last executing test programs: 5.205379409s ago: executing program 0 (id=566): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b9040a1d08020a000000040000a118000200fec0000000000e1208000f0100810401a80016ea1f0006400303000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08002a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) (fail_nth: 1) 5.096005082s ago: executing program 0 (id=567): r0 = socket(0x27, 0x1, 0x2) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r1, 0x7a6, &(0x7f0000000040)={0x0, 0x0, 0x3}) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x8}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004890}, 0x4) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x0, 0x3}, 0x1}}, 0x10) setsockopt$ax25_int(r0, 0x101, 0x2, &(0x7f0000000040)=0xffffff7f, 0x4) 5.095327408s ago: executing program 0 (id=568): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = accept(r1, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)={0x28, 0x13, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid=0xffffffffffffffff}]}]}, 0x28}], 0x1}, 0x0) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$inet6_udplite(0x11, 0x2, 0x88) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$key(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 5.00290696s ago: executing program 0 (id=569): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000020"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) readv(r0, &(0x7f0000000740)=[{&(0x7f0000000140)=""/72, 0x48}, {&(0x7f0000000500)=""/216, 0xd8}, {&(0x7f0000000680)=""/162, 0xa2}, {&(0x7f00000002c0)=""/6, 0x6}, {&(0x7f0000000300)=""/25, 0x19}], 0x5) io_setup(0x2, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket(0x10, 0x4, 0x10000) pipe2(&(0x7f0000000000), 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c200000000000109022400010000000009040000010300000009210000000122"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff}) close(r4) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x2, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x100, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r6, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in=@dev={0xac, 0x14, 0x14, 0x40}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x0, 0x8, 0x8}, 0x48) 3.531885016s ago: executing program 2 (id=581): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x190) syz_emit_ethernet(0x7a, &(0x7f0000000280)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "dd690b", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100}}}}}}}, 0x0) 3.487529098s ago: executing program 2 (id=582): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = accept(r1, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)={0x28, 0x13, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid=0xffffffffffffffff}]}]}, 0x28}], 0x1}, 0x0) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$inet6_udplite(0x11, 0x2, 0x88) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$key(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 2.948287291s ago: executing program 3 (id=583): syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e"], 0x22) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2}) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x7) socket(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r2, 0x0, <r4=>0xffffffffffffffff, 0x1}) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6}) r6 = dup3(r1, r5, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa194f}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r7=>0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r7}) r8 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r8, 0x5, &(0x7f0000000240)='/de4\x12O\x8e\x9cv/q-\xa8\xb7t\xb5\xbe;\xe2\x028s;\xfa\xb7N\xd1\xdd\xfc\x1c2\xd7^\x82\xcfM\xab\xb8\xb7\x93\xce\xfc\xb8\xad@\xd2c6\x88\x16gX}\xa4\xceO\xf7a\xd7d\xb2\x89Q$\xbf\x98\xfa\x8b\xf1\xc7\xd5\x00\xcdi\x8aT\xfd|\xe0', 0x0, 0xffffffffffffffff) ioctl$IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x0) r9 = memfd_secret(0x0) r10 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r11 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r12=>0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r13=>0x0}) sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x2c, 0x1d, 0x1, 0x70bd2d, 0x0, {0x7, 0x0, 0x0, r13}, [@NDA_NH_ID={0x8, 0xd, 0x5}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x2c}}, 0x0) fcntl$dupfd(r10, 0x0, r9) 2.942296586s ago: executing program 2 (id=584): r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x2, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x2}]}}}]}, 0x3c}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f"], 0x3}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4ffe2, 0x0) listen(r0, 0x3) r4 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = socket(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000000), 0xc) sendto(r5, 0x0, 0x0, 0x0, &(0x7f0000000040)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80) 2.837787871s ago: executing program 1 (id=585): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)="01", 0x1}], 0x1) (fail_nth: 1) 2.788335073s ago: executing program 3 (id=586): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$ENABLE_STATS(0x20, &(0x7f00000002c0), 0x4) (async) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000180)={0x0, 0xfe84, &(0x7f0000000140)={&(0x7f0000000080)={0x44, r1, 0x207, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @random}]}, 0x44}}, 0x0) (async) syz_open_dev$sndmidi(&(0x7f0000000040), 0xca, 0x0) (async) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async) r3 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r3, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x2000) (async) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) (async) write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) (async) read$msr(r2, &(0x7f0000000500)=""/172, 0xac) (async) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r4, 0xc0bc5351, &(0x7f0000000440)={0x3, 0x2, 'client1\x00', 0x80000000, "c23d3a25ecf7f313", "c1858f5629ae05c8efde2e41d002d328e47a4ae3881f9caf2166e3398b644e58", 0x5, 0xa6cd}) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x105101, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000240000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4988a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f6324bb7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9226e3550ee5520211d9370175fba303f003073afd1ec9f7c6133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80eff7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc0584b8e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3789b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cd43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a0500200f314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263e44f59fae487c62c98a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c2e88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387f74d1ffbd1da497613174f76a656ba5bacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae01bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f009f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449ac59110500a09b75885cd79ba32776e4a511c8a4ad922b000000000002ef507ec6fc7f5dc431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc030000009443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477effff26af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8e45c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a36d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5f0436ead88d7acf0166dbd9f30a9b259c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c0057addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cfe9e2f505e833217557abb257d61a73a758543651b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d11c9b4be91c60932bae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3c99e3f1310d41ab328c1f351b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000fd267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a845e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd58023fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b152a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7000000000000000000d43d07d546acb7009c0c4f6e57b8577d2113bfca1939b9bf757265e175c1863a7c8d7640675830dc11d5d59546daf2385a7074f770c8333b21e2fb660141bc4f1ed45f703da6ac2557ab6952bd0c300000000000000000005b44bff4e3966fdfc9b720412bec09936b08e440c774e222dbd9a323a889f295e5d3bae64fc48ba123668e6a0be1e732aa5e2a0d4373a0b76d84f018d45bdf6f12d6d5d23a0331c3ae5e99a2bcdb52386135ea15890007e1cba5e52a04971139272012ae5542ba109a9d2f49798ce2fc6f639735e0222cd08075418239042bfe47c363973d3245ce507e838dfd90ae442a96fa1343029be56de31c2eff226c05f0ae3dbe2281e7bc02db39342d5b54ad3616733a5aa7753613423a0c4d2844a6e08fa5b76e18f7e24e967f6f83c546718d0f20959376427cdd449a4be3d75fd3e51e1b7f8690855af8eddbd3fd556b4460d0091e3623933f1a11db14aea54af6c49725bfa51fed222dc379995f48b1aab94441767c8bccbfd966d814715203bd8f549cd57d6a87295bf16aa25fb4e7fcaa8cec5e5c03b0095861bf2fed70ffb46bbb78ba90ca272ead9b3d2959fd9dbaabd1d51a60b474cef4c700faf718b810e4d3527a4663ee9fbc0000000000000000000000000000000000000000000000000061abf7a66b7b3f57ff830000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.636468959s ago: executing program 1 (id=587): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01010000009e2fb09d258cc9f2000013e36b08d954090000042b", @ANYRES32=r4, @ANYBLOB="04002a00050034007a000000"], 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0}) sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, r1, 0x2, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6f9, 0x21}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}]}, 0x38}}, 0x40884) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a00000000000000000000000000000500010073797a30000000003c000000090a000000000007000000000000000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000003c0000000e0a00000000000000000000000000000900020073797a32000000000900010073797a3000000000100003800c00008008000180040003"], 0xc0}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0000003b0007010000000000000000027c00000400000014000180060006008847000008001c"], 0x2c}}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000400)={'wpan1\x00', <r8=>0x0}) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), 0xffffffffffffffff) ioctl$SIOCX25SCALLUSERDATA(0xffffffffffffffff, 0x89e5, &(0x7f0000000480)={0x6c, "fee451ddb5180048f316e3433eda8be330b875116e922e9661224a394d950a707f86ebb709f593de26499003859ce2f8ff6f3658d11b20b3d7c3f7e100a35ebefe168613eea4a8112af68ea647c6bf25546210e1911c14fba212d4fd60d327f9f6ac2c83291875472df8784f4ac667852d977d6fdc986cfa51c93ab14030c599"}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000001500000008000300", @ANYRES32=r8, @ANYBLOB='\b\x00*'], 0x2c}}, 0x0) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r7, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r10, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x1) 2.636083628s ago: executing program 3 (id=588): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2}) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) socket(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, 0x0, 0x0, <r4=>0xffffffffffffffff, 0x1}) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6}) r6 = dup3(r1, r5, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa194f}) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r8=>0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r8}) r9 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r9, 0x5, &(0x7f0000000240)='/de4\x12O\x8e\x9cv/q-\xa8\xb7t\xb5\xbe;\xe2\x028s;\xfa\xb7N\xd1\xdd\xfc\x1c2\xd7^\x82\xcfM\xab\xb8\xb7\x93\xce\xfc\xb8\xad@\xd2c6\x88\x16gX}\xa4\xceO\xf7a\xd7d\xb2\x89Q$\xbf\x98\xfa\x8b\xf1\xc7\xd5\x00\xcdi\x8aT\xfd|\xe0', 0x0, 0xffffffffffffffff) ioctl$IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x0) r10 = memfd_secret(0x0) r11 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r12 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r13=>0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r14=>0x0}) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x2c, 0x1d, 0x1, 0x70bd2d, 0x0, {0x7, 0x0, 0x0, r14}, [@NDA_NH_ID={0x8, 0xd, 0x5}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x2c}}, 0x0) fcntl$dupfd(r11, 0x0, r10) 2.634390845s ago: executing program 1 (id=589): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0) recvmmsg(r2, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) (fail_nth: 1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9a7b87af", @ANYRES16=0x0, @ANYBLOB="010000000000000000001400000005000b00010000000800100001000000"], 0x24}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r4 = syz_io_uring_setup(0x5a8, &(0x7f0000000380)={0x0, 0x4, 0x10}, &(0x7f0000000340), &(0x7f00000002c0)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)}) io_uring_enter(r4, 0x567, 0x0, 0x0, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x20d302, 0x0, 0x0, 0x0, 0x45}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100)) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x29, 0x4, 0x7f, 0x1, 0xafc670265c93db6f, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0x8000, 0x9f6, 0xfffffffa}}) 2.564924069s ago: executing program 3 (id=590): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x4c}}, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0) recvmmsg(r2, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x41, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYRES16=r2, @ANYRESHEX=r3, @ANYRESHEX=r2], 0x24}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r4 = syz_io_uring_setup(0x800005a8, &(0x7f0000000400)={0x0, 0x4, 0x2, 0xffffffff}, &(0x7f0000000040), &(0x7f00000002c0)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)}) io_uring_enter(r4, 0x567, 0x0, 0x0, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x20d302, 0x0, 0x0, 0x0, 0x45}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100)) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x29, 0x4, 0x7f, 0x1, 0xafc670265c93db6f, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0x8000, 0x9f6, 0xfffffffa}}) 2.024045691s ago: executing program 2 (id=591): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000190001"], 0x54}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_vhci(&(0x7f0000005200)=ANY=[@ANYBLOB="040000472300000000"], 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f0000000580)=""/122, 0x0, 0x3000}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000ac0)={0x2, 0x0, [{0x1, 0x1000, &(0x7f0000000cc0)=""/4096}, {0x0, 0x5, &(0x7f0000000240)=""/5}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x10000000, '\x00', 0x0, 0x0, 0x8000, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182100", @ANYRES32=r3, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x9}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_vhci(&(0x7f0000002540)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_read_resolv_list_size={{0x9}, {0x5, 0x3}}}}, 0x8) gettid() inotify_init1(0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x30, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0x0]}]}, 0x30}}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000500)={0x0, @multicast1, @initdev}, &(0x7f00000006c0)=0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) 1.746751646s ago: executing program 0 (id=592): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) (fail_nth: 1) sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0) recvmmsg(r2, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) 1.271042638s ago: executing program 3 (id=593): socket$can_j1939(0x1d, 0x2, 0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_io_uring_setup(0x82e, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x4}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x8004, 0x8000, 0x18c0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000002}, 0x48) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x400000}, 0x1c) connect$inet6(r3, &(0x7f0000003e40)={0xa, 0x0, 0x0, @empty, 0xe0}, 0x1c) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRES32=r1], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x3, 0x0, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r5, &(0x7f0000000140), 0x208e24b) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) sendfile(r7, r5, 0x0, 0x7ffff000) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) 1.06650309s ago: executing program 1 (id=594): r0 = socket$nl_generic(0x10, 0x3, 0x10) stat(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket(0xa, 0x3, 0x9) getsockopt$bt_BT_SECURITY(r2, 0x29, 0x42, 0x0, 0x20000000) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00'}, 0x2c) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00'}) write(0xffffffffffffffff, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008009776b704000000000000850000003300000018110000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x62, 0x2}, @cond}) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x842b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x2250) mknod$loop(&(0x7f0000000040)='./file0\x00', 0xfff, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="000000004e7de000e90f00dbd6510102030109021200010000000009040000007a8ab9000419e4a8ade39bef855ad018327c70a2a9f38af488d501b13bde2617fd5c7987f984a74e70f254bbd9a0da1c2f8e49956bd44bec78bdba1d7b4693730aaf4c7d86cd538d500c7b05323d9953433525e02ed1da"], 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) bind(r7, &(0x7f0000000000)=@hci={0xa}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000980)={'wlan1\x00', <r8=>0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000001280)={0x44, r1, 0x81d, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {}, @device_b, @device_a, @random="b27bcb305b01"}, 0x0, @void}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4400}]}, 0x44}}, 0x0) 961.292079ms ago: executing program 2 (id=595): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r0 = getuid() getuid() r1 = getuid() getpgid(0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000000440)=ANY=[@ANYRESHEX=r1, @ANYBLOB="1d6b31046329b01768921007dd3220137ce65c7afdffffffffffffffd9daf0e9b4d0e33855698e74c9b9b71796", @ANYRES64=r0], 0x10}], 0x1, &(0x7f0000000280)=ANY=[], 0x7}, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001240)={0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x0, @void}, 0x10) inotify_init1(0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x2, &(0x7f0000000340)=ANY=[@ANYBLOB="1801001f99efe24f18f785004b64ffec850000006d000000670000000500000095741e1a17ef2e7e189959c180bf1fcba0d67a8084562751f740ff471e079d11dc84fb0f965bf9faff43ce5f559cfcf138a1f77392f80ccf3c6e7a9ce1ead62d683a0b0300000000000000732d60a1197b40af843fc770aca2c727609e4af3ed2685c9e31d731f0e830dc809c9b0e8944a50efa161cff944a28b02bf27e83b908774caeeb35c0b92e117ff35aba18777c3e1c8c6829cebd83d7beb62e537140307dc0154839d0391761e2f795b1a2e0dc6a8b97551b97c7f910a6c791a14e4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xfffffffffffffdbc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='net_dev_start_xmit\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mq_unlink(&(0x7f00000000c0)='\x00') ioctl$VIDIOC_S_TUNER(r4, 0x4054561e, &(0x7f0000000340)={0x0, "80b937610437579e8f437a0d708660470a2a1a6dd16c9b375b1b08e6fb4f9458", 0x0, 0x0, 0x4}) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) open(0x0, 0x480, 0x0) unshare(0x22020400) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IMADDTIMER(r6, 0x80044940, &(0x7f0000000080)=0x14) r7 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$IMADDTIMER(r6, 0x80044940, &(0x7f0000000040)=0x14) dup3(r7, r6, 0x0) socket$igmp6(0xa, 0x3, 0x2) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f00000002c0)={'syzkaller1\x00'}) 481.663117ms ago: executing program 3 (id=596): socket$nl_route(0x10, 0x3, 0x0) socket(0xa, 0x806, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x800}]}, 0x24}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r6=>0x0}) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r7, 0x89fb, &(0x7f0000000100)={'sit0\x00', &(0x7f00000000c0)={@loopback, @rand_addr=0x64010100, 0xf, 0x3}}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="110200000000000000003900000008000300", @ANYRES32=r6], 0x1c}}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000008c0)=ANY=[@ANYBLOB="88008000080211000001080211000000505050505050d0ffeb"], 0x28) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000980)={'wlan1\x00', <r10=>0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000001280)={0x3c, r9, 0x81d, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {}, @device_b, @device_a, @random="b27bcb305b01"}, 0x0, @void}}]}, 0x3c}}, 0x0) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) recvmsg(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0) r12 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r12, 0x84, 0x1f, 0x0, 0x0) sendmsg$nl_xfrm(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9801000016003d1d27bd7000000000fdffffffffffffff000080ffffe0000002fe8000000000000000aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1e00010000000000000000000000000000000033"], 0x1d8}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a00026e8937c40000000000000000"], 0x10}}, 0x0) r13 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r13, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000001000000000000000095", @ANYBLOB="c954ff8c17eacf8aedbe7e627d944c"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcf4}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='xprtrdma_post_linv_err\x00', r11}, 0x10) 351.677709ms ago: executing program 1 (id=597): socket$can_j1939(0x1d, 0x2, 0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_io_uring_setup(0x82e, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x4}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x8004, 0x8000, 0x18c0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000002}, 0x48) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x400000}, 0x1c) connect$inet6(r3, &(0x7f0000003e40)={0xa, 0x0, 0x0, @empty, 0xe0}, 0x1c) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRES32=r1], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x3, 0x0, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r5, &(0x7f0000000140), 0x208e24b) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) sendfile(r7, r5, 0x0, 0x7ffff000) (fail_nth: 1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) 26.674746ms ago: executing program 1 (id=598): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2}) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) socket(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r2, 0x0, <r4=>0xffffffffffffffff}) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6}) r6 = dup3(r1, r5, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa194f}) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r8=>0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r8}) r9 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r9, 0x5, &(0x7f0000000240)='/de4\x12O\x8e\x9cv/q-\xa8\xb7t\xb5\xbe;\xe2\x028s;\xfa\xb7N\xd1\xdd\xfc\x1c2\xd7^\x82\xcfM\xab\xb8\xb7\x93\xce\xfc\xb8\xad@\xd2c6\x88\x16gX}\xa4\xceO\xf7a\xd7d\xb2\x89Q$\xbf\x98\xfa\x8b\xf1\xc7\xd5\x00\xcdi\x8aT\xfd|\xe0', 0x0, 0xffffffffffffffff) ioctl$IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x0) r10 = memfd_secret(0x0) r11 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r12 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r13=>0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r14=>0x0}) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x2c, 0x1d, 0x1, 0x70bd2d, 0x0, {0x7, 0x0, 0x0, r14}, [@NDA_NH_ID={0x8, 0xd, 0x5}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x2c}}, 0x0) fcntl$dupfd(r11, 0x0, r10) 23.044576ms ago: executing program 0 (id=599): r0 = syz_io_uring_setup(0x2, &(0x7f0000000080)={0x0, 0x0, 0x40}, &(0x7f0000002500), &(0x7f0000002540)) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0}) r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00') fchown(r4, 0xffffffffffffffff, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r5, &(0x7f0000001e40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000240)=[@hoplimit={{0x14}}, @dontfrag={{0x14}}], 0x30}}], 0x1, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={<r6=>0x0, <r7=>0x0}) mq_timedreceive(r4, &(0x7f0000000340)=""/235, 0xeb, 0x6, &(0x7f0000000500)={r6, r7+60000000}) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r8, 0x800448f0, &(0x7f00000000c0)={0x0, 0x1, "a686cf"}) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) syz_open_dev$video4linux(&(0x7f0000000140), 0x1000, 0x400202) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x0, 0x10000}}, @TCA_TBF_RATE64={0xc, 0x4, 0xa92c8ccfe08dc33}]}}]}, 0x64}}, 0x0) r12 = socket(0x10, 0x803, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r12, &(0x7f0000000000)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r13, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYRES32=r14, @ANYBLOB="ba03d389e36d10e7f7a4049f6ec782cedda2140012410400000000000000805ab8e134"], 0x34}}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=@delqdisc={0x17c, 0x25, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r14, {0xfff3, 0x3}, {0x4, 0xa}, {0xffe0, 0xd}}, [@qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x7, "44c1b7c1ca8a127535a6cf2ed7caa1c1"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7fff}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x1000}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @TCA_STAB={0x7c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xa0, 0x5, 0x6, 0x1, 0x0, 0xf0000000, 0x4, 0x1}}, {0x6, 0x2, [0x4]}}, {{0x1c, 0x1, {0x4, 0xf, 0xf801, 0x3, 0x0, 0xbb2, 0x6, 0x5}}, {0xe, 0x2, [0x6, 0x3, 0x7a, 0x40, 0xfff]}}, {{0x1c, 0x1, {0x7, 0xcf, 0xb, 0x97d3, 0x0, 0x9, 0x9, 0x3}}, {0xa, 0x2, [0x1000, 0x9, 0x10]}}]}, @TCA_RATE={0x6, 0x5, {0x5, 0xd}}, @TCA_STAB={0x9c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xb, 0xa9, 0xf0bc, 0x10, 0x2, 0xde6, 0x1, 0x1}}, {0x6, 0x2, [0x7]}}, {{0x1c, 0x1, {0xd0, 0x2, 0x8, 0x6, 0x1, 0x58d1, 0x2, 0x1}}, {0x6, 0x2, [0xfffb]}}, {{0x1c, 0x1, {0x5, 0x2, 0x1ff, 0x2, 0x2, 0x1, 0x6ff, 0x3}}, {0xa, 0x2, [0x7, 0x8131, 0xe44f]}}, {{0x1c, 0x1, {0xef, 0xe, 0xf, 0x0, 0x160ced1d8589b869, 0x3d, 0x7, 0x3}}, {0xa, 0x2, [0xa, 0x1, 0xffff]}}]}]}, 0x17c}}, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000200), 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000000)=[0x4, 0x9], 0x2) 0s ago: executing program 2 (id=600): mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x17) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1}) mbind(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x0, 0x0, 0x3) (fail_nth: 1) kernel console output (not intermixed with test programs): 201] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.386543][ T5201] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.391722][ T5201] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 61.441161][ T5197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.462822][ T5203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.493915][ T5197] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.515101][ T824] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.518008][ T824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.523644][ T824] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.526391][ T824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.593606][ T5203] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.616153][ T5196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.622156][ T5199] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.625505][ T5199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.645011][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.648134][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.688357][ T5196] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.701028][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.703971][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.718113][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.721403][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.744834][ T5201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.799614][ T5196] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.826530][ T5201] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.838160][ T5240] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.841525][ T5240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.880440][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.883488][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.896830][ T5197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.978204][ T5197] veth0_vlan: entered promiscuous mode [ 61.983595][ T5196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.005296][ T5203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.035809][ T5197] veth1_vlan: entered promiscuous mode [ 62.082939][ T5197] veth0_macvtap: entered promiscuous mode [ 62.109607][ T5197] veth1_macvtap: entered promiscuous mode [ 62.121461][ T5203] veth0_vlan: entered promiscuous mode [ 62.133461][ T5203] veth1_vlan: entered promiscuous mode [ 62.141401][ T5196] veth0_vlan: entered promiscuous mode [ 62.150192][ T5196] veth1_vlan: entered promiscuous mode [ 62.168008][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.187329][ T5201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.198473][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.207468][ T5197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.211232][ T5197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.215582][ T5197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.219261][ T5197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.234322][ T5196] veth0_macvtap: entered promiscuous mode [ 62.241394][ T5196] veth1_macvtap: entered promiscuous mode [ 62.247791][ T5203] veth0_macvtap: entered promiscuous mode [ 62.253250][ T5203] veth1_macvtap: entered promiscuous mode [ 62.309458][ T5196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.314101][ T5196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.319164][ T5196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.325267][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.329661][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.334792][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.338618][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.343886][ T5203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.357937][ T5196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.363729][ T5196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.369742][ T5196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.382675][ T5196] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.387066][ T5196] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.390796][ T5196] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.394998][ T5196] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.400954][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.405304][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.408799][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.412905][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.418333][ T5203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.428782][ T5203] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.432386][ T5203] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.436137][ T5203] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.439599][ T5203] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.489235][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.493194][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.499454][ T5201] veth0_vlan: entered promiscuous mode [ 62.519095][ T5201] veth1_vlan: entered promiscuous mode [ 62.550443][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.554353][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.589571][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.593257][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.598548][ T5201] veth0_macvtap: entered promiscuous mode [ 62.623104][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.624056][ T5206] Bluetooth: hci0: command tx timeout [ 62.624270][ T4636] Bluetooth: hci1: command tx timeout [ 62.624302][ T4636] Bluetooth: hci3: command tx timeout [ 62.626659][ T5201] veth1_macvtap: entered promiscuous mode [ 62.631616][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.679256][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.683977][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.688068][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.692553][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.697315][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.701606][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.707308][ T5201] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.710999][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.714491][ T5206] Bluetooth: hci2: command tx timeout [ 62.717231][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.725209][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.729768][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.733536][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.737870][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.741756][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.745878][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.750825][ T5201] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.759227][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.761614][ T5201] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.761635][ T39] kauditd_printk_skb: 26 callbacks suppressed [ 62.761647][ T39] audit: type=1400 audit(1720870839.144:141): avc: denied { mounton } for pid=5196 comm="syz-executor" path="/syzkaller.cPJPy9/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 62.763311][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.767121][ T5201] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.788232][ T5201] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.791713][ T5201] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.859862][ T39] audit: type=1400 audit(1720870839.244:142): avc: denied { create } for pid=5266 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.871756][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.875308][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.922516][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.928688][ T39] audit: type=1400 audit(1720870839.304:143): avc: denied { create } for pid=5271 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 62.935970][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.938634][ T39] audit: type=1400 audit(1720870839.314:144): avc: denied { write } for pid=5271 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 63.013282][ T39] audit: type=1400 audit(1720870839.394:145): avc: denied { read } for pid=5266 comm="syz.2.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 63.023997][ T39] audit: type=1400 audit(1720870839.394:146): avc: denied { open } for pid=5266 comm="syz.2.3" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 63.314419][ T39] audit: type=1400 audit(1720870839.704:147): avc: denied { create } for pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 63.322729][ T39] audit: type=1400 audit(1720870839.704:148): avc: denied { bind } for pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 63.332962][ T39] audit: type=1400 audit(1720870839.704:149): avc: denied { setopt } for pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 63.341752][ T39] audit: type=1400 audit(1720870839.704:150): avc: denied { accept } for pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 63.697409][ T5302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8'. [ 63.721986][ T5302] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8'. [ 63.726617][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 63.738580][ T5302] geneve2: entered promiscuous mode [ 63.975056][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 64.382936][ T5308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10'. [ 64.409104][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 64.563504][ T5206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 64.569023][ T5206] CPU: 1 PID: 5206 Comm: kworker/u33:3 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 64.574112][ T5206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.578930][ T5206] Workqueue: hci1 hci_rx_work [ 64.581247][ T5206] Call Trace: [ 64.582764][ T5206] <TASK> [ 64.584074][ T5206] dump_stack_lvl+0x16c/0x1f0 [ 64.586173][ T5206] sysfs_warn_dup+0x7f/0xa0 [ 64.588341][ T5206] sysfs_create_dir_ns+0x24d/0x2b0 [ 64.590965][ T5206] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 64.593735][ T5206] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 64.596555][ T5206] ? do_raw_spin_unlock+0x172/0x230 [ 64.599114][ T5206] kobject_add_internal+0x2c8/0x990 [ 64.601561][ T5206] kobject_add+0x16f/0x240 [ 64.603350][ T5206] ? __pfx_kobject_add+0x10/0x10 [ 64.605696][ T5206] ? do_raw_spin_unlock+0x172/0x230 [ 64.608021][ T5206] ? kobject_put+0xbe/0x5b0 [ 64.610154][ T5206] device_add+0x289/0x1a70 [ 64.611850][ T5206] ? __pfx_dev_set_name+0x10/0x10 [ 64.613995][ T5206] ? __pfx_device_add+0x10/0x10 [ 64.616057][ T5206] ? mgmt_send_event_skb+0x2f0/0x460 [ 64.618663][ T5206] hci_conn_add_sysfs+0x17e/0x230 [ 64.621290][ T5206] le_conn_complete_evt+0x1078/0x1d80 [ 64.623685][ T5206] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 64.626352][ T5206] ? trace_contention_end+0xea/0x140 [ 64.628792][ T5206] ? __mutex_lock+0x1a6/0x9c0 [ 64.630960][ T5206] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 64.633649][ T5206] ? skb_pull_data+0x166/0x210 [ 64.635753][ T5206] hci_le_meta_evt+0x2e2/0x5d0 [ 64.637792][ T5206] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 64.640930][ T5206] hci_event_packet+0x664/0x1170 [ 64.643333][ T5206] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 64.645535][ T5206] ? __pfx_hci_event_packet+0x10/0x10 [ 64.648000][ T5206] ? mark_held_locks+0x9f/0xe0 [ 64.650062][ T5206] ? kcov_remote_start+0x3d1/0x6e0 [ 64.652263][ T5206] ? lockdep_hardirqs_on+0x7c/0x110 [ 64.654479][ T5206] hci_rx_work+0x2c4/0x1610 [ 64.656374][ T5206] process_one_work+0x9c5/0x1b40 [ 64.658349][ T5206] ? __pfx_lock_acquire+0x10/0x10 [ 64.660514][ T5206] ? __pfx_process_one_work+0x10/0x10 [ 64.662823][ T5206] ? assign_work+0x1a0/0x250 [ 64.664939][ T5206] worker_thread+0x6c8/0xf30 [ 64.666991][ T5206] ? __pfx_worker_thread+0x10/0x10 [ 64.669205][ T5206] kthread+0x2c1/0x3a0 [ 64.671059][ T5206] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.673286][ T5206] ? __pfx_kthread+0x10/0x10 [ 64.675642][ T5206] ret_from_fork+0x45/0x80 [ 64.677639][ T5206] ? __pfx_kthread+0x10/0x10 [ 64.679658][ T5206] ret_from_fork_asm+0x1a/0x30 [ 64.681617][ T5206] </TASK> [ 64.686827][ T5206] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 64.694273][ T5206] Bluetooth: hci1: failed to register connection device [ 64.703904][ T5213] Bluetooth: hci0: command tx timeout [ 64.715302][ T5213] Bluetooth: hci3: command tx timeout [ 64.715363][ T5206] Bluetooth: hci1: command tx timeout [ 64.774955][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 64.785797][ T5206] Bluetooth: hci2: command tx timeout [ 66.170351][ T5206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 66.175359][ T5206] CPU: 0 PID: 5206 Comm: kworker/u33:3 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 66.179866][ T5206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.184212][ T5206] Workqueue: hci3 hci_rx_work [ 66.186346][ T5206] Call Trace: [ 66.187591][ T5206] <TASK> [ 66.188702][ T5206] dump_stack_lvl+0x16c/0x1f0 [ 66.190808][ T5206] sysfs_warn_dup+0x7f/0xa0 [ 66.192533][ T5206] sysfs_create_dir_ns+0x24d/0x2b0 [ 66.194405][ T5206] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 66.196458][ T5206] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 66.198396][ T5206] ? do_raw_spin_unlock+0x172/0x230 [ 66.200625][ T5206] kobject_add_internal+0x2c8/0x990 [ 66.202837][ T5206] kobject_add+0x16f/0x240 [ 66.204697][ T5206] ? __pfx_kobject_add+0x10/0x10 [ 66.206689][ T5206] ? do_raw_spin_unlock+0x172/0x230 [ 66.208770][ T5206] ? kobject_put+0xbe/0x5b0 [ 66.210449][ T5206] device_add+0x289/0x1a70 [ 66.212377][ T5206] ? __pfx_dev_set_name+0x10/0x10 [ 66.214206][ T5206] ? __pfx_device_add+0x10/0x10 [ 66.216074][ T5206] ? mgmt_send_event_skb+0x2f0/0x460 [ 66.218349][ T5206] hci_conn_add_sysfs+0x17e/0x230 [ 66.220289][ T5206] le_conn_complete_evt+0x1078/0x1d80 [ 66.222176][ T5206] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 66.224591][ T5206] ? trace_contention_end+0xea/0x140 [ 66.226859][ T5206] ? __mutex_lock+0x1a6/0x9c0 [ 66.228796][ T5206] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 66.231200][ T5206] ? skb_pull_data+0x166/0x210 [ 66.232908][ T5206] hci_le_meta_evt+0x2e2/0x5d0 [ 66.234924][ T5206] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 66.237523][ T5206] hci_event_packet+0x664/0x1170 [ 66.239567][ T5206] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 66.241622][ T5206] ? __pfx_hci_event_packet+0x10/0x10 [ 66.243552][ T5206] ? mark_held_locks+0x9f/0xe0 [ 66.245364][ T5206] ? kcov_remote_start+0x3d1/0x6e0 [ 66.247559][ T5206] ? lockdep_hardirqs_on+0x7c/0x110 [ 66.249803][ T5206] hci_rx_work+0x2c4/0x1610 [ 66.251761][ T5206] process_one_work+0x9c5/0x1b40 [ 66.253863][ T5206] ? __pfx_lock_acquire+0x10/0x10 [ 66.256028][ T5206] ? __pfx_process_one_work+0x10/0x10 [ 66.258112][ T5206] ? assign_work+0x1a0/0x250 [ 66.260048][ T5206] worker_thread+0x6c8/0xf30 [ 66.261890][ T5206] ? __pfx_worker_thread+0x10/0x10 [ 66.263871][ T5206] kthread+0x2c1/0x3a0 [ 66.265488][ T5206] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.267629][ T5206] ? __pfx_kthread+0x10/0x10 [ 66.270401][ T5206] ret_from_fork+0x45/0x80 [ 66.272953][ T5206] ? __pfx_kthread+0x10/0x10 [ 66.275197][ T5206] ret_from_fork_asm+0x1a/0x30 [ 66.277424][ T5206] </TASK> [ 66.280643][ T5206] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 66.288149][ T5206] Bluetooth: hci3: failed to register connection device [ 66.347787][ T5345] syzkaller0: entered promiscuous mode [ 66.350792][ T5345] syzkaller0: entered allmulticast mode [ 66.784909][ T5213] Bluetooth: hci3: command tx timeout [ 66.787164][ T5206] Bluetooth: hci0: command tx timeout [ 66.805942][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 66.808941][ T5206] Bluetooth: Wrong link type (-22) [ 66.814708][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 66.818068][ T5206] Bluetooth: Wrong link type (-22) [ 66.834299][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.853101][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 66.863927][ T5206] Bluetooth: hci1: command tx timeout [ 66.866314][ T5206] Bluetooth: hci2: command tx timeout [ 66.911072][ T5354] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.023933][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 67.527661][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 67.633669][ T5371] 9pnet_fd: Insufficient options for proto=fd [ 67.774041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.806774][ T39] kauditd_printk_skb: 32 callbacks suppressed [ 67.806789][ T39] audit: type=1400 audit(1720870844.194:183): avc: denied { read write } for pid=5372 comm="syz.1.31" name="sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 67.820405][ T39] audit: type=1400 audit(1720870844.194:184): avc: denied { open } for pid=5372 comm="syz.1.31" path="/dev/sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 68.045190][ T39] audit: type=1400 audit(1720870844.424:185): avc: denied { create } for pid=5386 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 68.064647][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 68.151505][ T39] audit: type=1400 audit(1720870844.534:186): avc: denied { watch } for pid=5386 comm="syz.0.35" path="/proc/31/task" dev="proc" ino=7135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 68.206441][ T39] audit: type=1400 audit(1720870844.594:187): avc: denied { create } for pid=5386 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 68.328687][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 68.424072][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.431655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.576113][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2ca!!! [ 68.646122][ T5206] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 68.707274][ T5400] syzkaller0: entered promiscuous mode [ 68.708939][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 68.709843][ T5400] syzkaller0: entered allmulticast mode [ 69.084754][ T5206] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 69.945038][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 70.027488][ T5424] fuse: Unknown parameter 'grou00000000000000000000' [ 70.163302][ T5429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.46'. [ 70.217542][ T5427] Zero length message leads to an empty skb [ 70.473712][ T39] audit: type=1800 audit(1720870846.854:188): pid=5442 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.49" name="/" dev="fuse" ino=1 res=0 errno=0 [ 70.554021][ T5206] Bluetooth: hci0: command tx timeout [ 70.819715][ T5206] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 71.023867][ T5206] Bluetooth: hci1: command tx timeout [ 71.197316][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 71.686205][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 71.689055][ T5206] Bluetooth: Wrong link type (-22) [ 71.691925][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 71.695093][ T5206] Bluetooth: Wrong link type (-22) [ 72.419561][ T5462] fuse: Unknown parameter 'grou00000000000000000000' [ 72.492076][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 72.643323][ T5474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.58'. [ 72.672100][ T5474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.58'. [ 72.680811][ T5206] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 73.117418][ T5206] Bluetooth: hci1: command tx timeout [ 73.452464][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 73.590124][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 73.592765][ T5206] Bluetooth: Wrong link type (-22) [ 73.595653][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 73.598920][ T5206] Bluetooth: Wrong link type (-22) [ 75.583869][ T5206] Bluetooth: hci2: command tx timeout [ 75.938922][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 76.072244][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 76.126450][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 76.129486][ T5206] Bluetooth: Wrong link type (-22) [ 76.132021][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 76.136970][ T5206] Bluetooth: Wrong link type (-22) [ 76.853728][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 76.934862][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 77.080379][ T5547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.78'. [ 77.112122][ T1357] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.115428][ T1357] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.118099][ T5547] IPv6: NLM_F_REPLACE set, but no existing node found! [ 77.130112][ T5261] IPVS: starting estimator thread 0... [ 77.140567][ T39] audit: type=1400 audit(1720870853.514:189): avc: denied { setopt } for pid=5546 comm="syz.0.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 77.144599][ T5547] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 77.174261][ T39] audit: type=1400 audit(1720870853.524:190): avc: denied { connect } for pid=5546 comm="syz.0.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 77.209080][ T39] audit: type=1400 audit(1720870853.594:191): avc: denied { ioctl } for pid=5546 comm="syz.0.78" path="socket:[8565]" dev="sockfs" ino=8565 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 77.222132][ T5553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'. [ 77.228421][ T5551] IPVS: using max 22 ests per chain, 52800 per kthread [ 77.238759][ T5553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.78'. [ 77.949889][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 78.136839][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 78.961696][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 80.063925][ T5206] Bluetooth: hci2: command tx timeout [ 80.449274][ T5605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.91'. [ 81.670517][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 81.912884][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 82.241367][ T816] cfg80211: failed to load regulatory.db [ 82.504396][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 82.535737][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 82.606854][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 82.701651][ T5641] netlink: 12 bytes leftover after parsing attributes in process `syz.0.102'. [ 82.706691][ T5641] IPv6: NLM_F_REPLACE set, but no existing node found! [ 82.726735][ T5641] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 82.760002][ T5206] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 82.796479][ T5649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.102'. [ 82.813564][ T5649] netlink: 24 bytes leftover after parsing attributes in process `syz.0.102'. [ 82.892607][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 83.504130][ T5206] Bluetooth: hci3: command tx timeout [ 83.585547][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 83.623178][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 83.958140][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 84.310209][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 84.590753][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 85.461397][ T5213] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 85.472585][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 85.593877][ T5213] Bluetooth: hci3: command tx timeout [ 85.617325][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 86.220264][ T5213] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 86.564143][ T5213] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 86.564769][ T5737] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.775438][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 87.937063][ T5206] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 88.909920][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 89.845181][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 90.250203][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 90.505960][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 90.929181][ T39] audit: type=1400 audit(1720870867.314:192): avc: denied { read } for pid=5802 comm="syz.2.144" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 90.940864][ T39] audit: type=1400 audit(1720870867.314:193): avc: denied { open } for pid=5802 comm="syz.2.144" path="/dev/ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 90.952582][ T39] audit: type=1400 audit(1720870867.314:194): avc: denied { ioctl } for pid=5802 comm="syz.2.144" path="/dev/ppp" dev="devtmpfs" ino=714 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 90.964963][ T39] audit: type=1400 audit(1720870867.314:195): avc: denied { append } for pid=5802 comm="syz.2.144" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 90.995020][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 91.396220][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 91.894560][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 92.108534][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 92.192429][ T5833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.153'. [ 92.220323][ T5833] netlink: 12 bytes leftover after parsing attributes in process `syz.2.153'. [ 92.249269][ T5833] geneve2: entered promiscuous mode [ 92.469638][ T5213] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 92.765192][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 92.847663][ T5213] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 93.121844][ T5213] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 93.128768][ T5213] CPU: 0 PID: 5213 Comm: kworker/u33:6 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 93.133583][ T5213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.138553][ T5213] Workqueue: hci2 hci_rx_work [ 93.140692][ T5213] Call Trace: [ 93.142332][ T5213] <TASK> [ 93.143704][ T5213] dump_stack_lvl+0x16c/0x1f0 [ 93.145878][ T5213] sysfs_warn_dup+0x7f/0xa0 [ 93.148015][ T5213] sysfs_create_dir_ns+0x24d/0x2b0 [ 93.150525][ T5213] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 93.153299][ T5213] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 93.156551][ T5213] ? do_raw_spin_unlock+0x172/0x230 [ 93.158840][ T5213] kobject_add_internal+0x2c8/0x990 [ 93.160363][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 93.161263][ T5213] kobject_add+0x16f/0x240 [ 93.166217][ T5213] ? __pfx_kobject_add+0x10/0x10 [ 93.168594][ T5213] ? do_raw_spin_unlock+0x172/0x230 [ 93.170941][ T5213] ? kobject_put+0xbe/0x5b0 [ 93.178295][ T5213] device_add+0x289/0x1a70 [ 93.180651][ T5213] ? __pfx_dev_set_name+0x10/0x10 [ 93.183226][ T5213] ? __pfx_device_add+0x10/0x10 [ 93.199387][ T5213] ? mgmt_send_event_skb+0x2f0/0x460 [ 93.201436][ T5213] hci_conn_add_sysfs+0x17e/0x230 [ 93.203409][ T5213] le_conn_complete_evt+0x1078/0x1d80 [ 93.205368][ T5213] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 93.207443][ T5213] ? trace_contention_end+0xea/0x140 [ 93.209353][ T5213] ? __mutex_lock+0x1a6/0x9c0 [ 93.213219][ T5213] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 93.215652][ T5213] ? skb_pull_data+0x166/0x210 [ 93.217650][ T5213] hci_le_meta_evt+0x2e2/0x5d0 [ 93.219625][ T5213] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 93.222392][ T5213] hci_event_packet+0x664/0x1170 [ 93.224411][ T5213] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 93.231264][ T5213] ? __pfx_hci_event_packet+0x10/0x10 [ 93.234403][ T5213] ? mark_held_locks+0x9f/0xe0 [ 93.236620][ T5213] ? kcov_remote_start+0x3d1/0x6e0 [ 93.238969][ T5213] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.241240][ T5213] hci_rx_work+0x2c4/0x1610 [ 93.243352][ T5213] process_one_work+0x9c5/0x1b40 [ 93.245684][ T5213] ? __pfx_lock_acquire+0x10/0x10 [ 93.247941][ T5213] ? __pfx_process_one_work+0x10/0x10 [ 93.250307][ T5213] ? assign_work+0x1a0/0x250 [ 93.252436][ T5213] worker_thread+0x6c8/0xf30 [ 93.254494][ T5213] ? __pfx_worker_thread+0x10/0x10 [ 93.256734][ T5213] kthread+0x2c1/0x3a0 [ 93.258616][ T5213] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.261478][ T5213] ? __pfx_kthread+0x10/0x10 [ 93.263583][ T5213] ret_from_fork+0x45/0x80 [ 93.265148][ T5213] ? __pfx_kthread+0x10/0x10 [ 93.266979][ T5213] ret_from_fork_asm+0x1a/0x30 [ 93.269022][ T5213] </TASK> [ 93.271281][ T5213] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 93.276569][ T5213] Bluetooth: hci2: failed to register connection device [ 93.459573][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 93.740275][ T5206] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 94.046650][ T5213] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 94.625324][ T5895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.171'. [ 94.696290][ T5895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.171'. [ 94.711365][ T5895] geneve2: entered promiscuous mode [ 95.358696][ T5213] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 96.044281][ T5213] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 96.247579][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 96.393884][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 96.416666][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 96.421854][ T5213] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 96.504494][ T5213] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 96.543138][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 96.934206][ T5213] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 97.176661][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 97.265252][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 98.014320][ T5213] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 98.196468][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 98.343469][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 98.615341][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 98.953850][ T5213] Bluetooth: hci1: command tx timeout [ 99.143195][ T5213] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 99.308072][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 100.179785][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 100.183699][ T5206] Bluetooth: Wrong link type (-22) [ 100.187733][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 100.190475][ T5206] Bluetooth: Wrong link type (-22) [ 100.348175][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 100.351104][ T5206] Bluetooth: Wrong link type (-22) [ 100.353340][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 100.357144][ T5206] Bluetooth: Wrong link type (-22) [ 100.964079][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 101.657477][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 102.385544][ T39] audit: type=1800 audit(1720870878.774:196): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.208" name="/" dev="fuse" ino=1 res=0 errno=0 [ 102.461990][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 103.117285][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 103.120202][ T5206] Bluetooth: Wrong link type (-22) [ 103.122836][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 103.127573][ T5206] Bluetooth: Wrong link type (-22) [ 103.341806][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 104.219476][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 104.516050][ T5206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 104.522866][ T5206] CPU: 3 PID: 5206 Comm: kworker/u33:3 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 104.528677][ T5206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.534344][ T5206] Workqueue: hci0 hci_rx_work [ 104.537166][ T5206] Call Trace: [ 104.539182][ T5206] <TASK> [ 104.540945][ T5206] dump_stack_lvl+0x16c/0x1f0 [ 104.543355][ T5206] sysfs_warn_dup+0x7f/0xa0 [ 104.545677][ T5206] sysfs_create_dir_ns+0x24d/0x2b0 [ 104.548178][ T5206] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 104.551074][ T5206] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 104.553662][ T5206] ? do_raw_spin_unlock+0x172/0x230 [ 104.556106][ T5206] kobject_add_internal+0x2c8/0x990 [ 104.558788][ T5206] kobject_add+0x16f/0x240 [ 104.561098][ T5206] ? __pfx_kobject_add+0x10/0x10 [ 104.563618][ T5206] ? do_raw_spin_unlock+0x172/0x230 [ 104.565984][ T5206] ? kobject_put+0xbe/0x5b0 [ 104.568009][ T5206] device_add+0x289/0x1a70 [ 104.570071][ T5206] ? __pfx_dev_set_name+0x10/0x10 [ 104.572357][ T5206] ? __pfx_device_add+0x10/0x10 [ 104.574806][ T5206] ? mgmt_send_event_skb+0x2f0/0x460 [ 104.577056][ T5206] hci_conn_add_sysfs+0x17e/0x230 [ 104.579473][ T5206] le_conn_complete_evt+0x1078/0x1d80 [ 104.582171][ T5206] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 104.585564][ T5206] ? trace_contention_end+0xea/0x140 [ 104.588764][ T5206] ? __mutex_lock+0x1a6/0x9c0 [ 104.590629][ T5206] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 104.593123][ T5206] ? skb_pull_data+0x166/0x210 [ 104.595163][ T5206] hci_le_meta_evt+0x2e2/0x5d0 [ 104.597252][ T5206] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 104.600238][ T5206] hci_event_packet+0x664/0x1170 [ 104.602318][ T5206] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 104.604557][ T5206] ? __pfx_hci_event_packet+0x10/0x10 [ 104.607176][ T5206] ? mark_held_locks+0x9f/0xe0 [ 104.609170][ T5206] ? kcov_remote_start+0x3d1/0x6e0 [ 104.611642][ T5206] ? lockdep_hardirqs_on+0x7c/0x110 [ 104.614145][ T5206] hci_rx_work+0x2c4/0x1610 [ 104.616320][ T5206] process_one_work+0x9c5/0x1b40 [ 104.618848][ T5206] ? __pfx_lock_acquire+0x10/0x10 [ 104.621440][ T5206] ? __pfx_process_one_work+0x10/0x10 [ 104.624152][ T5206] ? assign_work+0x1a0/0x250 [ 104.626309][ T5206] worker_thread+0x6c8/0xf30 [ 104.628392][ T5206] ? __pfx_worker_thread+0x10/0x10 [ 104.630941][ T5206] kthread+0x2c1/0x3a0 [ 104.632892][ T5206] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.635695][ T5206] ? __pfx_kthread+0x10/0x10 [ 104.637993][ T5206] ret_from_fork+0x45/0x80 [ 104.640653][ T5206] ? __pfx_kthread+0x10/0x10 [ 104.643164][ T5206] ret_from_fork_asm+0x1a/0x30 [ 104.645845][ T5206] </TASK> [ 104.653574][ T5206] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 104.661749][ T5206] Bluetooth: hci0: failed to register connection device [ 104.786465][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 104.947677][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 105.069910][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 105.080684][ T5206] Bluetooth: Wrong link type (-22) [ 105.083153][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 105.086974][ T5206] Bluetooth: Wrong link type (-22) [ 105.088854][ T5206] Bluetooth: hci2: link tx timeout [ 105.091808][ T5206] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 105.710763][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 105.740054][ T5213] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 106.002683][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 106.697696][ T5213] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 106.977695][ T4636] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 107.019391][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 107.103893][ T4636] Bluetooth: hci2: command 0x0406 tx timeout [ 107.450158][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 107.579148][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 107.722060][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 108.137014][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 108.869941][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 109.870543][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 110.582508][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 110.766871][ T6204] fuse: Bad value for 'fd' [ 111.689356][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 112.517515][ T39] audit: type=1800 audit(1720870888.904:197): pid=6229 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.258" name="/" dev="fuse" ino=1 res=0 errno=0 [ 112.588560][ T6231] fuse: Bad value for 'fd' [ 112.623320][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 113.160954][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.2.262'. [ 113.181538][ T6242] netlink: 12 bytes leftover after parsing attributes in process `syz.2.262'. [ 113.204129][ T6242] geneve2: entered promiscuous mode [ 113.528465][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 113.532142][ T5206] Bluetooth: Wrong link type (-22) [ 113.535139][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 113.537514][ T5206] Bluetooth: Wrong link type (-22) [ 113.540387][ T5206] Bluetooth: hci1: link tx timeout [ 113.553498][ T5206] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 114.153563][ T4636] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 114.214293][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 114.227567][ T4636] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 114.697330][ T4636] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 115.096208][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 115.448642][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 115.523434][ T4636] Bluetooth: hci1: unexpected event for opcode 0x202a [ 116.088454][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 116.144125][ T5206] Bluetooth: hci0: command tx timeout [ 117.144698][ T5206] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 117.756025][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 118.381519][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 118.488942][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 119.103950][ T5206] Bluetooth: hci2: command 0x0406 tx timeout [ 119.545018][ T39] audit: type=1800 audit(1720870895.934:198): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.286" name="/" dev="fuse" ino=1 res=0 errno=0 [ 120.034339][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 120.480666][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 120.710500][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 121.394933][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 121.624073][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 122.434393][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 122.438008][ T5206] Bluetooth: Wrong link type (-22) [ 122.442716][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 122.446347][ T5206] Bluetooth: Wrong link type (-22) [ 122.449414][ T5206] Bluetooth: hci1: link tx timeout [ 124.143617][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 124.288801][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 124.884529][ T6409] netlink: 32 bytes leftover after parsing attributes in process `syz.1.304'. [ 125.158486][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 125.590073][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 125.592799][ T5206] Bluetooth: Wrong link type (-22) [ 125.595158][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 125.598047][ T5206] Bluetooth: Wrong link type (-22) [ 125.600259][ T5206] Bluetooth: hci1: link tx timeout [ 125.997981][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 126.675311][ T6451] netlink: 32 bytes leftover after parsing attributes in process `syz.1.314'. [ 126.936915][ T39] audit: type=1800 audit(1720870903.324:199): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.316" name="/" dev="fuse" ino=1 res=0 errno=0 [ 126.943919][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 127.252851][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 128.055862][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 128.138483][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 128.141361][ T5206] Bluetooth: Wrong link type (-22) [ 128.143545][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 128.148294][ T5206] Bluetooth: Wrong link type (-22) [ 128.151328][ T5206] Bluetooth: hci3: link tx timeout [ 128.153731][ T5206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 128.158812][ T5206] Bluetooth: hci3: link tx timeout [ 128.161033][ T5206] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 128.643276][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 128.703990][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a [ 129.092279][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 129.499184][ T5206] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 129.579239][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 129.652745][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a [ 129.738287][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 130.462390][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 130.602853][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a [ 130.610222][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 130.634620][ T5206] Bluetooth: hci1: unexpected event for opcode 0x202a [ 130.863318][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 131.040135][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 132.083257][ T5206] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 132.492707][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 132.513040][ T4636] Bluetooth: hci1: unexpected event for opcode 0x202a [ 132.721860][ T4636] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 132.871395][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 133.068154][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 133.326133][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 133.652112][ T4636] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 133.993860][ T4636] Bluetooth: hci3: command 0x0406 tx timeout [ 134.352398][ T39] audit: type=1800 audit(1720870910.734:200): pid=6595 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.353" name="/" dev="fuse" ino=1 res=0 errno=0 [ 134.638737][ T4636] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 135.511746][ T4636] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 135.610069][ T39] audit: type=1800 audit(1720870911.994:201): pid=6602 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.355" name="/" dev="fuse" ino=1 res=0 errno=0 [ 135.673840][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 135.848606][ T4636] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 136.575285][ T4636] Bluetooth: hci3: command 0x0406 tx timeout [ 136.798892][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 136.869427][ T4636] Bluetooth: hci3: unexpected event for opcode 0x202a [ 137.462575][ T4636] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 137.464356][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 137.468253][ T5206] Bluetooth: Wrong link type (-22) [ 137.470775][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 137.473714][ T5206] Bluetooth: Wrong link type (-22) [ 137.477571][ T5206] Bluetooth: hci0: link tx timeout [ 137.480799][ T5206] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 137.487624][ T5206] Bluetooth: hci0: link tx timeout [ 137.490671][ T5206] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 137.697848][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 137.802225][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a [ 138.221099][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 138.384473][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 138.388338][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 138.546904][ T1357] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.550566][ T1357] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.514013][ T5213] Bluetooth: hci0: command 0x0406 tx timeout [ 139.819264][ T39] audit: type=1800 audit(1720870916.204:202): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.374" name="/" dev="fuse" ino=1 res=0 errno=0 [ 140.259892][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 140.578008][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 140.648772][ T4636] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 141.467289][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 141.579639][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 141.583881][ T4636] Bluetooth: hci0: command 0x0406 tx timeout [ 142.481367][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 142.648461][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 142.721555][ T4636] Bluetooth: hci1: command 0x0406 tx timeout [ 142.832386][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 142.849389][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 142.946852][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 142.949916][ T4636] Bluetooth: Wrong link type (-22) [ 142.952313][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 142.955377][ T4636] Bluetooth: Wrong link type (-22) [ 142.957445][ T4636] Bluetooth: hci2: link tx timeout [ 142.996184][ T4636] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 143.572115][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 143.741528][ T39] audit: type=1400 audit(1720870920.124:203): avc: denied { create } for pid=6750 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 143.775497][ T39] audit: type=1400 audit(1720870920.134:204): avc: denied { setopt } for pid=6750 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 143.804200][ T39] audit: type=1400 audit(1720870920.144:205): avc: denied { ioctl } for pid=6750 comm="syz.1.393" path="socket:[14460]" dev="sockfs" ino=14460 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 143.825242][ T39] audit: type=1400 audit(1720870920.154:206): avc: denied { bind } for pid=6750 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 143.927526][ T4636] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 144.063837][ T39] audit: type=1800 audit(1720870920.444:207): pid=6761 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.395" name="/" dev="fuse" ino=1 res=0 errno=0 [ 144.488864][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 144.955254][ T4636] Bluetooth: hci3: command 0x0406 tx timeout [ 144.985188][ T39] audit: type=1800 audit(1720870921.374:208): pid=6778 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.399" name="/" dev="fuse" ino=1 res=0 errno=0 [ 145.827045][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 145.955045][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 146.104786][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 146.107685][ T4636] Bluetooth: Wrong link type (-22) [ 146.110268][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 146.113194][ T4636] Bluetooth: Wrong link type (-22) [ 146.117677][ T4636] Bluetooth: hci2: link tx timeout [ 146.290815][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 147.152459][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 147.289396][ T4636] Bluetooth: hci3: unexpected event for opcode 0x202a [ 148.257728][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 148.273689][ T4636] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 148.451348][ T6829] netlink: 12 bytes leftover after parsing attributes in process `syz.0.413'. [ 148.575549][ T39] audit: type=1400 audit(1720870924.964:209): avc: denied { create } for pid=6830 comm="syz.0.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 148.989641][ T39] audit: type=1800 audit(1720870925.374:210): pid=6842 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.415" name="/" dev="fuse" ino=1 res=0 errno=0 [ 148.989772][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 149.882364][ T39] audit: type=1400 audit(1720870926.264:211): avc: denied { create } for pid=6850 comm="syz.0.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 149.888910][ T6851] Cannot find add_set index 0 as target [ 149.901814][ T39] audit: type=1400 audit(1720870926.274:212): avc: denied { setopt } for pid=6850 comm="syz.0.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 149.984205][ T6853] delete_channel: no stack [ 149.986476][ T39] audit: type=1400 audit(1720870926.364:213): avc: denied { create } for pid=6852 comm="syz.0.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 149.997863][ T39] audit: type=1400 audit(1720870926.374:214): avc: denied { create } for pid=6852 comm="syz.0.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 150.006393][ T39] audit: type=1400 audit(1720870926.384:215): avc: denied { setopt } for pid=6852 comm="syz.0.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 150.053897][ T6854] netlink: 'syz.0.420': attribute type 21 has an invalid length. [ 150.056780][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 150.059020][ T6854] netlink: 132 bytes leftover after parsing attributes in process `syz.0.420'. [ 150.138755][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.422'. [ 150.215099][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 150.224335][ T4636] Bluetooth: hci3: command 0x0406 tx timeout [ 150.238641][ T6866] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 150.251938][ T39] audit: type=1400 audit(1720870926.634:216): avc: denied { bind } for pid=6860 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 150.267946][ T6867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.423'. [ 150.282808][ T39] audit: type=1400 audit(1720870926.664:217): avc: denied { connect } for pid=6860 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 150.293506][ T39] audit: type=1400 audit(1720870926.664:218): avc: denied { name_connect } for pid=6860 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 150.336664][ T39] audit: type=1400 audit(1720870926.724:219): avc: denied { shutdown } for pid=6860 comm="syz.0.423" laddr=fe80::12 lport=34422 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 150.561515][ T39] audit: type=1400 audit(1720870926.944:220): avc: denied { read } for pid=6871 comm="syz.2.426" name="hpet" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 150.575487][ T39] audit: type=1400 audit(1720870926.964:221): avc: denied { open } for pid=6871 comm="syz.2.426" path="/dev/hpet" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 150.591858][ T39] audit: type=1400 audit(1720870926.974:222): avc: denied { map } for pid=6871 comm="syz.2.426" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 150.604379][ T39] audit: type=1400 audit(1720870926.974:223): avc: denied { read write } for pid=6871 comm="syz.2.426" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 151.440006][ T6890] netlink: 24 bytes leftover after parsing attributes in process `syz.2.429'. [ 152.037326][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 152.045971][ T6899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.431'. [ 152.077710][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 152.121228][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 152.276184][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 152.279131][ T4636] Bluetooth: Wrong link type (-22) [ 152.281129][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 152.283618][ T4636] Bluetooth: Wrong link type (-22) [ 152.287610][ T4636] Bluetooth: hci2: link tx timeout [ 152.355965][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 152.619008][ T5213] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.623442][ T5213] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.628286][ T5213] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.646513][ T5213] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.650743][ T5213] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.654421][ T5213] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 152.924740][ T56] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.967729][ T6920] chnl_net:caif_netlink_parms(): no params data found [ 153.033105][ T56] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.129730][ T6920] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.132904][ T6920] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.138157][ T6920] bridge_slave_0: entered allmulticast mode [ 153.141970][ T6920] bridge_slave_0: entered promiscuous mode [ 153.161266][ T56] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.170771][ T6920] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.174351][ T6920] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.177516][ T6920] bridge_slave_1: entered allmulticast mode [ 153.181635][ T6920] bridge_slave_1: entered promiscuous mode [ 153.242622][ T6920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.257015][ T56] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.272072][ T6920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.335072][ T6920] team0: Port device team_slave_0 added [ 153.340126][ T6920] team0: Port device team_slave_1 added [ 153.401522][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.406725][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.417853][ T6920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.424474][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.427098][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.440383][ T6920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.566847][ T6920] hsr_slave_0: entered promiscuous mode [ 153.570325][ T6920] hsr_slave_1: entered promiscuous mode [ 153.574642][ T6920] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 153.578637][ T6920] Cannot create hsr debugfs directory [ 153.646756][ T56] bridge_slave_1: left allmulticast mode [ 153.649214][ T56] bridge_slave_1: left promiscuous mode [ 153.652552][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.659959][ T56] bridge_slave_0: left allmulticast mode [ 153.662390][ T56] bridge_slave_0: left promiscuous mode [ 153.665209][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.076074][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.093229][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.100775][ T56] bond0 (unregistering): Released all slaves [ 154.673669][ T56] hsr_slave_0: left promiscuous mode [ 154.681453][ T56] hsr_slave_1: left promiscuous mode [ 154.688306][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.691697][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.699402][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.702686][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.704612][ T4636] Bluetooth: hci3: command tx timeout [ 154.744289][ T56] veth1_macvtap: left promiscuous mode [ 154.747897][ T56] veth0_macvtap: left promiscuous mode [ 154.750312][ T56] veth1_vlan: left promiscuous mode [ 154.753618][ T56] veth0_vlan: left promiscuous mode [ 155.624720][ T56] team0 (unregistering): Port device team_slave_1 removed [ 155.705752][ T56] team0 (unregistering): Port device team_slave_0 removed [ 155.802307][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 155.802322][ T39] audit: type=1400 audit(1720870932.184:247): avc: denied { setopt } for pid=6956 comm="syz.0.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 155.834592][ T39] audit: type=1400 audit(1720870932.204:248): avc: denied { bind } for pid=6956 comm="syz.0.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 155.843338][ T39] audit: type=1400 audit(1720870932.204:249): avc: denied { name_bind } for pid=6956 comm="syz.0.444" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 155.853312][ T39] audit: type=1400 audit(1720870932.204:250): avc: denied { node_bind } for pid=6956 comm="syz.0.444" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 155.937432][ T39] audit: type=1400 audit(1720870932.314:251): avc: denied { connect } for pid=6959 comm="syz.2.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.958744][ T39] audit: type=1400 audit(1720870932.324:252): avc: denied { setopt } for pid=6959 comm="syz.2.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.988194][ T39] audit: type=1400 audit(1720870932.334:253): avc: denied { getopt } for pid=6959 comm="syz.2.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.999842][ T39] audit: type=1326 audit(1720870932.344:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6959 comm="syz.2.446" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc175175bd9 code=0x0 [ 156.009685][ T39] audit: type=1400 audit(1720870932.344:255): avc: denied { listen } for pid=6956 comm="syz.0.444" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 156.022615][ T39] audit: type=1400 audit(1720870932.404:256): avc: denied { name_bind } for pid=6956 comm="syz.0.444" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 156.066243][ T6971] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 156.728110][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 156.745051][ T6963] netlink: 12 bytes leftover after parsing attributes in process `syz.0.444'. [ 156.803825][ T4636] Bluetooth: hci3: command tx timeout [ 156.920590][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 156.997139][ T6920] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 157.069812][ T6920] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 157.150954][ T6920] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 157.188281][ T6920] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 157.368461][ T6920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.381677][ T6920] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.401815][ T5236] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.404832][ T5236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.438843][ T5236] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.442303][ T5236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.511259][ T6920] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.871809][ T6920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.919851][ T6920] veth0_vlan: entered promiscuous mode [ 157.927419][ T6920] veth1_vlan: entered promiscuous mode [ 157.962197][ T6920] veth0_macvtap: entered promiscuous mode [ 157.991798][ T6920] veth1_macvtap: entered promiscuous mode [ 158.082613][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.086683][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.090562][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.094969][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.106681][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.116502][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.121615][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.127636][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.136160][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.136196][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.136207][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.137814][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.145290][ T6920] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.145321][ T6920] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.145346][ T6920] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.145368][ T6920] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.272173][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.275457][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.300966][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.310411][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.483338][ T7020] dccp_invalid_packet: P.Data Offset(0) too small [ 158.490710][ T7021] fuse: Unknown parameter 'euid<00000000000000000000' [ 158.571930][ T7024] Failed to get privilege flags for destination (handle=0x0:0x0) [ 158.988150][ T4636] Bluetooth: hci3: command tx timeout [ 159.804410][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 160.042630][ T7060] netlink: 36 bytes leftover after parsing attributes in process `syz.1.465'. [ 160.101879][ T7062] FAULT_INJECTION: forcing a failure. [ 160.101879][ T7062] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 160.116646][ T7062] CPU: 0 PID: 7062 Comm: syz.0.464 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 160.134441][ T7062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.142240][ T7062] Call Trace: [ 160.143608][ T7062] <TASK> [ 160.144736][ T7062] dump_stack_lvl+0x16c/0x1f0 [ 160.146564][ T7062] should_fail_ex+0x497/0x5b0 [ 160.148372][ T7062] _copy_from_user+0x30/0xf0 [ 160.150129][ T7062] get_timespec64+0x8c/0x240 [ 160.151931][ T7062] ? __pfx_get_timespec64+0x10/0x10 [ 160.153925][ T7062] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 160.156070][ T7062] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 160.180043][ T7062] do_syscall_64+0xcd/0x250 [ 160.181890][ T7062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.184185][ T7062] RIP: 0033:0x7f63af775bd9 [ 160.185905][ T7062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.194299][ T7062] RSP: 002b:00007f63b05ee048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 160.197797][ T7062] RAX: ffffffffffffffda RBX: 00007f63af904038 RCX: 00007f63af775bd9 [ 160.201410][ T7062] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000008 [ 160.205076][ T7062] RBP: 00007f63b05ee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 160.208405][ T7062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.211671][ T7062] R13: 000000000000006e R14: 00007f63af904038 R15: 00007ffec3f794f8 [ 160.215824][ T7062] </TASK> [ 160.790246][ T7069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.467'. [ 161.224820][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 161.242424][ T39] kauditd_printk_skb: 30 callbacks suppressed [ 161.242438][ T39] audit: type=1400 audit(1720870937.624:287): avc: denied { open } for pid=7075 comm="syz.2.469" path="/dev/ptyq9" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 161.904860][ T4636] Bluetooth: hci3: command tx timeout [ 162.002189][ T7101] FAULT_INJECTION: forcing a failure. [ 162.002189][ T7101] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.007772][ T7101] CPU: 1 PID: 7101 Comm: syz.0.475 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 162.012587][ T7101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.023272][ T7101] Call Trace: [ 162.025384][ T7101] <TASK> [ 162.027189][ T7101] dump_stack_lvl+0x16c/0x1f0 [ 162.030191][ T7101] should_fail_ex+0x497/0x5b0 [ 162.033112][ T7101] _copy_from_user+0x30/0xf0 [ 162.035977][ T7101] copy_msghdr_from_user+0x99/0x160 [ 162.038284][ T7101] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 162.041114][ T7101] ? find_held_lock+0x2d/0x110 [ 162.043854][ T7101] ___sys_recvmsg+0xdc/0x1a0 [ 162.046285][ T7101] ? __pfx____sys_recvmsg+0x10/0x10 [ 162.048777][ T7101] ? __fget_light+0x173/0x210 [ 162.052044][ T7101] __sys_recvmsg+0x114/0x1e0 [ 162.054903][ T7101] ? __pfx___sys_recvmsg+0x10/0x10 [ 162.057496][ T7101] do_syscall_64+0xcd/0x250 [ 162.060252][ T7101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.063849][ T7101] RIP: 0033:0x7f63af775bd9 [ 162.066033][ T7101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.077563][ T7101] RSP: 002b:00007f63b05ee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 162.081654][ T7101] RAX: ffffffffffffffda RBX: 00007f63af904038 RCX: 00007f63af775bd9 [ 162.085248][ T7101] RDX: 0000000000000002 RSI: 0000000020000500 RDI: 0000000000000005 [ 162.089140][ T7101] RBP: 00007f63b05ee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 162.093077][ T7101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.097045][ T7101] R13: 000000000000006e R14: 00007f63af904038 R15: 00007ffec3f794f8 [ 162.101141][ T7101] </TASK> [ 162.142543][ T39] audit: type=1400 audit(1720870938.524:288): avc: denied { create } for pid=7102 comm="syz.3.476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 162.151798][ T39] audit: type=1400 audit(1720870938.524:289): avc: denied { write } for pid=7102 comm="syz.3.476" path="socket:[15637]" dev="sockfs" ino=15637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 162.340259][ T39] audit: type=1800 audit(1720870938.724:290): pid=7109 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.477" name="/" dev="fuse" ino=1 res=0 errno=0 [ 162.725207][ T39] audit: type=1800 audit(1720870939.114:291): pid=7114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.478" name="/" dev="fuse" ino=1 res=0 errno=0 [ 162.855156][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 162.993370][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 163.133107][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 163.348781][ T7128] syz.2.482 uses obsolete (PF_INET,SOCK_PACKET) [ 163.803932][ T39] audit: type=1400 audit(1720870940.184:292): avc: denied { write } for pid=7129 comm="syz.2.483" name="nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 163.813451][ T39] audit: type=1400 audit(1720870940.194:293): avc: denied { map } for pid=7129 comm="syz.2.483" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 164.115663][ T39] audit: type=1326 audit(1720870940.504:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7129 comm="syz.2.483" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc175175bd9 code=0x0 [ 164.447064][ T5261] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 164.694971][ T5261] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 164.703984][ T5261] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 164.712226][ T5261] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 164.728963][ T5261] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 164.742921][ T5261] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.824639][ T5261] usb 7-1: invalid MIDI out EP 0 [ 165.032987][ T5261] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 165.114254][ T5261] usb 7-1: USB disconnect, device number 2 [ 165.125014][ T7140] udevd[7140]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 165.420328][ T7144] netlink: 'syz.1.487': attribute type 1 has an invalid length. [ 165.421116][ T7145] FAULT_INJECTION: forcing a failure. [ 165.421116][ T7145] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.442798][ T7145] CPU: 0 PID: 7145 Comm: syz.3.486 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 165.450793][ T7145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 165.456153][ T7145] Call Trace: [ 165.457720][ T7145] <TASK> [ 165.459146][ T7145] dump_stack_lvl+0x16c/0x1f0 [ 165.461444][ T7145] should_fail_ex+0x497/0x5b0 [ 165.464001][ T7145] _copy_from_user+0x30/0xf0 [ 165.466611][ T7145] copy_msghdr_from_user+0x99/0x160 [ 165.469225][ T7145] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 165.472006][ T7145] ? __pfx___lock_acquire+0x10/0x10 [ 165.474644][ T7145] ___sys_sendmsg+0xff/0x1e0 [ 165.476761][ T7145] ? __pfx____sys_sendmsg+0x10/0x10 [ 165.479229][ T7145] ? __pfx_lock_release+0x10/0x10 [ 165.481574][ T7145] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 165.484295][ T7145] ? __fget_light+0x173/0x210 [ 165.486526][ T7145] __sys_sendmmsg+0x1a1/0x450 [ 165.488629][ T7145] ? __pfx___sys_sendmmsg+0x10/0x10 [ 165.491526][ T7145] ? vfs_write+0x14d/0x1140 [ 165.493921][ T7145] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 165.496539][ T7145] ? fput+0x32/0x390 [ 165.498308][ T7145] ? ksys_write+0x1ab/0x260 [ 165.500432][ T7145] ? __pfx_ksys_write+0x10/0x10 [ 165.502651][ T7145] __x64_sys_sendmmsg+0x9c/0x100 [ 165.505099][ T7145] ? lockdep_hardirqs_on+0x7c/0x110 [ 165.507646][ T7145] do_syscall_64+0xcd/0x250 [ 165.510000][ T7145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.512759][ T7145] RIP: 0033:0x7f1468b75bd9 [ 165.514875][ T7145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.523309][ T7145] RSP: 002b:00007f1469a29048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 165.527159][ T7145] RAX: ffffffffffffffda RBX: 00007f1468d03f60 RCX: 00007f1468b75bd9 [ 165.530664][ T7145] RDX: 0000000000000002 RSI: 0000000020005080 RDI: 0000000000000003 [ 165.534246][ T7145] RBP: 00007f1469a290a0 R08: 0000000000000000 R09: 0000000000000000 [ 165.537715][ T7145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.541479][ T7145] R13: 000000000000000b R14: 00007f1468d03f60 R15: 00007fff448fb9c8 [ 165.545543][ T7145] </TASK> [ 165.653888][ T39] audit: type=1400 audit(1720870942.034:295): avc: denied { write } for pid=7146 comm="syz.1.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 165.668196][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 165.790756][ T39] audit: type=1400 audit(1720870942.174:296): avc: denied { execute } for pid=7153 comm="syz.0.490" path="/132/cpu.stat" dev="tmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 165.864232][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 165.940659][ T7160] pim6reg1: entered promiscuous mode [ 165.946408][ T7160] pim6reg1: entered allmulticast mode [ 165.958973][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 166.283875][ T35] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 166.401404][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 166.401472][ T39] audit: type=1800 audit(1720870942.784:303): pid=7176 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.495" name="/" dev="fuse" ino=1 res=0 errno=0 [ 166.481125][ T35] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 166.486257][ T35] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 166.494825][ T35] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 166.502597][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 166.509151][ T35] usb 8-1: SerialNumber: syz [ 167.259261][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 167.291796][ T35] usb 8-1: 0:2 : does not exist [ 167.294177][ T35] usb 8-1: unit 5 not found! [ 167.317323][ T35] usb 8-1: USB disconnect, device number 2 [ 167.400567][ T7193] FAULT_INJECTION: forcing a failure. [ 167.400567][ T7193] name failslab, interval 1, probability 0, space 0, times 1 [ 167.406817][ T7193] CPU: 0 PID: 7193 Comm: syz.2.500 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 167.411257][ T7193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 167.416096][ T7193] Call Trace: [ 167.417801][ T7193] <TASK> [ 167.418927][ T7193] dump_stack_lvl+0x16c/0x1f0 [ 167.421329][ T7193] should_fail_ex+0x497/0x5b0 [ 167.423333][ T7193] should_failslab+0x9/0x20 [ 167.425293][ T7193] __kmalloc_noprof+0xcf/0x410 [ 167.431588][ T7193] ? __pfx_lock_acquire+0x10/0x10 [ 167.434742][ T7193] tomoyo_realpath_from_path+0xb9/0x720 [ 167.437060][ T7193] ? tomoyo_profile+0x47/0x60 [ 167.439038][ T7193] tomoyo_path_number_perm+0x245/0x590 [ 167.441339][ T7193] ? tomoyo_path_number_perm+0x232/0x590 [ 167.443637][ T7193] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 167.457626][ T7193] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 167.460669][ T7193] ? __fget_files+0x256/0x400 [ 167.462876][ T7193] security_file_ioctl+0x75/0xc0 [ 167.464990][ T7193] __x64_sys_ioctl+0xbb/0x220 [ 167.467084][ T7193] do_syscall_64+0xcd/0x250 [ 167.469046][ T7193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.471462][ T7193] RIP: 0033:0x7fc175175bd9 [ 167.473366][ T7193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.483343][ T7193] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.486976][ T7193] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9 [ 167.490777][ T7193] RDX: 0000000020000040 RSI: 0000000000008914 RDI: 0000000000000006 [ 167.494924][ T7193] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 167.498408][ T7193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.501595][ T7193] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538 [ 167.504921][ T7193] </TASK> [ 167.508137][ T7193] ERROR: Out of memory at tomoyo_realpath_from_path. [ 167.596048][ T5202] udevd[5202]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 167.648679][ T39] audit: type=1400 audit(1720870944.034:304): avc: denied { write } for pid=7194 comm="syz.2.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 167.648959][ T7196] netlink: 16 bytes leftover after parsing attributes in process `syz.2.501'. [ 167.658819][ T39] audit: type=1400 audit(1720870944.034:305): avc: denied { nlmsg_write } for pid=7194 comm="syz.2.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 168.016395][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 168.222876][ T39] audit: type=1400 audit(1720870944.604:306): avc: denied { nlmsg_read } for pid=7204 comm="syz.3.505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 168.224489][ T7205] FAULT_INJECTION: forcing a failure. [ 168.224489][ T7205] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.245550][ T7205] CPU: 2 PID: 7205 Comm: syz.3.505 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 168.249882][ T7205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 168.254580][ T7205] Call Trace: [ 168.256013][ T7205] <TASK> [ 168.261588][ T7205] dump_stack_lvl+0x16c/0x1f0 [ 168.263581][ T7205] should_fail_ex+0x497/0x5b0 [ 168.265717][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 168.267473][ T7205] _copy_from_user+0x30/0xf0 [ 168.272247][ T7205] copy_msghdr_from_user+0x99/0x160 [ 168.274572][ T7205] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 168.277137][ T7205] ? find_held_lock+0x2d/0x110 [ 168.279189][ T7205] ___sys_recvmsg+0xdc/0x1a0 [ 168.291458][ T7205] ? __pfx____sys_recvmsg+0x10/0x10 [ 168.293539][ T7205] ? __fget_light+0x173/0x210 [ 168.303387][ T7205] do_recvmmsg+0x2ba/0x750 [ 168.305957][ T7205] ? __pfx_do_recvmmsg+0x10/0x10 [ 168.308847][ T7205] ? vfs_write+0x14d/0x1140 [ 168.311236][ T7205] ? __mutex_unlock_slowpath+0x164/0x650 [ 168.326935][ T7205] __x64_sys_recvmmsg+0x239/0x290 [ 168.328972][ T7205] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 168.331404][ T7205] do_syscall_64+0xcd/0x250 [ 168.333592][ T7205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.336792][ T7205] RIP: 0033:0x7f1468b75bd9 [ 168.338983][ T7205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.348017][ T7205] RSP: 002b:00007f1469a29048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 168.351575][ T7205] RAX: ffffffffffffffda RBX: 00007f1468d03f60 RCX: 00007f1468b75bd9 [ 168.354909][ T7205] RDX: 0000000000000001 RSI: 0000000020006ec0 RDI: 0000000000000003 [ 168.358286][ T7205] RBP: 00007f1469a290a0 R08: 0000000000000000 R09: 0000000000000000 [ 168.361243][ T7205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.364150][ T7205] R13: 000000000000000b R14: 00007f1468d03f60 R15: 00007fff448fb9c8 [ 168.367068][ T7205] </TASK> [ 168.391237][ T39] audit: type=1400 audit(1720870944.774:307): avc: denied { read write } for pid=7206 comm="syz.2.506" name="vhost-vsock" dev="devtmpfs" ino=1116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 168.417591][ T39] audit: type=1400 audit(1720870944.804:308): avc: denied { open } for pid=7206 comm="syz.2.506" path="/dev/vhost-vsock" dev="devtmpfs" ino=1116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 168.446173][ T39] audit: type=1400 audit(1720870944.804:309): avc: denied { ioctl } for pid=7206 comm="syz.2.506" path="/dev/vhost-vsock" dev="devtmpfs" ino=1116 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 168.551452][ T39] audit: type=1400 audit(1720870944.934:310): avc: denied { append } for pid=7209 comm="syz.3.507" name="001" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 169.151716][ T7215] fuse: Bad value for 'group_id' [ 169.179601][ T39] audit: type=1400 audit(1720870945.564:311): avc: denied { create } for pid=7214 comm="syz.1.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 169.232886][ T39] audit: type=1400 audit(1720870945.614:312): avc: denied { create } for pid=7222 comm="syz.0.509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 169.257888][ T7221] netlink: 'syz.2.510': attribute type 8 has an invalid length. [ 169.307081][ T7225] netlink: 'syz.3.511': attribute type 8 has an invalid length. [ 169.325305][ T7227] FAULT_INJECTION: forcing a failure. [ 169.325305][ T7227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.332103][ T7227] CPU: 1 PID: 7227 Comm: syz.2.513 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 169.336540][ T7227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.341512][ T7227] Call Trace: [ 169.343217][ T7227] <TASK> [ 169.344550][ T7227] dump_stack_lvl+0x16c/0x1f0 [ 169.362331][ T7227] should_fail_ex+0x497/0x5b0 [ 169.364446][ T7227] _copy_from_user+0x30/0xf0 [ 169.366563][ T7227] copy_msghdr_from_user+0x99/0x160 [ 169.368884][ T7227] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 169.371471][ T7227] ? find_held_lock+0x2d/0x110 [ 169.373430][ T7227] ? __pfx___lock_acquire+0x10/0x10 [ 169.385214][ T7227] ___sys_sendmsg+0xff/0x1e0 [ 169.387294][ T7227] ? __pfx____sys_sendmsg+0x10/0x10 [ 169.389762][ T7227] ? ksys_write+0x21c/0x260 [ 169.392679][ T7227] ? __fget_light+0x173/0x210 [ 169.395674][ T7227] __sys_sendmsg+0x117/0x1f0 [ 169.399100][ T7227] ? __pfx___sys_sendmsg+0x10/0x10 [ 169.402010][ T7227] do_syscall_64+0xcd/0x250 [ 169.404861][ T7227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.408007][ T7227] RIP: 0033:0x7fc175175bd9 [ 169.410356][ T7227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.420346][ T7227] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 169.425304][ T7227] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9 [ 169.429067][ T7227] RDX: 0000000000000000 RSI: 00000000200071c0 RDI: 0000000000000003 [ 169.432772][ T7227] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 169.436629][ T7227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.440079][ T7227] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538 [ 169.444395][ T7227] </TASK> [ 169.500500][ T7234] netlink: 60 bytes leftover after parsing attributes in process `syz.2.515'. [ 169.518816][ T7234] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7234 comm=syz.2.515 [ 169.582160][ T7240] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "" [ 169.626443][ T7245] FAULT_INJECTION: forcing a failure. [ 169.626443][ T7245] name failslab, interval 1, probability 0, space 0, times 0 [ 169.631846][ T7245] CPU: 3 PID: 7245 Comm: syz.1.519 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 169.636160][ T7245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.640935][ T7245] Call Trace: [ 169.642434][ T7245] <TASK> [ 169.643748][ T7245] dump_stack_lvl+0x16c/0x1f0 [ 169.645952][ T7245] should_fail_ex+0x497/0x5b0 [ 169.648042][ T7245] should_failslab+0x9/0x20 [ 169.650085][ T7245] __kmalloc_noprof+0xcf/0x410 [ 169.652190][ T7245] ? __pfx_lock_acquire+0x10/0x10 [ 169.654229][ T7245] tomoyo_realpath_from_path+0xb9/0x720 [ 169.657035][ T7245] ? tomoyo_profile+0x47/0x60 [ 169.659264][ T7245] tomoyo_path_number_perm+0x245/0x590 [ 169.661886][ T7245] ? tomoyo_path_number_perm+0x232/0x590 [ 169.664339][ T7245] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 169.666843][ T7245] ? proc_fail_nth_write+0xa0/0x270 [ 169.668887][ T7245] ? __pfx_do_sys_openat2+0x10/0x10 [ 169.671170][ T7245] ? __fget_light+0x173/0x210 [ 169.673407][ T7245] security_file_ioctl+0x75/0xc0 [ 169.675849][ T7245] __x64_sys_ioctl+0xbb/0x220 [ 169.677925][ T7245] do_syscall_64+0xcd/0x250 [ 169.679986][ T7245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.682633][ T7245] RIP: 0033:0x7f75adb75bd9 [ 169.684469][ T7245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.692738][ T7245] RSP: 002b:00007f75ad5ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.696355][ T7245] RAX: ffffffffffffffda RBX: 00007f75add03f60 RCX: 00007f75adb75bd9 [ 169.699707][ T7245] RDX: 00000000200000c0 RSI: 0000000080045510 RDI: 0000000000000004 [ 169.703303][ T7245] RBP: 00007f75ad5ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 169.706874][ T7245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.710419][ T7245] R13: 000000000000000b R14: 00007f75add03f60 R15: 00007fff3bda0938 [ 169.713985][ T7245] </TASK> [ 169.718041][ T7245] ERROR: Out of memory at tomoyo_realpath_from_path. [ 169.942094][ T7258] netlink: 32 bytes leftover after parsing attributes in process `syz.0.522'. [ 171.110757][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 171.231556][ T4636] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 171.381729][ T7284] netlink: 32 bytes leftover after parsing attributes in process `syz.0.531'. [ 171.490617][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 171.908901][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 171.908914][ T39] audit: type=1326 audit(1720870948.294:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7289 comm="syz.2.530" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc175175bd9 code=0x0 [ 172.039319][ T7300] fuse: Unknown parameter 'euid<00000000000000000000' [ 172.096736][ T35] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 172.189379][ T4636] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 172.243987][ T5236] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 172.280413][ T35] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 172.284811][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.291511][ T35] usb 6-1: config 0 descriptor?? [ 172.425848][ T5236] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 172.430604][ T5236] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 172.436017][ T5236] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 172.441551][ T5236] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 172.453192][ T5236] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.480596][ T5236] usb 7-1: invalid MIDI out EP 0 [ 172.528021][ T5236] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 172.557780][ T7141] udevd[7141]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 172.709529][ T5204] usb 7-1: USB disconnect, device number 3 [ 172.997686][ T7307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7307 comm=syz.3.538 [ 173.024053][ T4636] Bluetooth: hci2: command 0x0406 tx timeout [ 173.084646][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 173.088836][ T39] audit: type=1400 audit(1720870949.474:321): avc: denied { bind } for pid=7306 comm="syz.3.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 173.189239][ T7307] capability: warning: `syz.3.538' uses 32-bit capabilities (legacy support in use) [ 173.200538][ T39] audit: type=1400 audit(1720870949.584:322): avc: denied { read } for pid=7306 comm="syz.3.538" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 173.229168][ T7317] FAULT_INJECTION: forcing a failure. [ 173.229168][ T7317] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.235541][ T7317] CPU: 1 PID: 7317 Comm: syz.0.540 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 173.240076][ T7317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.245200][ T7317] Call Trace: [ 173.247158][ T7317] <TASK> [ 173.248434][ T7317] dump_stack_lvl+0x16c/0x1f0 [ 173.250087][ T39] audit: type=1400 audit(1720870949.584:323): avc: denied { open } for pid=7306 comm="syz.3.538" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 173.250462][ T7317] should_fail_ex+0x497/0x5b0 [ 173.277451][ T7317] _copy_from_user+0x30/0xf0 [ 173.279370][ T7317] dccp_setsockopt+0x771/0xa90 [ 173.281193][ T7317] ? __pfx_dccp_setsockopt+0x10/0x10 [ 173.283127][ T7317] ? selinux_socket_setsockopt+0x6a/0x80 [ 173.284821][ T7317] ? sock_common_setsockopt+0x2e/0xf0 [ 173.288808][ T7317] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 173.291834][ T7317] do_sock_setsockopt+0x222/0x480 [ 173.294187][ T7317] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 173.296470][ T7317] ? __fget_light+0x173/0x210 [ 173.298441][ T7317] __sys_setsockopt+0x1a4/0x270 [ 173.300337][ T7317] ? __pfx___sys_setsockopt+0x10/0x10 [ 173.303130][ T7317] ? fput+0x32/0x390 [ 173.306309][ T7317] ? ksys_write+0x1ab/0x260 [ 173.308267][ T7317] ? __pfx_ksys_write+0x10/0x10 [ 173.314219][ T7317] __x64_sys_setsockopt+0xbd/0x160 [ 173.316203][ T7317] ? do_syscall_64+0x91/0x250 [ 173.318119][ T7317] ? lockdep_hardirqs_on+0x7c/0x110 [ 173.320654][ T7317] do_syscall_64+0xcd/0x250 [ 173.322973][ T7317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.326035][ T7317] RIP: 0033:0x7f63af775bd9 [ 173.328238][ T7317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.336610][ T7317] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 173.339975][ T7317] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9 [ 173.343251][ T7317] RDX: 000000000000000b RSI: 000000000000010d RDI: 0000000000000003 [ 173.346812][ T7317] RBP: 00007f63b060f0a0 R08: 0000000000000004 R09: 0000000000000000 [ 173.349981][ T7317] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.352424][ T7317] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8 [ 173.355779][ T7317] </TASK> [ 173.524698][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 173.673803][ T39] audit: type=1400 audit(1720870950.054:324): avc: denied { ioctl } for pid=7334 comm="syz.0.545" path="/dev/sg0" dev="devtmpfs" ino=705 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 173.712141][ T7335] FAULT_INJECTION: forcing a failure. [ 173.712141][ T7335] name failslab, interval 1, probability 0, space 0, times 0 [ 173.718857][ T7335] CPU: 0 PID: 7335 Comm: syz.0.545 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 173.722447][ T7335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.727277][ T7335] Call Trace: [ 173.728509][ T7335] <TASK> [ 173.729791][ T7335] dump_stack_lvl+0x16c/0x1f0 [ 173.731888][ T7335] should_fail_ex+0x497/0x5b0 [ 173.733795][ T7335] should_failslab+0x9/0x20 [ 173.735337][ T7335] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 173.737297][ T7335] ? getname_flags.part.0+0x50/0x4f0 [ 173.739524][ T7335] getname_flags.part.0+0x50/0x4f0 [ 173.742127][ T7335] ? __pfx_ksys_write+0x10/0x10 [ 173.744352][ T7335] getname_flags+0x9b/0xf0 [ 173.746753][ T7335] __x64_sys_symlink+0x5a/0xa0 [ 173.749462][ T7335] do_syscall_64+0xcd/0x250 [ 173.751529][ T7335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.754404][ T7335] RIP: 0033:0x7f63af775bd9 [ 173.756423][ T7335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.765381][ T7335] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 173.769434][ T7335] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9 [ 173.773463][ T7335] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000020000080 [ 173.776905][ T7335] RBP: 00007f63b060f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 173.780812][ T7335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.784626][ T7335] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8 [ 173.789112][ T7335] </TASK> [ 173.857683][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 174.008527][ T4636] Bluetooth: hci1: link tx timeout [ 174.010883][ T4636] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 174.015263][ T4636] Bluetooth: hci1: link tx timeout [ 174.018863][ T39] audit: type=1400 audit(1720870950.394:325): avc: denied { bind } for pid=7341 comm="syz.0.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 174.027541][ T39] audit: type=1400 audit(1720870950.394:326): avc: denied { name_bind } for pid=7341 comm="syz.0.547" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 174.037054][ T39] audit: type=1400 audit(1720870950.404:327): avc: denied { node_bind } for pid=7341 comm="syz.0.547" saddr=2001::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 174.054768][ T39] audit: type=1400 audit(1720870950.404:328): avc: denied { listen } for pid=7341 comm="syz.0.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 174.249977][ T7348] FAULT_INJECTION: forcing a failure. [ 174.249977][ T7348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.256896][ T7348] CPU: 1 PID: 7348 Comm: syz.0.548 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 174.262194][ T7348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 174.270578][ T7348] Call Trace: [ 174.273094][ T7348] <TASK> [ 174.274581][ T7348] dump_stack_lvl+0x16c/0x1f0 [ 174.276915][ T7348] should_fail_ex+0x497/0x5b0 [ 174.279351][ T7348] _copy_to_user+0x30/0xc0 [ 174.281587][ T7348] simple_read_from_buffer+0xd0/0x160 [ 174.285224][ T7348] proc_fail_nth_read+0x1b0/0x290 [ 174.287945][ T7348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.290322][ T7348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.292834][ T7348] vfs_read+0x1d4/0xbd0 [ 174.295043][ T7348] ? fput+0x32/0x390 [ 174.297230][ T7348] ? __fdget_pos+0xeb/0x180 [ 174.300377][ T7348] ? __pfx_vfs_read+0x10/0x10 [ 174.303140][ T7348] ? __pfx___mutex_lock+0x10/0x10 [ 174.305585][ T7348] ? __fget_files+0x256/0x400 [ 174.307874][ T7348] ksys_read+0x12f/0x260 [ 174.310153][ T7348] ? __pfx_ksys_read+0x10/0x10 [ 174.312770][ T7348] do_syscall_64+0xcd/0x250 [ 174.315280][ T7348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.318384][ T7348] RIP: 0033:0x7f63af7746bc [ 174.320684][ T7348] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 174.331106][ T7348] RSP: 002b:00007f63b05a8040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.335185][ T7348] RAX: ffffffffffffffda RBX: 00007f63af904110 RCX: 00007f63af7746bc [ 174.339656][ T7348] RDX: 000000000000000f RSI: 00007f63b05a80b0 RDI: 000000000000000d [ 174.343763][ T7348] RBP: 00007f63b05a80a0 R08: 0000000000000000 R09: 0000000000000000 [ 174.348529][ T7348] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 174.352536][ T7348] R13: 000000000000006e R14: 00007f63af904110 R15: 00007ffec3f794f8 [ 174.357112][ T7348] </TASK> [ 174.445699][ T39] audit: type=1400 audit(1720870950.834:329): avc: denied { bind } for pid=7350 comm="syz.2.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 174.465090][ T7353] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7353 comm=syz.3.551 [ 174.766158][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 174.768729][ T4636] Bluetooth: Wrong link type (-22) [ 174.771095][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 174.773661][ T4636] Bluetooth: Wrong link type (-22) [ 174.779800][ T4636] Bluetooth: hci2: link tx timeout [ 174.802998][ T7379] FAULT_INJECTION: forcing a failure. [ 174.802998][ T7379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.809986][ T7379] CPU: 3 PID: 7379 Comm: syz.2.559 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 174.814748][ T7379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 174.819102][ T7379] Call Trace: [ 174.820574][ T7379] <TASK> [ 174.821756][ T7379] dump_stack_lvl+0x16c/0x1f0 [ 174.823971][ T7379] should_fail_ex+0x497/0x5b0 [ 174.836535][ T7379] _copy_from_user+0x30/0xf0 [ 174.839100][ T7379] copy_msghdr_from_user+0x99/0x160 [ 174.841634][ T7379] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 174.843968][ T7379] ? find_held_lock+0x2d/0x110 [ 174.845931][ T7379] ? __pfx___lock_acquire+0x10/0x10 [ 174.847982][ T7379] ___sys_sendmsg+0xff/0x1e0 [ 174.849679][ T7379] ? __pfx____sys_sendmsg+0x10/0x10 [ 174.851618][ T7379] ? ksys_write+0x21c/0x260 [ 174.853228][ T7379] ? __fget_light+0x173/0x210 [ 174.855524][ T7379] __sys_sendmsg+0x117/0x1f0 [ 174.858643][ T7379] ? __pfx___sys_sendmsg+0x10/0x10 [ 174.861643][ T7379] do_syscall_64+0xcd/0x250 [ 174.863710][ T7379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.866170][ T7379] RIP: 0033:0x7fc175175bd9 [ 174.867905][ T7379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.882641][ T7379] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 174.885883][ T7379] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9 [ 174.888920][ T7379] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 0000000000000003 [ 174.892077][ T7379] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 174.896310][ T7379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.900362][ T7379] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538 [ 174.904846][ T7379] </TASK> [ 174.965621][ T35] usb 6-1: USB disconnect, device number 2 [ 174.983524][ T7384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 175.019205][ T5204] IPVS: starting estimator thread 0... [ 175.039135][ T7384] process 'syz.2.560' launched './file0' with NULL argv: empty string added [ 175.113929][ T4636] Bluetooth: hci2: command 0x0406 tx timeout [ 175.123966][ T7386] IPVS: using max 19 ests per chain, 45600 per kthread [ 175.187328][ T7395] netlink: 132 bytes leftover after parsing attributes in process `syz.0.564'. [ 175.288797][ T7399] FAULT_INJECTION: forcing a failure. [ 175.288797][ T7399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.296354][ T7399] CPU: 3 PID: 7399 Comm: syz.0.566 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 175.300559][ T7399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.305294][ T7399] Call Trace: [ 175.307098][ T7399] <TASK> [ 175.308489][ T7399] dump_stack_lvl+0x16c/0x1f0 [ 175.310804][ T7399] should_fail_ex+0x497/0x5b0 [ 175.312897][ T7399] _copy_from_user+0x30/0xf0 [ 175.314895][ T7399] copy_msghdr_from_user+0x99/0x160 [ 175.317144][ T7399] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 175.319620][ T7399] ? find_held_lock+0x2d/0x110 [ 175.321518][ T7399] ? __pfx___lock_acquire+0x10/0x10 [ 175.323548][ T7399] ___sys_sendmsg+0xff/0x1e0 [ 175.325486][ T7399] ? __pfx____sys_sendmsg+0x10/0x10 [ 175.327763][ T7399] ? ksys_write+0x21c/0x260 [ 175.329867][ T7399] ? __fget_light+0x173/0x210 [ 175.331896][ T7399] __sys_sendmsg+0x117/0x1f0 [ 175.333936][ T7399] ? __pfx___sys_sendmsg+0x10/0x10 [ 175.335886][ T7399] do_syscall_64+0xcd/0x250 [ 175.337931][ T7399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.340481][ T7399] RIP: 0033:0x7f63af775bd9 [ 175.342264][ T7399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.350953][ T7399] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.355577][ T7399] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9 [ 175.358968][ T7399] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 175.364648][ T7399] RBP: 00007f63b060f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 175.367923][ T7399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.371778][ T7399] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8 [ 175.374994][ T7399] </TASK> [ 175.583892][ T35] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 175.761968][ T7411] bridge_slave_1: left allmulticast mode [ 175.764207][ T7411] bridge_slave_1: left promiscuous mode [ 175.777279][ T7411] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.782089][ T35] usb 6-1: Using ep0 maxpacket: 32 [ 175.788342][ T35] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.792707][ T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.797865][ T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.802419][ T35] usb 6-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 175.808512][ T35] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x8F has invalid maxpacket 9573, setting to 1024 [ 175.813397][ T35] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 1024 [ 175.817626][ T35] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 175.825624][ T35] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.828984][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.831866][ T35] usb 6-1: Product: syz [ 175.834261][ T35] usb 6-1: Manufacturer: syz [ 175.836339][ T35] usb 6-1: SerialNumber: syz [ 175.873902][ T5236] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 175.875080][ T7416] netlink: 36 bytes leftover after parsing attributes in process `syz.2.573'. [ 176.051151][ T35] cdc_ncm 6-1:1.0: bind() failure [ 176.061076][ T35] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 176.073659][ T35] cdc_ncm 6-1:1.1: bind() failure [ 176.074174][ T4636] Bluetooth: hci1: command 0x0406 tx timeout [ 176.084809][ T5236] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.104123][ T5236] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 176.110121][ T35] usb 6-1: USB disconnect, device number 3 [ 176.119317][ T5236] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 176.128438][ T5236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.133713][ T5236] usb 5-1: config 0 descriptor?? [ 176.142730][ T5236] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 176.146591][ T7421] FAULT_INJECTION: forcing a failure. [ 176.146591][ T7421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.161797][ T7421] CPU: 0 PID: 7421 Comm: syz.2.574 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 176.166414][ T7421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.170887][ T7421] Call Trace: [ 176.172474][ T7421] <TASK> [ 176.173836][ T7421] dump_stack_lvl+0x16c/0x1f0 [ 176.175946][ T7421] should_fail_ex+0x497/0x5b0 [ 176.178054][ T7421] _copy_from_user+0x30/0xf0 [ 176.180075][ T7421] copy_msghdr_from_user+0x99/0x160 [ 176.182146][ T7421] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 176.184476][ T7421] ? find_held_lock+0x2d/0x110 [ 176.186604][ T7421] ___sys_recvmsg+0xdc/0x1a0 [ 176.188610][ T7421] ? __pfx____sys_recvmsg+0x10/0x10 [ 176.191020][ T7421] ? __fget_light+0x173/0x210 [ 176.196294][ T7421] do_recvmmsg+0x2ba/0x750 [ 176.198328][ T7421] ? __pfx_do_recvmmsg+0x10/0x10 [ 176.205246][ T7421] ? vfs_write+0x14d/0x1140 [ 176.207175][ T7421] ? __mutex_unlock_slowpath+0x164/0x650 [ 176.209304][ T7421] __x64_sys_recvmmsg+0x239/0x290 [ 176.211334][ T7421] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 176.213770][ T7421] do_syscall_64+0xcd/0x250 [ 176.215806][ T7421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.217845][ T7421] RIP: 0033:0x7fc175175bd9 [ 176.219388][ T7421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.227325][ T7421] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 176.230910][ T7421] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9 [ 176.233934][ T7421] RDX: 000000000400023c RSI: 00000000200055c0 RDI: 0000000000000009 [ 176.237057][ T7421] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 176.239601][ T7421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.242954][ T7421] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538 [ 176.246130][ T7421] </TASK> [ 176.454666][ T7425] FAULT_INJECTION: forcing a failure. [ 176.454666][ T7425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.460206][ T7425] CPU: 0 PID: 7425 Comm: syz.3.576 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 176.463992][ T7425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.467900][ T7425] Call Trace: [ 176.469110][ T7425] <TASK> [ 176.470121][ T7425] dump_stack_lvl+0x16c/0x1f0 [ 176.471710][ T7425] should_fail_ex+0x497/0x5b0 [ 176.473306][ T7425] strncpy_from_user+0x38/0x300 [ 176.475042][ T7425] __do_sys_request_key+0xa9/0x3d0 [ 176.477351][ T7425] ? __pfx___do_sys_request_key+0x10/0x10 [ 176.479436][ T7425] ? ksys_write+0x1ab/0x260 [ 176.481118][ T7425] do_syscall_64+0xcd/0x250 [ 176.482784][ T7425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.484887][ T7425] RIP: 0033:0x7f1468b75bd9 [ 176.486534][ T7425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.494409][ T7425] RSP: 002b:00007f1469a29048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 176.497821][ T7425] RAX: ffffffffffffffda RBX: 00007f1468d03f60 RCX: 00007f1468b75bd9 [ 176.501161][ T7425] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 176.503991][ T7425] RBP: 00007f1469a290a0 R08: 0000000000000000 R09: 0000000000000000 [ 176.507162][ T7425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.510560][ T7425] R13: 000000000000000b R14: 00007f1468d03f60 R15: 00007fff448fb9c8 [ 176.514062][ T7425] </TASK> [ 176.856609][ T7443] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 176.900839][ T7443] netlink: 20 bytes leftover after parsing attributes in process `syz.1.579'. [ 176.926138][ T4636] Bluetooth: Wrong link type (-71) [ 176.929600][ T7443] fuse: Unknown parameter '0x00000000000000230x000000000000000c' [ 177.031755][ T7453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 177.103983][ T5236] IPVS: starting estimator thread 0... [ 177.217811][ T7459] IPVS: using max 20 ests per chain, 48000 per kthread [ 177.589016][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 177.677663][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.584'. [ 177.720644][ T39] kauditd_printk_skb: 22 callbacks suppressed [ 177.720659][ T39] audit: type=1400 audit(1720870954.104:352): avc: denied { read write } for pid=7481 comm="syz.1.585" name="uhid" dev="devtmpfs" ino=1111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 177.725755][ T7482] FAULT_INJECTION: forcing a failure. [ 177.725755][ T7482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.733317][ T39] audit: type=1400 audit(1720870954.104:353): avc: denied { open } for pid=7481 comm="syz.1.585" path="/dev/uhid" dev="devtmpfs" ino=1111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 177.757420][ T7482] CPU: 2 PID: 7482 Comm: syz.1.585 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 177.762263][ T7482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 177.766971][ T7482] Call Trace: [ 177.768766][ T7482] <TASK> [ 177.770190][ T7482] dump_stack_lvl+0x16c/0x1f0 [ 177.772325][ T7482] should_fail_ex+0x497/0x5b0 [ 177.774253][ T7482] _copy_to_user+0x30/0xc0 [ 177.776116][ T7482] simple_read_from_buffer+0xd0/0x160 [ 177.778597][ T7482] proc_fail_nth_read+0x1b0/0x290 [ 177.781152][ T7482] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.784414][ T7482] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.786764][ T7482] vfs_read+0x1d4/0xbd0 [ 177.788730][ T7482] ? __fdget_pos+0xeb/0x180 [ 177.790922][ T7482] ? __pfx_vfs_read+0x10/0x10 [ 177.793357][ T7482] ? __pfx___mutex_lock+0x10/0x10 [ 177.795930][ T7482] ? __fget_files+0x256/0x400 [ 177.798266][ T7482] ksys_read+0x12f/0x260 [ 177.800231][ T7482] ? __pfx_ksys_read+0x10/0x10 [ 177.802522][ T7482] do_syscall_64+0xcd/0x250 [ 177.804787][ T7482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.807667][ T7482] RIP: 0033:0x7f75adb746bc [ 177.809718][ T7482] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 177.818354][ T7482] RSP: 002b:00007f75ad5ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 177.822217][ T7482] RAX: ffffffffffffffda RBX: 00007f75add03f60 RCX: 00007f75adb746bc [ 177.825422][ T7482] RDX: 000000000000000f RSI: 00007f75ad5ff0b0 RDI: 0000000000000004 [ 177.828650][ T7482] RBP: 00007f75ad5ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 177.832360][ T7482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.835863][ T7482] R13: 000000000000000b R14: 00007f75add03f60 R15: 00007fff3bda0938 [ 177.839381][ T7482] </TASK> [ 177.840863][ C2] vkms_vblank_simulate: vblank timer overrun [ 177.882568][ T7491] netlink: 20 bytes leftover after parsing attributes in process `syz.1.587'. [ 177.891546][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.587'. [ 178.004066][ T7498] FAULT_INJECTION: forcing a failure. [ 178.004066][ T7498] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.010013][ T7498] CPU: 3 PID: 7498 Comm: syz.1.589 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 178.014394][ T7498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 178.018996][ T7498] Call Trace: [ 178.020440][ T7498] <TASK> [ 178.021721][ T7498] dump_stack_lvl+0x16c/0x1f0 [ 178.023861][ T7498] should_fail_ex+0x497/0x5b0 [ 178.025989][ T7498] _copy_from_user+0x30/0xf0 [ 178.028102][ T7498] copy_msghdr_from_user+0x99/0x160 [ 178.030541][ T7498] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 178.033196][ T7498] ? find_held_lock+0x2d/0x110 [ 178.035124][ T7498] ___sys_recvmsg+0xdc/0x1a0 [ 178.037012][ T7498] ? __pfx____sys_recvmsg+0x10/0x10 [ 178.039370][ T7498] ? __fget_light+0x173/0x210 [ 178.041525][ T7498] do_recvmmsg+0x2ba/0x750 [ 178.043544][ T7498] ? __pfx_do_recvmmsg+0x10/0x10 [ 178.045753][ T7498] ? vfs_write+0x14d/0x1140 [ 178.047810][ T7498] ? __mutex_unlock_slowpath+0x164/0x650 [ 178.050346][ T7498] __x64_sys_recvmmsg+0x239/0x290 [ 178.052616][ T7498] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 178.055117][ T7498] do_syscall_64+0xcd/0x250 [ 178.057233][ T7498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.059971][ T7498] RIP: 0033:0x7f75adb75bd9 [ 178.061835][ T7498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.069226][ T7498] RSP: 002b:00007f75ad5de048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 178.072458][ T7498] RAX: ffffffffffffffda RBX: 00007f75add04038 RCX: 00007f75adb75bd9 [ 178.076873][ T7498] RDX: 040000000000026c RSI: 00000000200005c0 RDI: 0000000000000005 [ 178.080352][ T7498] RBP: 00007f75ad5de0a0 R08: 0000000000000000 R09: 0000000000000000 [ 178.083778][ T7498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.086939][ T7498] R13: 000000000000006e R14: 00007f75add04038 R15: 00007fff3bda0938 [ 178.090253][ T7498] </TASK> [ 178.570073][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 178.755131][ T5261] usb 5-1: USB disconnect, device number 2 [ 179.173662][ T7507] FAULT_INJECTION: forcing a failure. [ 179.173662][ T7507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.181351][ T7507] CPU: 2 PID: 7507 Comm: syz.0.592 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 179.185852][ T7507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.190574][ T7507] Call Trace: [ 179.191982][ T7507] <TASK> [ 179.193283][ T7507] dump_stack_lvl+0x16c/0x1f0 [ 179.195959][ T7507] should_fail_ex+0x497/0x5b0 [ 179.198004][ T7507] _copy_from_user+0x30/0xf0 [ 179.200000][ T7507] move_addr_to_kernel+0x68/0x160 [ 179.202204][ T7507] __sys_sendto+0x169/0x4e0 [ 179.204122][ T7507] ? __pfx___sys_sendto+0x10/0x10 [ 179.206302][ T7507] ? ksys_write+0x1ab/0x260 [ 179.208336][ T7507] ? __pfx_ksys_write+0x10/0x10 [ 179.210430][ T7507] __x64_sys_sendto+0xe0/0x1c0 [ 179.212461][ T7507] ? do_syscall_64+0x91/0x250 [ 179.215350][ T7507] ? lockdep_hardirqs_on+0x7c/0x110 [ 179.218386][ T7507] do_syscall_64+0xcd/0x250 [ 179.220506][ T7507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.223698][ T7507] RIP: 0033:0x7f63af775bd9 [ 179.226054][ T7507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.236365][ T7507] RSP: 002b:00007f63b05ee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 179.239930][ T7507] RAX: ffffffffffffffda RBX: 00007f63af904038 RCX: 00007f63af775bd9 [ 179.243616][ T7507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 179.247898][ T7507] RBP: 00007f63b05ee0a0 R08: 0000000020000000 R09: 0000000000000010 [ 179.252072][ T7507] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001 [ 179.258640][ T7507] R13: 000000000000006e R14: 00007f63af904038 R15: 00007ffec3f794f8 [ 179.262332][ T7507] </TASK> [ 179.262561][ C2] vkms_vblank_simulate: vblank timer overrun [ 179.470446][ T7513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.216771][ T7521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.226979][ T7521] netlink: 160 bytes leftover after parsing attributes in process `syz.3.596'. [ 180.272078][ T7524] FAULT_INJECTION: forcing a failure. [ 180.272078][ T7524] name failslab, interval 1, probability 0, space 0, times 0 [ 180.280913][ T7524] CPU: 3 PID: 7524 Comm: syz.1.597 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 180.286082][ T7524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.291088][ T7524] Call Trace: [ 180.292625][ T7524] <TASK> [ 180.293979][ T7524] dump_stack_lvl+0x16c/0x1f0 [ 180.296261][ T7524] should_fail_ex+0x497/0x5b0 [ 180.298466][ T7524] should_failslab+0x9/0x20 [ 180.300615][ T7524] kmalloc_trace_noprof+0x6b/0x300 [ 180.302895][ T7524] ? alloc_pipe_info+0x10e/0x590 [ 180.305477][ T7524] alloc_pipe_info+0x10e/0x590 [ 180.307856][ T7524] ? __pfx___lock_acquire+0x10/0x10 [ 180.310111][ T7524] splice_direct_to_actor+0x79c/0xa40 [ 180.312558][ T7524] ? __pfx_direct_splice_actor+0x10/0x10 [ 180.315082][ T7524] ? inode_has_perm+0x16f/0x1d0 [ 180.317234][ T7524] ? file_has_perm+0x286/0x360 [ 180.319419][ T7524] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 180.322044][ T7524] ? __pfx_file_has_perm+0x10/0x10 [ 180.324323][ T7524] do_splice_direct+0x17e/0x250 [ 180.326288][ T7524] ? __pfx_do_splice_direct+0x10/0x10 [ 180.328476][ T7524] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 180.331648][ T7524] ? security_file_permission+0x98/0xc0 [ 180.334097][ T7524] do_sendfile+0xb1e/0xe50 [ 180.336199][ T7524] ? __pfx_do_sendfile+0x10/0x10 [ 180.338475][ T7524] __x64_sys_sendfile64+0x1da/0x220 [ 180.341186][ T7524] ? ksys_write+0x1ab/0x260 [ 180.343549][ T7524] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 180.346180][ T7524] do_syscall_64+0xcd/0x250 [ 180.348205][ T7524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.350847][ T7524] RIP: 0033:0x7f75adb75bd9 [ 180.352909][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.362009][ T7524] RSP: 002b:00007f75ad5de048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 180.365862][ T7524] RAX: ffffffffffffffda RBX: 00007f75add04038 RCX: 00007f75adb75bd9 [ 180.369237][ T7524] RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000c [ 180.372781][ T7524] RBP: 00007f75ad5de0a0 R08: 0000000000000000 R09: 0000000000000000 [ 180.375834][ T7524] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 180.379126][ T7524] R13: 000000000000006e R14: 00007f75add04038 R15: 00007fff3bda0938 [ 180.382685][ T7524] </TASK> [ 180.557966][ T39] audit: type=1400 audit(1720870956.944:354): avc: denied { mounton } for pid=7526 comm="syz.0.599" path="/proc/536/task" dev="proc" ino=16552 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 180.578167][ T7528] ================================================================== [ 180.581925][ T7528] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x283/0x2b0 [ 180.585797][ T7528] Read of size 8 at addr ffff88803a7c0b98 by task syz.0.599/7528 [ 180.591020][ T7528] [ 180.592378][ T7528] CPU: 1 PID: 7528 Comm: syz.0.599 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 180.597548][ T7528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.602243][ T7528] Call Trace: [ 180.603773][ T7528] <TASK> [ 180.605054][ T7528] dump_stack_lvl+0x116/0x1f0 [ 180.607140][ T7528] print_report+0xc3/0x620 [ 180.609383][ T7528] ? __virt_addr_valid+0x5e/0x590 [ 180.611662][ T7528] ? __phys_addr+0xc6/0x150 [ 180.613750][ T7528] kasan_report+0xd9/0x110 [ 180.615749][ T7528] ? skb_release_head_state+0x283/0x2b0 [ 180.618205][ T7528] ? skb_release_head_state+0x283/0x2b0 [ 180.620700][ T7528] skb_release_head_state+0x283/0x2b0 [ 180.623060][ T7528] kfree_skb_reason+0xed/0x210 [ 180.625248][ T7528] __hci_req_sync+0x61d/0x980 [ 180.627649][ T7528] ? __pfx___hci_req_sync+0x10/0x10 [ 180.630134][ T7528] ? trace_contention_end+0xea/0x140 [ 180.632817][ T7528] ? hci_req_sync+0x3f/0xd0 [ 180.634886][ T7528] ? __mutex_lock+0x1a6/0x9c0 [ 180.636991][ T7528] hci_req_sync+0x97/0xd0 [ 180.638769][ T7528] ? __pfx_hci_inq_req+0x10/0x10 [ 180.640618][ T7528] hci_inquiry+0x3ea/0x950 [ 180.642450][ T7528] ? __pfx_lock_release+0x10/0x10 [ 180.644396][ T7528] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 180.646475][ T7528] ? __pfx_hci_inquiry+0x10/0x10 [ 180.648383][ T7528] ? mgmt_device_connected+0x470/0x5d0 [ 180.650490][ T7528] ? __local_bh_enable_ip+0xa4/0x120 [ 180.652566][ T7528] hci_sock_ioctl+0x2bb/0x880 [ 180.654399][ T7528] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 180.656411][ T7528] sock_do_ioctl+0x116/0x280 [ 180.658483][ T7528] ? __pfx_sock_do_ioctl+0x10/0x10 [ 180.660656][ T7528] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 180.663315][ T7528] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 180.666141][ T7528] sock_ioctl+0x22e/0x6c0 [ 180.667873][ T7528] ? __pfx_sock_ioctl+0x10/0x10 [ 180.669834][ T7528] ? selinux_file_ioctl+0x180/0x270 [ 180.671824][ T7528] ? selinux_file_ioctl+0xb4/0x270 [ 180.673722][ T7528] ? __pfx_sock_ioctl+0x10/0x10 [ 180.675909][ T7528] __x64_sys_ioctl+0x193/0x220 [ 180.678094][ T7528] do_syscall_64+0xcd/0x250 [ 180.680119][ T7528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.682471][ T7528] RIP: 0033:0x7f63af775bd9 [ 180.684241][ T7528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.692091][ T7528] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.695889][ T7528] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9 [ 180.699810][ T7528] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000009 [ 180.703597][ T7528] RBP: 00007f63af7e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 180.711257][ T7528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.715442][ T7528] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8 [ 180.720120][ T7528] </TASK> [ 180.721718][ T7528] [ 180.722827][ T7528] Allocated by task 5206: [ 180.724809][ T7528] kasan_save_stack+0x33/0x60 [ 180.728375][ T7528] kasan_save_track+0x14/0x30 [ 180.730290][ T7528] __kasan_slab_alloc+0x89/0x90 [ 180.732226][ T7528] kmem_cache_alloc_noprof+0x121/0x2f0 [ 180.734980][ T7528] skb_clone+0x190/0x3f0 [ 180.736985][ T7528] hci_cmd_work+0x66a/0x710 [ 180.739036][ T7528] process_one_work+0x9c5/0x1b40 [ 180.741487][ T7528] worker_thread+0x6c8/0xf30 [ 180.743536][ T7528] kthread+0x2c1/0x3a0 [ 180.745736][ T7528] ret_from_fork+0x45/0x80 [ 180.747768][ T7528] ret_from_fork_asm+0x1a/0x30 [ 180.749816][ T7528] [ 180.750964][ T7528] Freed by task 4636: [ 180.752611][ T7528] kasan_save_stack+0x33/0x60 [ 180.754466][ T7528] kasan_save_track+0x14/0x30 [ 180.756152][ T7528] kasan_save_free_info+0x3b/0x60 [ 180.758048][ T7528] poison_slab_object+0xf7/0x160 [ 180.759916][ T7528] __kasan_slab_free+0x32/0x50 [ 180.761955][ T7528] kmem_cache_free+0x12f/0x3a0 [ 180.763996][ T7528] kfree_skbmem+0x10e/0x200 [ 180.766084][ T7528] kfree_skb_reason+0x138/0x210 [ 180.768434][ T7528] hci_cmd_work+0x63e/0x710 [ 180.770401][ T7528] process_one_work+0x9c5/0x1b40 [ 180.772535][ T7528] worker_thread+0x6c8/0xf30 [ 180.774367][ T7528] kthread+0x2c1/0x3a0 [ 180.775944][ T7528] ret_from_fork+0x45/0x80 [ 180.777805][ T7528] ret_from_fork_asm+0x1a/0x30 [ 180.779889][ T7528] [ 180.781099][ T7528] The buggy address belongs to the object at ffff88803a7c0b40 [ 180.781099][ T7528] which belongs to the cache skbuff_head_cache of size 240 [ 180.788453][ T7528] The buggy address is located 88 bytes inside of [ 180.788453][ T7528] freed 240-byte region [ffff88803a7c0b40, ffff88803a7c0c30) [ 180.796974][ T7528] [ 180.797999][ T7528] The buggy address belongs to the physical page: [ 180.800635][ T7528] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3a7c0 [ 180.804600][ T7528] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 180.808877][ T7528] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 180.812551][ T7528] page_type: 0xffffefff(slab) [ 180.814525][ T7528] raw: 00fff00000000040 ffff8880196d2780 ffffea000058f100 dead000000000003 [ 180.818584][ T7528] raw: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 [ 180.822605][ T7528] head: 00fff00000000040 ffff8880196d2780 ffffea000058f100 dead000000000003 [ 180.826796][ T7528] head: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 [ 180.830366][ T7528] head: 00fff00000000001 ffffea0000e9f001 ffffffffffffffff 0000000000000000 [ 180.833754][ T7528] head: 0000000700000002 0000000000000000 00000000ffffffff 0000000000000000 [ 180.837579][ T7528] page dumped because: kasan: bad access detected [ 180.840205][ T7528] page_owner tracks the page as allocated [ 180.842525][ T7528] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 29, tgid 29 (ksoftirqd/1), ts 55305780237, free_ts 55204066008 [ 180.850546][ T7528] post_alloc_hook+0x2d1/0x350 [ 180.852484][ T7528] get_page_from_freelist+0x1353/0x2e50 [ 180.854732][ T7528] __alloc_pages_noprof+0x22b/0x2460 [ 180.856848][ T7528] alloc_slab_page+0x56/0x110 [ 180.858638][ T7528] new_slab+0x84/0x260 [ 180.860392][ T7528] ___slab_alloc+0xdac/0x1870 [ 180.862495][ T7528] kmem_cache_alloc_bulk_noprof+0x257/0x930 [ 180.865436][ T7528] napi_skb_cache_get+0x154/0x210 [ 180.867442][ T7528] __napi_build_skb+0x14/0x50 [ 180.869493][ T7528] napi_alloc_skb+0x2b8/0x5a0 [ 180.871312][ T7528] e1000_clean_rx_irq+0x2bc/0x1160 [ 180.873338][ T7528] e1000_clean+0x960/0x26f0 [ 180.875181][ T7528] __napi_poll.constprop.0+0xb7/0x550 [ 180.878457][ T7528] net_rx_action+0x9b6/0xf10 [ 180.880825][ T7528] handle_softirqs+0x216/0x8f0 [ 180.882627][ T7528] run_ksoftirqd+0x3a/0x60 [ 180.884341][ T7528] page last free pid 5173 tgid 5173 stack trace: [ 180.886658][ T7528] free_unref_page+0x64a/0xe40 [ 180.888396][ T7528] __folio_put+0x239/0x360 [ 180.890113][ T7528] skb_release_data+0x5df/0x980 [ 180.891947][ T7528] skb_attempt_defer_free+0x1b0/0x620 [ 180.894386][ T7528] tcp_recvmsg_locked+0x11cd/0x2700 [ 180.896436][ T7528] tcp_recvmsg+0x12e/0x680 [ 180.899107][ T7528] inet_recvmsg+0x12b/0x6a0 [ 180.901321][ T7528] sock_recvmsg+0x1b2/0x250 [ 180.903508][ T7528] sock_read_iter+0x2c7/0x3c0 [ 180.905518][ T7528] vfs_read+0xa39/0xbd0 [ 180.907106][ T7528] ksys_read+0x1f8/0x260 [ 180.908713][ T7528] do_syscall_64+0xcd/0x250 [ 180.910426][ T7528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.912626][ T7528] [ 180.913707][ T7528] Memory state around the buggy address: [ 180.916180][ T7528] ffff88803a7c0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 180.919176][ T7528] ffff88803a7c0b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 180.922254][ T7528] >ffff88803a7c0b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.925399][ T7528] ^ [ 180.927308][ T7528] ffff88803a7c0c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 180.930416][ T7528] ffff88803a7c0c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.933402][ T7528] ================================================================== [ 180.941430][ T7528] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 180.944898][ T7528] CPU: 0 PID: 7528 Comm: syz.0.599 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 180.948899][ T7528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.954129][ T7528] Call Trace: [ 180.955960][ T7528] <TASK> [ 180.958140][ T7528] dump_stack_lvl+0x3d/0x1f0 [ 180.960817][ T7528] panic+0x6f5/0x7a0 [ 180.962532][ T7528] ? __pfx_panic+0x10/0x10 [ 180.964741][ T7528] ? irqentry_exit+0x3b/0x90 [ 180.966867][ T7528] ? lockdep_hardirqs_on+0x7c/0x110 [ 180.969223][ T7528] ? preempt_schedule_thunk+0x1a/0x30 [ 180.972267][ T7528] ? preempt_schedule_common+0x44/0xc0 [ 180.974703][ T7528] check_panic_on_warn+0xab/0xb0 [ 180.983240][ T7528] end_report+0x117/0x180 [ 180.986542][ T7528] kasan_report+0xe9/0x110 [ 180.988416][ T7528] ? skb_release_head_state+0x283/0x2b0 [ 180.992933][ T7528] ? skb_release_head_state+0x283/0x2b0 [ 180.995097][ T7528] skb_release_head_state+0x283/0x2b0 [ 180.997520][ T7528] kfree_skb_reason+0xed/0x210 [ 180.999706][ T7528] __hci_req_sync+0x61d/0x980 [ 181.001718][ T7528] ? __pfx___hci_req_sync+0x10/0x10 [ 181.004054][ T7528] ? trace_contention_end+0xea/0x140 [ 181.006297][ T7528] ? hci_req_sync+0x3f/0xd0 [ 181.007980][ T7528] ? __mutex_lock+0x1a6/0x9c0 [ 181.010431][ T7528] hci_req_sync+0x97/0xd0 [ 181.012985][ T7528] ? __pfx_hci_inq_req+0x10/0x10 [ 181.015250][ T7528] hci_inquiry+0x3ea/0x950 [ 181.017453][ T7528] ? __pfx_lock_release+0x10/0x10 [ 181.019786][ T7528] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 181.022783][ T7528] ? __pfx_hci_inquiry+0x10/0x10 [ 181.025401][ T7528] ? mgmt_device_connected+0x470/0x5d0 [ 181.028513][ T7528] ? __local_bh_enable_ip+0xa4/0x120 [ 181.037193][ T7528] hci_sock_ioctl+0x2bb/0x880 [ 181.039246][ T7528] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 181.041678][ T7528] sock_do_ioctl+0x116/0x280 [ 181.043687][ T7528] ? __pfx_sock_do_ioctl+0x10/0x10 [ 181.045824][ T7528] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 181.048582][ T7528] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 181.051450][ T7528] sock_ioctl+0x22e/0x6c0 [ 181.053348][ T7528] ? __pfx_sock_ioctl+0x10/0x10 [ 181.055519][ T7528] ? selinux_file_ioctl+0x180/0x270 [ 181.057917][ T7528] ? selinux_file_ioctl+0xb4/0x270 [ 181.060861][ T7528] ? __pfx_sock_ioctl+0x10/0x10 [ 181.063067][ T7528] __x64_sys_ioctl+0x193/0x220 [ 181.065460][ T7528] do_syscall_64+0xcd/0x250 [ 181.067382][ T7528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.070324][ T7528] RIP: 0033:0x7f63af775bd9 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 181.072736][ T7528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.081865][ T7528] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.085444][ T7528] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9 [ 181.089724][ T7528] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000009 [ 181.094057][ T7528] RBP: 00007f63af7e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 181.097854][ T7528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.101145][ T7528] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8 [ 181.104863][ T7528] </TASK> [ 181.107399][ T7528] Kernel Offset: disabled [ 181.109325][ T7528] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:42:37 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=000000000003e0f1 RCX=ffffffff81f48590 RDX=0000000000000001 RSI=0000000000000001 RDI=000000000003e0f1 RBP=000fffffffffffff RSP=ffffc90003967700 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000002 R11=0000000000000007 R12=0000000000000001 R13=ffff88801f879c80 R14=dffffc0000000000 R15=1ffff9200072ceec RIP=ffffffff81f465a2 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055556c041500 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f75ae8356b8 CR3=000000002c7ec000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff3bda0c40 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fda1c5 RDI=ffffffff94dde1e0 RBP=ffffffff94dde1a0 RSP=ffffc90003a87410 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000038 R14=ffffffff84fda160 R15=0000000000000000 RIP=ffffffff84fda1ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f63b060f6c0 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c30dec7 CR3=0000000042ce2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000480081 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63b060efa0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e72656b2f737973 2f000a6425203a64 656c696166202973 2528657469727700 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b57404e0a565c56 0a000a4100051f41 40494c4443050c56 000d40514c575200 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 00000000000000f0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000002d7583 RBX=0000000000000002 RCX=ffffffff8ae7e759 RDX=0000000000000000 RSI=ffffffff8b2caf00 RDI=ffffffff8b9039c0 RBP=ffffed1002fd9000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d646fdd R10=ffff88806b237eeb R11=0000000000000000 R12=0000000000000002 R13=ffff888017ec8000 R14=ffffffff8fe486d0 R15=0000000000000000 RIP=ffffffff8ae7fb4f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc175304030 CR3=000000001d360000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffecfee2840 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff8ad68afb RDX=0000000000000000 RSI=ffffffffffffffff RDI=ffffc90004107970 RBP=ffffc90004107970 RSP=ffffc900041078f0 R8 =0000000000000006 R9 =ffffffffffffffff R10=0000000000000000 R11=0000000000000001 R12=ffffffffffffffff R13=ffffc900041079a8 R14=0000000000000000 R15=ffff8880218c2f80 RIP=ffffffff8ad66472 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc175fd56c0 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b3065ffff CR3=00000000225f0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1752d4488 00007fc1752d4480 00007fc1752d4478 00007fc1752d4450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc175e3d100 00007fc1752d4440 00007fc1752d4458 00007fc1752d44a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1752d4498 00007fc1752d4490 00007fc1752d4488 00007fc1752d4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000