1d3e341f6c169ca41e7c15d9775880db01b1bed5d5341a99d51a74ce82232633916af909fc43b45def81df03c14c8c32308bace124149166463daeaf26b55b35adafd84cdb5ec09ab32f2f23b862c38f10c44e68e5b73658590fed5a5d2c7038fb6907165318b03debf4c90cb21f95a66f581efd19a38c99ac026e2051d10425e45be2ef312eddf0405015e28b997b7f649aca3fb2e9f5f2356e8853c0583c75086df5fac06108e6d48d4945274e252596d567768095a5c304c0e98dbb63ca8b21f208ff8c51e7718bf4b3ec2be785f26f6245cc7cbe54a740868f4d1697fa496ebaf1aca05f15d4c0ccf48c7b80d3845d25ec2a3d9306945b1080420f9f3ba5e786cb1de0d83bdb98fba065472aba276c0d2c561ede32127762122e2da2b13740cfa2326167eeb41c53af6b9ee46ecd23e0cfdb0b7353408d2518ff2624ed77b73c57d208616d187987496b1bb0195dc74e9ecd265d0862a1547b4bde5f010201e0da100bd33b57e1933ece070305118770588065adfafc38801ede1f2a1031e4335082d9d4d7701ed29a5e3c831c75a99478aefcb3888a3d1a3ea0bc1fb500b4c3b88a578653cf2ba09d000f1a36103666833d541bc690f90e05551e5e4595222207a831989690fd7e5b7012adc9e51b2abad4486a28d26f698eec5f8d7dc77aa7c1a2e00eed1b7566cadc2cb7ad9bbb6c0b108785e7db5572a7276e74992c5512ca4fdff5117e38150e06101c8493a6ca3cbd053a508f9f240a400bef5b0ff32426568ef354ab836001f8f150f81da3e9ea8f0568571c74603ea2fa60898a20201e51d5ac1991d081295c89b3ee5c9f8e493f2188f286f68761800a600c369bfb6dfae3c30126eeb73df2a46f3a12c3b0c6bf54267d10626661b0f13d46967c708a54d41a0bea8e1783d01aab6c50cd911484976b4b2dadcd81c10387c8ba2571e1440dbd5e3bb96c3df7038f9ed5d4f32cae418deeacdf18fafa3c8f5321794d8ce6461459a295b21ac764a3f4b4fd311f115bce2232a36b9ead4126d3ae310e19ec03165a7932755c0a75db0cd25244d7849cd601228a0dca8b24593cb5f9b156db81806cbc68aec7de6583aa2ff1bc995ad585c8164f11a2b969da97a685bfc9c91efcbbec844310363791d1ca7248f09304e39a953212bd2880fbaa66d895868aee1b4d27e978fcaa33cde4d6a01c5a4be4ec4074b250c328ebb569d5d35aac3a076d649b8296fcb8bac4977833c8517cc915d57898f0e55b9555967ad265f3382732da996401d1f0a55ffa6a874c5b85c8276a890f9706aa050823239d15632ce60483b4a4f738ad712cd58008b44f07a1162fff9024a81c56148190b6af1338818ce5c0400de6f1fd3190daa1d1dde28441009232a49029f184e5e8f85db3e8f6233e31053db9cb305d9c8d42a9bd06af9ba087836116082a3aebb1961adf2f0af0a52cc3270dd9a55a69732c8cfeaae7482155ca6df3d62cbb28cc41f964dae36c16b5949a81c56733cfb2d13094022337cf1b46033f6fc3a5595c6243ebe0a1f20f100bfceed9e02e8765c2d3b61e10d5f6a29a90905b1eccea49f96a5c3a41066a8899b066d345705910a01007b17457ed03bf8ce6f89805d49a9c6a1ee0702dc158e8aae9e6ac9d634a54ccf4f8907e5f4ef992b4cc512eea2a9a959e3131e1c93b0a38f3906df364b2a1e64494b5e89b7a3c1687330d8d53718b76bf22cab23d1eb6ce174c7b802745518d6e775efead4836a1bed83f43c81d5b2c26a1fc802b9ea9c684bad55dd5b38a1cd25b543150dbfe970ecd430917c20f23fdbac3fdd759f3c1682997b900b0b4c2b920bce99d7435be113a58f88be2b0a96344bf40fab717d525588a216015fd611ab09915aeba213347c2ec3ae200c0eb2c97287db10190921db54ac087bb9149c888c6a314991dd68803231ce4711729af37ae7d925f41626f05eec8fcec0692b531b0092ca99a3c79d0bded16dec079d926ae30447156cfc31e8a69d046d39d0d23c40ac2f36b95c36ad247043befeb47d313dda638c7f64ce89a46059a36f4e1831d82568b9bdd51ef45d7d9381d4e205c021a741e0128cf3207a4f58739dce38848a03ac60f9c19aca201fb09bb44b585ba3988115a0892543829ae5f59b6b1fed967193b25b07089b3087172d8fd39c86fd7f5f5c327348fe", @ANYRES16=r0, @ANYBLOB="b9ed0f3fd677e9bddbe4e1959c75fd7fb4aada2b9ed721cb00e7bf9d33db49e8bf785cfe32d5ba80f16ed601a5873b14a10e3d746b3f7eafe782088b824ba7df1cc22c9054462a6aa37f026822dc67068d3796bdfd7b02ba03d6d8c8000fe15c4968fcfd35ccd35388bb117854ee56b7da8adc6ceb1442c01e1048d9fe80f548bfc6e7d5b8a74863f86c3e3c6329acf8daf15c31acef05a6fa39959acc71f95f968b91a7040c958516bb584900f04932f2299780ae04bf2a0a75faee87958250fa4a3ff1e33aaf8216747dc3f91f158bd63b609f91360f982c64a055c4fc6a04d56040", @ANYBLOB="40ec4f383124448e4f7e7e3d0929223642940de7d17bb23591d9", @ANYRESHEX=r0, @ANYRES64=r0, @ANYRESDEC=r1, @ANYRESOCT=r0], 0x0, 0x2, 0x0, 0x0, 0x0, 0x77, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r2 = openat(0xffffffffffffff9c, 0x0, 0x88c42, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r3, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000000)=0xfff) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000380)) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r6, 0x402c542d, &(0x7f00000001c0)={0xbd6b, 0x10001, 0x0, 0xf7ff, 0x0, "4ae23ae17df2e98c0064180009bad88f00", 0x6, 0xf7fffffc}) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000003c0)=0x4) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000f80)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x3a) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000180)=0x9) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r7, 0x25, 0x0, @void}, 0x10) setsockopt$MRT_DEL_MFC_PROXY(r2, 0x0, 0xd3, &(0x7f0000000100)={@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, 0x0, "1d856855963669c3e45db9b3d2f331b34d3dc3b0f079a27ea13504fea79d2dc3", 0x2, 0x9, 0x2, 0x9}, 0x3c) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0) 76.899966ms ago: executing program 3 (id=1009): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), 0x0, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 0s ago: executing program 0 (id=1010): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 60.484793][ T6391] security_file_ioctl+0x9b/0x240 [ 60.484805][ T6391] __x64_sys_ioctl+0xb7/0x210 [ 60.484820][ T6391] do_syscall_64+0xcd/0x4c0 [ 60.484834][ T6391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.484844][ T6391] RIP: 0033:0x7fb4d798e9a9 [ 60.484852][ T6391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.484862][ T6391] RSP: 002b:00007fb4d8774038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.484872][ T6391] RAX: ffffffffffffffda RBX: 00007fb4d7bb5fa0 RCX: 00007fb4d798e9a9 [ 60.484879][ T6391] RDX: 0000200000000280 RSI: 00000000400448c8 RDI: 0000000000000005 [ 60.484885][ T6391] RBP: 00007fb4d8774090 R08: 0000000000000000 R09: 0000000000000000 [ 60.484890][ T6391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.484896][ T6391] R13: 0000000000000000 R14: 00007fb4d7bb5fa0 R15: 00007ffefd672ed8 [ 60.484909][ T6391] [ 60.484913][ T6391] ERROR: Out of memory at tomoyo_realpath_from_path. [ 60.592011][ T6398] netlink: 416 bytes leftover after parsing attributes in process `syz.0.134'. [ 60.891161][ T6418] binder: 6417:6418 unknown command 0 [ 60.893345][ T6418] binder: 6417:6418 ioctl c0306201 2000000001c0 returned -22 [ 60.894002][ T6019] tipc: Node number set to 2886997007 [ 61.250678][ T6438] netlink: 700 bytes leftover after parsing attributes in process `syz.1.148'. [ 61.338277][ T6450] loop4: detected capacity change from 0 to 7 [ 61.343608][ T6450] Dev loop4: unable to read RDB block 7 [ 61.347902][ T6450] loop4: unable to read partition table [ 61.350410][ T6450] loop4: partition table beyond EOD, truncated [ 61.356769][ T6450] loop_reread_partitions: partition scan of loop4 (被xe) failed (rc=-5) [ 61.440243][ T6456] binder: 6455:6456 unknown command 0 [ 61.442027][ T6456] binder: 6455:6456 ioctl c0306201 2000000001c0 returned -22 [ 61.486778][ T6461] dvmrp1: entered allmulticast mode [ 61.574916][ T6469] btrfs: Unknown parameter 'barrier6L#a*x"C$.M.'&)gq`9&1~(m$?;Y' [ 61.728460][ T6481] FAULT_INJECTION: forcing a failure. [ 61.728460][ T6481] name failslab, interval 1, probability 0, space 0, times 0 [ 61.732183][ T6481] CPU: 2 UID: 0 PID: 6481 Comm: syz.3.166 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 61.732197][ T6481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.732203][ T6481] Call Trace: [ 61.732207][ T6481] [ 61.732211][ T6481] dump_stack_lvl+0x16c/0x1f0 [ 61.732228][ T6481] should_fail_ex+0x512/0x640 [ 61.732240][ T6481] ? fs_reclaim_acquire+0xae/0x150 [ 61.732255][ T6481] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 61.732267][ T6481] should_failslab+0xc2/0x120 [ 61.732279][ T6481] __kmalloc_noprof+0xd2/0x510 [ 61.732295][ T6481] tomoyo_realpath_from_path+0xc2/0x6e0 [ 61.732308][ T6481] ? tomoyo_profile+0x47/0x60 [ 61.732325][ T6481] tomoyo_path_number_perm+0x245/0x580 [ 61.732340][ T6481] ? tomoyo_path_number_perm+0x237/0x580 [ 61.732357][ T6481] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 61.732373][ T6481] ? find_held_lock+0x2b/0x80 [ 61.732399][ T6481] ? find_held_lock+0x2b/0x80 [ 61.732412][ T6481] ? hook_file_ioctl_common+0x145/0x410 [ 61.732428][ T6481] ? __fget_files+0x20e/0x3c0 [ 61.732441][ T6481] security_file_ioctl+0x9b/0x240 [ 61.732452][ T6481] __x64_sys_ioctl+0xb7/0x210 [ 61.732468][ T6481] do_syscall_64+0xcd/0x4c0 [ 61.732483][ T6481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.732493][ T6481] RIP: 0033:0x7f7c6e38e9a9 [ 61.732501][ T6481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.732511][ T6481] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.732521][ T6481] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 61.732527][ T6481] RDX: 0000200000000240 RSI: 00000000800448d2 RDI: 0000000000000004 [ 61.732533][ T6481] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 61.732539][ T6481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.732544][ T6481] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 61.732557][ T6481] [ 61.732561][ T6481] ERROR: Out of memory at tomoyo_realpath_from_path. [ 61.823410][ T40] kauditd_printk_skb: 95 callbacks suppressed [ 61.823425][ T40] audit: type=1400 audit(1753796927.566:246): avc: denied { read } for pid=6483 comm="syz.1.167" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 61.829211][ T6484] binder: 6483:6484 unknown command 0 [ 61.834693][ T40] audit: type=1400 audit(1753796927.566:247): avc: denied { open } for pid=6483 comm="syz.1.167" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 61.836555][ T6484] binder: 6483:6484 ioctl c0306201 2000000001c0 returned -22 [ 61.844702][ T40] audit: type=1400 audit(1753796927.566:248): avc: denied { ioctl } for pid=6483 comm="syz.1.167" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 61.860211][ T40] audit: type=1400 audit(1753796927.566:249): avc: denied { set_context_mgr } for pid=6483 comm="syz.1.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 61.867149][ T40] audit: type=1400 audit(1753796927.566:250): avc: denied { map } for pid=6483 comm="syz.1.167" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 61.877024][ T40] audit: type=1400 audit(1753796927.596:251): avc: denied { create } for pid=6486 comm="syz.2.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 61.895856][ T40] audit: type=1400 audit(1753796927.596:252): avc: denied { write } for pid=6486 comm="syz.2.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 61.901767][ T40] audit: type=1400 audit(1753796927.636:253): avc: denied { create } for pid=6490 comm="syz.1.171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 61.909578][ T40] audit: type=1400 audit(1753796927.646:254): avc: denied { write } for pid=6490 comm="syz.1.171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 61.916751][ T40] audit: type=1400 audit(1753796927.646:255): avc: denied { read } for pid=6490 comm="syz.1.171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 61.921988][ T6492] __nla_validate_parse: 4 callbacks suppressed [ 61.922005][ T6492] netlink: 380 bytes leftover after parsing attributes in process `syz.1.171'. [ 62.228656][ T6516] afs: Unknown parameter '' [ 62.288147][ T5964] Bluetooth: Wrong link type (-57) [ 62.289006][ T6528] vim2m vim2m.0: Fourcc format (0x47524247) invalid. [ 62.312995][ T5964] Bluetooth: hci3: command 0x0405 tx timeout [ 62.365931][ T6533] netlink: 380 bytes leftover after parsing attributes in process `syz.3.182'. [ 62.427438][ T6537] FAULT_INJECTION: forcing a failure. [ 62.427438][ T6537] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 62.432702][ T6537] CPU: 2 UID: 0 PID: 6537 Comm: syz.3.184 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 62.432725][ T6537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.432736][ T6537] Call Trace: [ 62.432744][ T6537] [ 62.432751][ T6537] dump_stack_lvl+0x16c/0x1f0 [ 62.432791][ T6537] should_fail_ex+0x512/0x640 [ 62.432817][ T6537] _copy_from_user+0x2e/0xd0 [ 62.432841][ T6537] copy_msghdr_from_user+0x98/0x160 [ 62.432865][ T6537] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 62.432900][ T6537] ___sys_sendmsg+0xfe/0x1d0 [ 62.432924][ T6537] ? __pfx____sys_sendmsg+0x10/0x10 [ 62.432943][ T6537] ? __lock_acquire+0x622/0x1c90 [ 62.432992][ T6537] __sys_sendmsg+0x16d/0x220 [ 62.433014][ T6537] ? __pfx___sys_sendmsg+0x10/0x10 [ 62.433051][ T6537] do_syscall_64+0xcd/0x4c0 [ 62.433082][ T6537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.433099][ T6537] RIP: 0033:0x7f7c6e38e9a9 [ 62.433113][ T6537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.433129][ T6537] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.433145][ T6537] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 62.433156][ T6537] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 62.433166][ T6537] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 62.433176][ T6537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 62.433185][ T6537] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 62.433208][ T6537] [ 62.825892][ T6552] trusted_key: syz.2.188 sent an empty control message without MSG_MORE. [ 62.856428][ T6557] netlink: 380 bytes leftover after parsing attributes in process `syz.2.191'. [ 62.956041][ T6565] binder: 6563:6565 unknown command 0 [ 62.957781][ T6565] binder: 6563:6565 ioctl c0306201 2000000001c0 returned -22 [ 63.150153][ T6583] netlink: 380 bytes leftover after parsing attributes in process `syz.1.200'. [ 63.277458][ T6587] netlink: 'syz.1.202': attribute type 2 has an invalid length. [ 63.279775][ T6587] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.202'. [ 63.282515][ T6587] nbd: must specify a device to reconfigure [ 63.337318][ T6598] binder: 6597:6598 unknown command 0 [ 63.339057][ T6598] binder: 6597:6598 ioctl c0306201 2000000001c0 returned -22 [ 63.406722][ T6603] fuse: Invalid rootmode [ 63.505353][ T6611] netlink: 380 bytes leftover after parsing attributes in process `syz.2.209'. [ 63.749682][ T6019] IPVS: starting estimator thread 0... [ 63.835700][ T6624] IPVS: using max 41 ests per chain, 98400 per kthread [ 63.846207][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.216'. [ 63.849847][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.216'. [ 64.709516][ T6697] netlink: 'syz.0.239': attribute type 27 has an invalid length. [ 64.767284][ T6697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.771343][ T6697] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.775993][ T6697] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 64.876484][ T6702] binder: 6701:6702 unknown command 0 [ 64.878348][ T6702] binder: 6701:6702 ioctl c0306201 2000000001c0 returned -22 [ 65.191922][ T6727] binder: 6725:6727 unknown command 0 [ 65.193669][ T6726] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input6 [ 65.194336][ T6727] binder: 6725:6727 ioctl c0306201 2000000001c0 returned -22 [ 65.273361][ T6736] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.293089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.444865][ T5315] Bluetooth: hci3: unexpected event for opcode 0x2029 [ 65.504477][ T6736] syz.0.256 uses obsolete (PF_INET,SOCK_PACKET) [ 65.594403][ T5315] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 65.597830][ T5315] Bluetooth: hci1: Injecting HCI hardware error event [ 65.601002][ T5315] Bluetooth: hci1: hardware error 0x00 [ 65.991860][ T6756] binder: BINDER_SET_CONTEXT_MGR already set [ 65.994481][ T6756] binder: 6755:6756 ioctl 4018620d 2000000002c0 returned -16 [ 65.997935][ T6756] binder: 6755:6756 unknown command 0 [ 65.999686][ T6756] binder: 6755:6756 ioctl c0306201 2000000001c0 returned -22 [ 66.449082][ T6773] input: syz0 as /devices/virtual/input/input8 [ 66.497990][ T6777] netlink: 'syz.3.270': attribute type 27 has an invalid length. [ 66.566686][ T6777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.570601][ T6777] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.577780][ T6777] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 67.013711][ T6802] netlink: 'syz.3.279': attribute type 10 has an invalid length. [ 67.054400][ T6807] netlink: 44 bytes leftover after parsing attributes in process `syz.3.281'. [ 67.107222][ T40] kauditd_printk_skb: 82 callbacks suppressed [ 67.107233][ T40] audit: type=1400 audit(1753796932.846:338): avc: denied { call } for pid=6806 comm="syz.3.281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 67.115659][ T40] audit: type=1400 audit(1753796932.856:339): avc: denied { watch } for pid=6806 comm="syz.3.281" path="/70" dev="tmpfs" ino=366 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 67.124455][ T40] audit: type=1400 audit(1753796932.856:340): avc: denied { watch_sb watch_reads } for pid=6806 comm="syz.3.281" path="/70" dev="tmpfs" ino=366 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 67.155602][ T40] audit: type=1400 audit(1753796932.896:341): avc: denied { mount } for pid=6811 comm="syz.1.282" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 67.195970][ T6816] binder: 6814:6816 unknown command 0 [ 67.197871][ T6816] binder: 6814:6816 ioctl c0306201 2000000001c0 returned -22 [ 67.233038][ T40] audit: type=1400 audit(1753796932.966:342): avc: denied { read write } for pid=6818 comm="syz.0.286" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 67.243267][ T40] audit: type=1400 audit(1753796932.966:343): avc: denied { open } for pid=6818 comm="syz.0.286" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 67.371858][ T6834] FAULT_INJECTION: forcing a failure. [ 67.371858][ T6834] name failslab, interval 1, probability 0, space 0, times 0 [ 67.375947][ T6834] CPU: 2 UID: 0 PID: 6834 Comm: syz.1.291 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 67.375968][ T6834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.375977][ T6834] Call Trace: [ 67.375983][ T6834] [ 67.375990][ T6834] dump_stack_lvl+0x16c/0x1f0 [ 67.376033][ T6834] should_fail_ex+0x512/0x640 [ 67.376059][ T6834] ? fs_reclaim_acquire+0xae/0x150 [ 67.376080][ T6834] ? tomoyo_encode2+0x100/0x3e0 [ 67.376091][ T6834] should_failslab+0xc2/0x120 [ 67.376102][ T6834] __kmalloc_noprof+0xd2/0x510 [ 67.376112][ T6834] ? d_absolute_path+0x136/0x1a0 [ 67.376128][ T6834] tomoyo_encode2+0x100/0x3e0 [ 67.376140][ T6834] tomoyo_encode+0x29/0x50 [ 67.376150][ T6834] tomoyo_realpath_from_path+0x18f/0x6e0 [ 67.376165][ T6834] tomoyo_path_number_perm+0x245/0x580 [ 67.376180][ T6834] ? tomoyo_path_number_perm+0x237/0x580 [ 67.376197][ T6834] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 67.376213][ T6834] ? find_held_lock+0x2b/0x80 [ 67.376239][ T6834] ? find_held_lock+0x2b/0x80 [ 67.376252][ T6834] ? hook_file_ioctl_common+0x145/0x410 [ 67.376268][ T6834] ? __fget_files+0x20e/0x3c0 [ 67.376280][ T6834] security_file_ioctl+0x9b/0x240 [ 67.376292][ T6834] __x64_sys_ioctl+0xb7/0x210 [ 67.376307][ T6834] do_syscall_64+0xcd/0x4c0 [ 67.376321][ T6834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.376332][ T6834] RIP: 0033:0x7f6cf678e9a9 [ 67.376340][ T6834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.376350][ T6834] RSP: 002b:00007f6cf7580038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.376360][ T6834] RAX: ffffffffffffffda RBX: 00007f6cf69b5fa0 RCX: 00007f6cf678e9a9 [ 67.376366][ T6834] RDX: 0000200000000040 RSI: 0000000000004b72 RDI: 0000000000000003 [ 67.376372][ T6834] RBP: 00007f6cf7580090 R08: 0000000000000000 R09: 0000000000000000 [ 67.376378][ T6834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.376383][ T6834] R13: 0000000000000000 R14: 00007f6cf69b5fa0 R15: 00007ffdc9f161d8 [ 67.376396][ T6834] [ 67.376406][ T6834] ERROR: Out of memory at tomoyo_realpath_from_path. [ 67.571339][ T6846] binder: 6844:6846 unknown command 0 [ 67.575081][ T6846] binder: 6844:6846 ioctl c0306201 2000000001c0 returned -22 [ 67.666513][ T6850] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 67.674593][ T5315] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 67.681173][ T40] audit: type=1400 audit(1753796933.416:344): avc: denied { create } for pid=6849 comm="syz.2.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 67.700051][ T40] audit: type=1400 audit(1753796933.416:345): avc: denied { connect } for pid=6849 comm="syz.2.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 67.708014][ T40] audit: type=1400 audit(1753796933.416:346): avc: denied { write } for pid=6849 comm="syz.2.297" laddr=fe80::4c0a:7cff:fe45:bbd4 lport=1 faddr=ff02::1 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 67.718260][ T40] audit: type=1400 audit(1753796933.416:347): avc: denied { read } for pid=6849 comm="syz.2.297" laddr=fe80::4c0a:7cff:fe45:bbd4 lport=1 faddr=ff02::1 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 67.839558][ T6868] netlink: 'syz.2.302': attribute type 27 has an invalid length. [ 67.874134][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.877693][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.889947][ T1345] cfg80211: failed to load regulatory.db [ 67.935117][ T6875] binder: 6874:6875 unknown command 0 [ 67.936792][ T6875] binder: 6874:6875 ioctl c0306201 2000000001c0 returned -22 [ 67.964451][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.976644][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.029986][ T6868] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.034903][ T6868] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.038098][ T6868] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.041623][ T6868] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.108910][ T6871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.112298][ T6871] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.118681][ T6871] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 68.135835][ T1345] hid-generic 0005:0C45:0009.0004: unknown main item tag 0x0 [ 68.153560][ T1345] hid-generic 0005:0C45:0009.0004: hidraw1: BLUETOOTH HID v0.09 Device [syz0] on aa:aa:aa:aa:aa:aa [ 68.330239][ T6896] FAULT_INJECTION: forcing a failure. [ 68.330239][ T6896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 68.334669][ T6896] CPU: 3 UID: 0 PID: 6896 Comm: syz.0.312 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 68.334683][ T6896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.334689][ T6896] Call Trace: [ 68.334693][ T6896] [ 68.334697][ T6896] dump_stack_lvl+0x16c/0x1f0 [ 68.334726][ T6896] should_fail_ex+0x512/0x640 [ 68.334744][ T6896] _copy_to_user+0x32/0xd0 [ 68.334758][ T6896] simple_read_from_buffer+0xcb/0x170 [ 68.334776][ T6896] proc_fail_nth_read+0x197/0x270 [ 68.334787][ T6896] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 68.334799][ T6896] ? rw_verify_area+0xcf/0x680 [ 68.334813][ T6896] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 68.334823][ T6896] vfs_read+0x1e1/0xc60 [ 68.334841][ T6896] ? __pfx___mutex_lock+0x10/0x10 [ 68.334854][ T6896] ? __pfx_vfs_read+0x10/0x10 [ 68.334873][ T6896] ? __fget_files+0x20e/0x3c0 [ 68.334886][ T6896] ksys_read+0x12a/0x250 [ 68.334895][ T6896] ? __pfx_ksys_read+0x10/0x10 [ 68.334908][ T6896] do_syscall_64+0xcd/0x4c0 [ 68.334926][ T6896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.334937][ T6896] RIP: 0033:0x7fb4d798d3bc [ 68.334945][ T6896] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 68.334955][ T6896] RSP: 002b:00007fb4d8774030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 68.334965][ T6896] RAX: ffffffffffffffda RBX: 00007fb4d7bb5fa0 RCX: 00007fb4d798d3bc [ 68.334971][ T6896] RDX: 000000000000000f RSI: 00007fb4d87740a0 RDI: 0000000000000003 [ 68.334977][ T6896] RBP: 00007fb4d8774090 R08: 0000000000000000 R09: 0000000000000000 [ 68.334983][ T6896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.334988][ T6896] R13: 0000000000000000 R14: 00007fb4d7bb5fa0 R15: 00007ffefd672ed8 [ 68.335001][ T6896] [ 68.423800][ T6887] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 68.426804][ T6887] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 68.435286][ T6887] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 68.440672][ T6887] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 68.442530][ T6887] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 68.447681][ T6887] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 68.452674][ T6887] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 68.456570][ T6887] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 68.465337][ T6887] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 68.589549][ T6917] syz_tun: entered allmulticast mode [ 68.595001][ T6916] syz_tun: left allmulticast mode [ 68.611736][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.315'. [ 68.615753][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.315'. [ 68.676722][ T6930] Cannot find set identified by id 2 to match [ 68.968260][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.328'. [ 68.971284][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.328'. [ 70.474929][ T5964] Bluetooth: hci3: command 0x0405 tx timeout [ 70.475067][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 70.476904][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 70.643187][ T53] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 70.692060][ T7049] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.816636][ T53] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 70.820237][ T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.824386][ T53] usb 7-1: Product: syz [ 70.826100][ T53] usb 7-1: Manufacturer: syz [ 70.828010][ T53] usb 7-1: SerialNumber: syz [ 70.838132][ T53] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 70.894565][ T53] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 71.025185][ T7056] netlink: 'syz.0.364': attribute type 10 has an invalid length. [ 71.028452][ T7056] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 71.032614][ T7056] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 71.118662][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.121651][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.384100][ T5998] usb 7-1: USB disconnect, device number 2 [ 71.411034][ T7075] FAULT_INJECTION: forcing a failure. [ 71.411034][ T7075] name failslab, interval 1, probability 0, space 0, times 0 [ 71.416575][ T7075] CPU: 3 UID: 0 PID: 7075 Comm: syz.3.370 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 71.416599][ T7075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.416610][ T7075] Call Trace: [ 71.416615][ T7075] [ 71.416622][ T7075] dump_stack_lvl+0x16c/0x1f0 [ 71.416668][ T7075] should_fail_ex+0x512/0x640 [ 71.416694][ T7075] ? fs_reclaim_acquire+0xae/0x150 [ 71.416717][ T7075] ? tomoyo_encode2+0x100/0x3e0 [ 71.416734][ T7075] should_failslab+0xc2/0x120 [ 71.416753][ T7075] __kmalloc_noprof+0xd2/0x510 [ 71.416769][ T7075] ? d_absolute_path+0x136/0x1a0 [ 71.416797][ T7075] tomoyo_encode2+0x100/0x3e0 [ 71.416817][ T7075] tomoyo_encode+0x29/0x50 [ 71.416831][ T7075] tomoyo_realpath_from_path+0x18f/0x6e0 [ 71.416856][ T7075] tomoyo_path_number_perm+0x245/0x580 [ 71.416882][ T7075] ? tomoyo_path_number_perm+0x237/0x580 [ 71.416911][ T7075] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 71.416939][ T7075] ? find_held_lock+0x2b/0x80 [ 71.416989][ T7075] ? find_held_lock+0x2b/0x80 [ 71.417010][ T7075] ? hook_file_ioctl_common+0x145/0x410 [ 71.417038][ T7075] ? __fget_files+0x20e/0x3c0 [ 71.417060][ T7075] security_file_ioctl+0x9b/0x240 [ 71.417080][ T7075] __x64_sys_ioctl+0xb7/0x210 [ 71.417106][ T7075] do_syscall_64+0xcd/0x4c0 [ 71.417129][ T7075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.417146][ T7075] RIP: 0033:0x7f7c6e38e9a9 [ 71.417160][ T7075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.417176][ T7075] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.417192][ T7075] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 71.417203][ T7075] RDX: 0000200000000180 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 71.417213][ T7075] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 71.417223][ T7075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.417232][ T7075] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 71.417256][ T7075] [ 71.417273][ T7075] ERROR: Out of memory at tomoyo_realpath_from_path. [ 71.914656][ T53] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 71.930005][ T53] ath9k_htc: Failed to initialize the device [ 71.933064][ T5998] usb 7-1: ath9k_htc: USB layer deinitialized [ 72.220471][ T40] kauditd_printk_skb: 66 callbacks suppressed [ 72.220485][ T40] audit: type=1400 audit(1753796937.956:414): avc: denied { unmount } for pid=5959 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 72.439616][ T7136] binder: 7134:7136 unknown command 0 [ 72.441578][ T7136] binder: 7134:7136 ioctl c0306201 2000000001c0 returned -22 [ 72.472263][ T5315] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 72.475195][ T5315] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 72.478116][ T5315] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 72.481383][ T5315] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 72.549972][ T40] audit: type=1400 audit(1753796938.286:415): avc: denied { connect } for pid=7146 comm="syz.2.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 72.560405][ T5964] Bluetooth: hci3: command 0x0405 tx timeout [ 72.560469][ T5315] Bluetooth: hci2: command 0x0c1a tx timeout [ 72.562701][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 72.760931][ T7163] binder: 7162:7163 unknown command 0 [ 72.763168][ T7163] binder: 7162:7163 ioctl c0306201 2000000001c0 returned -22 [ 72.848440][ T7173] FAULT_INJECTION: forcing a failure. [ 72.848440][ T7173] name failslab, interval 1, probability 0, space 0, times 0 [ 72.852408][ T7173] CPU: 0 UID: 0 PID: 7173 Comm: syz.3.407 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 72.852422][ T7173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.852428][ T7173] Call Trace: [ 72.852433][ T7173] [ 72.852437][ T7173] dump_stack_lvl+0x16c/0x1f0 [ 72.852472][ T7173] should_fail_ex+0x512/0x640 [ 72.852504][ T7173] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 72.852523][ T7173] should_failslab+0xc2/0x120 [ 72.852534][ T7173] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 72.852550][ T7173] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 72.852565][ T7173] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 72.852579][ T7173] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 72.852596][ T7173] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 72.852615][ T7173] mmu_topup_memory_caches+0x25/0x170 [ 72.852631][ T7173] kvm_mmu_load+0xd9/0x22a0 [ 72.852648][ T7173] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 72.852659][ T7173] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 72.852671][ T7173] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 72.852684][ T7173] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 72.852696][ T7173] ? __pfx_kvm_mmu_load+0x10/0x10 [ 72.852708][ T7173] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 72.852724][ T7173] ? kvm_check_and_inject_events+0x71c/0x1310 [ 72.852740][ T7173] vcpu_run+0x34eb/0x5500 [ 72.852765][ T7173] ? kvm_mmu_post_init_vm+0x269/0x370 [ 72.852781][ T7173] ? __lock_acquire+0xb8a/0x1c90 [ 72.852796][ T7173] ? __pfx_vcpu_run+0x10/0x10 [ 72.852811][ T7173] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 72.852823][ T7173] ? __local_bh_enable_ip+0xa4/0x120 [ 72.852840][ T7173] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 72.852852][ T7173] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 72.852869][ T7173] kvm_vcpu_ioctl+0x5eb/0x1690 [ 72.852884][ T7173] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 72.852898][ T7173] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 72.852915][ T7173] ? do_vfs_ioctl+0x128/0x14f0 [ 72.852930][ T7173] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 72.852944][ T7173] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 72.852960][ T7173] ? hook_file_ioctl_common+0x145/0x410 [ 72.852978][ T7173] ? selinux_file_ioctl+0x180/0x270 [ 72.852987][ T7173] ? selinux_file_ioctl+0xb4/0x270 [ 72.852998][ T7173] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 72.853012][ T7173] __x64_sys_ioctl+0x18b/0x210 [ 72.853028][ T7173] do_syscall_64+0xcd/0x4c0 [ 72.853042][ T7173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.853052][ T7173] RIP: 0033:0x7f7c6e38e9a9 [ 72.853061][ T7173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.853071][ T7173] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.853086][ T7173] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 72.853092][ T7173] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 72.853098][ T7173] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 72.853104][ T7173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 72.853109][ T7173] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 72.853122][ T7173] [ 73.099597][ T7184] netlink: 'syz.3.411': attribute type 7 has an invalid length. [ 73.103666][ T40] audit: type=1400 audit(1753796938.846:416): avc: denied { create } for pid=7183 comm="syz.3.411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 73.105800][ T838] IPVS: starting estimator thread 0... [ 73.110287][ T40] audit: type=1400 audit(1753796938.846:417): avc: denied { getopt } for pid=7183 comm="syz.3.411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 73.190752][ T40] audit: type=1400 audit(1753796938.926:418): avc: denied { create } for pid=7195 comm="syz.3.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 73.199291][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.211031][ T40] audit: type=1400 audit(1753796938.936:419): avc: denied { ioctl } for pid=7195 comm="syz.3.414" path="socket:[21636]" dev="sockfs" ino=21636 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 73.213074][ T7187] IPVS: using max 42 ests per chain, 100800 per kthread [ 73.359829][ T40] audit: type=1400 audit(1753796939.096:420): avc: denied { execute_no_trans } for pid=7200 comm="syz.0.415" path="/84/file2" dev="tmpfs" ino=457 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 73.450341][ T40] audit: type=1400 audit(1753796939.186:421): avc: denied { write } for pid=7205 comm="syz.1.417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 73.473157][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.476470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.702345][ T40] audit: type=1400 audit(1753796939.436:422): avc: denied { bind } for pid=7208 comm="syz.1.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 73.751958][ T40] audit: type=1400 audit(1753796939.486:423): avc: denied { mount } for pid=7215 comm="syz.2.421" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 73.778400][ T7218] FAULT_INJECTION: forcing a failure. [ 73.778400][ T7218] name failslab, interval 1, probability 0, space 0, times 0 [ 73.783256][ T7218] CPU: 3 UID: 0 PID: 7218 Comm: syz.0.422 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 73.783279][ T7218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.783290][ T7218] Call Trace: [ 73.783296][ T7218] [ 73.783302][ T7218] dump_stack_lvl+0x16c/0x1f0 [ 73.783338][ T7218] should_fail_ex+0x512/0x640 [ 73.783364][ T7218] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 73.783394][ T7218] should_failslab+0xc2/0x120 [ 73.783413][ T7218] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 73.783462][ T7218] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 73.783488][ T7218] ? __lock_acquire+0xb8a/0x1c90 [ 73.783505][ T7218] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 73.783536][ T7218] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 73.783569][ T7218] mmu_topup_memory_caches+0x25/0x170 [ 73.783594][ T7218] kvm_mmu_load+0xd9/0x22a0 [ 73.783617][ T7218] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 73.783635][ T7218] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 73.783653][ T7218] ? vmx_get_rflags+0x100/0x420 [ 73.783675][ T7218] ? kvm_apic_accept_pic_intr+0xe8/0x1a0 [ 73.783698][ T7218] ? __pfx_kvm_mmu_load+0x10/0x10 [ 73.783718][ T7218] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 73.783746][ T7218] ? kvm_check_and_inject_events+0x71c/0x1310 [ 73.783775][ T7218] vcpu_run+0x34eb/0x5500 [ 73.783794][ T7218] ? kvm_mmu_post_init_vm+0x269/0x370 [ 73.783821][ T7218] ? __lock_acquire+0xb8a/0x1c90 [ 73.783845][ T7218] ? __pfx_vcpu_run+0x10/0x10 [ 73.783871][ T7218] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 73.783892][ T7218] ? __local_bh_enable_ip+0xa4/0x120 [ 73.783920][ T7218] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 73.783941][ T7218] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 73.783977][ T7218] kvm_vcpu_ioctl+0x5eb/0x1690 [ 73.784003][ T7218] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 73.784026][ T7218] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 73.784050][ T7218] ? do_vfs_ioctl+0x128/0x14f0 [ 73.784076][ T7218] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 73.784099][ T7218] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 73.784128][ T7218] ? hook_file_ioctl_common+0x145/0x410 [ 73.784158][ T7218] ? selinux_file_ioctl+0x180/0x270 [ 73.784175][ T7218] ? selinux_file_ioctl+0xb4/0x270 [ 73.784194][ T7218] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 73.784218][ T7218] __x64_sys_ioctl+0x18b/0x210 [ 73.784245][ T7218] do_syscall_64+0xcd/0x4c0 [ 73.784270][ T7218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.784288][ T7218] RIP: 0033:0x7fb4d798e9a9 [ 73.784302][ T7218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.784318][ T7218] RSP: 002b:00007fb4d8774038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.784335][ T7218] RAX: ffffffffffffffda RBX: 00007fb4d7bb5fa0 RCX: 00007fb4d798e9a9 [ 73.784346][ T7218] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 73.784356][ T7218] RBP: 00007fb4d8774090 R08: 0000000000000000 R09: 0000000000000000 [ 73.784366][ T7218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 73.784375][ T7218] R13: 0000000000000000 R14: 00007fb4d7bb5fa0 R15: 00007ffefd672ed8 [ 73.784400][ T7218] [ 74.314796][ T7258] binder: 7257:7258 unknown command 0 [ 74.316834][ T7258] binder: 7257:7258 ioctl c0306201 2000000001c0 returned -22 [ 74.585987][ T7277] binder: 7276:7277 unknown command 0 [ 74.588375][ T7277] binder: 7276:7277 ioctl c0306201 2000000001c0 returned -22 [ 74.642998][ T5957] Bluetooth: hci2: command 0x0c1a tx timeout [ 74.643017][ T5315] Bluetooth: hci0: command 0x0c1a tx timeout [ 74.644990][ T5957] Bluetooth: hci3: command 0x0405 tx timeout [ 74.973310][ T7302] binder: 7301:7302 unknown command 0 [ 74.975173][ T7302] binder: 7301:7302 ioctl c0306201 2000000001c0 returned -22 [ 75.083004][ T7309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.454'. [ 75.154307][ T7309] hsr_slave_1 (unregistering): left promiscuous mode [ 75.179010][ T7313] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=7313 comm=syz.0.456 [ 75.199033][ T7315] netlink: 'syz.3.457': attribute type 27 has an invalid length. [ 75.279194][ T7319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.282663][ T7319] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.287936][ T7319] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 75.701747][ T7339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.466'. [ 75.739066][ T7343] binder: 7342:7343 unknown command 0 [ 75.741253][ T7343] binder: 7342:7343 ioctl c0306201 2000000001c0 returned -22 [ 75.817211][ T7357] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 76.032982][ T53] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 76.196876][ T53] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 76.200318][ T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.204295][ T53] usb 8-1: Product: syz [ 76.205896][ T53] usb 8-1: Manufacturer: syz [ 76.207686][ T53] usb 8-1: SerialNumber: syz [ 76.214455][ T53] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 76.231202][ T29] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 76.270050][ T7375] ======================================================= [ 76.270050][ T7375] WARNING: The mand mount option has been deprecated and [ 76.270050][ T7375] and is ignored by this kernel. Remove the mand [ 76.270050][ T7375] option from the mount to silence this warning. [ 76.270050][ T7375] ======================================================= [ 76.286578][ T7375] devpts: Bad value for 'max' [ 76.332131][ T7380] binder: 7379:7380 unknown command 0 [ 76.334160][ T7380] binder: 7379:7380 ioctl c0306201 2000000001c0 returned -22 [ 76.473968][ T53] usb 8-1: USB disconnect, device number 3 [ 76.935437][ T7406] xt_hashlimit: size too large, truncated to 1048576 [ 76.990095][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.491'. [ 77.062211][ T7414] @: renamed from vlan0 [ 77.070243][ T5957] Bluetooth: hci3: unexpected event 0x01 length: 6 > 1 [ 77.104475][ T7418] binder: 7417:7418 ioctl 4018620d 0 returned -22 [ 77.112576][ T7418] binder: 7417:7418 unknown command 0 [ 77.115012][ T7418] binder: 7417:7418 ioctl c0306201 2000000001c0 returned -22 [ 77.169265][ T7425] netlink: 'syz.3.498': attribute type 27 has an invalid length. [ 77.224989][ T7425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.234860][ T7425] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.239883][ T7425] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 77.276278][ T29] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 77.279270][ T29] ath9k_htc: Failed to initialize the device [ 77.282733][ T53] usb 8-1: ath9k_htc: USB layer deinitialized [ 77.400852][ T7447] binder: 7446:7447 unknown command 0 [ 77.402582][ T7447] binder: 7446:7447 ioctl c0306201 2000000001c0 returned -22 [ 78.107018][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 78.107031][ T40] audit: type=1400 audit(1753796943.846:433): avc: denied { setopt } for pid=7467 comm="syz.1.513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 78.117119][ T40] audit: type=1400 audit(1753796943.846:434): avc: denied { bind } for pid=7470 comm="syz.0.514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 78.446557][ T7483] binder: BINDER_SET_CONTEXT_MGR already set [ 78.448572][ T7483] binder: 7482:7483 ioctl 4018620d 2000000002c0 returned -16 [ 78.855081][ T40] audit: type=1400 audit(1753796944.596:435): avc: denied { read write } for pid=7503 comm="syz.2.528" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 78.865473][ T40] audit: type=1400 audit(1753796944.596:436): avc: denied { open } for pid=7503 comm="syz.2.528" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 78.865698][ T7506] netlink: 16 bytes leftover after parsing attributes in process `syz.0.527'. [ 78.873870][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 78.881560][ T40] audit: type=1400 audit(1753796944.596:437): avc: denied { append } for pid=7503 comm="syz.2.528" name="renderD128" dev="devtmpfs" ino=634 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 78.890038][ T7511] FAULT_INJECTION: forcing a failure. [ 78.890038][ T7511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 78.897830][ T7511] CPU: 0 UID: 0 PID: 7511 Comm: syz.2.529 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 78.897849][ T7511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.897855][ T7511] Call Trace: [ 78.897859][ T7511] [ 78.897863][ T7511] dump_stack_lvl+0x16c/0x1f0 [ 78.897891][ T7511] should_fail_ex+0x512/0x640 [ 78.897909][ T7511] _copy_from_user+0x2e/0xd0 [ 78.897924][ T7511] vt_ioctl+0x42e/0x30a0 [ 78.897933][ T7511] ? lockdep_hardirqs_on+0x7c/0x110 [ 78.897947][ T7511] ? __pfx_vt_ioctl+0x10/0x10 [ 78.897960][ T7511] ? tomoyo_path_number_perm+0x18d/0x580 [ 78.897980][ T7511] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 78.897994][ T7511] ? tty_jobctrl_ioctl+0x152/0xe00 [ 78.898005][ T7511] ? __pfx_vt_ioctl+0x10/0x10 [ 78.898013][ T7511] tty_ioctl+0x65e/0x1640 [ 78.898027][ T7511] ? __pfx_tty_ioctl+0x10/0x10 [ 78.898040][ T7511] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 78.898056][ T7511] ? hook_file_ioctl_common+0x145/0x410 [ 78.898072][ T7511] ? selinux_file_ioctl+0x180/0x270 [ 78.898082][ T7511] ? selinux_file_ioctl+0xb4/0x270 [ 78.898093][ T7511] ? __pfx_tty_ioctl+0x10/0x10 [ 78.898106][ T7511] __x64_sys_ioctl+0x18b/0x210 [ 78.898122][ T7511] do_syscall_64+0xcd/0x4c0 [ 78.898136][ T7511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.898146][ T7511] RIP: 0033:0x7fc18378e9a9 [ 78.898155][ T7511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.898166][ T7511] RSP: 002b:00007fc1815f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.898180][ T7511] RAX: ffffffffffffffda RBX: 00007fc1839b5fa0 RCX: 00007fc18378e9a9 [ 78.898190][ T7511] RDX: 0000200000000040 RSI: 0000000000004b72 RDI: 0000000000000003 [ 78.898199][ T7511] RBP: 00007fc1815f6090 R08: 0000000000000000 R09: 0000000000000000 [ 78.898207][ T7511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.898217][ T7511] R13: 0000000000000000 R14: 00007fc1839b5fa0 R15: 00007fffd6f31678 [ 78.898239][ T7511] [ 79.135690][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.530'. [ 79.142361][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.530'. [ 79.672914][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 79.674517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.680547][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.683652][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.688253][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.913645][ T5957] Bluetooth: hci3: unexpected event for opcode 0x0406 [ 79.971043][ T40] audit: type=1400 audit(1753796945.706:438): avc: denied { create } for pid=7539 comm="syz.2.539" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 79.982501][ T40] audit: type=1400 audit(1753796945.706:439): avc: denied { write } for pid=7539 comm="syz.2.539" path="socket:[23375]" dev="sockfs" ino=23375 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 80.188837][ T40] audit: type=1400 audit(1753796945.926:440): avc: denied { create } for pid=7560 comm="syz.3.546" name="#d" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 80.195348][ T40] audit: type=1400 audit(1753796945.926:441): avc: denied { link } for pid=7560 comm="syz.3.546" name="#d" dev="tmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 80.202110][ T40] audit: type=1400 audit(1753796945.926:442): avc: denied { rename } for pid=7560 comm="syz.3.546" name="#e" dev="tmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 80.415425][ T7579] netlink: 'syz.1.553': attribute type 27 has an invalid length. [ 80.498333][ T7583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.501242][ T7583] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.510075][ T7583] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 80.851129][ T7602] netlink: 48 bytes leftover after parsing attributes in process `syz.0.561'. [ 80.912208][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.0.561'. [ 81.169038][ T7607] binder: 7606:7607 ioctl c0306201 0 returned -14 [ 81.177066][ T7607] binder: 7606:7607 unknown command 0 [ 81.181687][ T7607] binder: 7606:7607 ioctl c0306201 2000000001c0 returned -22 [ 81.518280][ T7571] Set syz1 is full, maxelem 65536 reached [ 81.646483][ T7625] FAULT_INJECTION: forcing a failure. [ 81.646483][ T7625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.650502][ T7625] CPU: 0 UID: 0 PID: 7625 Comm: syz.3.569 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 81.650516][ T7625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.650523][ T7625] Call Trace: [ 81.650527][ T7625] [ 81.650532][ T7625] dump_stack_lvl+0x16c/0x1f0 [ 81.650563][ T7625] should_fail_ex+0x512/0x640 [ 81.650583][ T7625] _copy_from_user+0x2e/0xd0 [ 81.650597][ T7625] do_hidp_sock_ioctl.constprop.0+0x367/0x510 [ 81.650611][ T7625] ? __pfx_do_hidp_sock_ioctl.constprop.0+0x10/0x10 [ 81.650637][ T7625] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 81.650652][ T7625] ? kasan_quarantine_put+0x10a/0x240 [ 81.650675][ T7625] ? tomoyo_path_number_perm+0x18d/0x580 [ 81.650695][ T7625] sock_do_ioctl+0x115/0x280 [ 81.650712][ T7625] ? __pfx_sock_do_ioctl+0x10/0x10 [ 81.650731][ T7625] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 81.650758][ T7625] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 81.650773][ T7625] sock_ioctl+0x227/0x6b0 [ 81.650783][ T7625] ? __pfx_sock_ioctl+0x10/0x10 [ 81.650792][ T7625] ? hook_file_ioctl_common+0x145/0x410 [ 81.650809][ T7625] ? selinux_file_ioctl+0x180/0x270 [ 81.650819][ T7625] ? selinux_file_ioctl+0xb4/0x270 [ 81.650829][ T7625] ? __pfx_sock_ioctl+0x10/0x10 [ 81.650839][ T7625] __x64_sys_ioctl+0x18b/0x210 [ 81.650855][ T7625] do_syscall_64+0xcd/0x4c0 [ 81.650869][ T7625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.650879][ T7625] RIP: 0033:0x7f7c6e38e9a9 [ 81.650888][ T7625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.650899][ T7625] RSP: 002b:00007f7c6f195038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.650909][ T7625] RAX: ffffffffffffffda RBX: 00007f7c6e5b6080 RCX: 00007f7c6e38e9a9 [ 81.650915][ T7625] RDX: 0000200000000280 RSI: 00000000400448c8 RDI: 0000000000000005 [ 81.650921][ T7625] RBP: 00007f7c6f195090 R08: 0000000000000000 R09: 0000000000000000 [ 81.650927][ T7625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.650932][ T7625] R13: 0000000000000000 R14: 00007f7c6e5b6080 R15: 00007ffccef105c8 [ 81.650945][ T7625] [ 82.184821][ T7646] binder: 7645:7646 unknown command 0 [ 82.186940][ T7646] binder: 7645:7646 ioctl c0306201 2000000001c0 returned -22 [ 82.238298][ T7648] batman_adv: batadv0: Adding interface: ipvlan2 [ 82.240569][ T7648] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.249891][ T7648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.254014][ T7648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.257831][ T7648] batman_adv: batadv0: Interface activated: ipvlan2 [ 82.347336][ T7642] Cannot find del_set index 4 as target [ 82.826189][ T7673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.586'. [ 83.078518][ T7680] netlink: 8 bytes leftover after parsing attributes in process `syz.0.589'. [ 83.441268][ T7703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.597'. [ 83.487192][ T7705] FAULT_INJECTION: forcing a failure. [ 83.487192][ T7705] name failslab, interval 1, probability 0, space 0, times 0 [ 83.490900][ T7705] CPU: 1 UID: 0 PID: 7705 Comm: syz.3.598 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 83.490915][ T7705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.490921][ T7705] Call Trace: [ 83.490925][ T7705] [ 83.490929][ T7705] dump_stack_lvl+0x16c/0x1f0 [ 83.490946][ T7705] should_fail_ex+0x512/0x640 [ 83.490959][ T7705] ? __kmalloc_noprof+0xbf/0x510 [ 83.490970][ T7705] ? video_usercopy+0x1a0/0x1720 [ 83.490983][ T7705] should_failslab+0xc2/0x120 [ 83.490994][ T7705] __kmalloc_noprof+0xd2/0x510 [ 83.491004][ T7705] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 83.491019][ T7705] video_usercopy+0x1a0/0x1720 [ 83.491032][ T7705] ? __pfx___video_do_ioctl+0x10/0x10 [ 83.491044][ T7705] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 83.491057][ T7705] ? __pfx_video_usercopy+0x10/0x10 [ 83.491078][ T7705] v4l2_ioctl+0x1bd/0x250 [ 83.491089][ T7705] ? __pfx_v4l2_ioctl+0x10/0x10 [ 83.491101][ T7705] __x64_sys_ioctl+0x18b/0x210 [ 83.491117][ T7705] do_syscall_64+0xcd/0x4c0 [ 83.491131][ T7705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.491141][ T7705] RIP: 0033:0x7f7c6e38e9a9 [ 83.491150][ T7705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.491161][ T7705] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.491170][ T7705] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 83.491177][ T7705] RDX: 0000200000000180 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 83.491183][ T7705] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 83.491189][ T7705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.491195][ T7705] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 83.491207][ T7705] [ 83.504353][ T7707] binder: 7706:7707 unknown command 0 [ 83.575150][ T7707] binder: 7706:7707 ioctl c0306201 2000000001c0 returned -22 [ 83.633487][ T7716] FAULT_INJECTION: forcing a failure. [ 83.633487][ T7716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.638811][ T7716] CPU: 1 UID: 0 PID: 7716 Comm: syz.2.603 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 83.638833][ T7716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.638842][ T7716] Call Trace: [ 83.638846][ T7716] [ 83.638850][ T7716] dump_stack_lvl+0x16c/0x1f0 [ 83.638881][ T7716] should_fail_ex+0x512/0x640 [ 83.638904][ T7716] _copy_from_user+0x2e/0xd0 [ 83.638926][ T7716] do_hidp_sock_ioctl.constprop.0+0x26e/0x510 [ 83.638944][ T7716] ? __pfx_do_hidp_sock_ioctl.constprop.0+0x10/0x10 [ 83.638978][ T7716] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 83.639000][ T7716] ? kasan_quarantine_put+0x10a/0x240 [ 83.639139][ T7716] ? tomoyo_path_number_perm+0x18d/0x580 [ 83.639168][ T7716] sock_do_ioctl+0x115/0x280 [ 83.639193][ T7716] ? __pfx_sock_do_ioctl+0x10/0x10 [ 83.639222][ T7716] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 83.639246][ T7716] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 83.639263][ T7716] sock_ioctl+0x227/0x6b0 [ 83.639278][ T7716] ? __pfx_sock_ioctl+0x10/0x10 [ 83.639291][ T7716] ? hook_file_ioctl_common+0x145/0x410 [ 83.639318][ T7716] ? selinux_file_ioctl+0x180/0x270 [ 83.639356][ T7716] ? selinux_file_ioctl+0xb4/0x270 [ 83.639375][ T7716] ? __pfx_sock_ioctl+0x10/0x10 [ 83.639390][ T7716] __x64_sys_ioctl+0x18b/0x210 [ 83.639413][ T7716] do_syscall_64+0xcd/0x4c0 [ 83.639435][ T7716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.639447][ T7716] RIP: 0033:0x7fc18378e9a9 [ 83.639460][ T7716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.639475][ T7716] RSP: 002b:00007fc1815f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.639490][ T7716] RAX: ffffffffffffffda RBX: 00007fc1839b5fa0 RCX: 00007fc18378e9a9 [ 83.639500][ T7716] RDX: 0000200000000240 RSI: 00000000800448d2 RDI: 0000000000000004 [ 83.639510][ T7716] RBP: 00007fc1815f6090 R08: 0000000000000000 R09: 0000000000000000 [ 83.639519][ T7716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.639528][ T7716] R13: 0000000000000000 R14: 00007fc1839b5fa0 R15: 00007fffd6f31678 [ 83.639544][ T7716] [ 83.919938][ T7729] netlink: 4 bytes leftover after parsing attributes in process `syz.2.608'. [ 83.994641][ T7729] hsr_slave_1 (unregistering): left promiscuous mode [ 84.240100][ T7732] Cannot find del_set index 4 as target [ 84.303608][ T7751] binder: 7749:7751 unknown command 0 [ 84.305389][ T7751] binder: 7749:7751 ioctl c0306201 2000000001c0 returned -22 [ 84.374871][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 84.374881][ T40] audit: type=1400 audit(1753796950.106:445): avc: denied { watch } for pid=7756 comm="syz.0.619" path="/148/file1" dev="tmpfs" ino=796 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 84.389923][ T7757] xt_l2tp: v2 doesn't support IP mode [ 84.424121][ T7765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.620'. [ 85.193635][ T5964] Bluetooth: hci3: command 0x0405 tx timeout [ 85.278239][ T7813] netlink: 'syz.1.640': attribute type 27 has an invalid length. [ 85.309068][ T7813] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 85.351483][ T7813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.355016][ T7813] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.361634][ T7813] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 85.597979][ T7828] FAULT_INJECTION: forcing a failure. [ 85.597979][ T7828] name failslab, interval 1, probability 0, space 0, times 0 [ 85.602411][ T7828] CPU: 2 UID: 0 PID: 7828 Comm: syz.1.646 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 85.602426][ T7828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.602433][ T7828] Call Trace: [ 85.602439][ T7828] [ 85.602445][ T7828] dump_stack_lvl+0x16c/0x1f0 [ 85.602482][ T7828] should_fail_ex+0x512/0x640 [ 85.602500][ T7828] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 85.602523][ T7828] should_failslab+0xc2/0x120 [ 85.602536][ T7828] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 85.602553][ T7828] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 85.602570][ T7828] ? __lock_acquire+0xb8a/0x1c90 [ 85.602581][ T7828] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 85.602600][ T7828] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 85.602622][ T7828] mmu_topup_memory_caches+0x25/0x170 [ 85.602639][ T7828] kvm_mmu_load+0xd9/0x22a0 [ 85.602654][ T7828] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 85.602666][ T7828] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 85.602678][ T7828] ? vmx_get_rflags+0x100/0x420 [ 85.602693][ T7828] ? kvm_apic_accept_pic_intr+0xe8/0x1a0 [ 85.602707][ T7828] ? __pfx_kvm_mmu_load+0x10/0x10 [ 85.602721][ T7828] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 85.602738][ T7828] ? kvm_check_and_inject_events+0x71c/0x1310 [ 85.602774][ T7828] vcpu_run+0x34eb/0x5500 [ 85.602788][ T7828] ? kvm_mmu_post_init_vm+0x269/0x370 [ 85.602805][ T7828] ? __lock_acquire+0xb8a/0x1c90 [ 85.602820][ T7828] ? __pfx_vcpu_run+0x10/0x10 [ 85.602836][ T7828] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 85.602851][ T7828] ? __local_bh_enable_ip+0xa4/0x120 [ 85.602869][ T7828] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 85.602883][ T7828] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 85.602916][ T7828] kvm_vcpu_ioctl+0x5eb/0x1690 [ 85.602933][ T7828] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 85.602948][ T7828] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 85.602963][ T7828] ? do_vfs_ioctl+0x128/0x14f0 [ 85.602980][ T7828] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 85.602995][ T7828] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 85.603014][ T7828] ? hook_file_ioctl_common+0x145/0x410 [ 85.603032][ T7828] ? selinux_file_ioctl+0x180/0x270 [ 85.603043][ T7828] ? selinux_file_ioctl+0xb4/0x270 [ 85.603055][ T7828] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 85.603071][ T7828] __x64_sys_ioctl+0x18b/0x210 [ 85.603088][ T7828] do_syscall_64+0xcd/0x4c0 [ 85.603103][ T7828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.603115][ T7828] RIP: 0033:0x7f6cf678e9a9 [ 85.603126][ T7828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.603138][ T7828] RSP: 002b:00007f6cf7580038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.603150][ T7828] RAX: ffffffffffffffda RBX: 00007f6cf69b5fa0 RCX: 00007f6cf678e9a9 [ 85.603157][ T7828] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 85.603164][ T7828] RBP: 00007f6cf7580090 R08: 0000000000000000 R09: 0000000000000000 [ 85.603171][ T7828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.603178][ T7828] R13: 0000000000000000 R14: 00007f6cf69b5fa0 R15: 00007ffdc9f161d8 [ 85.603194][ T7828] [ 85.866795][ T7843] binder: 7842:7843 ioctl 4018620d 0 returned -22 [ 85.869385][ T7843] binder: 7842:7843 unknown command 0 [ 85.871071][ T7843] binder: 7842:7843 ioctl c0306201 2000000001c0 returned -22 [ 85.951147][ T7848] netlink: 'syz.2.652': attribute type 27 has an invalid length. [ 86.006255][ T7848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.009769][ T7848] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.013909][ T7848] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 86.223018][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 86.279953][ T40] audit: type=1400 audit(1753796952.016:446): avc: denied { write } for pid=7859 comm="syz.3.656" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 86.287808][ T40] audit: type=1400 audit(1753796952.016:447): avc: denied { open } for pid=7859 comm="syz.3.656" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 86.292418][ T7860] netlink: 256 bytes leftover after parsing attributes in process `syz.3.656'. [ 86.295988][ T40] audit: type=1400 audit(1753796952.016:448): avc: denied { ioctl } for pid=7859 comm="syz.3.656" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 86.388768][ T9] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 86.392477][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 86.396543][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 86.399636][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 86.404522][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 86.412811][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.422726][ T9] usb 6-1: config 0 descriptor?? [ 86.627095][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.630649][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.633971][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.636949][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.639895][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.644971][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.647991][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.650770][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.653837][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.656567][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.871670][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.880276][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.884566][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.887836][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.891014][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.898714][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.901886][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.906005][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.909245][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.912348][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.915699][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.918697][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.921798][ T7889] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 86.925194][ T7889] binder: 7887:7889 ioctl 4018620d 200000000380 returned -1 [ 86.928356][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.931573][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.936015][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 86.951979][ T9] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 86.963400][ T9] usb 6-1: USB disconnect, device number 2 [ 86.991761][ T7893] fido_id[7893]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb6/report_descriptor': No such file or directory [ 87.065841][ T7904] netlink: 'syz.0.670': attribute type 27 has an invalid length. [ 87.115123][ T7904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.118514][ T7904] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.122450][ T7904] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 87.129191][ T7906] netlink: 'syz.1.671': attribute type 27 has an invalid length. [ 87.190699][ T7906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.194243][ T7906] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.200657][ T7906] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 87.282880][ T5957] Bluetooth: hci3: command 0x0405 tx timeout [ 87.316638][ T7916] FAULT_INJECTION: forcing a failure. [ 87.316638][ T7916] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.320652][ T7916] CPU: 2 UID: 0 PID: 7916 Comm: syz.2.675 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 87.320667][ T7916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.320673][ T7916] Call Trace: [ 87.320677][ T7916] [ 87.320681][ T7916] dump_stack_lvl+0x16c/0x1f0 [ 87.320710][ T7916] should_fail_ex+0x512/0x640 [ 87.320729][ T7916] _copy_from_user+0x2e/0xd0 [ 87.320743][ T7916] copy_msghdr_from_user+0x98/0x160 [ 87.320758][ T7916] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 87.320777][ T7916] ___sys_sendmsg+0xfe/0x1d0 [ 87.320791][ T7916] ? __pfx____sys_sendmsg+0x10/0x10 [ 87.320803][ T7916] ? __lock_acquire+0x622/0x1c90 [ 87.320829][ T7916] __sys_sendmsg+0x16d/0x220 [ 87.320843][ T7916] ? __pfx___sys_sendmsg+0x10/0x10 [ 87.320864][ T7916] do_syscall_64+0xcd/0x4c0 [ 87.320877][ T7916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.320888][ T7916] RIP: 0033:0x7fc18378e9a9 [ 87.320896][ T7916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.320906][ T7916] RSP: 002b:00007fc1815f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.320917][ T7916] RAX: ffffffffffffffda RBX: 00007fc1839b5fa0 RCX: 00007fc18378e9a9 [ 87.320923][ T7916] RDX: 0000000000000000 RSI: 0000200000001040 RDI: 0000000000000003 [ 87.320929][ T7916] RBP: 00007fc1815f6090 R08: 0000000000000000 R09: 0000000000000000 [ 87.320935][ T7916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.320941][ T7916] R13: 0000000000000000 R14: 00007fc1839b5fa0 R15: 00007fffd6f31678 [ 87.320953][ T7916] [ 87.493195][ T7924] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 87.497857][ T40] audit: type=1400 audit(1753796953.236:449): avc: denied { relabelto } for pid=7923 comm="syz.2.678" name="202" dev="tmpfs" ino=1051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 87.508578][ T40] audit: type=1400 audit(1753796953.236:450): avc: denied { associate } for pid=7923 comm="syz.2.678" name="202" dev="tmpfs" ino=1051 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crond_var_run_t:s0" [ 87.522132][ T40] audit: type=1400 audit(1753796953.236:451): avc: denied { add_name } for pid=7923 comm="syz.2.678" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 87.535435][ T40] audit: type=1400 audit(1753796953.236:452): avc: denied { create } for pid=7923 comm="syz.2.678" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 87.550637][ T40] audit: type=1400 audit(1753796953.236:453): avc: denied { associate } for pid=7923 comm="syz.2.678" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 87.557776][ T40] audit: type=1400 audit(1753796953.276:454): avc: denied { remove_name } for pid=5963 comm="syz-executor" name="file0" dev="tmpfs" ino=1056 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 87.703664][ T7938] netlink: 'syz.0.683': attribute type 27 has an invalid length. [ 87.770242][ T7938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.775880][ T7938] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.781883][ T7938] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 87.941621][ T7947] binder: 7946:7947 ioctl c0306201 0 returned -14 [ 87.944474][ T7947] binder: 7946:7947 unknown command 0 [ 87.946397][ T7947] binder: 7946:7947 ioctl c0306201 2000000001c0 returned -22 [ 88.026280][ T7955] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=296 sclass=netlink_xfrm_socket pid=7955 comm=syz.1.689 [ 88.122403][ T7962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.692'. [ 88.220211][ T7962] hsr_slave_1 (unregistering): left promiscuous mode [ 88.771129][ T5957] Bluetooth: hci2: unexpected event for opcode 0x0c03 [ 88.775758][ T8005] bridge_slave_0: left allmulticast mode [ 88.778097][ T8005] bridge_slave_0: left promiscuous mode [ 88.780568][ T8005] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.789429][ T8005] bridge_slave_1: left allmulticast mode [ 88.791832][ T8005] bridge_slave_1: left promiscuous mode [ 88.795606][ T8005] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.810550][ T8005] bond0: (slave bond_slave_0): Releasing backup interface [ 88.822131][ T8005] bond0: (slave bond_slave_1): Releasing backup interface [ 88.834338][ T8005] team0: Port device team_slave_0 removed [ 88.843694][ T8005] team0: Port device team_slave_1 removed [ 88.846618][ T8005] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.850893][ T8005] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.854272][ T8013] binder: 8012:8013 ioctl c0306201 0 returned -14 [ 88.854542][ T8013] binder: 8012:8013 unknown command 0 [ 88.854571][ T8013] binder: 8012:8013 ioctl c0306201 2000000001c0 returned -22 [ 88.958077][ T8022] netlink: 20 bytes leftover after parsing attributes in process `syz.2.714'. [ 89.377395][ T8051] netlink: 108 bytes leftover after parsing attributes in process `syz.0.725'. [ 89.381917][ T8051] netlink: 108 bytes leftover after parsing attributes in process `syz.0.725'. [ 89.386108][ T8051] netlink: 84 bytes leftover after parsing attributes in process `syz.0.725'. [ 89.445608][ T8060] binder: 8058:8060 unknown command 0 [ 89.447387][ T8060] binder: 8058:8060 ioctl c0306201 2000000001c0 returned -22 [ 89.515476][ T8065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.730'. [ 89.806915][ T8074] FAULT_INJECTION: forcing a failure. [ 89.806915][ T8074] name failslab, interval 1, probability 0, space 0, times 0 [ 89.812059][ T8074] CPU: 1 UID: 0 PID: 8074 Comm: syz.2.733 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 89.812083][ T8074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.812093][ T8074] Call Trace: [ 89.812099][ T8074] [ 89.812105][ T8074] dump_stack_lvl+0x16c/0x1f0 [ 89.812149][ T8074] should_fail_ex+0x512/0x640 [ 89.812173][ T8074] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 89.812203][ T8074] should_failslab+0xc2/0x120 [ 89.812220][ T8074] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 89.812245][ T8074] ? getname_flags.part.0+0x4c/0x550 [ 89.812271][ T8074] getname_flags.part.0+0x4c/0x550 [ 89.812296][ T8074] getname_flags+0x93/0xf0 [ 89.812311][ T8074] do_sys_openat2+0xb8/0x1d0 [ 89.812342][ T8074] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.812364][ T8074] ? __fget_files+0x20e/0x3c0 [ 89.812386][ T8074] __x64_sys_open+0x153/0x1e0 [ 89.812405][ T8074] ? __pfx___x64_sys_open+0x10/0x10 [ 89.812431][ T8074] ? rcu_is_watching+0x12/0xc0 [ 89.812455][ T8074] do_syscall_64+0xcd/0x4c0 [ 89.812477][ T8074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.812493][ T8074] RIP: 0033:0x7fc18378e9a9 [ 89.812505][ T8074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.812521][ T8074] RSP: 002b:00007fc1815d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 89.812536][ T8074] RAX: ffffffffffffffda RBX: 00007fc1839b6080 RCX: 00007fc18378e9a9 [ 89.812547][ T8074] RDX: 0000000000000000 RSI: 00000000000000f0 RDI: 00002000000001c0 [ 89.812557][ T8074] RBP: 00007fc1815d5090 R08: 0000000000000000 R09: 0000000000000000 [ 89.812566][ T8074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.812576][ T8074] R13: 0000000000000000 R14: 00007fc1839b6080 R15: 00007fffd6f31678 [ 89.812597][ T8074] [ 90.237535][ T8090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.740'. [ 90.241190][ T8090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.740'. [ 90.470487][ T8098] binder: 8097:8098 unknown command 0 [ 90.472365][ T8098] binder: 8097:8098 ioctl c0306201 2000000001c0 returned -22 [ 90.509779][ T8100] FAULT_INJECTION: forcing a failure. [ 90.509779][ T8100] name failslab, interval 1, probability 0, space 0, times 0 [ 90.514925][ T8100] CPU: 2 UID: 0 PID: 8100 Comm: syz.0.744 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 90.514948][ T8100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.514956][ T8100] Call Trace: [ 90.514961][ T8100] [ 90.514967][ T8100] dump_stack_lvl+0x16c/0x1f0 [ 90.514988][ T8100] should_fail_ex+0x512/0x640 [ 90.515003][ T8100] ? trace_contention_end+0xdd/0x130 [ 90.515021][ T8100] should_failslab+0xc2/0x120 [ 90.515039][ T8100] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 90.515065][ T8100] ? hci_sock_sendmsg+0xde2/0x25f0 [ 90.515086][ T8100] ? __alloc_skb+0x2b2/0x380 [ 90.515105][ T8100] ? __pfx___mutex_lock+0x10/0x10 [ 90.515127][ T8100] __alloc_skb+0x2b2/0x380 [ 90.515143][ T8100] ? __pfx___alloc_skb+0x10/0x10 [ 90.515171][ T8100] hci_sock_sendmsg+0x1a6f/0x25f0 [ 90.515197][ T8100] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 90.515221][ T8100] sock_write_iter+0x4ff/0x5b0 [ 90.515246][ T8100] ? __pfx_sock_write_iter+0x10/0x10 [ 90.515304][ T8100] ? bpf_lsm_file_permission+0x9/0x10 [ 90.515324][ T8100] ? security_file_permission+0x71/0x210 [ 90.515341][ T8100] ? rw_verify_area+0xcf/0x680 [ 90.515361][ T8100] vfs_write+0x6c7/0x1150 [ 90.515374][ T8100] ? __pfx_sock_write_iter+0x10/0x10 [ 90.515400][ T8100] ? __pfx_vfs_write+0x10/0x10 [ 90.515412][ T8100] ? find_held_lock+0x2b/0x80 [ 90.515449][ T8100] ksys_write+0x1f8/0x250 [ 90.515464][ T8100] ? __pfx_ksys_write+0x10/0x10 [ 90.515483][ T8100] do_syscall_64+0xcd/0x4c0 [ 90.515501][ T8100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.515516][ T8100] RIP: 0033:0x7fb4d798e9a9 [ 90.515531][ T8100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.515545][ T8100] RSP: 002b:00007fb4d8774038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 90.515561][ T8100] RAX: ffffffffffffffda RBX: 00007fb4d7bb5fa0 RCX: 00007fb4d798e9a9 [ 90.515571][ T8100] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004 [ 90.515579][ T8100] RBP: 00007fb4d8774090 R08: 0000000000000000 R09: 0000000000000000 [ 90.515587][ T8100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.515593][ T8100] R13: 0000000000000000 R14: 00007fb4d7bb5fa0 R15: 00007ffefd672ed8 [ 90.515606][ T8100] [ 90.515672][ T8100] Bluetooth: MGMT ver 1.23 [ 90.622645][ T8106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.745'. [ 90.678571][ T8112] netlink: 'syz.3.748': attribute type 27 has an invalid length. [ 90.718988][ T8112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.721720][ T8112] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.728712][ T8112] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 90.894217][ T8125] capability: warning: `syz.2.752' uses deprecated v2 capabilities in a way that may be insecure [ 90.957512][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 90.957522][ T40] audit: type=1400 audit(1753796956.696:463): avc: denied { read } for pid=8130 comm="syz.0.755" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 90.968425][ T8131] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1000 sclass=netlink_route_socket pid=8131 comm=syz.0.755 [ 90.988537][ T40] audit: type=1400 audit(1753796956.696:464): avc: denied { open } for pid=8130 comm="syz.0.755" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 91.067536][ T40] audit: type=1400 audit(1753796956.806:465): avc: denied { create } for pid=8139 comm="syz.3.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 91.078241][ T40] audit: type=1400 audit(1753796956.816:466): avc: denied { setopt } for pid=8139 comm="syz.3.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 91.146922][ T8141] delete_channel: no stack [ 91.227370][ T8158] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 91.230340][ T8158] binder: 8157:8158 ioctl 4018620d 200000000380 returned -1 [ 91.302286][ T8163] __nla_validate_parse: 2 callbacks suppressed [ 91.302297][ T8163] netlink: 14528 bytes leftover after parsing attributes in process `syz.1.766'. [ 91.309479][ T8163] FAULT_INJECTION: forcing a failure. [ 91.309479][ T8163] name failslab, interval 1, probability 0, space 0, times 0 [ 91.314818][ T8163] CPU: 2 UID: 0 PID: 8163 Comm: syz.1.766 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 91.314843][ T8163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.314854][ T8163] Call Trace: [ 91.314861][ T8163] [ 91.314867][ T8163] dump_stack_lvl+0x16c/0x1f0 [ 91.314909][ T8163] should_fail_ex+0x512/0x640 [ 91.314940][ T8163] should_failslab+0xc2/0x120 [ 91.314960][ T8163] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 91.314989][ T8163] ? skb_clone+0x190/0x3f0 [ 91.315015][ T8163] skb_clone+0x190/0x3f0 [ 91.315039][ T8163] netlink_deliver_tap+0xabd/0xd30 [ 91.315069][ T8163] netlink_unicast+0x702/0x850 [ 91.315097][ T8163] ? __pfx_netlink_unicast+0x10/0x10 [ 91.315131][ T8163] nlmsg_notify+0x1c6/0x220 [ 91.315160][ T8163] qdisc_notify.isra.0+0x225/0x3f0 [ 91.315182][ T8163] qdisc_graft+0xf69/0x17c0 [ 91.315208][ T8163] ? __pfx_qdisc_graft+0x10/0x10 [ 91.315235][ T8163] tc_get_qdisc+0x4d0/0x10d0 [ 91.315277][ T8163] ? __pfx_tc_get_qdisc+0x10/0x10 [ 91.315316][ T8163] ? __pfx_tc_get_qdisc+0x10/0x10 [ 91.315334][ T8163] rtnetlink_rcv_msg+0x3c6/0xe90 [ 91.315361][ T8163] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 91.315392][ T8163] ? ref_tracker_free+0x37c/0x830 [ 91.315418][ T8163] netlink_rcv_skb+0x155/0x420 [ 91.315444][ T8163] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 91.315468][ T8163] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 91.315502][ T8163] ? netlink_deliver_tap+0x1ae/0xd30 [ 91.315532][ T8163] netlink_unicast+0x58d/0x850 [ 91.315562][ T8163] ? __pfx_netlink_unicast+0x10/0x10 [ 91.315584][ T8163] ? __build_skb_around+0x278/0x3b0 [ 91.315608][ T8163] netlink_sendmsg+0x8d1/0xdd0 [ 91.315638][ T8163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.315674][ T8163] sock_write_iter+0x4ff/0x5b0 [ 91.315702][ T8163] ? __pfx_sock_write_iter+0x10/0x10 [ 91.315744][ T8163] ? bpf_lsm_file_permission+0x9/0x10 [ 91.315764][ T8163] ? security_file_permission+0x71/0x210 [ 91.315784][ T8163] ? rw_verify_area+0xcf/0x680 [ 91.315811][ T8163] vfs_write+0x6c7/0x1150 [ 91.315828][ T8163] ? __pfx_sock_write_iter+0x10/0x10 [ 91.315857][ T8163] ? __pfx_vfs_write+0x10/0x10 [ 91.315870][ T8163] ? find_held_lock+0x2b/0x80 [ 91.315911][ T8163] ksys_write+0x1f8/0x250 [ 91.315927][ T8163] ? __pfx_ksys_write+0x10/0x10 [ 91.315950][ T8163] do_syscall_64+0xcd/0x4c0 [ 91.315973][ T8163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.315990][ T8163] RIP: 0033:0x7f6cf678e9a9 [ 91.316005][ T8163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.316021][ T8163] RSP: 002b:00007f6cf7580038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 91.316038][ T8163] RAX: ffffffffffffffda RBX: 00007f6cf69b5fa0 RCX: 00007f6cf678e9a9 [ 91.316049][ T8163] RDX: 0000000000033fe0 RSI: 0000200000000000 RDI: 0000000000000004 [ 91.316059][ T8163] RBP: 00007f6cf7580090 R08: 0000000000000000 R09: 0000000000000000 [ 91.316070][ T8163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 91.316080][ T8163] R13: 0000000000000000 R14: 00007f6cf69b5fa0 R15: 00007ffdc9f161d8 [ 91.316104][ T8163] [ 91.439572][ C2] vkms_vblank_simulate: vblank timer overrun [ 91.497325][ T8166] netlink: 24 bytes leftover after parsing attributes in process `syz.2.767'. [ 91.546513][ T8166] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8166 comm=syz.2.767 [ 91.653906][ T40] audit: type=1400 audit(1753796957.396:467): avc: denied { execute } for pid=8177 comm="syz.0.772" path="/189/file0/cpu.stat" dev="overlay" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 91.740749][ T40] audit: type=1400 audit(1753796957.476:468): avc: denied { unmount } for pid=5951 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 91.760607][ T40] audit: type=1400 audit(1753796957.496:469): avc: denied { ioctl } for pid=8182 comm="syz.0.774" path="socket:[32468]" dev="sockfs" ino=32468 ioctlcmd=0xaece scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 91.761076][ T8183] tmpfs: Group quota inode hardlimit too large. [ 92.155868][ T40] audit: type=1400 audit(1753796957.896:470): avc: denied { create } for pid=8190 comm="syz.3.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 92.161723][ T40] audit: type=1400 audit(1753796957.896:471): avc: denied { bind } for pid=8190 comm="syz.3.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 92.210502][ T8197] netlink: 16 bytes leftover after parsing attributes in process `syz.2.778'. [ 92.291182][ T8206] netlink: 'syz.2.782': attribute type 27 has an invalid length. [ 92.303182][ T8208] binder: 8207:8208 ioctl c0306201 0 returned -14 [ 92.375140][ T8206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.377951][ T8206] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.381917][ T8206] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 92.397911][ T8213] qrtr: Invalid version 0 [ 92.415299][ T8216] FAULT_INJECTION: forcing a failure. [ 92.415299][ T8216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.420424][ T8216] CPU: 3 UID: 0 PID: 8216 Comm: syz.1.786 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 92.420448][ T8216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.420459][ T8216] Call Trace: [ 92.420466][ T8216] [ 92.420473][ T8216] dump_stack_lvl+0x16c/0x1f0 [ 92.420523][ T8216] should_fail_ex+0x512/0x640 [ 92.420552][ T8216] _copy_to_user+0x32/0xd0 [ 92.420577][ T8216] do_hidp_sock_ioctl.constprop.0+0x20e/0x510 [ 92.420600][ T8216] ? __pfx_do_hidp_sock_ioctl.constprop.0+0x10/0x10 [ 92.420641][ T8216] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 92.420663][ T8216] ? kasan_quarantine_put+0x10a/0x240 [ 92.420700][ T8216] ? tomoyo_path_number_perm+0x18d/0x580 [ 92.420732][ T8216] sock_do_ioctl+0x115/0x280 [ 92.420759][ T8216] ? __pfx_sock_do_ioctl+0x10/0x10 [ 92.420790][ T8216] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 92.420815][ T8216] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 92.420839][ T8216] sock_ioctl+0x227/0x6b0 [ 92.420856][ T8216] ? __pfx_sock_ioctl+0x10/0x10 [ 92.420870][ T8216] ? hook_file_ioctl_common+0x145/0x410 [ 92.420899][ T8216] ? selinux_file_ioctl+0x180/0x270 [ 92.420916][ T8216] ? selinux_file_ioctl+0xb4/0x270 [ 92.420934][ T8216] ? __pfx_sock_ioctl+0x10/0x10 [ 92.420952][ T8216] __x64_sys_ioctl+0x18b/0x210 [ 92.420977][ T8216] do_syscall_64+0xcd/0x4c0 [ 92.421000][ T8216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.421017][ T8216] RIP: 0033:0x7f6cf678e9a9 [ 92.421032][ T8216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.421049][ T8216] RSP: 002b:00007f6cf7580038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.421066][ T8216] RAX: ffffffffffffffda RBX: 00007f6cf69b5fa0 RCX: 00007f6cf678e9a9 [ 92.421076][ T8216] RDX: 0000200000000240 RSI: 00000000800448d2 RDI: 0000000000000004 [ 92.421087][ T8216] RBP: 00007f6cf7580090 R08: 0000000000000000 R09: 0000000000000000 [ 92.421097][ T8216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.421106][ T8216] R13: 0000000000000000 R14: 00007f6cf69b5fa0 R15: 00007ffdc9f161d8 [ 92.421129][ T8216] [ 92.545267][ T7403] IPVS: starting estimator thread 0... [ 92.612740][ T40] audit: type=1400 audit(1753796958.346:472): avc: denied { audit_control } for pid=8225 comm="syz.1.791" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 92.634411][ T8221] IPVS: using max 41 ests per chain, 98400 per kthread [ 92.646659][ T8230] FAULT_INJECTION: forcing a failure. [ 92.646659][ T8230] name failslab, interval 1, probability 0, space 0, times 0 [ 92.650633][ T8230] CPU: 2 UID: 0 PID: 8230 Comm: syz.3.792 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 92.650649][ T8230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.650656][ T8230] Call Trace: [ 92.650660][ T8230] [ 92.650665][ T8230] dump_stack_lvl+0x16c/0x1f0 [ 92.650682][ T8230] should_fail_ex+0x512/0x640 [ 92.650697][ T8230] should_failslab+0xc2/0x120 [ 92.650709][ T8230] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 92.650731][ T8230] ? __alloc_skb+0x2b2/0x380 [ 92.650745][ T8230] __alloc_skb+0x2b2/0x380 [ 92.650757][ T8230] ? __pfx___alloc_skb+0x10/0x10 [ 92.650774][ T8230] create_monitor_ctrl_open+0x178/0x780 [ 92.650789][ T8230] ? __pfx_create_monitor_ctrl_open+0x10/0x10 [ 92.650802][ T8230] ? asm_sysvec_kvm_posted_intr_ipi+0x12/0x20 [ 92.650814][ T8230] ? security_capable+0x7e/0x260 [ 92.650832][ T8230] hci_sock_ioctl+0x349/0x7d0 [ 92.650845][ T8230] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 92.650861][ T8230] sock_do_ioctl+0x115/0x280 [ 92.650877][ T8230] ? __pfx_sock_do_ioctl+0x10/0x10 [ 92.650896][ T8230] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 92.650912][ T8230] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 92.650926][ T8230] sock_ioctl+0x227/0x6b0 [ 92.650936][ T8230] ? __pfx_sock_ioctl+0x10/0x10 [ 92.650944][ T8230] ? hook_file_ioctl_common+0x145/0x410 [ 92.650961][ T8230] ? selinux_file_ioctl+0x180/0x270 [ 92.650971][ T8230] ? selinux_file_ioctl+0xb4/0x270 [ 92.650982][ T8230] ? __pfx_sock_ioctl+0x10/0x10 [ 92.650992][ T8230] __x64_sys_ioctl+0x18b/0x210 [ 92.651007][ T8230] do_syscall_64+0xcd/0x4c0 [ 92.651022][ T8230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.651032][ T8230] RIP: 0033:0x7f7c6e38e9a9 [ 92.651041][ T8230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.651051][ T8230] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.651061][ T8230] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 92.651068][ T8230] RDX: 0000200000000040 RSI: 00000000800448d4 RDI: 0000000000000004 [ 92.651074][ T8230] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 92.651080][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.651085][ T8230] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 92.651099][ T8230] [ 92.738844][ C2] vkms_vblank_simulate: vblank timer overrun [ 93.067539][ T8250] netlink: 'syz.2.798': attribute type 27 has an invalid length. [ 93.126151][ T8250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.129084][ T8250] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.134452][ T8250] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 93.253263][ T24] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 93.427997][ T24] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 93.431763][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.435433][ T24] usb 8-1: Product: syz [ 93.437184][ T24] usb 8-1: Manufacturer: syz [ 93.439191][ T24] usb 8-1: SerialNumber: syz [ 93.448603][ T24] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 93.465485][ T6296] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 93.581352][ T8269] FAULT_INJECTION: forcing a failure. [ 93.581352][ T8269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.594938][ T8269] CPU: 1 UID: 0 PID: 8269 Comm: syz.1.805 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 93.594963][ T8269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.594972][ T8269] Call Trace: [ 93.594977][ T8269] [ 93.594983][ T8269] dump_stack_lvl+0x16c/0x1f0 [ 93.595008][ T8269] should_fail_ex+0x512/0x640 [ 93.595033][ T8269] _copy_from_iter+0x29f/0x16f0 [ 93.595056][ T8269] ? __alloc_skb+0x200/0x380 [ 93.595077][ T8269] ? __pfx__copy_from_iter+0x10/0x10 [ 93.595097][ T8269] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 93.595119][ T8269] netlink_sendmsg+0x829/0xdd0 [ 93.595137][ T8269] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.595157][ T8269] ____sys_sendmsg+0xa95/0xc70 [ 93.595173][ T8269] ? copy_msghdr_from_user+0x10a/0x160 [ 93.595186][ T8269] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.595208][ T8269] ___sys_sendmsg+0x134/0x1d0 [ 93.595221][ T8269] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.595233][ T8269] ? __lock_acquire+0x622/0x1c90 [ 93.595291][ T8269] __sys_sendmsg+0x16d/0x220 [ 93.595306][ T8269] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.595328][ T8269] do_syscall_64+0xcd/0x4c0 [ 93.595342][ T8269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.595353][ T8269] RIP: 0033:0x7f6cf678e9a9 [ 93.595362][ T8269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.595373][ T8269] RSP: 002b:00007f6cf7580038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.595384][ T8269] RAX: ffffffffffffffda RBX: 00007f6cf69b5fa0 RCX: 00007f6cf678e9a9 [ 93.595390][ T8269] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 93.595396][ T8269] RBP: 00007f6cf7580090 R08: 0000000000000000 R09: 0000000000000000 [ 93.595402][ T8269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.595408][ T8269] R13: 0000000000000000 R14: 00007f6cf69b5fa0 R15: 00007ffdc9f161d8 [ 93.595420][ T8269] [ 93.678566][ T5986] usb 8-1: USB disconnect, device number 4 [ 93.887224][ T8283] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 93.890955][ T8283] binder: 8282:8283 ioctl 4018620d 200000000380 returned -1 [ 93.930145][ T8285] ubi31: attaching mtd0 [ 93.933726][ T8285] ubi31: scanning is finished [ 93.935300][ T8285] ubi31: empty MTD device detected [ 94.103093][ T8285] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 94.105676][ T8285] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 94.108568][ T8285] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 94.111740][ T8285] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 94.115033][ T8285] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 94.117895][ T8285] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 94.121165][ T8285] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1321742153 [ 94.124897][ T8285] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 94.129022][ T8295] ubi31: background thread "ubi_bgt31d" started, PID 8295 [ 94.129339][ T8286] ubi: mtd0 is already attached to ubi31 [ 94.275310][ T8307] binder: BINDER_SET_CONTEXT_MGR already set [ 94.277528][ T8307] binder: 8306:8307 ioctl 4018620d 2000000002c0 returned -16 [ 94.507144][ T8332] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 94.510206][ T8332] binder: 8331:8332 ioctl 4018620d 200000000380 returned -1 [ 94.553213][ T6296] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 94.559329][ T6296] ath9k_htc: Failed to initialize the device [ 94.569027][ T5986] usb 8-1: ath9k_htc: USB layer deinitialized [ 95.164505][ T8358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.833'. [ 95.220299][ T8358] hsr_slave_0 (unregistering): left promiscuous mode [ 95.237293][ T8360] netlink: 'syz.0.834': attribute type 27 has an invalid length. [ 95.265391][ T8361] netlink: 'syz.1.833': attribute type 10 has an invalid length. [ 95.317990][ T8360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.321963][ T8360] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.328676][ T8360] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 95.787327][ T8397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.847'. [ 95.832086][ T8404] netlink: 'syz.2.848': attribute type 21 has an invalid length. [ 95.884811][ T8407] syz.1.849 (8407) used greatest stack depth: 17752 bytes left [ 96.007683][ T8424] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'. [ 96.108758][ T8424] hsr_slave_1 (unregistering): left promiscuous mode [ 96.165618][ T7403] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 96.323139][ T7403] usb 6-1: Using ep0 maxpacket: 8 [ 96.325978][ T7403] usb 6-1: config 0 interface 0 has no altsetting 0 [ 96.328223][ T7403] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 96.331045][ T7403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.343485][ T7403] usb 6-1: config 0 descriptor?? [ 96.361992][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 96.362004][ T40] audit: type=1400 audit(1753796962.096:476): avc: denied { read } for pid=8439 comm="syz.2.861" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 96.371201][ T40] audit: type=1400 audit(1753796962.096:477): avc: denied { open } for pid=8439 comm="syz.2.861" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 96.371256][ T40] audit: type=1400 audit(1753796962.106:478): avc: denied { ioctl } for pid=8439 comm="syz.2.861" path="/dev/fb1" dev="devtmpfs" ino=640 ioctlcmd=0x4611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 96.427809][ T8444] netlink: 'syz.2.863': attribute type 27 has an invalid length. [ 96.486399][ T8444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.489209][ T8444] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.494365][ T8444] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 96.510301][ T8448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.865'. [ 96.551430][ T8448] hsr_slave_0 (unregistering): left promiscuous mode [ 96.567156][ T8449] netlink: 'syz.3.865': attribute type 10 has an invalid length. [ 96.627270][ T40] audit: type=1400 audit(1753796962.366:479): avc: denied { bind } for pid=8450 comm="syz.2.866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 96.634469][ T40] audit: type=1400 audit(1753796962.366:480): avc: denied { name_bind } for pid=8450 comm="syz.2.866" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 96.642276][ T40] audit: type=1400 audit(1753796962.366:481): avc: denied { node_bind } for pid=8450 comm="syz.2.866" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 96.756068][ T7403] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 96.847685][ T8456] binder: 8455:8456 unknown command 0 [ 96.849406][ T8456] binder: 8455:8456 ioctl c0306201 2000000001c0 returned -22 [ 96.956819][ T40] audit: type=1326 audit(1753796962.696:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8413 comm="syz.1.852" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cf678e9a9 code=0x0 [ 97.380131][ T8484] FAULT_INJECTION: forcing a failure. [ 97.380131][ T8484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.384969][ T8484] CPU: 0 UID: 0 PID: 8484 Comm: syz.3.879 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 97.384985][ T8484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.384992][ T8484] Call Trace: [ 97.384996][ T8484] [ 97.385001][ T8484] dump_stack_lvl+0x16c/0x1f0 [ 97.385031][ T8484] should_fail_ex+0x512/0x640 [ 97.385051][ T8484] _copy_from_user+0x2e/0xd0 [ 97.385066][ T8484] memdup_user+0x6b/0xe0 [ 97.385079][ T8484] con_font_op+0x5f0/0xf50 [ 97.385095][ T8484] ? __pfx_con_font_op+0x10/0x10 [ 97.385109][ T8484] ? __might_fault+0xe3/0x190 [ 97.385119][ T8484] ? __might_fault+0xe3/0x190 [ 97.385127][ T8484] ? __might_fault+0x13b/0x190 [ 97.385140][ T8484] vt_ioctl+0x48f/0x30a0 [ 97.385150][ T8484] ? lockdep_hardirqs_on+0x7c/0x110 [ 97.385164][ T8484] ? __pfx_vt_ioctl+0x10/0x10 [ 97.385176][ T8484] ? tomoyo_path_number_perm+0x18d/0x580 [ 97.385197][ T8484] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 97.385211][ T8484] ? tty_jobctrl_ioctl+0x152/0xe00 [ 97.385222][ T8484] ? __pfx_vt_ioctl+0x10/0x10 [ 97.385230][ T8484] tty_ioctl+0x65e/0x1640 [ 97.385245][ T8484] ? __pfx_tty_ioctl+0x10/0x10 [ 97.385258][ T8484] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 97.385274][ T8484] ? hook_file_ioctl_common+0x145/0x410 [ 97.385292][ T8484] ? selinux_file_ioctl+0x180/0x270 [ 97.385303][ T8484] ? selinux_file_ioctl+0xb4/0x270 [ 97.385313][ T8484] ? __pfx_tty_ioctl+0x10/0x10 [ 97.385327][ T8484] __x64_sys_ioctl+0x18b/0x210 [ 97.385343][ T8484] do_syscall_64+0xcd/0x4c0 [ 97.385357][ T8484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.385368][ T8484] RIP: 0033:0x7f7c6e38e9a9 [ 97.385377][ T8484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.385388][ T8484] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 97.385402][ T8484] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 97.385409][ T8484] RDX: 0000200000000040 RSI: 0000000000004b72 RDI: 0000000000000003 [ 97.385415][ T8484] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 97.385421][ T8484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.385427][ T8484] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 97.385439][ T8484] [ 97.806304][ T5957] Bluetooth: hci3: unexpected event for opcode 0x0406 [ 97.934692][ T40] audit: type=1400 audit(1753796963.676:483): avc: denied { ioctl } for pid=8519 comm="syz.3.892" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 97.978096][ T8527] SELinux: Context system_u:object_r:auth_cache_t:s0 is not valid (left unmapped). [ 97.985205][ T40] audit: type=1400 audit(1753796963.726:484): avc: denied { relabelto } for pid=8523 comm="syz.3.893" name="file0" dev="tmpfs" ino=1109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:auth_cache_t:s0" [ 97.994499][ T8529] netlink: 4 bytes leftover after parsing attributes in process `syz.0.891'. [ 97.997740][ T40] audit: type=1400 audit(1753796963.726:485): avc: denied { associate } for pid=8523 comm="syz.3.893" name="file0" dev="tmpfs" ino=1109 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:auth_cache_t:s0" [ 98.337695][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.903'. [ 98.411068][ T8554] hsr_slave_0 (unregistering): left promiscuous mode [ 98.673741][ T8568] binder: 8567:8568 ioctl 4018620d 0 returned -22 [ 98.865337][ T8582] batman_adv: batadv0: Adding interface: ipvlan2 [ 98.867433][ T8582] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.875870][ T8582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.879153][ T8582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.882262][ T8582] batman_adv: batadv0: Interface activated: ipvlan2 [ 98.948865][ T7403] usb 6-1: USB disconnect, device number 3 [ 98.981854][ T8589] 8021q: VLANs not supported on gre0 [ 99.376177][ T8622] netlink: 'syz.3.929': attribute type 27 has an invalid length. [ 99.479409][ T8629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.485838][ T8629] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.492531][ T8629] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.883258][ T8666] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 99.966710][ T8671] FAULT_INJECTION: forcing a failure. [ 99.966710][ T8671] name failslab, interval 1, probability 0, space 0, times 0 [ 99.972182][ T8671] CPU: 0 UID: 0 PID: 8671 Comm: syz.3.944 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 99.972206][ T8671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.972217][ T8671] Call Trace: [ 99.972224][ T8671] [ 99.972245][ T8671] dump_stack_lvl+0x16c/0x1f0 [ 99.972289][ T8671] should_fail_ex+0x512/0x640 [ 99.972315][ T8671] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 99.972347][ T8671] should_failslab+0xc2/0x120 [ 99.972367][ T8671] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 99.972399][ T8671] ? __asan_memcpy+0x3c/0x60 [ 99.972421][ T8671] ? alloc_pid+0xc7/0xbc0 [ 99.972445][ T8671] alloc_pid+0xc7/0xbc0 [ 99.972471][ T8671] copy_process+0x466f/0x7650 [ 99.972509][ T8671] ? __pfx_copy_process+0x10/0x10 [ 99.972534][ T8671] ? lockdep_init_map_type+0x5c/0x280 [ 99.972556][ T8671] ? lockdep_init_map_type+0x5c/0x280 [ 99.972572][ T8671] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 99.972600][ T8671] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 99.972621][ T8671] vhost_task_create+0x1d2/0x2e0 [ 99.972641][ T8671] ? __pfx_vhost_task_create+0x10/0x10 [ 99.972667][ T8671] ? __pfx_vhost_task_fn+0x10/0x10 [ 99.972698][ T8671] kvm_mmu_post_init_vm+0x1b7/0x370 [ 99.972725][ T8671] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 99.972760][ T8671] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 99.972790][ T8671] kvm_vcpu_ioctl+0x5eb/0x1690 [ 99.972816][ T8671] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 99.972837][ T8671] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 99.972861][ T8671] ? do_vfs_ioctl+0x128/0x14f0 [ 99.972887][ T8671] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 99.972910][ T8671] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 99.972939][ T8671] ? hook_file_ioctl_common+0x145/0x410 [ 99.972968][ T8671] ? selinux_file_ioctl+0x180/0x270 [ 99.972985][ T8671] ? selinux_file_ioctl+0xb4/0x270 [ 99.973020][ T8671] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 99.973045][ T8671] __x64_sys_ioctl+0x18b/0x210 [ 99.973071][ T8671] do_syscall_64+0xcd/0x4c0 [ 99.973096][ T8671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.973113][ T8671] RIP: 0033:0x7f7c6e38e9a9 [ 99.973128][ T8671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.973145][ T8671] RSP: 002b:00007f7c6f1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.973161][ T8671] RAX: ffffffffffffffda RBX: 00007f7c6e5b5fa0 RCX: 00007f7c6e38e9a9 [ 99.973173][ T8671] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 99.973183][ T8671] RBP: 00007f7c6f1b6090 R08: 0000000000000000 R09: 0000000000000000 [ 99.973193][ T8671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.973202][ T8671] R13: 0000000000000000 R14: 00007f7c6e5b5fa0 R15: 00007ffccef105c8 [ 99.973225][ T8671] [ 100.128912][ T8677] netlink: 'syz.1.946': attribute type 27 has an invalid length. [ 100.173401][ T8677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.176147][ T8677] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.180187][ T8677] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 100.440441][ T8698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.956'. [ 100.467937][ T8706] FAULT_INJECTION: forcing a failure. [ 100.467937][ T8706] name failslab, interval 1, probability 0, space 0, times 0 [ 100.472140][ T8706] CPU: 1 UID: 0 PID: 8706 Comm: syz.2.957 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 100.472154][ T8706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.472161][ T8706] Call Trace: [ 100.472166][ T8706] [ 100.472170][ T8706] dump_stack_lvl+0x16c/0x1f0 [ 100.472187][ T8706] should_fail_ex+0x512/0x640 [ 100.472203][ T8706] should_failslab+0xc2/0x120 [ 100.472215][ T8706] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 100.472244][ T8706] ? skb_clone+0x190/0x3f0 [ 100.472260][ T8706] skb_clone+0x190/0x3f0 [ 100.472273][ T8706] netlink_deliver_tap+0xabd/0xd30 [ 100.472291][ T8706] netlink_unicast+0x62f/0x850 [ 100.472309][ T8706] ? __pfx_netlink_unicast+0x10/0x10 [ 100.472328][ T8706] netlink_sendmsg+0x8d1/0xdd0 [ 100.472345][ T8706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.472365][ T8706] ____sys_sendmsg+0xa95/0xc70 [ 100.472385][ T8706] ? copy_msghdr_from_user+0x10a/0x160 [ 100.472398][ T8706] ? __pfx_____sys_sendmsg+0x10/0x10 [ 100.472420][ T8706] ___sys_sendmsg+0x134/0x1d0 [ 100.472433][ T8706] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.472445][ T8706] ? __lock_acquire+0x622/0x1c90 [ 100.472472][ T8706] __sys_sendmsg+0x16d/0x220 [ 100.472485][ T8706] ? __pfx___sys_sendmsg+0x10/0x10 [ 100.472507][ T8706] do_syscall_64+0xcd/0x4c0 [ 100.472521][ T8706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.472531][ T8706] RIP: 0033:0x7fc18378e9a9 [ 100.472540][ T8706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.472551][ T8706] RSP: 002b:00007fc1815f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.472561][ T8706] RAX: ffffffffffffffda RBX: 00007fc1839b5fa0 RCX: 00007fc18378e9a9 [ 100.472568][ T8706] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 100.472574][ T8706] RBP: 00007fc1815f6090 R08: 0000000000000000 R09: 0000000000000000 [ 100.472580][ T8706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.472585][ T8706] R13: 0000000000000000 R14: 00007fc1839b5fa0 R15: 00007fffd6f31678 [ 100.472598][ T8706] [ 100.572992][ T8709] netlink: 28 bytes leftover after parsing attributes in process `syz.3.958'. [ 100.630755][ T8717] netlink: 'syz.0.961': attribute type 27 has an invalid length. [ 100.660430][ T8717] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 100.685590][ T8717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.689660][ T8717] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.696543][ T8717] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 101.006674][ T8745] FAULT_INJECTION: forcing a failure. [ 101.006674][ T8745] name failslab, interval 1, probability 0, space 0, times 0 [ 101.010591][ T8745] CPU: 0 UID: 0 PID: 8745 Comm: syz.2.972 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 101.010606][ T8745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.010613][ T8745] Call Trace: [ 101.010617][ T8745] [ 101.010621][ T8745] dump_stack_lvl+0x16c/0x1f0 [ 101.010654][ T8745] should_fail_ex+0x512/0x640 [ 101.010670][ T8745] ? __kmalloc_noprof+0xbf/0x510 [ 101.010681][ T8745] ? bpf_test_init.isra.0+0x9e/0x140 [ 101.010694][ T8745] should_failslab+0xc2/0x120 [ 101.010705][ T8745] __kmalloc_noprof+0xd2/0x510 [ 101.010715][ T8745] ? __lock_acquire+0x622/0x1c90 [ 101.010728][ T8745] bpf_test_init.isra.0+0x9e/0x140 [ 101.010742][ T8745] bpf_prog_test_run_xdp+0x4f0/0x1590 [ 101.010761][ T8745] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 101.010777][ T8745] ? __might_fault+0x30/0x190 [ 101.010789][ T8745] ? fput+0x70/0xf0 [ 101.010801][ T8745] ? __bpf_prog_get+0x97/0x2a0 [ 101.010814][ T8745] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 101.010828][ T8745] __sys_bpf+0x1707/0x4ea0 [ 101.010845][ T8745] ? __pfx___sys_bpf+0x10/0x10 [ 101.010860][ T8745] ? ksys_write+0x190/0x250 [ 101.010871][ T8745] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 101.010892][ T8745] ? fput+0x70/0xf0 [ 101.010903][ T8745] ? ksys_write+0x1ac/0x250 [ 101.010912][ T8745] ? __pfx_ksys_write+0x10/0x10 [ 101.010924][ T8745] __x64_sys_bpf+0x78/0xc0 [ 101.010939][ T8745] ? lockdep_hardirqs_on+0x7c/0x110 [ 101.010951][ T8745] do_syscall_64+0xcd/0x4c0 [ 101.010965][ T8745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.010975][ T8745] RIP: 0033:0x7fc18378e9a9 [ 101.010984][ T8745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.010994][ T8745] RSP: 002b:00007fc1815f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 101.011008][ T8745] RAX: ffffffffffffffda RBX: 00007fc1839b5fa0 RCX: 00007fc18378e9a9 [ 101.011015][ T8745] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 101.011021][ T8745] RBP: 00007fc1815f6090 R08: 0000000000000000 R09: 0000000000000000 [ 101.011027][ T8745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.011033][ T8745] R13: 0000000000000000 R14: 00007fc1839b5fa0 R15: 00007fffd6f31678 [ 101.011046][ T8745] [ 101.211724][ T8753] syz.0.975: vmalloc error: size 8192, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 101.223695][ T8753] CPU: 1 UID: 0 PID: 8753 Comm: syz.0.975 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 101.223722][ T8753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.223734][ T8753] Call Trace: [ 101.223740][ T8753] [ 101.223747][ T8753] dump_stack_lvl+0x16c/0x1f0 [ 101.223774][ T8753] warn_alloc+0x248/0x3a0 [ 101.223805][ T8753] ? __pfx_warn_alloc+0x10/0x10 [ 101.223834][ T8753] ? alloc_pages_mpol+0x25a/0x550 [ 101.223856][ T8753] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 101.223876][ T8753] ? trace_kmalloc+0x2b/0xd0 [ 101.223903][ T8753] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 101.223938][ T8753] ? vhost_task_create+0x1d2/0x2e0 [ 101.223965][ T8753] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 101.223989][ T8753] ? __memcg_slab_post_alloc_hook+0x4a0/0x960 [ 101.224019][ T8753] ? vhost_task_create+0x1d2/0x2e0 [ 101.224038][ T8753] __vmalloc_node_noprof+0xad/0xf0 [ 101.224061][ T8753] ? vhost_task_create+0x1d2/0x2e0 [ 101.224082][ T8753] copy_process+0x2c70/0x7650 [ 101.224119][ T8753] ? __pfx_copy_process+0x10/0x10 [ 101.224147][ T8753] ? lockdep_init_map_type+0x5c/0x280 [ 101.224169][ T8753] ? lockdep_init_map_type+0x5c/0x280 [ 101.224188][ T8753] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 101.224216][ T8753] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 101.224238][ T8753] vhost_task_create+0x1d2/0x2e0 [ 101.224256][ T8753] ? __pfx_vhost_task_create+0x10/0x10 [ 101.224283][ T8753] ? __pfx_vhost_task_fn+0x10/0x10 [ 101.224316][ T8753] kvm_mmu_post_init_vm+0x1b7/0x370 [ 101.224342][ T8753] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 101.224365][ T8753] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 101.224393][ T8753] kvm_vcpu_ioctl+0x5eb/0x1690 [ 101.224419][ T8753] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 101.224443][ T8753] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 101.224467][ T8753] ? do_vfs_ioctl+0x128/0x14f0 [ 101.224491][ T8753] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 101.224515][ T8753] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 101.224545][ T8753] ? hook_file_ioctl_common+0x145/0x410 [ 101.224574][ T8753] ? selinux_file_ioctl+0x180/0x270 [ 101.224591][ T8753] ? selinux_file_ioctl+0xb4/0x270 [ 101.224611][ T8753] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 101.224639][ T8753] __x64_sys_ioctl+0x18b/0x210 [ 101.224666][ T8753] do_syscall_64+0xcd/0x4c0 [ 101.224690][ T8753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.224707][ T8753] RIP: 0033:0x7fb4d798e9a9 [ 101.224721][ T8753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.224737][ T8753] RSP: 002b:00007fb4d8774038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.224755][ T8753] RAX: ffffffffffffffda RBX: 00007fb4d7bb5fa0 RCX: 00007fb4d798e9a9 [ 101.224766][ T8753] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 101.224776][ T8753] RBP: 00007fb4d8774090 R08: 0000000000000000 R09: 0000000000000000 [ 101.224788][ T8753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 101.224798][ T8753] R13: 0000000000000000 R14: 00007fb4d7bb5fa0 R15: 00007ffefd672ed8 [ 101.224822][ T8753] [ 101.224828][ T8753] Mem-Info: [ 101.363928][ T8753] active_anon:21688 inactive_anon:0 isolated_anon:0 [ 101.363928][ T8753] active_file:3747 inactive_file:50860 isolated_file:0 [ 101.363928][ T8753] unevictable:1768 dirty:423 writeback:0 [ 101.363928][ T8753] slab_reclaimable:12036 slab_unreclaimable:70007 [ 101.363928][ T8753] mapped:34505 shmem:15324 pagetables:1210 [ 101.363928][ T8753] sec_pagetables:305 bounce:0 [ 101.363928][ T8753] kernel_misc_reclaimable:0 [ 101.363928][ T8753] free:440589 free_pcp:15088 free_cma:0 [ 101.382805][ T8753] Node 0 active_anon:88832kB inactive_anon:0kB active_file:14988kB inactive_file:203232kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:138004kB dirty:1688kB writeback:0kB shmem:59676kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12816kB pagetables:4748kB sec_pagetables:1220kB all_unreclaimable? no Balloon:0kB [ 101.397673][ T8753] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:212kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 101.407855][ T8753] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 101.419571][ T8753] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 101.421972][ T8753] Node 0 DMA32 free:135860kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:92676kB inactive_anon:0kB active_file:15360kB inactive_file:203232kB unevictable:3536kB writepending:1688kB present:2080628kB managed:1263964kB mlocked:0kB bounce:0kB free_pcp:43580kB local_pcp:7664kB free_cma:0kB [ 101.433441][ T8753] lowmem_reserve[]: 0 0 0 0 0 [ 101.435930][ T8753] Node 1 Normal free:1606572kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:4kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:15520kB local_pcp:5620kB free_cma:0kB [ 101.445907][ T8753] lowmem_reserve[]: 0 0 0 0 0 [ 101.448111][ T8753] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 101.455465][ T8753] Node 0 DMA32: 7*4kB (UE) 250*8kB (UE) 352*16kB (UE) 64*32kB (U) 93*64kB (UME) 19*128kB (UME) 6*256kB (UE) 15*512kB (UME) 7*1024kB (UE) 5*2048kB (UM) 20*4096kB (UM) = 126636kB [ 101.464691][ T8753] Node 1 Normal: 4*4kB (UME) 9*8kB (ME) 9*16kB (ME) 54*32kB (UME) 22*64kB (UME) 13*128kB (UME) 4*256kB (UE) 6*512kB (UME) 0*1024kB 2*2048kB (UM) 389*4096kB (M) = 1606568kB [ 101.471665][ T8753] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 101.476158][ T8753] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 101.480184][ T8753] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 101.484353][ T8753] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 101.488128][ T8753] 74094 total pagecache pages [ 101.490147][ T8753] 0 pages in swap cache [ 101.491886][ T8753] Free swap = 124996kB [ 101.493823][ T8753] Total swap = 124996kB [ 101.495691][ T8753] 1048443 pages RAM [ 101.497349][ T8753] 0 pages HighMem/MovableOnly [ 101.499359][ T8753] 283123 pages reserved [ 101.501139][ T8753] 0 pages cma reserved [ 101.651421][ T40] kauditd_printk_skb: 66 callbacks suppressed [ 101.651432][ T40] audit: type=1400 audit(1753796967.386:552): avc: denied { bind } for pid=8766 comm="syz.0.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 101.671074][ T40] audit: type=1400 audit(1753796967.396:553): avc: denied { name_bind } for pid=8766 comm="syz.0.981" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 101.693851][ T40] audit: type=1400 audit(1753796967.396:554): avc: denied { node_bind } for pid=8766 comm="syz.0.981" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 101.702183][ T40] audit: type=1400 audit(1753796967.396:555): avc: denied { write } for pid=8766 comm="syz.0.981" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 101.711292][ T40] audit: type=1400 audit(1753796967.396:556): avc: denied { connect } for pid=8766 comm="syz.0.981" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 101.722192][ T40] audit: type=1400 audit(1753796967.396:557): avc: denied { name_connect } for pid=8766 comm="syz.0.981" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 101.740190][ T40] audit: type=1400 audit(1753796967.476:558): avc: denied { mount } for pid=8770 comm="syz.2.982" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 101.762834][ T40] audit: type=1400 audit(1753796967.496:559): avc: denied { unmount } for pid=5963 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 101.775235][ T40] audit: type=1400 audit(1753796967.506:560): avc: denied { write } for pid=8774 comm="syz.1.984" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 101.965677][ T40] audit: type=1400 audit(1753796967.706:561): avc: denied { execmem } for pid=8781 comm="syz.0.988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 102.023753][ T7403] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 102.127802][ T8792] netlink: 'syz.0.991': attribute type 2 has an invalid length. [ 102.182890][ T7403] usb 6-1: Using ep0 maxpacket: 16 [ 102.186673][ T7403] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.190330][ T7403] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.196647][ T8799] netlink: 'syz.2.994': attribute type 17 has an invalid length. [ 102.196785][ T7403] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 102.199479][ T8799] netlink: 5 bytes leftover after parsing attributes in process `syz.2.994'. [ 102.210001][ T8799] macvtap0: entered allmulticast mode [ 102.212376][ T8799] veth0_macvtap: entered allmulticast mode [ 102.213450][ T7403] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 102.218699][ T7403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.218863][ T8799] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check. [ 102.234646][ T7403] usb 6-1: config 0 descriptor?? [ 102.580573][ T8829] binder: 8826:8829 unknown command 0 [ 102.582928][ T8829] binder: 8826:8829 ioctl c0306201 2000000001c0 returned -22 [ 102.645215][ T8775] random: crng reseeded on system resumption [ 102.668007][ T7403] input: HID 0955:7214 Haptics as /devices/virtual/input/input9 [ 102.712886][ T5986] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 102.723234][ T7403] shield 0003:0955:7214.0007: Registered Thunderstrike controller [ 102.726903][ T7403] shield 0003:0955:7214.0007: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 102.862888][ T5986] usb 7-1: Using ep0 maxpacket: 32 [ 102.866858][ T5986] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 102.868114][ T53] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 102.868231][ T9] usb 6-1: USB disconnect, device number 4 [ 102.872873][ T9] ------------[ cut here ]------------ [ 102.875461][ T53] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 102.876581][ T9] workqueue: work disable count underflowed [ 102.876631][ T9] WARNING: CPU: 0 PID: 9 at kernel/workqueue.c:4328 enable_work+0x2f8/0x340 [ 102.878956][ T53] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 102.879206][ T5986] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 102.879229][ T5986] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 102.879245][ T5986] usb 7-1: Product: syz [ 102.879258][ T5986] usb 7-1: Manufacturer: syz [ 102.879271][ T5986] usb 7-1: SerialNumber: syz [ 102.882966][ T9] Modules linked in: [ 102.882995][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 102.883017][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.883030][ T9] Workqueue: usb_hub_wq hub_event [ 102.883051][ T9] RIP: 0010:enable_work+0x2f8/0x340 [ 102.883615][ T5986] usb 7-1: config 0 descriptor?? [ 102.884250][ T8819] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 102.885869][ T53] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 102.886195][ T5986] hub 7-1:0.0: bad descriptor, ignoring hub [ 102.886220][ T5986] hub 7-1:0.0: probe with driver hub failed with error -5 [ 102.888649][ T9] Code: 89 ee e8 6b e6 37 00 45 84 ed 0f 85 29 fe ff ff e8 7d eb 37 00 c6 05 ae a9 0d 0f 01 90 48 c7 c7 c0 09 ac 8b e8 69 f2 f6 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 87 46 9d 00 e9 aa fe ff ff [ 102.939474][ T9] RSP: 0018:ffffc900000c73c8 EFLAGS: 00010086 [ 102.942032][ T9] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b01b8 [ 102.945429][ T9] RDX: ffff88801dab4880 RSI: ffffffff817b01c5 RDI: 0000000000000001 [ 102.948761][ T9] RBP: ffff888055682730 R08: 0000000000000001 R09: 0000000000000000 [ 102.952014][ T9] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92000018e7a [ 102.955255][ T9] R13: 0000000000000000 R14: ffff888055682728 R15: ffffffff8fe67420 [ 102.958385][ T9] FS: 0000000000000000(0000) GS:ffff8880d66f9000(0000) knlGS:0000000000000000 [ 102.962038][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.964691][ T9] CR2: 0000001b2fd0eff8 CR3: 00000000300bb000 CR4: 0000000000352ef0 [ 102.967876][ T9] Call Trace: [ 102.969240][ T9] [ 102.970443][ T9] ? __pfx_enable_work+0x10/0x10 [ 102.972461][ T9] ? __thermal_zone_cdev_unbind+0x6c/0x6a0 [ 102.974865][ T9] __cancel_work_sync+0xe7/0x130 [ 102.976836][ T9] thermal_zone_device_unregister+0x239/0x450 [ 102.978868][ T9] ? __pfx_shield_remove+0x10/0x10 [ 102.980505][ T9] power_supply_unregister+0x10a/0x150 [ 102.982694][ T9] shield_remove+0x75/0x130 [ 102.984372][ T9] ? __pfx_shield_remove+0x10/0x10 [ 102.986361][ T9] hid_device_remove+0xce/0x260 [ 102.988308][ T9] ? __pfx_hid_device_remove+0x10/0x10 [ 102.990529][ T9] device_remove+0xcb/0x170 [ 102.992425][ T9] device_release_driver_internal+0x44b/0x620 [ 102.994849][ T9] bus_remove_device+0x22f/0x420 [ 102.996862][ T9] device_del+0x396/0x9f0 [ 102.998593][ T9] ? __pfx_device_del+0x10/0x10 [ 103.000544][ T9] ? do_raw_spin_lock+0x12c/0x2b0 [ 103.002545][ T9] hid_destroy_device+0x19c/0x240 [ 103.004603][ T9] usbhid_disconnect+0xa0/0xe0 [ 103.006589][ T9] usb_unbind_interface+0x1da/0x9a0 [ 103.008728][ T9] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 103.011041][ T9] ? __pfx_usb_unbind_interface+0x10/0x10 [ 103.013451][ T9] device_remove+0x122/0x170 [ 103.015360][ T9] device_release_driver_internal+0x44b/0x620 [ 103.017887][ T9] bus_remove_device+0x22f/0x420 [ 103.019968][ T9] device_del+0x396/0x9f0 [ 103.021759][ T9] ? __pfx_device_del+0x10/0x10 [ 103.023782][ T9] ? kobject_put+0x210/0x5a0 [ 103.025703][ T9] usb_disable_device+0x355/0x7d0 [ 103.027757][ T9] usb_disconnect+0x2e1/0x9c0 [ 103.029724][ T9] hub_event+0x1c81/0x4fe0 [ 103.031671][ T9] ? __lock_acquire+0xb8a/0x1c90 [ 103.033651][ T9] ? __pfx_hub_event+0x10/0x10 [ 103.035179][ T9] ? debug_object_deactivate+0xc0/0x3a0 [ 103.037160][ T9] ? finish_task_switch.isra.0+0x221/0xc10 [ 103.039136][ T9] ? rcu_is_watching+0x12/0xc0 [ 103.041097][ T9] process_one_work+0x9cc/0x1b70 [ 103.043208][ T9] ? __pfx_process_one_work+0x10/0x10 [ 103.045394][ T9] ? assign_work+0x1a0/0x250 [ 103.047171][ T9] worker_thread+0x6c8/0xf10 [ 103.049142][ T9] ? __pfx_worker_thread+0x10/0x10 [ 103.051349][ T9] kthread+0x3c5/0x780 [ 103.053073][ T9] ? __pfx_kthread+0x10/0x10 [ 103.054974][ T9] ? rcu_is_watching+0x12/0xc0 [ 103.056973][ T9] ? __pfx_kthread+0x10/0x10 [ 103.058663][ T9] ret_from_fork+0x5d4/0x6f0 [ 103.060141][ T9] ? __pfx_kthread+0x10/0x10 [ 103.061789][ T9] ret_from_fork_asm+0x1a/0x30 [ 103.063324][ T9] [ 103.064319][ T9] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 103.066576][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 103.070081][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.074461][ T9] Workqueue: usb_hub_wq hub_event [ 103.076617][ T9] Call Trace: [ 103.078026][ T9] [ 103.079283][ T9] dump_stack_lvl+0x3d/0x1f0 [ 103.081204][ T9] panic+0x71c/0x800 [ 103.082851][ T9] ? __pfx_panic+0x10/0x10 [ 103.084808][ T9] ? show_trace_log_lvl+0x29b/0x3e0 [ 103.086717][ T9] ? check_panic_on_warn+0x1f/0xb0 [ 103.088283][ T9] ? enable_work+0x2f8/0x340 [ 103.089744][ T9] check_panic_on_warn+0xab/0xb0 [ 103.091702][ T9] __warn+0xf6/0x3c0 [ 103.093280][ T9] ? enable_work+0x2f8/0x340 [ 103.094779][ T9] report_bug+0x3c3/0x580 [ 103.096155][ T9] ? enable_work+0x2f8/0x340 [ 103.097572][ T9] handle_bug+0x184/0x210 [ 103.099202][ T9] exc_invalid_op+0x17/0x50 [ 103.100809][ T9] asm_exc_invalid_op+0x1a/0x20 [ 103.102387][ T9] RIP: 0010:enable_work+0x2f8/0x340 [ 103.103969][ T9] Code: 89 ee e8 6b e6 37 00 45 84 ed 0f 85 29 fe ff ff e8 7d eb 37 00 c6 05 ae a9 0d 0f 01 90 48 c7 c7 c0 09 ac 8b e8 69 f2 f6 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 87 46 9d 00 e9 aa fe ff ff [ 103.109687][ T9] RSP: 0018:ffffc900000c73c8 EFLAGS: 00010086 [ 103.111486][ T9] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b01b8 [ 103.113960][ T9] RDX: ffff88801dab4880 RSI: ffffffff817b01c5 RDI: 0000000000000001 [ 103.116319][ T9] RBP: ffff888055682730 R08: 0000000000000001 R09: 0000000000000000 [ 103.118663][ T9] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92000018e7a [ 103.121023][ T9] R13: 0000000000000000 R14: ffff888055682728 R15: ffffffff8fe67420 [ 103.123422][ T9] ? __warn_printk+0x198/0x350 [ 103.124913][ T9] ? __warn_printk+0x1a5/0x350 [ 103.126407][ T9] ? enable_work+0x2f7/0x340 [ 103.127831][ T9] ? __pfx_enable_work+0x10/0x10 [ 103.129345][ T9] ? __thermal_zone_cdev_unbind+0x6c/0x6a0 [ 103.131189][ T9] __cancel_work_sync+0xe7/0x130 [ 103.132788][ T9] thermal_zone_device_unregister+0x239/0x450 [ 103.134660][ T9] ? __pfx_shield_remove+0x10/0x10 [ 103.136228][ T9] power_supply_unregister+0x10a/0x150 [ 103.137909][ T9] shield_remove+0x75/0x130 [ 103.139311][ T9] ? __pfx_shield_remove+0x10/0x10 [ 103.140814][ T9] hid_device_remove+0xce/0x260 [ 103.142296][ T9] ? __pfx_hid_device_remove+0x10/0x10 [ 103.143955][ T9] device_remove+0xcb/0x170 [ 103.145364][ T9] device_release_driver_internal+0x44b/0x620 [ 103.147248][ T9] bus_remove_device+0x22f/0x420 [ 103.148753][ T9] device_del+0x396/0x9f0 [ 103.150094][ T9] ? __pfx_device_del+0x10/0x10 [ 103.151648][ T9] ? do_raw_spin_lock+0x12c/0x2b0 [ 103.153217][ T9] hid_destroy_device+0x19c/0x240 [ 103.154793][ T9] usbhid_disconnect+0xa0/0xe0 [ 103.156308][ T9] usb_unbind_interface+0x1da/0x9a0 [ 103.157944][ T9] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 103.159710][ T9] ? __pfx_usb_unbind_interface+0x10/0x10 [ 103.161489][ T9] device_remove+0x122/0x170 [ 103.162944][ T9] device_release_driver_internal+0x44b/0x620 [ 103.165049][ T9] bus_remove_device+0x22f/0x420 [ 103.166836][ T9] device_del+0x396/0x9f0 [ 103.168260][ T9] ? __pfx_device_del+0x10/0x10 [ 103.169799][ T9] ? kobject_put+0x210/0x5a0 [ 103.171544][ T9] usb_disable_device+0x355/0x7d0 [ 103.173380][ T9] usb_disconnect+0x2e1/0x9c0 [ 103.175071][ T9] hub_event+0x1c81/0x4fe0 [ 103.176588][ T9] ? __lock_acquire+0xb8a/0x1c90 [ 103.178109][ T9] ? __pfx_hub_event+0x10/0x10 [ 103.179796][ T9] ? debug_object_deactivate+0xc0/0x3a0 [ 103.181728][ T9] ? finish_task_switch.isra.0+0x221/0xc10 [ 103.183924][ T9] ? rcu_is_watching+0x12/0xc0 [ 103.185678][ T9] process_one_work+0x9cc/0x1b70 [ 103.187401][ T9] ? __pfx_process_one_work+0x10/0x10 [ 103.189274][ T9] ? assign_work+0x1a0/0x250 [ 103.190954][ T9] worker_thread+0x6c8/0xf10 [ 103.192744][ T9] ? __pfx_worker_thread+0x10/0x10 [ 103.194332][ T9] kthread+0x3c5/0x780 [ 103.195592][ T9] ? __pfx_kthread+0x10/0x10 [ 103.196996][ T9] ? rcu_is_watching+0x12/0xc0 [ 103.198443][ T9] ? __pfx_kthread+0x10/0x10 [ 103.199920][ T9] ret_from_fork+0x5d4/0x6f0 [ 103.201385][ T9] ? __pfx_kthread+0x10/0x10 [ 103.202830][ T9] ret_from_fork_asm+0x1a/0x30 [ 103.204321][ T9] [ 103.205998][ T9] Kernel Offset: disabled [ 103.207358][ T9] Rebooting in 86400 seconds.. VM DIAGNOSIS: 13:49:28 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=00000000000000c7 RCX=ffffffff819b9f22 RDX=ffff88801dab4880 RSI=ffffffff819b9f10 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc900000c6fd8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=1ffff92000018dfd R13=0000000000000000 R14=ffff8880218e0000 R15=ffffc900000c70a0 RIP=ffffffff819b9f12 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c01300 GS =0000 ffff8880d66f9000 ffffffff 00c01300 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2fd0eff8 CR3=00000000300bb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=00000000fffdf7f0 Opmask02=00000000ffff7fdf Opmask03=0000000000000840 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d7f59575d0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d7f595d4e0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff000000ff 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737122 7373737373737373 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4203437342034373 431e161e035c1810 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3132373a35353930 3a333030302f302e 303a312d362f312d 362f366273752f31 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 306e6f6d77682f30 5f656b6972747372 65646e7568742f79 6c707075735f7265 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 776f702f37303030 2e343132373a3535 39303a333030302f 302e303a312d362f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d7f500306e 6f6d77682f305f65 6b69727473726564 6e7568742f796c70 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000069 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8560d865 RDI=ffffffff9b0e1160 RBP=ffffffff9b0e1120 RSP=ffffc90000a6f5e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000069 R14=ffffffff9b0e1120 R15=ffffffff8560d800 RIP=ffffffff8560d88f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2fa18ff8 CR3=00000000504ff000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd6f31a00 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc183811d42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc183811d4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc183811d49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc183811d5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc183811de3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc183811ec1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000038 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000038 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000003f88c6f0c0 RBX=ffff88806a623a00 RCX=00000000000006e0 RDX=000000000000003f RSI=ffff88806a623a00 RDI=0000000000308f9f RBP=0000000000308f9f RSP=ffffc90000648ec8 R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000019 R15=ffff88806a627c80 RIP=ffffffff81685535 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fdb0e977300 ffffffff 00c00000 GS =0000 ffff8880d68f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f7c6e5802d8 CR3=000000003a668000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0003000000100008 0000000000000004 000c001a00100000 0014010000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000c000000080004 001c000e00000000 0000000000000000 03f1000000200000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00f0000000000b71 b000000000140000 001c0000000e0014 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4872ffffffff81f0 488dffffffff8b8c b4ce00000ea80300 000000000008ffff ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 89ca000003e60000 0008000400000008 0008000000140000 75680000757c0000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7590000075a40000 75b8000075cc0000 75e0000075f80000 760c000076240000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7638000076500000 76680000768c0000 76a0000076b80000 76dc000000120000 ZMM24=055638dd055638dd 055638dd055638dd 055638dd055638dd 055638dd055638dd 055638dd055638dd 055638dd055638dd 055638dd055638dd 055638dd055638dd ZMM25=b638ce0db638ce0d b638ce0db638ce0d b638ce0db638ce0d b638ce0db638ce0d b638ce0db638ce0d b638ce0db638ce0d b638ce0db638ce0d b638ce0db638ce0d ZMM26=2d7f8b392d7f8b39 2d7f8b392d7f8b39 2d7f8b392d7f8b39 2d7f8b392d7f8b39 2d7f8b392d7f8b39 2d7f8b392d7f8b39 2d7f8b392d7f8b39 2d7f8b392d7f8b39 ZMM27=071f56cb071f56cb 071f56cb071f56cb 071f56cb071f56cb 071f56cb071f56cb 071f56cb071f56cb 071f56cb071f56cb 071f56cb071f56cb 071f56cb071f56cb ZMM28=000001e0000001df 000001de000001dd 000001dc000001db 000001da000001d9 000001d8000001d7 000001d6000001d5 000001d4000001d3 000001d2000001d1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0e0900000e090000 0e0900000e090000 0e0900000e090000 0e0900000e090000 0e0900000e090000 0e0900000e090000 0e0900000e090000 0e0900000e090000 info registers vcpu 3 CPU#3 RAX=0000000000000007 RBX=0000000000000001 RCX=0000000000000002 RDX=0000000000000000 RSI=ffff88802c998af0 RDI=0000000000000007 RBP=ffff88802c998000 RSP=ffffc9000706f718 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000028 R11=0000000000000001 R12=ffff88802c998af0 R13=ffff88802c998b18 R14=0000000000000000 R15=ffffffff8e5c4e00 RIP=ffffffff819875e8 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f6cf75806c0 ffffffff 00c00000 GS =0000 ffff8880d69f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2fd08ff8 CR3=0000000054c21000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000002000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffefd673260 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4d7a11d42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4d7a11d4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4d7a11d49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4d7a11d5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4d7a11de3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4d7a11ec1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000