last executing test programs: 3.872955695s ago: executing program 1 (id=3053): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFC_CMD_SE_IO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[], 0xbc}, 0x1, 0x0, 0x0, 0x40040}, 0x20000080) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2c842, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 3.87279169s ago: executing program 1 (id=3054): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (fail_nth: 5) 3.872549602s ago: executing program 0 (id=3055): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000000c0)={0x7fffffff, 0x0, 'client1\x00', 0x0, "f8ee6e5e2b38b5cc", "b8c5126deca3c384693ba0e2b53b908612ca856de6ac921b579ddca05c6d32b9"}) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$F2FS_IOC_FLUSH_DEVICE(r2, 0x4008f50a, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r1, 0x48212b8952c3affd, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0xaaaacb1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0xdddd0000, 0xe, 0xf0, 0x40, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x7}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0xca}, {0xeeee0000, 0xe6e50002, 0xb, 0x0, 0x2, 0x7, 0x4, 0x1, 0xc, 0x0, 0x6, 0x5}, {0xeeef0000, 0x3000, 0x8, 0xf, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x0, 0x1}, {0x100000, 0x0, 0x3, 0x1, 0x3, 0x9, 0x9, 0x7, 0x5, 0x4, 0xe, 0x4b}, {0x2, 0xd000, 0x9, 0x7, 0x3, 0x6e, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x6000, 0x1000, 0xf, 0x9d, 0x3, 0x0, 0x1, 0xb, 0x5, 0x7, 0x0, 0xf8}, {0xffff1000, 0x8000000, 0xd, 0x5, 0x3, 0x3, 0xa, 0x9, 0x54, 0x6, 0x2, 0x7}, {0xeeef0000, 0x5}, {0x2, 0x9}, 0x40010000, 0x0, 0xf000, 0x300, 0x5, 0x0, 0xe6e70c00, [0xffffffffffffff47, 0x401, 0x7, 0xc5]}) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000001300)=ANY=[@ANYBLOB="828200040000000100"], 0x9) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000300)={0x1, 0x0, [{0x84b, 0x0, 0x6f0a}]}) r8 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) write$binfmt_aout(r8, &(0x7f0000000480)=ANY=[], 0x125) ioctl$SG_IO(r8, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x0, 0x9, @scatter={0x9, 0x0, &(0x7f0000002a40)=[{&(0x7f0000002b00)=""/183, 0xb7}, {&(0x7f0000000780)=""/106, 0x6a}, {&(0x7f0000002d00)=""/4096, 0x1000}, {&(0x7f0000000340)=""/43, 0x2b}, {&(0x7f0000003d00)=""/4096, 0x1000}, {&(0x7f0000000800)=""/241, 0xf1}, {&(0x7f0000000900)=""/187, 0xbb}, {&(0x7f00000005c0)=""/14, 0xe}, {&(0x7f0000005840)=""/4096, 0x1000}]}, 0x0, 0x0, 0x80, 0x4, 0x0, 0x0}) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r4, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0, 0x94}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) r10 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) read$FUSE(r10, &(0x7f0000000a00)={0x2020}, 0x2020) move_mount(r10, 0x0, r10, 0x0, 0x47) 3.757447795s ago: executing program 1 (id=3056): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff94, 0x0, 0x1, 0x0, 0x0, 0x24008085}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa", @ANYBLOB="5106a34cc5559adeb587a0fcb8b440dcf6cd33f8d1470a50a08cd5ca36356d", @ANYRES32=0x41424344], 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r2 = add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x2016}}}, 0x7) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) dup(r4) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 3.620712279s ago: executing program 1 (id=3057): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="14000000340001000000040000802fe21aa86e9b0e991c16fe6cd6111d6bda00b74165d18100e00478861c1b21872058573ec9a3d4195e062535ce8f9f48f6d48e9c064cc6f7273bd2dc616ac96a0521e510f99ea6a1509c1aebe32035def5a9c6d6df5c41555b890fea211e6937aa746b1f9dd401138061063aa6436083c1f4ed599c637c1da658199d822867e9b59fb658b7d562eabe7fc680453f1584fb2b8660cc06cb7b303ea699e9017cc203d26032ec0f8f100d0969cda81167db469c6399df4571f69034fc9d08f316b6c58467a88cfa42bddca25fcf3d2438202e1b3d0455019e90a291842d91825c89f97c00"/258], 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.498896684s ago: executing program 1 (id=3058): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x42}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setrlimit(0x7, &(0x7f0000000200)={0x5, 0xb}) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x7, 0x1}}, 0x20) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r3 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r6, 0x0) r7 = landlock_create_ruleset(&(0x7f0000000140)={0xc000}, 0x18, 0x0) landlock_restrict_self(r7, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r8, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x200, 0x2, 0x2, 0x40000476, 0x4000000000000000, 0x0, 0x8, 0x0, 0xfeff}) fallocate(r8, 0x1, 0x9, 0x81) ioctl$SNDCTL_SEQ_OUTOFBAND(r8, 0x40085112, &(0x7f0000000340)=@s={0x5, @SEQ_MIDIPUTC=0xc6, 0x13, 0x7}) process_madvise(r8, 0x0, 0x0, 0x11, 0x0) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r10 = dup(r9) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2) 3.498039784s ago: executing program 1 (id=3060): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1026864, &(0x7f0000001240)=ANY=[@ANYBLOB="736b783dd3ae1cf9844911534d6ad35238511754a3be09c2a2463ab9a74d6c97f27164009fb69f639f1b1dadde12dc79c6a5aeb5d5ed5cac31e6a289ac59f07e43351e6928151b537254fee7e1944f8980d34793e798320076a5fc1fbf24f25582c04f00ac98c70a81d71098b6264ac8858534825d92b94a4d376e8831ce25638a290a4424cf75c8da4e327de3499367a8d64163605f7850a444ea4dcc95d7aec8ebd975815f803c31a974626dd15253ad34a07d60e64bee8bc5aea88d2a7531b29086e696f273a8e441284adb78c5d1bc02115cf3340017bc4feb6a6291"]) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xc, 0x43, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES8=0x0, @ANYRES16, @ANYBLOB="cfda80872fabfa44d5720ac47455a7b7f67c9d5084ed6370af6ea6fd37e9621c8e6275240e59623fa1da43671b4a16c6bff915d84ae754131f090327698834c1e5a781b0672220fb8926f769bf99e7a36fb7572796401cff340e71f518b5e3075524a612ddb3f0588fc5f299b6965a229be415fd1614c3681c11b6ad60a6215ddd927a8d541319b45fd1859fb5"], &(0x7f0000000340)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5}, 0x94) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xc, 0x43, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES8=0x0, @ANYRES16, @ANYBLOB="cfda80872fabfa44d5720ac47455a7b7f67c9d5084ed6370af6ea6fd37e9621c8e6275240e59623fa1da43671b4a16c6bff915d84ae754131f090327698834c1e5a781b0672220fb8926f769bf99e7a36fb7572796401cff340e71f518b5e3075524a612ddb3f0588fc5f299b6965a229be415fd1614c3681c11b6ad60a6215ddd927a8d541319b45fd1859fb5"], &(0x7f0000000340)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5}, 0x94) mknod$loop(&(0x7f0000000100)='./file0/file0\x00', 0x100000000000600d, 0x0) (async) mknod$loop(&(0x7f0000000100)='./file0/file0\x00', 0x100000000000600d, 0x0) r1 = creat(&(0x7f00000000c0)='./file0/file0\x00', 0xc9028ba210c11f75) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x8, 0x4, 0x80400, 0x2004, 0x7fc}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) (async) r5 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r5, 0x6b, 0x4, &(0x7f0000000040), 0x4) ioctl$EVIOCGMASK(r4, 0x80015b1a, 0x0) (async) ioctl$EVIOCGMASK(r4, 0x80015b1a, 0x0) getsockopt$inet6_tcp_int(r2, 0x6, 0x22, 0x0, &(0x7f0000000080)) (async) getsockopt$inet6_tcp_int(r2, 0x6, 0x22, 0x0, &(0x7f0000000080)) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f00000000c0)={0x1d, r7}, 0x18) connect$can_j1939(r6, &(0x7f0000000140)={0x1d, r7}, 0x18) sendmmsg$inet(r6, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000002640)="ef0ba606342672dabc", 0x9}], 0x1}}], 0x1, 0x20000010) recvmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async) recvmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r0, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000300)="b9ff03316844268cb89ee62b5101821b", 0x0, 0x51, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) (async) r8 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r8, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) (async) setsockopt$inet6_udp_encap(r8, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @dev={0xfe, 0x80, '\x00', 0x38}}, 0x1c) (async) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @dev={0xfe, 0x80, '\x00', 0x38}}, 0x1c) syz_emit_ethernet(0x82, &(0x7f0000001180)=ANY=[@ANYBLOB="0180c20000000180c20000008100350086dd605081140048110000000000000000000000000000000000fc00000000000000000000000000000000000e220048907803000000000000002ca31f5d44de660955124f010003a70a8be605dac002ef4e9701c9953ca6ebd0b546a6a0e5f0e4a75897ca8efd26f39a3ad6c511a132200f61c28abe677ab3e58086592a77f02eae7e754e977ffd7e736be4f8db8ead1c52110ad62cbb0b7dc6438f20"], 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}, @IFLA_LINK={0x8}]}, 0x3c}}, 0x8000) 2.189663656s ago: executing program 3 (id=3064): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x558, 0x0, 0x280, 0x368, 0x1b0, 0x0, 0x488, 0x488, 0x488, 0x488, 0x488, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [0x0, 0x20], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0x203}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b8) 2.187867029s ago: executing program 3 (id=3065): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff94, 0x0, 0x1, 0x0, 0x0, 0x24008085}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa", @ANYBLOB="5106a34cc5559adeb587a0fcb8b440dcf6cd33f8d1470a50a08cd5ca36356d", @ANYRES32=0x41424344], 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r2 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x2016}}}, 0x7) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) dup(r4) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 2.06961466s ago: executing program 3 (id=3066): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="14000000340001000000040000802fe21aa86e9b0e991c16fe6cd6111d6bda00b74165d18100e00478861c1b21872058573ec9a3d4195e062535ce8f9f48f6d48e9c064cc6f7273bd2dc616ac96a0521e510f99ea6a1509c1aebe32035def5a9c6d6df5c41555b890fea211e6937aa746b1f9dd401138061063aa6436083c1f4ed599c637c1da658199d822867e9b59fb658b7d562eabe7fc680453f1584fb2b8660cc06cb7b303ea699e9017cc203d26032ec0f8f100d0969cda81167db469c6399df4571f69034fc9d08f316b6c58467a88cfa42bddca25fcf3d2438202e1b3d0455019e90a291842d91825c89f97c00"/258], 0x14}], 0x1}, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.900495999s ago: executing program 3 (id=3067): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r5, @ANYBLOB="0c00990000000000000000000800a000ae15000008009f000d000000080026000816"], 0x40}}, 0x200040b4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r3) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_LEAVE_IBSS(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r4, 0x8, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xeb9d, 0x19}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4c084}, 0x5) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(r7, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="b5f3b9437000fedbdffeb4438d91b5396e2c93cca2cae3e6898321747c00", @ANYRES32=r1, @ANYBLOB="0a0006005050505050500000080026006c0900000800a1000900000008002700000000000800a0000400000008002201d70000000800a00006000000080026006c0900000500180117000000080027000200000008000c0064000000"], 0x78}}, 0x64004) 1.850771936s ago: executing program 3 (id=3068): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r0, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000}) openat(0xffffffffffffff9c, &(0x7f0000001740)='.\x00', 0x515001, 0x408) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000700), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000580)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000500), 0x0, &(0x7f0000000440)={[{@uuid_off}, {@lowerdir={'lowerdir', 0x3d, './bus'}, 0x3a}], [], 0x2f}) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 950.217171ms ago: executing program 3 (id=3071): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r2 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = dup(r5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="01e1ffffff0000005200000000000000700a470f2131650fa265363e410f01c8b8010000000f01c1c4a21ddf802f93b0d8926958912966baf80cb815ff0780ef66bafc0cecc482d1bcd53666400f38223ac3"], 0x52}) ioctl$KVM_CAP_DISABLE_QUIRKS2(r8, 0x4068aea3, &(0x7f0000000200)={0xd5, 0x0, 0x68}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 850.659834ms ago: executing program 0 (id=3072): r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000540)=@chain={'key_or_keyring:', r0}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, &(0x7f0000000240), &(0x7f0000000380)=r6}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r1, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)='7', 0x1}], 0x1}}], 0x1, 0x1) r7 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r7, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) r8 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000080)="bc", 0x1, r8) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) creat(&(0x7f0000000080)='./file0\x00', 0x16d) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r10, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r11 = dup(r10) write$FUSE_BMAP(r11, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r11, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB="3c6b24109b6b4d09f79cc4b777a54bfdddbf7ebad99c6635"]) truncate(&(0x7f0000000240)='./file0\x00', 0x648) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0x22) 790.678815ms ago: executing program 0 (id=3074): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff94, 0x0, 0x1, 0x0, 0x0, 0x24008085}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa", @ANYBLOB="5106a34cc5559adeb587a0fcb8b440dcf6cd33f8d1470a50a08cd5ca36356d", @ANYRES32=0x41424344], 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r2 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x2016}}}, 0x7) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) dup(r4) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 790.498178ms ago: executing program 2 (id=3075): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 639.634463ms ago: executing program 0 (id=3076): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFC_CMD_SE_IO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[], 0xbc}, 0x1, 0x0, 0x0, 0x40040}, 0x20000080) mount(&(0x7f0000000140)=@nullb, 0x0, 0x0, 0x200013, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (fail_nth: 14) 638.947247ms ago: executing program 2 (id=3077): r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1e0000000000000020000000000000008b0300000000000010000000000000000a000000000000007000000000000000b9800000c00f3235002000000f30c4414dfe9d000001000fc79c8a8000c0fe0f20e035000001000f22e0c441c95817c744240024010000c74424025f7c7331ff1c24c4c27d220a430f7810b9800000c00f3235000400000f30660f3a142608c314000000000000001800000000000000070000009d000000460000000000000020000000000000000800000000000000a30d0000000000004600000000000000200000000000000003000000000000000e000000000000001e0000000000000020000000000000004a060000000000000000010000000000320000000000000018000000000000006c0800000000000046000000000000002000000000000000020000000000000000000000000000000a000000000000004d0000000000000026460f30400fc77500c462fd219900000100c422819876ce3ef30fae6000c421ddef1d76960000660fc776fa430f09420f01c23e420fc7badaa249ebc31e0000000000000020000000000000003a0b0000000000006c0100000000000046000000000000002000000000000000d97d9dac73da6312080000000000000014000000000000001800000000000000010100000000008032000000000000001800000000000900000000000032000000000000001800000000000000aa0300000000000014000000000000001800000000000000000000000800020046000000000000002000000000000000020000000000000000000000000200001e0000000000000020000000000000007d0b000000000000ff01000000000000320000000000000018000000000000003302000000000000320000000000000018000014000000000000001800000000000000020000008a915c090a000000000000005600000000000000c4e239afd1470f013cbc640f00590a410f070f070f01dfc7442400ed780000c744240290000000c7442406000000000f011c2466b82d010f00d066b8df000f00d8440fc737c332000000000000001800000000000000500a00"/800], 0x323}) ioctl$KVM_NMI(r0, 0xae9a) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) setsockopt$inet6_int(r1, 0x29, 0x19, &(0x7f0000000040)=0xb0, 0x4) syz_emit_ethernet(0xfed7, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "00641a", 0x0, 0x3a, 0x0, @mcast1, @mcast1, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 620.025681ms ago: executing program 2 (id=3078): openat$cdrom(0xffffffffffffff9c, &(0x7f0000000880), 0x800, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x40000023, 0x0, 0xffffffffffffff7f}]}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r4 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r3, &(0x7f00000012c0)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0xfc0, 0x66, 0x0, 0x40, 0x11, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x4e20, 0x4e20, 0xfac, 0x0, @opaque="da3789eaf6a3abc4960e944f39725f1912c51c7a09bdeb58b6fc60807b8f8a412cdee50d65613a79decd3babd1952f0eaeea0b8d6726f7baf89bdcf80d08d098dbf22ebc3b2e135b8ec4df6575c07807a39ece90969f50fd8d0a3c2a0ada6aab7b87a46861f8d078c21844e4b6bb350e6bb3753a1355db7ee661aee4d0e682bb19542ae514ad0d1fcacd80a4df85197dd93c4be0a51d6d798e676634c9d819ad2668d9ef96087c12837ad0dd4ba67cdd6b8c4b1fe77599fb85d6d69571eec3156b751e8f03c4d543674482004f1e831eb55eb48c47034acb1e903a3dcc5f91fa797b3ea51ae680cfd4744f08333cb3c1d751febe8072f182a7138e642c1ebfb8b09cc738f4c58ebc12298f28e81f7cbaa8ee8f947a86b8785c6824c2d699ff522ae97b5442052bcd186a33988c7f64b4646ca923df755c15115da5a98fa99474026cbe5b7ce6d9dd12b86cc3ea75f1a3c987cb623e4bbdd671fc134532da00421ec3237e34d26843ec43aae0ffe5fd945d28b43964ad8cd683567da9c6ec91bac73cd6b0342b2a3a6df4fa4b604ffaf8452f24c0f45a4b6762f85c8e76fad42a2147812a4bc441b1c872ab847265594555d436b786eefab321947c7ae64565944e22470efd5badabdeb8c779c4b2b3c8076237f3996e3c775eb409ce1084eb98edbe51ab98d25f7cd208aa3d6863991321757af5e4b0c16b9fd9d56a74ede1704e28388f90f862e7d482e300b96d1eb8c2da9f21a9dbc97ab7344affa299e32f438e32e1a5978cc3c5395717d3d836894ed3347036f4c1df1bffecdfc55da79bb3a4657550e183337ea02c4db061c53c30429bb00e804c17b5cd6c2d2a1132ccda5371c105e91054e4054c4cb791f412083b3e2d3b1f2b1f3f4dc42670892729734236199a9f276aa4bf024e3ef6fa40a5d3c93dd72ce622d64aec075331e8d6eb73ec60ef07b6da2c415dd24fee0278c9efd818c99cc1cebb059db55fdd10d5ccf93c97b05667bdcb657933351c53d148c35c5a64d8d9930c8c9d975f476dcd1c32474ca0a78d0645df58e9542902c4d5389ef6c8064beee4393c74158111bf7cfa6510fd60c344e66fb62111f0ca4dfc994720042af3e8bdaa1855ef7c838a2de169a2e57f1f30be39359a1e26b8998df81b7ae5ef63ab54ff76237764d2b0058d794e56b7c496536b071f1c781f7eecb262e6e742642a470c04596b6f1a75d8f87b8f769d3d5e4044f6554ca6cbdbba6ae7ec47bd626cbc09c722e5b7e41efc838f803366ec448973e551a6d43e8c961c65158ff6b438c8496892f8d36afdac632e4623b009f8db420dd77c45d4b25db6d52aacacde27d73f8790ac4f31203bec6d0ceb31dfae1266e69d9a5c726dfd8033a1453d2ceb13480f401fc7d61b0d1e7490868e12478807d8fee75a3fb3fc41f23ba6ec0feffea16ecee42954230c5762eaba09b714618fbdafd96fc66694b3b2ebfff813e4d963ea9d677785186f43a8447bb2d5d2a18424dd07a2458aec65d4031122f67de4c808451f09bea657dea3b44c456c35b3fe3cdf861178f4267f825dff1722636f29d67b0dfee86da72542f3de4a2938ad2b0dbec68a28dc507719256b3f17f4928b4499ef2fd50f69ed4c8c84d48127a613219bfb1c4133f130f3c575f54508447653abae4e6ff230fc91b6f7122a32d9f49618f4bd0f9a3f48143cc770c8bec6476f37e8af11af05cf77db14bc00c22d238b3e22a161395c791aa92b17501ffbd68d5627c186e6b0339acd416da7d1aa16974d361a087ceed75b4bbd6cb0e991740e2b2fcf302b26e8a2e1435cc73c315c74bdbde6a11d13e56f2c867cd7731afe451d8de9449360d14b624267b6df49539620b9bb48cddbcc9e0c1d5546e25f3f1c8324756f62bc34b275ab9e283b5d3cb15c6e21ce93def6d56bba9833506eef72526098d0f5ee8b907fbec25c09d3264ae76cd74be507ee45471dd232e6e3c581fc3b4a1456bdb91afea48a6fd62dc72562bfa7c863078568327ce780d5271d369900cecd46c06a7f4a7d398b99744b956f23cecd5ca493e279f85b3c723fde4d02870e33e892bbd78ada04ce0803bd9dbbdeb48acc1aedbbbf987628bcccf54671f606bf5dbdebf94d0f185bda92e127332b654d1c0316482ac4f5a6701a12a88f21a117b5df1d1d7ffcc6658b2b9f4c8b7104828de1fc134e8e21849f7bb8ec210cef07dc0a80f25b5e662aeada019be079ff574113937391a06f52c9275893b5e890d756eb505d249a309ccee9373d04dd64286ca3af6f5862bb8e27ddcb0b9686c344dbea41e08f7572ad94e02c9f4cc126ff65a8a1769078d2a6356cbdc3b15ff1f0bb28b033c0f9f2a5d46b07a2899f80d400bc92bc2b219b08549e360c446c7e4d2042aa39b577e81c33d464fcbdaa78c2f3c643c87f62a09dfac24ac7a36d0c3c7481e686c1c42194e99d4d9c148cb0ea8460ace042caf2f9619447568deab4c3f3ba677a3f941a9ecfd0ed90418e373ab18eb1b16f4255219f50e58cd6819a577e1995cc403cef288064b12b9c4d313c57fdf35ae5f0c4852bd39ad6343a83b4885c59d7270a8ee4b1c207f70fc26e286356242a1e72af8526c06757c2a1ffe60875ae61b4fe4740fce0bea6c9cff10cc62d479b1a914b192e43f7636dd40d8f4f554591b3b52af7bf845188c97d27e058c05a6e660b4de5c89325492c3605b96036f403b8f72eb1f08802de7d6da7becc88c7bc501540d40413878bc7fe0fe291346e0868ca49d6659050937b663a122c161716f44eaa398b2347b75c567a6eb17e57c38742bea970210c32337bb9f24363c62ea394f70877af1f49d85ea006a83d7bab84cd3ac82729b9aa1634b317cb792299f62614f0c5ec078691105b7efb1b0efb2ea8cdee95ebe655b0a44ef7fb11fb0fc59b7861685eb2b3b3ab8119cf12d57e34e9bfcd88e87155b5e9c44fce751818709d334bb0a70878ed1581cce54e50723936cd8a1807e89a8228ef1ce91ebed826a9a4b75a0f884ec86ae7a6ece34bc798e0f7d744ce9083d471569b714b68941fd53ac97278717295b88404ebd8b3b6cdcc3637c0c92f06c32b8d47cdf4a985a32749f8d8491cb8c60e44fdaa1ce5ec5781b20ebd3b508b692c277b8540a4c76b235871b4319ce6193eab16fd6ef6a78c66fc3f19b7c293788355df1652f5e73b59e9f4162ee5be91256b751bf49687279639cb737f52a8e95833a1c23bfaa7cc1fd58e665d36fe179482d35a76b2d810de4348c52ae8c43109d24e443ee48d5dcf45c8b0dfb38ac3bde1c279e297bdd3e63062ffb5fbc7406395057a7bf2184926e32061d03ffe4069adb80a35f057ac8a3c021c9e384a062450325b9600bfb48f586ddafd94bf1c1d7f6d357febfe1515d2241c0c3a259bf9a73ea4e03d30b75c6523abdfa5c4bd5825def7ca22909eaeb9ec8b796f803404e0e85a1002d1287c525cf82720f2a8c21296bd7c555d83eb6846d897f0e588b71b0a2bf1b8ff7ea39ae152b59fbd5f76bc76d1cbd1587c951a18f506ba6564401f03d658dd5db2da4cc4d23f01eeca7e3db5160a56addf6a0ada7d180d622b39e337fde2b0e79d686b3ddefb0a19a6f83ac4d63143627115f63b1fb7f0b16451a7afe9718da726bb18cf6b0de1441bab7783cc9c016bcf1c79b6eabd12e7057caf242540103b51caeea8111effd326e16a3e43f52677e583ef0a491b7b5533f48078312dcee67ec07b01ee2325c95a62a34b4e69922f67827eed59c15345646a147b7e318eb09a8d763a83cfbfedd01d1276517a5f721a762aee0b1d355aae82a8f45410e2922ed2f96a9394f25d96b6d0c637aa823c08f6066a64e1c2a31a97dffbb57b547c0728a3c25561e6b8506f5e07ed76b850e0757bdeafe238742fb6122dc1395ff02db65f8d9066784f1de8450bdb890eaa2ae9110c8e0145c41a57c60ba9bf90fad52962e32499d1d3716f378e54e2ce08684f7629792f867346ce73c0057bf8ae85ca87ab6cbb9e09f00f68a41ee018190d22fb31872ea059c8708b8ed5c2843dc4b9118fe5cf7ba30c70f1cb18bcc738d18b95622763c6e82c59822c793d9cf297bb115667801992eab6c8daeee405dfc5c208402bd7e856d32db0e88a33f7f0fead4b2ecd0c4b1602452d8e5e16ee6197caf076ef7f96005066228df14392a899fd978bbf4b1c75c35b3bb22944688f1d6ad41509cbdff982e6e92b5c376a37cc6063e168f8a0dec09905147ba07a6991d94dc0cf8f8782b2f7ad02e82ba670ad469827bd54a7f6cc55940af8e3cafe9ee6a3eb06ffe6ad53fdd09f1bde5b36267c450933aff3ed872dee8387ff1c13e53d6f3b7b147e598b8c79627f0ce24cac0230c9de18ede6ea0244458cd6d37444a0e27cb12620024a0f123efcfb3dcbf359e7cd71881d6bd80526a1992b7063a7cf938ea8f231a7ddf0a8efadc9a364a03cc8735d327d6de0661e595dbca00e088ef6310d58317de49266b24c7b8c2c9bdd92744d0c1c03024bb17d848b9ec70c776435ecdff35092b26a53ce6f51402b86720294ee53bde1baa5658217bb782b8807e1a63aa1506a43d36ddff82ae750986cc3392e943a5b25323795ef66d2b94a4dbda2bb3d0548d5148446095114f70813d0908f7d589fc56dfe7c479dc1e6d734a444f2ae55797449e81adb75f8d19851367ff95d7c6424c3074a9d1b632d2de6a9eaf5520d856629a3ffdb7c233b8900c59d61cdcfc8e99367d8385dc2c227e1dfac178c1c9cfc30057eecc7012ba32d72e22a763eeb8f1aeec80ba667b4056575cfb64d38c29e10d0602925458c0ab3b72779c6a216147efdd17cd20cb4176542a3e4a5c33b542724d4566b26d88f3963ecac61218d4c3684926595994f960f19a3ee66e4748ed9873f08c863801d064a046882ffc1847d830f96a722cbc1e89a655ad77f1764e71ea31e0a52333dde6f61c0cc8b06321ec252e5d8f0a959d8979a218568670b0dbc6b8cdf657f05781ac9eed1404a7563729a346ae8dfe87e0350278fcebec2525f420fef36be7d63f3ef606871b1b427732d826a9262a6ae5a025ff2df634d4f203fb4d4e7c3910e4ea28bd412a78b7ba4447a450dfd894acf5524e37fc776ec7c927fa90a085a4e9f33530e5971310628e949eb66e7ce8e3472c9d7c93cbb2f36cd2341cce4fa0f9924c2a4d465b12298d07d3d0b83fc452ecca6d2512f9077fe09b4c87e0fe4e1445b90cb90c68099b3faa8caafc6ba0beb890daeac319f8b3380d03189f3366380a2c0593fea9a2f73b3af6b703213acae3c360f60ef6a732b4db3fa485f933546cce3c8b8e636be45db432c12e12a6eebc7923eb01d6de46b3dde1273cd3bce26a4b62488b3198991480953ecdce43a65fabc3f64f3b5c831e1ec74966e51ea12f2a3e471896327d477fe871abfc65e0a2e91b1d3b58421066b5769bb2bce69e78997994e049585e40fa6868d31114eb10ae0901ce8bc0fc1ad958f3d161059da5ed27c8244357469c330408fe23dff9392e1a987cdbb1a21045f41bcff39050e2dcf453bee00c379d3e9876efacaa4fa8f76d02a3b8e5422744ca1799583c1e38f99759a3bc3f8503767768ba6f1c48d5be8ac688df78518a0c2a9f652f42dee15004c993b4c8e533e2738e68e"}}}, 0xfce) r5 = socket(0x10, 0x3, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000e006"]) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0xf0b, 0x1, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x8}, {0xffff, 0xffff}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000040}, 0x10) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000240)) r9 = syz_open_dev$video(&(0x7f0000000000), 0xa7, 0x80000) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x16, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', r11, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VIDIOC_ENUMINPUT(r9, 0xc050561a, &(0x7f0000000540)={0x2, "2a123b084c7f8324cc76356ea2c2ef76068115ecfb56b46998cd6a640317a26f", 0x0, 0x6, 0x1, 0x400000, 0x7e25831a6da1030d}) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='xfs\x00', 0xa00000, &(0x7f0000000140)='grpquota') timer_create(0x3, &(0x7f0000000100)={0x0, 0x0, 0x4, @thr={&(0x7f0000000380)="269e0befce083485b56c53945a74de9ee112b070be62b2e73030dffb157f777303bea607b75aeead659b9dcfc3a25fa3aa0952daaaa0f160ee518c65bbf3bfeac2896bf6797d0adc3ae6e6fcac8a641229d81f4a2a885aa8b032a14a0a4b2dfe76222c8e99c6fe1f733717049e09a6f77ca2e5ffa656ebada76bf0588a4116076140d42ec4a477b82dd4be9ab8351e1fc96dc83f804092f00dd6829f7fab9d3ed9cb9a9b99c58fcbd1851e634039265c18de23f847f0f0768779c16eb9faa2eac17cf6c18cd69e6745", &(0x7f00000005c0)="ffc527004f7d271d9cbe81040983815bbfba2ef9181da538b6e0c8e5f21fd6a7eb09000000a6f6c464befa1287601b91626350d49f5d9d1a2e217276b3e6ee6265226230240c1eca6fd477144d5e5ffcc52a79f91c0c42123e4ca9d567efa34b80041837743668db7d1dedfc163c69d3f4fb8c5307d608f94effe8795554abf20fa1e48eb9a2e62ed2fa008b81c9890bdbc1d95f3492fa4266309035ba9a45a742545e11615898dd2f80fbf41637e7b2b5709ee5435609d530c63bda092d8ede8bda67fdd65c9e18fe21d73c7909c6cc09ea98939bcbecfc9be1621d54d45882a42384c8049d912159e022c9a97274971f8368b446a04b382d85079a6adb12fb2a6d9fd4344a072f5bb18622de82c2d0420d2c1353a3a351d45572f6148d65a754caa858a63013634f2ef60cdd4e48beb53286bda6f351cdf27b31b67bf56241a8dc6b5f9277120865051fd8625848c685b76265975b267e6733b3686c01a7529ad2b769372ff14773172687854523b326955751e24dfc5a0c70db123bf188ecbdc3f1093f30a77ab9da344edcc151a095efb9faae311b3ac38e2a0547f0e288a3155fef72a912fc95"}}, &(0x7f00000001c0)) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') 490.340412ms ago: executing program 0 (id=3079): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x38000000) 340.091228ms ago: executing program 0 (id=3080): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r0) r1 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) r3 = socket$inet6(0xa, 0x3, 0x5) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000006, 0x8150, r3, 0x62386000) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback}, 0x1c) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="2b000000060000000000000000000000010000000000000004"], 0x2b) 169.495248ms ago: executing program 2 (id=3081): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x2}}) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&\xc1&A0\xa7\xef\x9cL\x8e1K', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x1) (async) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x2}}) (async) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&\xc1&A0\xa7\xef\x9cL\x8e1K', 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) (async) 371.053µs ago: executing program 2 (id=3082): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000008c00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)='PU', 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000a80)="fb", 0x1}], 0x1}}], 0x2, 0x20004810) (fail_nth: 4) 0s ago: executing program 2 (id=3083): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (fail_nth: 18) kernel console output (not intermixed with test programs): 399759][T14639] kvm_vcpu_ioctl+0x5eb/0x1690 [ 227.399785][T14639] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 227.399808][T14639] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 227.399830][T14639] ? do_vfs_ioctl+0x128/0x14f0 [ 227.399878][T14639] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 227.399902][T14639] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 227.399929][T14639] ? hook_file_ioctl_common+0x145/0x410 [ 227.399957][T14639] ? selinux_file_ioctl+0x180/0x270 [ 227.399973][T14639] ? selinux_file_ioctl+0xb4/0x270 [ 227.399991][T14639] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 227.400014][T14639] __x64_sys_ioctl+0x18b/0x210 [ 227.400039][T14639] do_syscall_64+0xcd/0x4c0 [ 227.400062][T14639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.400079][T14639] RIP: 0033:0x7fd4d258e9a9 [ 227.400092][T14639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.400108][T14639] RSP: 002b:00007fd4d3487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.400123][T14639] RAX: ffffffffffffffda RBX: 00007fd4d27b5fa0 RCX: 00007fd4d258e9a9 [ 227.400134][T14639] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 227.400143][T14639] RBP: 00007fd4d3487090 R08: 0000000000000000 R09: 0000000000000000 [ 227.400153][T14639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 227.400163][T14639] R13: 0000000000000000 R14: 00007fd4d27b5fa0 R15: 00007ffeec0982f8 [ 227.400186][T14639] [ 227.516970][T14642] CPU: 2 UID: 0 PID: 14642 Comm: syz.3.2871 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 227.516998][T14642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 227.517009][T14642] Call Trace: [ 227.517016][T14642] [ 227.517024][T14642] dump_stack_lvl+0x16c/0x1f0 [ 227.517071][T14642] should_fail_ex+0x512/0x640 [ 227.517096][T14642] _copy_from_user+0x2e/0xd0 [ 227.517120][T14642] input_event_from_user+0x133/0x3b0 [ 227.517144][T14642] ? __pfx_input_event_from_user+0x10/0x10 [ 227.517165][T14642] ? __pfx___might_resched+0x10/0x10 [ 227.517189][T14642] ? input_inject_event+0x1a5/0x390 [ 227.517214][T14642] evdev_write+0x37b/0x750 [ 227.517239][T14642] ? __pfx_evdev_write+0x10/0x10 [ 227.517280][T14642] ? bpf_lsm_file_permission+0x9/0x10 [ 227.517301][T14642] ? security_file_permission+0x71/0x210 [ 227.517322][T14642] ? rw_verify_area+0xcf/0x680 [ 227.517344][T14642] ? __pfx_evdev_write+0x10/0x10 [ 227.517362][T14642] vfs_write+0x2a0/0x1150 [ 227.517383][T14642] ? __pfx_vfs_write+0x10/0x10 [ 227.517396][T14642] ? find_held_lock+0x2b/0x80 [ 227.517419][T14642] ? __fget_files+0x204/0x3c0 [ 227.517440][T14642] ? __fget_files+0x20e/0x3c0 [ 227.517464][T14642] ksys_write+0x1f8/0x250 [ 227.517480][T14642] ? __pfx_ksys_write+0x10/0x10 [ 227.517502][T14642] do_syscall_64+0xcd/0x4c0 [ 227.517526][T14642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.517543][T14642] RIP: 0033:0x7f52fbd8e9a9 [ 227.517557][T14642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.517572][T14642] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 227.517589][T14642] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 227.517600][T14642] RDX: 000000000000ff0f RSI: 0000200000000040 RDI: 0000000000000003 [ 227.517610][T14642] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 227.517621][T14642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.517631][T14642] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 227.517653][T14642] [ 227.693870][T14656] FAULT_INJECTION: forcing a failure. [ 227.693870][T14656] name failslab, interval 1, probability 0, space 0, times 0 [ 227.699145][T14656] CPU: 0 UID: 0 PID: 14656 Comm: syz.2.2876 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 227.699169][T14656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 227.699179][T14656] Call Trace: [ 227.699185][T14656] [ 227.699191][T14656] dump_stack_lvl+0x16c/0x1f0 [ 227.699216][T14656] should_fail_ex+0x512/0x640 [ 227.699234][T14656] ? __kmalloc_noprof+0xbf/0x510 [ 227.699251][T14656] ? fib_create_info+0x53f/0x46b0 [ 227.699268][T14656] should_failslab+0xc2/0x120 [ 227.699285][T14656] __kmalloc_noprof+0xd2/0x510 [ 227.699306][T14656] fib_create_info+0x53f/0x46b0 [ 227.699326][T14656] ? __pfx___might_resched+0x10/0x10 [ 227.699350][T14656] ? pcpu_block_update+0x278/0x660 [ 227.699368][T14656] ? find_held_lock+0x2b/0x80 [ 227.699390][T14656] ? pcpu_alloc_noprof+0x949/0x1470 [ 227.699419][T14656] ? __pfx_fib_create_info+0x10/0x10 [ 227.699438][T14656] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 227.699468][T14656] fib_table_insert+0x177/0x1c40 [ 227.699491][T14656] ? find_held_lock+0x2b/0x80 [ 227.699515][T14656] ? pcpu_memcg_post_alloc_hook+0x1e/0x690 [ 227.699540][T14656] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 227.699563][T14656] ? __pfx_fib_table_insert+0x10/0x10 [ 227.699591][T14656] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 227.699615][T14656] ? inet_rtm_newroute+0x124/0x210 [ 227.699630][T14656] inet_rtm_newroute+0x124/0x210 [ 227.699646][T14656] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 227.699671][T14656] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 227.699686][T14656] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 227.699700][T14656] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 227.699722][T14656] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 227.699739][T14656] rtnetlink_rcv_msg+0x95b/0xe90 [ 227.699762][T14656] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 227.699787][T14656] ? __lock_acquire+0x622/0x1c90 [ 227.699807][T14656] netlink_rcv_skb+0x155/0x420 [ 227.699829][T14656] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 227.699879][T14656] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 227.699914][T14656] ? netlink_deliver_tap+0x1ae/0xd30 [ 227.699935][T14656] ? is_vmalloc_addr+0x86/0xa0 [ 227.699955][T14656] netlink_unicast+0x58d/0x850 [ 227.699982][T14656] ? __pfx_netlink_unicast+0x10/0x10 [ 227.700012][T14656] netlink_sendmsg+0x8d1/0xdd0 [ 227.700040][T14656] ? __pfx_netlink_sendmsg+0x10/0x10 [ 227.700073][T14656] ____sys_sendmsg+0xa95/0xc70 [ 227.700098][T14656] ? copy_msghdr_from_user+0x10a/0x160 [ 227.700124][T14656] ? __pfx_____sys_sendmsg+0x10/0x10 [ 227.700169][T14656] ? kfree+0x24f/0x4d0 [ 227.700189][T14656] ? __pfx__kstrtoull+0x10/0x10 [ 227.700210][T14656] ___sys_sendmsg+0x134/0x1d0 [ 227.700230][T14656] ? __pfx____sys_sendmsg+0x10/0x10 [ 227.700270][T14656] ? __pfx___might_resched+0x10/0x10 [ 227.700295][T14656] __sys_sendmmsg+0x200/0x420 [ 227.700317][T14656] ? __pfx___sys_sendmmsg+0x10/0x10 [ 227.700349][T14656] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 227.700379][T14656] ? fput+0x70/0xf0 [ 227.700400][T14656] ? ksys_write+0x1ac/0x250 [ 227.700416][T14656] ? __pfx_ksys_write+0x10/0x10 [ 227.700435][T14656] __x64_sys_sendmmsg+0x9c/0x100 [ 227.700454][T14656] ? lockdep_hardirqs_on+0x7c/0x110 [ 227.700474][T14656] do_syscall_64+0xcd/0x4c0 [ 227.700495][T14656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.700512][T14656] RIP: 0033:0x7fd4d258e9a9 [ 227.700527][T14656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.700544][T14656] RSP: 002b:00007fd4d3487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 227.700562][T14656] RAX: ffffffffffffffda RBX: 00007fd4d27b5fa0 RCX: 00007fd4d258e9a9 [ 227.700574][T14656] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 227.700585][T14656] RBP: 00007fd4d3487090 R08: 0000000000000000 R09: 0000000000000000 [ 227.700596][T14656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 227.700607][T14656] R13: 0000000000000000 R14: 00007fd4d27b5fa0 R15: 00007ffeec0982f8 [ 227.700632][T14656] [ 227.893098][T14659] /dev/nullb0: Can't open blockdev [ 227.900461][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 227.900473][ T40] audit: type=1400 audit(1753754612.996:58042): avc: denied { watch watch_reads } for pid=14658 comm="syz.2.2877" path="/dev/pts/0" dev="devpts" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_devpts_t tclass=chr_file permissive=1 [ 227.966577][ T40] audit: type=1400 audit(1753754613.066:58043): avc: denied { getopt } for pid=14663 comm="syz.1.2880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 227.975597][ T40] audit: type=1400 audit(1753754613.066:58044): avc: denied { ioctl } for pid=14663 comm="syz.1.2880" path="socket:[137951]" dev="sockfs" ino=137951 ioctlcmd=0x937b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 228.098476][T14671] syz.1.2881: attempt to access beyond end of device [ 228.098476][T14671] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 228.104206][T14671] XFS (nbd1): SB validate failed with error -5. [ 228.467277][T14698] FAULT_INJECTION: forcing a failure. [ 228.467277][T14698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.472412][T14698] CPU: 1 UID: 0 PID: 14698 Comm: syz.0.2889 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 228.472437][T14698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 228.472448][T14698] Call Trace: [ 228.472454][T14698] [ 228.472462][T14698] dump_stack_lvl+0x16c/0x1f0 [ 228.472489][T14698] should_fail_ex+0x512/0x640 [ 228.472514][T14698] _copy_from_user+0x2e/0xd0 [ 228.472539][T14698] move_addr_to_kernel+0x65/0x170 [ 228.472558][T14698] __copy_msghdr+0x386/0x470 [ 228.472581][T14698] copy_msghdr_from_user+0xc1/0x160 [ 228.472602][T14698] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 228.472629][T14698] ? __pfx__kstrtoull+0x10/0x10 [ 228.472650][T14698] ___sys_sendmsg+0xfe/0x1d0 [ 228.472673][T14698] ? __pfx____sys_sendmsg+0x10/0x10 [ 228.472707][T14698] ? find_held_lock+0x2b/0x80 [ 228.472746][T14698] __sys_sendmmsg+0x200/0x420 [ 228.472770][T14698] ? __pfx___sys_sendmmsg+0x10/0x10 [ 228.472801][T14698] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 228.472834][T14698] ? fput+0x70/0xf0 [ 228.472855][T14698] ? ksys_write+0x1ac/0x250 [ 228.472871][T14698] ? __pfx_ksys_write+0x10/0x10 [ 228.472891][T14698] __x64_sys_sendmmsg+0x9c/0x100 [ 228.472913][T14698] ? lockdep_hardirqs_on+0x7c/0x110 [ 228.472934][T14698] do_syscall_64+0xcd/0x4c0 [ 228.472958][T14698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.472977][T14698] RIP: 0033:0x7fd1c1f8e9a9 [ 228.472992][T14698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.473010][T14698] RSP: 002b:00007fd1c2dd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 228.473027][T14698] RAX: ffffffffffffffda RBX: 00007fd1c21b5fa0 RCX: 00007fd1c1f8e9a9 [ 228.473039][T14698] RDX: 0000000000000001 RSI: 0000200000002300 RDI: 0000000000000005 [ 228.473054][T14698] RBP: 00007fd1c2dd1090 R08: 0000000000000000 R09: 0000000000000000 [ 228.473065][T14698] R10: 000000002000c000 R11: 0000000000000246 R12: 0000000000000001 [ 228.473076][T14698] R13: 0000000000000000 R14: 00007fd1c21b5fa0 R15: 00007ffe95370358 [ 228.473100][T14698] [ 228.765175][T14717] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 228.804692][ T40] audit: type=1400 audit(1753754613.906:58045): avc: denied { write } for pid=14714 comm="syz.0.2895" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 228.900782][T14728] FAULT_INJECTION: forcing a failure. [ 228.900782][T14728] name failslab, interval 1, probability 0, space 0, times 0 [ 228.905012][T14728] CPU: 0 UID: 0 PID: 14728 Comm: syz.3.2899 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 228.905026][T14728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 228.905033][T14728] Call Trace: [ 228.905037][T14728] [ 228.905041][T14728] dump_stack_lvl+0x16c/0x1f0 [ 228.905073][T14728] should_fail_ex+0x512/0x640 [ 228.905089][T14728] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 228.905107][T14728] should_failslab+0xc2/0x120 [ 228.905118][T14728] __kmalloc_cache_noprof+0x6a/0x3e0 [ 228.905133][T14728] ? __pfx___might_resched+0x10/0x10 [ 228.905149][T14728] ? vhost_task_create+0xe5/0x2e0 [ 228.905161][T14728] ? rcu_is_watching+0x12/0xc0 [ 228.905175][T14728] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 228.905192][T14728] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 228.905205][T14728] vhost_task_create+0xe5/0x2e0 [ 228.905216][T14728] ? __pfx_vhost_task_create+0x10/0x10 [ 228.905232][T14728] ? __pfx_vhost_task_fn+0x10/0x10 [ 228.905250][T14728] kvm_mmu_post_init_vm+0x1b7/0x370 [ 228.905266][T14728] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 228.905280][T14728] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 228.905297][T14728] kvm_vcpu_ioctl+0x5eb/0x1690 [ 228.905312][T14728] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 228.905326][T14728] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 228.905346][T14728] ? do_vfs_ioctl+0x128/0x14f0 [ 228.905361][T14728] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 228.905376][T14728] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 228.905393][T14728] ? hook_file_ioctl_common+0x145/0x410 [ 228.905410][T14728] ? selinux_file_ioctl+0x180/0x270 [ 228.905420][T14728] ? selinux_file_ioctl+0xb4/0x270 [ 228.905431][T14728] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 228.905446][T14728] __x64_sys_ioctl+0x18b/0x210 [ 228.905461][T14728] do_syscall_64+0xcd/0x4c0 [ 228.905475][T14728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.905486][T14728] RIP: 0033:0x7f52fbd8e9a9 [ 228.905495][T14728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.905505][T14728] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.905515][T14728] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 228.905522][T14728] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 228.905528][T14728] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 228.905534][T14728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.905540][T14728] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 228.905554][T14728] [ 229.154960][T14736] NILFS (nbd1): device size too small [ 229.216980][T14738] FAULT_INJECTION: forcing a failure. [ 229.216980][T14738] name failslab, interval 1, probability 0, space 0, times 0 [ 229.221012][T14738] CPU: 0 UID: 0 PID: 14738 Comm: syz.1.2903 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 229.221027][T14738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 229.221034][T14738] Call Trace: [ 229.221038][T14738] [ 229.221042][T14738] dump_stack_lvl+0x16c/0x1f0 [ 229.221059][T14738] should_fail_ex+0x512/0x640 [ 229.221072][T14738] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 229.221092][T14738] should_failslab+0xc2/0x120 [ 229.221104][T14738] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 229.221120][T14738] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 229.221136][T14738] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 229.221150][T14738] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 229.221168][T14738] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 229.221187][T14738] mmu_topup_memory_caches+0x25/0x170 [ 229.221203][T14738] kvm_mmu_load+0xd9/0x22a0 [ 229.221217][T14738] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 229.221228][T14738] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 229.221240][T14738] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 229.221255][T14738] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 229.221267][T14738] ? __pfx_kvm_mmu_load+0x10/0x10 [ 229.221280][T14738] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 229.221296][T14738] ? kvm_check_and_inject_events+0x71c/0x1310 [ 229.221313][T14738] vcpu_run+0x34eb/0x5500 [ 229.221324][T14738] ? kvm_mmu_post_init_vm+0x269/0x370 [ 229.221346][T14738] ? __lock_acquire+0xb8a/0x1c90 [ 229.221360][T14738] ? __pfx_vcpu_run+0x10/0x10 [ 229.221390][T14738] ? kvm_arch_vcpu_ioctl_run+0x3cd/0x18c0 [ 229.221406][T14738] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 229.221419][T14738] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 229.221437][T14738] kvm_vcpu_ioctl+0x5eb/0x1690 [ 229.221452][T14738] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 229.221466][T14738] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 229.221481][T14738] ? do_vfs_ioctl+0x128/0x14f0 [ 229.221496][T14738] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 229.221510][T14738] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 229.221527][T14738] ? hook_file_ioctl_common+0x145/0x410 [ 229.221545][T14738] ? selinux_file_ioctl+0x180/0x270 [ 229.221555][T14738] ? selinux_file_ioctl+0xb4/0x270 [ 229.221566][T14738] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 229.221581][T14738] __x64_sys_ioctl+0x18b/0x210 [ 229.221596][T14738] do_syscall_64+0xcd/0x4c0 [ 229.221611][T14738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.221621][T14738] RIP: 0033:0x7f912898e9a9 [ 229.221630][T14738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.221640][T14738] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.221650][T14738] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 229.221657][T14738] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 229.221663][T14738] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 229.221669][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 229.221676][T14738] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 229.221689][T14738] [ 229.224874][T14741] lo: Master is either lo or non-ether device [ 229.278606][T14742] xt_hashlimit: size too large, truncated to 1048576 [ 229.330654][ T40] audit: type=1400 audit(1753754614.426:58046): avc: denied { write } for pid=14740 comm="syz.3.2904" name="mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 229.465530][T14749] FAULT_INJECTION: forcing a failure. [ 229.465530][T14749] name failslab, interval 1, probability 0, space 0, times 0 [ 229.469522][T14749] CPU: 0 UID: 0 PID: 14749 Comm: syz.1.2906 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 229.469537][T14749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 229.469544][T14749] Call Trace: [ 229.469549][T14749] [ 229.469554][T14749] dump_stack_lvl+0x16c/0x1f0 [ 229.469571][T14749] should_fail_ex+0x512/0x640 [ 229.469584][T14749] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 229.469603][T14749] should_failslab+0xc2/0x120 [ 229.469615][T14749] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 229.469631][T14749] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 229.469647][T14749] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 229.469661][T14749] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 229.469679][T14749] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 229.469699][T14749] mmu_topup_memory_caches+0x25/0x170 [ 229.469714][T14749] kvm_mmu_load+0xd9/0x22a0 [ 229.469727][T14749] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 229.469739][T14749] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 229.469751][T14749] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 229.469765][T14749] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 229.469777][T14749] ? __pfx_kvm_mmu_load+0x10/0x10 [ 229.469790][T14749] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 229.469806][T14749] ? kvm_check_and_inject_events+0x71c/0x1310 [ 229.469823][T14749] vcpu_run+0x34eb/0x5500 [ 229.469834][T14749] ? kvm_mmu_post_init_vm+0x269/0x370 [ 229.469850][T14749] ? __lock_acquire+0xb8a/0x1c90 [ 229.469865][T14749] ? __pfx_vcpu_run+0x10/0x10 [ 229.469880][T14749] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 229.469893][T14749] ? __local_bh_enable_ip+0xa4/0x120 [ 229.469910][T14749] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 229.469923][T14749] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 229.469940][T14749] kvm_vcpu_ioctl+0x5eb/0x1690 [ 229.469956][T14749] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 229.469970][T14749] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 229.469985][T14749] ? do_vfs_ioctl+0x128/0x14f0 [ 229.470000][T14749] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 229.470014][T14749] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 229.470031][T14749] ? hook_file_ioctl_common+0x145/0x410 [ 229.470054][T14749] ? selinux_file_ioctl+0x180/0x270 [ 229.470065][T14749] ? selinux_file_ioctl+0xb4/0x270 [ 229.470076][T14749] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 229.470091][T14749] __x64_sys_ioctl+0x18b/0x210 [ 229.470106][T14749] do_syscall_64+0xcd/0x4c0 [ 229.470121][T14749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.470131][T14749] RIP: 0033:0x7f912898e9a9 [ 229.470141][T14749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.470152][T14749] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.470162][T14749] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 229.470169][T14749] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 229.470175][T14749] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 229.470181][T14749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 229.470187][T14749] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 229.470201][T14749] [ 229.612345][T14752] FAULT_INJECTION: forcing a failure. [ 229.612345][T14752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 229.617718][T14752] CPU: 1 UID: 0 PID: 14752 Comm: syz.0.2907 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 229.617741][T14752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 229.617752][T14752] Call Trace: [ 229.617757][T14752] [ 229.617762][T14752] dump_stack_lvl+0x16c/0x1f0 [ 229.617786][T14752] should_fail_ex+0x512/0x640 [ 229.617809][T14752] _copy_from_iter+0x29f/0x16f0 [ 229.617832][T14752] ? __lock_acquire+0xb8a/0x1c90 [ 229.617848][T14752] ? tcp_leave_memory_pressure+0x1f/0x100 [ 229.617866][T14752] ? __pfx__copy_from_iter+0x10/0x10 [ 229.617882][T14752] ? __sk_mem_raise_allocated+0x94d/0x1670 [ 229.617905][T14752] ? skb_page_frag_refill+0x11d/0x5a0 [ 229.617937][T14752] sk_msg_memcopy_from_iter+0x415/0x600 [ 229.617964][T14752] tcp_bpf_sendmsg+0x79b/0x1b80 [ 229.618000][T14752] ? __pfx_tcp_bpf_sendmsg+0x10/0x10 [ 229.618086][T14752] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 229.618106][T14752] ? __import_iovec+0x1dd/0x650 [ 229.618127][T14752] ? __might_fault+0xe3/0x190 [ 229.618141][T14752] ? __might_fault+0x13b/0x190 [ 229.618156][T14752] ? __pfx_tcp_bpf_sendmsg+0x10/0x10 [ 229.618181][T14752] inet6_sendmsg+0x11c/0x140 [ 229.618198][T14752] ____sys_sendmsg+0x705/0xc70 [ 229.618223][T14752] ? copy_msghdr_from_user+0x10a/0x160 [ 229.618243][T14752] ? __pfx_____sys_sendmsg+0x10/0x10 [ 229.618270][T14752] ? __pfx__kstrtoull+0x10/0x10 [ 229.618289][T14752] ___sys_sendmsg+0x134/0x1d0 [ 229.618306][T14752] ? __pfx____sys_sendmsg+0x10/0x10 [ 229.618338][T14752] ? find_held_lock+0x2b/0x80 [ 229.618376][T14752] __sys_sendmmsg+0x200/0x420 [ 229.618394][T14752] ? __pfx___sys_sendmmsg+0x10/0x10 [ 229.618422][T14752] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 229.618454][T14752] ? fput+0x70/0xf0 [ 229.618474][T14752] ? ksys_write+0x1ac/0x250 [ 229.618486][T14752] ? __pfx_ksys_write+0x10/0x10 [ 229.618501][T14752] __x64_sys_sendmmsg+0x9c/0x100 [ 229.618521][T14752] ? lockdep_hardirqs_on+0x7c/0x110 [ 229.618540][T14752] do_syscall_64+0xcd/0x4c0 [ 229.618563][T14752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.618579][T14752] RIP: 0033:0x7fd1c1f8e9a9 [ 229.618589][T14752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.618605][T14752] RSP: 002b:00007fd1c2dd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 229.618620][T14752] RAX: ffffffffffffffda RBX: 00007fd1c21b5fa0 RCX: 00007fd1c1f8e9a9 [ 229.618631][T14752] RDX: 0000000000000002 RSI: 0000200000008c00 RDI: 0000000000000003 [ 229.618641][T14752] RBP: 00007fd1c2dd1090 R08: 0000000000000000 R09: 0000000000000000 [ 229.618650][T14752] R10: 0000000020004810 R11: 0000000000000246 R12: 0000000000000001 [ 229.618660][T14752] R13: 0000000000000000 R14: 00007fd1c21b5fa0 R15: 00007ffe95370358 [ 229.618678][T14752] [ 229.632410][T14754] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2908'. [ 229.637111][ T40] audit: type=1400 audit(1753754614.746:58047): avc: denied { lock } for pid=14753 comm="syz.3.2908" path="socket:[138120]" dev="sockfs" ino=138120 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 229.724969][T14754] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2908'. [ 230.088077][ T40] audit: type=1400 audit(1753754615.186:58048): avc: denied { read } for pid=14780 comm="syz.3.2919" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 230.298032][T14790] FAULT_INJECTION: forcing a failure. [ 230.298032][T14790] name failslab, interval 1, probability 0, space 0, times 0 [ 230.302542][T14790] CPU: 1 UID: 0 PID: 14790 Comm: syz.3.2923 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 230.302564][T14790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 230.302575][T14790] Call Trace: [ 230.302581][T14790] [ 230.302588][T14790] dump_stack_lvl+0x16c/0x1f0 [ 230.302613][T14790] should_fail_ex+0x512/0x640 [ 230.302632][T14790] ? fs_reclaim_acquire+0xae/0x150 [ 230.302653][T14790] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 230.302670][T14790] should_failslab+0xc2/0x120 [ 230.302685][T14790] __kmalloc_noprof+0xd2/0x510 [ 230.302698][T14790] tomoyo_realpath_from_path+0xc2/0x6e0 [ 230.302711][T14790] ? tomoyo_profile+0x47/0x60 [ 230.302725][T14790] tomoyo_path_number_perm+0x245/0x580 [ 230.302741][T14790] ? tomoyo_path_number_perm+0x237/0x580 [ 230.302758][T14790] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 230.302775][T14790] ? find_held_lock+0x2b/0x80 [ 230.302801][T14790] ? find_held_lock+0x2b/0x80 [ 230.302814][T14790] ? hook_file_ioctl_common+0x145/0x410 [ 230.302831][T14790] ? __fget_files+0x20e/0x3c0 [ 230.302844][T14790] security_file_ioctl+0x9b/0x240 [ 230.302857][T14790] __x64_sys_ioctl+0xb7/0x210 [ 230.302872][T14790] do_syscall_64+0xcd/0x4c0 [ 230.302886][T14790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.302897][T14790] RIP: 0033:0x7f52fbd8e9a9 [ 230.302906][T14790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.302916][T14790] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.302927][T14790] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 230.302934][T14790] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 230.302940][T14790] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 230.302946][T14790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.302952][T14790] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 230.302965][T14790] [ 230.302970][T14790] ERROR: Out of memory at tomoyo_realpath_from_path. [ 230.569266][T14803] FAULT_INJECTION: forcing a failure. [ 230.569266][T14803] name failslab, interval 1, probability 0, space 0, times 0 [ 230.574203][T14803] CPU: 3 UID: 0 PID: 14803 Comm: syz.3.2926 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 230.574224][T14803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 230.574231][T14803] Call Trace: [ 230.574236][T14803] [ 230.574241][T14803] dump_stack_lvl+0x16c/0x1f0 [ 230.574261][T14803] should_fail_ex+0x512/0x640 [ 230.574275][T14803] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 230.574295][T14803] should_failslab+0xc2/0x120 [ 230.574307][T14803] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 230.574325][T14803] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 230.574341][T14803] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 230.574356][T14803] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 230.574375][T14803] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 230.574396][T14803] mmu_topup_memory_caches+0x25/0x170 [ 230.574413][T14803] kvm_mmu_load+0xd9/0x22a0 [ 230.574427][T14803] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 230.574439][T14803] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 230.574452][T14803] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 230.574467][T14803] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 230.574480][T14803] ? __pfx_kvm_mmu_load+0x10/0x10 [ 230.574493][T14803] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 230.574510][T14803] ? kvm_check_and_inject_events+0x71c/0x1310 [ 230.574528][T14803] vcpu_run+0x34eb/0x5500 [ 230.574543][T14803] ? __lock_acquire+0xb8a/0x1c90 [ 230.574559][T14803] ? __pfx_vcpu_run+0x10/0x10 [ 230.574575][T14803] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 230.574589][T14803] ? __local_bh_enable_ip+0xa4/0x120 [ 230.574607][T14803] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 230.574621][T14803] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 230.574639][T14803] kvm_vcpu_ioctl+0x5eb/0x1690 [ 230.574655][T14803] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 230.574670][T14803] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 230.574700][T14803] ? do_vfs_ioctl+0x128/0x14f0 [ 230.574717][T14803] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 230.574733][T14803] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 230.574751][T14803] ? hook_file_ioctl_common+0x145/0x410 [ 230.574773][T14803] ? selinux_file_ioctl+0x180/0x270 [ 230.574786][T14803] ? selinux_file_ioctl+0xb4/0x270 [ 230.574799][T14803] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 230.574814][T14803] __x64_sys_ioctl+0x18b/0x210 [ 230.574830][T14803] do_syscall_64+0xcd/0x4c0 [ 230.574846][T14803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.574857][T14803] RIP: 0033:0x7f52fbd8e9a9 [ 230.574866][T14803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.574878][T14803] RSP: 002b:00007f52f9bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.574889][T14803] RAX: ffffffffffffffda RBX: 00007f52fbfb6080 RCX: 00007f52fbd8e9a9 [ 230.574896][T14803] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 230.574902][T14803] RBP: 00007f52f9bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 230.574908][T14803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 230.574914][T14803] R13: 0000000000000001 R14: 00007f52fbfb6080 R15: 00007ffc8d4ae198 [ 230.574927][T14803] [ 230.678373][ C3] vkms_vblank_simulate: vblank timer overrun [ 230.780237][T14814] @: renamed from vlan0 [ 230.789923][T14812] loop2: detected capacity change from 0 to 7 [ 230.793142][T11559] Dev loop2: unable to read RDB block 7 [ 230.794998][T11559] loop2: unable to read partition table [ 230.797485][T11559] loop2: partition table beyond EOD, truncated [ 230.803685][T14812] Dev loop2: unable to read RDB block 7 [ 230.805593][T14812] loop2: unable to read partition table [ 230.807507][T14812] loop2: partition table beyond EOD, truncated [ 230.811034][T14812] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 230.980862][T14826] Illegal XDP return value 2771996363 on prog (id 601) dev N/A, expect packet loss! [ 231.044440][T14829] FAULT_INJECTION: forcing a failure. [ 231.044440][T14829] name failslab, interval 1, probability 0, space 0, times 0 [ 231.048729][T14829] CPU: 0 UID: 0 PID: 14829 Comm: syz.2.2939 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 231.048743][T14829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.048750][T14829] Call Trace: [ 231.048754][T14829] [ 231.048759][T14829] dump_stack_lvl+0x16c/0x1f0 [ 231.048776][T14829] should_fail_ex+0x512/0x640 [ 231.048790][T14829] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 231.048809][T14829] should_failslab+0xc2/0x120 [ 231.048822][T14829] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 231.048838][T14829] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 231.048854][T14829] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 231.048890][T14829] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 231.048917][T14829] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 231.048947][T14829] mmu_topup_memory_caches+0x25/0x170 [ 231.048969][T14829] kvm_mmu_load+0xd9/0x22a0 [ 231.048983][T14829] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 231.048999][T14829] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 231.049018][T14829] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 231.049045][T14829] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 231.049060][T14829] ? __pfx_kvm_mmu_load+0x10/0x10 [ 231.049072][T14829] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 231.049089][T14829] ? kvm_check_and_inject_events+0x71c/0x1310 [ 231.049106][T14829] vcpu_run+0x34eb/0x5500 [ 231.049118][T14829] ? kvm_mmu_post_init_vm+0x269/0x370 [ 231.049134][T14829] ? __lock_acquire+0xb8a/0x1c90 [ 231.049148][T14829] ? __pfx_vcpu_run+0x10/0x10 [ 231.049164][T14829] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 231.049176][T14829] ? __local_bh_enable_ip+0xa4/0x120 [ 231.049194][T14829] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 231.049213][T14829] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 231.049241][T14829] kvm_vcpu_ioctl+0x5eb/0x1690 [ 231.049264][T14829] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 231.049281][T14829] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 231.049297][T14829] ? do_vfs_ioctl+0x128/0x14f0 [ 231.049312][T14829] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 231.049326][T14829] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 231.049354][T14829] ? hook_file_ioctl_common+0x145/0x410 [ 231.049381][T14829] ? selinux_file_ioctl+0x180/0x270 [ 231.049397][T14829] ? selinux_file_ioctl+0xb4/0x270 [ 231.049411][T14829] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 231.049425][T14829] __x64_sys_ioctl+0x18b/0x210 [ 231.049440][T14829] do_syscall_64+0xcd/0x4c0 [ 231.049455][T14829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.049465][T14829] RIP: 0033:0x7fd4d258e9a9 [ 231.049475][T14829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.049485][T14829] RSP: 002b:00007fd4d3487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.049496][T14829] RAX: ffffffffffffffda RBX: 00007fd4d27b5fa0 RCX: 00007fd4d258e9a9 [ 231.049502][T14829] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 231.049508][T14829] RBP: 00007fd4d3487090 R08: 0000000000000000 R09: 0000000000000000 [ 231.049514][T14829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 231.049520][T14829] R13: 0000000000000000 R14: 00007fd4d27b5fa0 R15: 00007ffeec0982f8 [ 231.049533][T14829] [ 231.358566][T14845] FAULT_INJECTION: forcing a failure. [ 231.358566][T14845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 231.364403][T14845] CPU: 3 UID: 0 PID: 14845 Comm: syz.3.2944 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 231.364428][T14845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.364440][T14845] Call Trace: [ 231.364446][T14845] [ 231.364454][T14845] dump_stack_lvl+0x16c/0x1f0 [ 231.364481][T14845] should_fail_ex+0x512/0x640 [ 231.364507][T14845] _copy_to_user+0x32/0xd0 [ 231.364534][T14845] simple_read_from_buffer+0xcb/0x170 [ 231.364565][T14845] proc_fail_nth_read+0x197/0x270 [ 231.364585][T14845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 231.364606][T14845] ? rw_verify_area+0xcf/0x680 [ 231.364631][T14845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 231.364650][T14845] vfs_read+0x1e1/0xc60 [ 231.364681][T14845] ? __pfx___mutex_lock+0x10/0x10 [ 231.364705][T14845] ? __pfx_vfs_read+0x10/0x10 [ 231.364736][T14845] ? __fget_files+0x20e/0x3c0 [ 231.364762][T14845] ksys_read+0x12a/0x250 [ 231.364776][T14845] ? __pfx_ksys_read+0x10/0x10 [ 231.364797][T14845] do_syscall_64+0xcd/0x4c0 [ 231.364820][T14845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.364837][T14845] RIP: 0033:0x7f52fbd8d3bc [ 231.364851][T14845] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 231.364868][T14845] RSP: 002b:00007f52fcb2b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 231.364886][T14845] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8d3bc [ 231.364897][T14845] RDX: 000000000000000f RSI: 00007f52fcb2b0a0 RDI: 0000000000000003 [ 231.364908][T14845] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 231.364923][T14845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.364934][T14845] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 231.364962][T14845] [ 231.433788][ C3] vkms_vblank_simulate: vblank timer overrun [ 231.437257][T14847] FAULT_INJECTION: forcing a failure. [ 231.437257][T14847] name failslab, interval 1, probability 0, space 0, times 0 [ 231.445204][T14847] CPU: 0 UID: 0 PID: 14847 Comm: syz.1.2945 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 231.445228][T14847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.445237][T14847] Call Trace: [ 231.445244][T14847] [ 231.445251][T14847] dump_stack_lvl+0x16c/0x1f0 [ 231.445280][T14847] should_fail_ex+0x512/0x640 [ 231.445302][T14847] ? __kmalloc_noprof+0xbf/0x510 [ 231.445322][T14847] ? lsm_blob_alloc+0x68/0x90 [ 231.445342][T14847] should_failslab+0xc2/0x120 [ 231.445361][T14847] __kmalloc_noprof+0xd2/0x510 [ 231.445377][T14847] ? __pfx_perf_event_init_task+0x10/0x10 [ 231.445399][T14847] ? audit_alloc+0xa2/0x7b0 [ 231.445419][T14847] ? __pfx_audit_alloc+0x10/0x10 [ 231.445441][T14847] lsm_blob_alloc+0x68/0x90 [ 231.445461][T14847] security_task_alloc+0x2d/0x260 [ 231.445480][T14847] copy_process+0x2205/0x7650 [ 231.445515][T14847] ? __pfx_copy_process+0x10/0x10 [ 231.445545][T14847] ? lockdep_init_map_type+0x5c/0x280 [ 231.445565][T14847] ? lockdep_init_map_type+0x5c/0x280 [ 231.445581][T14847] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 231.445605][T14847] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 231.445627][T14847] vhost_task_create+0x1d2/0x2e0 [ 231.445647][T14847] ? __pfx_vhost_task_create+0x10/0x10 [ 231.445674][T14847] ? __pfx_vhost_task_fn+0x10/0x10 [ 231.445703][T14847] kvm_mmu_post_init_vm+0x1b7/0x370 [ 231.445725][T14847] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 231.445746][T14847] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 231.445771][T14847] kvm_vcpu_ioctl+0x5eb/0x1690 [ 231.445795][T14847] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 231.445816][T14847] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 231.445836][T14847] ? do_vfs_ioctl+0x128/0x14f0 [ 231.445857][T14847] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 231.445878][T14847] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 231.445908][T14847] ? hook_file_ioctl_common+0x145/0x410 [ 231.445937][T14847] ? selinux_file_ioctl+0x180/0x270 [ 231.445954][T14847] ? selinux_file_ioctl+0xb4/0x270 [ 231.445972][T14847] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 231.445992][T14847] __x64_sys_ioctl+0x18b/0x210 [ 231.446020][T14847] do_syscall_64+0xcd/0x4c0 [ 231.446042][T14847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.446057][T14847] RIP: 0033:0x7f912898e9a9 [ 231.446073][T14847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.446090][T14847] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.446109][T14847] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 231.446120][T14847] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 231.446130][T14847] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 231.446143][T14847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 231.446153][T14847] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 231.446175][T14847] [ 231.596572][T14854] netlink: 'syz.3.2947': attribute type 10 has an invalid length. [ 231.679317][T14858] FAULT_INJECTION: forcing a failure. [ 231.679317][T14858] name failslab, interval 1, probability 0, space 0, times 0 [ 231.683673][T14858] CPU: 3 UID: 0 PID: 14858 Comm: syz.1.2949 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 231.683689][T14858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.683696][T14858] Call Trace: [ 231.683700][T14858] [ 231.683704][T14858] dump_stack_lvl+0x16c/0x1f0 [ 231.683722][T14858] should_fail_ex+0x512/0x640 [ 231.683735][T14858] ? fs_reclaim_acquire+0xae/0x150 [ 231.683750][T14858] ? tomoyo_encode2+0x100/0x3e0 [ 231.683761][T14858] should_failslab+0xc2/0x120 [ 231.683773][T14858] __kmalloc_noprof+0xd2/0x510 [ 231.683787][T14858] tomoyo_encode2+0x100/0x3e0 [ 231.683800][T14858] tomoyo_encode+0x29/0x50 [ 231.683810][T14858] tomoyo_realpath_from_path+0x18f/0x6e0 [ 231.683851][T14858] ? tomoyo_profile+0x47/0x60 [ 231.683867][T14858] tomoyo_path_number_perm+0x245/0x580 [ 231.683882][T14858] ? tomoyo_path_number_perm+0x237/0x580 [ 231.683900][T14858] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 231.683917][T14858] ? find_held_lock+0x2b/0x80 [ 231.683943][T14858] ? find_held_lock+0x2b/0x80 [ 231.683956][T14858] ? hook_file_ioctl_common+0x145/0x410 [ 231.683973][T14858] ? __fget_files+0x20e/0x3c0 [ 231.683986][T14858] security_file_ioctl+0x9b/0x240 [ 231.683999][T14858] __x64_sys_ioctl+0xb7/0x210 [ 231.684015][T14858] do_syscall_64+0xcd/0x4c0 [ 231.684029][T14858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.684040][T14858] RIP: 0033:0x7f912898e9a9 [ 231.684049][T14858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.684060][T14858] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.684070][T14858] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 231.684077][T14858] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 231.684083][T14858] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 231.684090][T14858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.684096][T14858] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 231.684109][T14858] [ 231.684120][T14858] ERROR: Out of memory at tomoyo_realpath_from_path. [ 231.809319][ T40] audit: type=1400 audit(1753754616.906:58049): avc: denied { mounton } for pid=14855 comm="syz.3.2948" path="/147/file0" dev="fuse" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 232.142721][T14872] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14872 comm=syz.0.2953 [ 232.191009][T14874] FAULT_INJECTION: forcing a failure. [ 232.191009][T14874] name failslab, interval 1, probability 0, space 0, times 0 [ 232.198072][T14874] CPU: 0 UID: 0 PID: 14874 Comm: syz.1.2954 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 232.198101][T14874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.198112][T14874] Call Trace: [ 232.198119][T14874] [ 232.198128][T14874] dump_stack_lvl+0x16c/0x1f0 [ 232.198151][T14874] should_fail_ex+0x512/0x640 [ 232.198164][T14874] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 232.198184][T14874] should_failslab+0xc2/0x120 [ 232.198195][T14874] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 232.198212][T14874] ? copy_process+0x4b6/0x7650 [ 232.198230][T14874] copy_process+0x4b6/0x7650 [ 232.198251][T14874] ? __pfx_copy_process+0x10/0x10 [ 232.198268][T14874] ? lockdep_init_map_type+0x5c/0x280 [ 232.198281][T14874] ? lockdep_init_map_type+0x5c/0x280 [ 232.198292][T14874] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 232.198309][T14874] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 232.198322][T14874] vhost_task_create+0x1d2/0x2e0 [ 232.198337][T14874] ? __pfx_vhost_task_create+0x10/0x10 [ 232.198352][T14874] ? __pfx_vhost_task_fn+0x10/0x10 [ 232.198370][T14874] kvm_mmu_post_init_vm+0x1b7/0x370 [ 232.198386][T14874] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 232.198401][T14874] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 232.198417][T14874] kvm_vcpu_ioctl+0x5eb/0x1690 [ 232.198433][T14874] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 232.198446][T14874] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 232.198461][T14874] ? do_vfs_ioctl+0x128/0x14f0 [ 232.198476][T14874] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 232.198490][T14874] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 232.198507][T14874] ? hook_file_ioctl_common+0x145/0x410 [ 232.198524][T14874] ? selinux_file_ioctl+0x180/0x270 [ 232.198534][T14874] ? selinux_file_ioctl+0xb4/0x270 [ 232.198545][T14874] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 232.198559][T14874] __x64_sys_ioctl+0x18b/0x210 [ 232.198575][T14874] do_syscall_64+0xcd/0x4c0 [ 232.198589][T14874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.198600][T14874] RIP: 0033:0x7f912898e9a9 [ 232.198610][T14874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.198620][T14874] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.198630][T14874] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 232.198637][T14874] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 232.198643][T14874] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 232.198650][T14874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.198656][T14874] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 232.198669][T14874] [ 232.447415][T14882] FAULT_INJECTION: forcing a failure. [ 232.447415][T14882] name failslab, interval 1, probability 0, space 0, times 0 [ 232.452195][T14882] CPU: 3 UID: 0 PID: 14882 Comm: syz.1.2958 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 232.452217][T14882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.452228][T14882] Call Trace: [ 232.452235][T14882] [ 232.452241][T14882] dump_stack_lvl+0x16c/0x1f0 [ 232.452264][T14882] should_fail_ex+0x512/0x640 [ 232.452282][T14882] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 232.452316][T14882] should_failslab+0xc2/0x120 [ 232.452335][T14882] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 232.452359][T14882] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 232.452381][T14882] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 232.452402][T14882] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 232.452429][T14882] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 232.452461][T14882] mmu_topup_memory_caches+0x25/0x170 [ 232.452480][T14882] kvm_mmu_load+0xd9/0x22a0 [ 232.452501][T14882] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 232.452519][T14882] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 232.452537][T14882] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 232.452558][T14882] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 232.452577][T14882] ? __pfx_kvm_mmu_load+0x10/0x10 [ 232.452595][T14882] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 232.452616][T14882] ? kvm_check_and_inject_events+0x71c/0x1310 [ 232.452642][T14882] vcpu_run+0x34eb/0x5500 [ 232.452660][T14882] ? kvm_mmu_post_init_vm+0x269/0x370 [ 232.452681][T14882] ? __lock_acquire+0xb8a/0x1c90 [ 232.452695][T14882] ? __pfx_vcpu_run+0x10/0x10 [ 232.452711][T14882] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 232.452723][T14882] ? __local_bh_enable_ip+0xa4/0x120 [ 232.452741][T14882] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 232.452754][T14882] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 232.452771][T14882] kvm_vcpu_ioctl+0x5eb/0x1690 [ 232.452787][T14882] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 232.452801][T14882] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 232.452815][T14882] ? do_vfs_ioctl+0x128/0x14f0 [ 232.452830][T14882] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 232.452844][T14882] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 232.452861][T14882] ? hook_file_ioctl_common+0x145/0x410 [ 232.452878][T14882] ? selinux_file_ioctl+0x180/0x270 [ 232.452888][T14882] ? selinux_file_ioctl+0xb4/0x270 [ 232.452899][T14882] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 232.452914][T14882] __x64_sys_ioctl+0x18b/0x210 [ 232.452929][T14882] do_syscall_64+0xcd/0x4c0 [ 232.452943][T14882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.452954][T14882] RIP: 0033:0x7f912898e9a9 [ 232.452963][T14882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.452973][T14882] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.452984][T14882] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 232.452990][T14882] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 232.452997][T14882] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 232.453003][T14882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 232.453009][T14882] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 232.453022][T14882] [ 232.563197][ C3] vkms_vblank_simulate: vblank timer overrun [ 232.610238][T14889] xt_hashlimit: invalid interval [ 232.670027][T14897] syz.0.2964: attempt to access beyond end of device [ 232.670027][T14897] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0 [ 232.674872][T14897] syz.0.2964: attempt to access beyond end of device [ 232.674872][T14897] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0 [ 232.683959][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.687146][T14897] syz.0.2964: attempt to access beyond end of device [ 232.687146][T14897] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0 [ 232.691334][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.696522][T14897] syz.0.2964: attempt to access beyond end of device [ 232.696522][T14897] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 232.698312][T14891] FAULT_INJECTION: forcing a failure. [ 232.698312][T14891] name failslab, interval 1, probability 0, space 0, times 0 [ 232.703769][T14897] syz.0.2964: attempt to access beyond end of device [ 232.703769][T14897] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 232.705593][T14891] CPU: 3 UID: 0 PID: 14891 Comm: syz.2.2962 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 232.705609][T14891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.705615][T14891] Call Trace: [ 232.705619][T14891] [ 232.705623][T14891] dump_stack_lvl+0x16c/0x1f0 [ 232.705641][T14891] should_fail_ex+0x512/0x640 [ 232.705655][T14891] ? fs_reclaim_acquire+0xae/0x150 [ 232.705670][T14891] ? tomoyo_encode2+0x100/0x3e0 [ 232.705682][T14891] should_failslab+0xc2/0x120 [ 232.705693][T14891] __kmalloc_noprof+0xd2/0x510 [ 232.705707][T14891] tomoyo_encode2+0x100/0x3e0 [ 232.705720][T14891] tomoyo_encode+0x29/0x50 [ 232.705730][T14891] tomoyo_realpath_from_path+0x18f/0x6e0 [ 232.705743][T14891] ? tomoyo_profile+0x47/0x60 [ 232.705758][T14891] tomoyo_path_number_perm+0x245/0x580 [ 232.705774][T14891] ? tomoyo_path_number_perm+0x237/0x580 [ 232.705791][T14891] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 232.705808][T14891] ? find_held_lock+0x2b/0x80 [ 232.705834][T14891] ? find_held_lock+0x2b/0x80 [ 232.705847][T14891] ? hook_file_ioctl_common+0x145/0x410 [ 232.705864][T14891] ? __fget_files+0x20e/0x3c0 [ 232.705877][T14891] security_file_ioctl+0x9b/0x240 [ 232.705890][T14891] __x64_sys_ioctl+0xb7/0x210 [ 232.705906][T14891] do_syscall_64+0xcd/0x4c0 [ 232.705920][T14891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.705931][T14891] RIP: 0033:0x7fd4d258e9a9 [ 232.705940][T14891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.705951][T14891] RSP: 002b:00007fd4d3487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.705961][T14891] RAX: ffffffffffffffda RBX: 00007fd4d27b5fa0 RCX: 00007fd4d258e9a9 [ 232.705968][T14891] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 232.705974][T14891] RBP: 00007fd4d3487090 R08: 0000000000000000 R09: 0000000000000000 [ 232.705981][T14891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.705993][T14891] R13: 0000000000000000 R14: 00007fd4d27b5fa0 R15: 00007ffeec0982f8 [ 232.706006][T14891] [ 232.706017][T14891] ERROR: Out of memory at tomoyo_realpath_from_path. [ 232.708780][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.727753][ T40] audit: type=1400 audit(1753754617.826:58050): avc: denied { execute } for pid=14905 comm="syz.1.2968" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1 [ 232.734577][T14897] syz.0.2964: attempt to access beyond end of device [ 232.734577][T14897] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 232.734625][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.734901][T14897] syz.0.2964: attempt to access beyond end of device [ 232.734901][T14897] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 232.737294][T14906] SELinux: ebitmap: empty map [ 232.738121][T14897] syz.0.2964: attempt to access beyond end of device [ 232.738121][T14897] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 232.739890][T14906] SELinux: failed to load policy [ 232.741967][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.745715][ T40] audit: type=1400 audit(1753754617.836:58051): avc: denied { load_policy } for pid=14905 comm="syz.1.2968" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 232.747107][T14897] syz.0.2964: attempt to access beyond end of device [ 232.747107][T14897] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 232.825564][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.828828][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.831840][T14897] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.834671][T14897] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 232.999092][ T40] audit: type=1400 audit(1753754618.096:58052): avc: denied { append } for pid=14925 comm="syz.1.2972" name="rtc0" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 233.038089][T14933] FAULT_INJECTION: forcing a failure. [ 233.038089][T14933] name failslab, interval 1, probability 0, space 0, times 0 [ 233.044951][T14933] CPU: 2 UID: 0 PID: 14933 Comm: syz.3.2971 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 233.044966][T14933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 233.044974][T14933] Call Trace: [ 233.044978][T14933] [ 233.044982][T14933] dump_stack_lvl+0x16c/0x1f0 [ 233.044999][T14933] should_fail_ex+0x512/0x640 [ 233.045013][T14933] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 233.045037][T14933] should_failslab+0xc2/0x120 [ 233.045049][T14933] __kmalloc_cache_noprof+0x6a/0x3e0 [ 233.045064][T14933] ? __pfx___might_resched+0x10/0x10 [ 233.045078][T14933] ? vhost_task_create+0xe5/0x2e0 [ 233.045107][T14933] ? rcu_is_watching+0x12/0xc0 [ 233.045122][T14933] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 233.045140][T14933] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 233.045153][T14933] vhost_task_create+0xe5/0x2e0 [ 233.045165][T14933] ? __pfx_vhost_task_create+0x10/0x10 [ 233.045180][T14933] ? __pfx_vhost_task_fn+0x10/0x10 [ 233.045198][T14933] kvm_mmu_post_init_vm+0x1b7/0x370 [ 233.045214][T14933] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 233.045229][T14933] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 233.045246][T14933] kvm_vcpu_ioctl+0x5eb/0x1690 [ 233.045261][T14933] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 233.045275][T14933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 233.045290][T14933] ? do_vfs_ioctl+0x128/0x14f0 [ 233.045305][T14933] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 233.045320][T14933] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 233.045337][T14933] ? hook_file_ioctl_common+0x145/0x410 [ 233.045355][T14933] ? selinux_file_ioctl+0x180/0x270 [ 233.045365][T14933] ? selinux_file_ioctl+0xb4/0x270 [ 233.045376][T14933] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 233.045391][T14933] __x64_sys_ioctl+0x18b/0x210 [ 233.045407][T14933] do_syscall_64+0xcd/0x4c0 [ 233.045421][T14933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.045432][T14933] RIP: 0033:0x7f52fbd8e9a9 [ 233.045442][T14933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.045452][T14933] RSP: 002b:00007f52f9bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.045463][T14933] RAX: ffffffffffffffda RBX: 00007f52fbfb6080 RCX: 00007f52fbd8e9a9 [ 233.045470][T14933] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 233.045476][T14933] RBP: 00007f52f9bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 233.045483][T14933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.045489][T14933] R13: 0000000000000001 R14: 00007f52fbfb6080 R15: 00007ffc8d4ae198 [ 233.045503][T14933] [ 233.235601][T14945] FAULT_INJECTION: forcing a failure. [ 233.235601][T14945] name failslab, interval 1, probability 0, space 0, times 0 [ 233.240744][T14945] CPU: 0 UID: 0 PID: 14945 Comm: syz.3.2974 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 233.240769][T14945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 233.240781][T14945] Call Trace: [ 233.240788][T14945] [ 233.240796][T14945] dump_stack_lvl+0x16c/0x1f0 [ 233.240825][T14945] should_fail_ex+0x512/0x640 [ 233.240846][T14945] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 233.240879][T14945] should_failslab+0xc2/0x120 [ 233.240899][T14945] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 233.240928][T14945] ? ptlock_alloc+0x1f/0x70 [ 233.240957][T14945] ptlock_alloc+0x1f/0x70 [ 233.240981][T14945] pte_alloc_one+0x82/0x3a0 [ 233.241001][T14945] __do_fault+0x320/0x490 [ 233.241020][T14945] __handle_mm_fault+0x374c/0x5490 [ 233.241053][T14945] ? __pfx___handle_mm_fault+0x10/0x10 [ 233.241077][T14945] ? find_held_lock+0x2b/0x80 [ 233.241102][T14945] ? mtree_load+0x309/0xa40 [ 233.241141][T14945] handle_mm_fault+0x589/0xd10 [ 233.241172][T14945] __get_user_pages+0x589/0x3b80 [ 233.241206][T14945] ? __pfx___get_user_pages+0x10/0x10 [ 233.241231][T14945] ? __lock_acquire+0xb8a/0x1c90 [ 233.241254][T14945] faultin_page_range+0x249/0x980 [ 233.241286][T14945] madvise_do_behavior+0x268/0x3f0 [ 233.241311][T14945] ? __pfx_madvise_do_behavior+0x10/0x10 [ 233.241347][T14945] do_madvise+0x161/0x230 [ 233.241382][T14945] ? __pfx_do_madvise+0x10/0x10 [ 233.241415][T14945] ? ksys_write+0x1ac/0x250 [ 233.241431][T14945] ? __pfx_ksys_write+0x10/0x10 [ 233.241451][T14945] __x64_sys_madvise+0xa9/0x110 [ 233.241471][T14945] ? lockdep_hardirqs_on+0x7c/0x110 [ 233.241491][T14945] do_syscall_64+0xcd/0x4c0 [ 233.241513][T14945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.241529][T14945] RIP: 0033:0x7f52fbd8e9a9 [ 233.241544][T14945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.241559][T14945] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 233.241577][T14945] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 233.241588][T14945] RDX: 0000000000000017 RSI: 0000000000800000 RDI: 00002000000ec000 [ 233.241598][T14945] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 233.241609][T14945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.241618][T14945] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 233.241641][T14945] [ 233.499823][T14960] FAULT_INJECTION: forcing a failure. [ 233.499823][T14960] name failslab, interval 1, probability 0, space 0, times 0 [ 233.506460][T14960] CPU: 1 UID: 0 PID: 14960 Comm: syz.1.2978 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 233.506477][T14960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 233.506483][T14960] Call Trace: [ 233.506488][T14960] [ 233.506492][T14960] dump_stack_lvl+0x16c/0x1f0 [ 233.506510][T14960] should_fail_ex+0x512/0x640 [ 233.506523][T14960] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 233.506542][T14960] should_failslab+0xc2/0x120 [ 233.506554][T14960] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 233.506570][T14960] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 233.506589][T14960] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 233.506605][T14960] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 233.506623][T14960] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 233.506643][T14960] mmu_topup_memory_caches+0x25/0x170 [ 233.506658][T14960] kvm_mmu_load+0xd9/0x22a0 [ 233.506672][T14960] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 233.506683][T14960] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 233.506695][T14960] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 233.506709][T14960] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 233.506721][T14960] ? __pfx_kvm_mmu_load+0x10/0x10 [ 233.506734][T14960] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 233.506750][T14960] ? kvm_check_and_inject_events+0x71c/0x1310 [ 233.506767][T14960] vcpu_run+0x34eb/0x5500 [ 233.506779][T14960] ? kvm_mmu_post_init_vm+0x269/0x370 [ 233.506795][T14960] ? __lock_acquire+0xb8a/0x1c90 [ 233.506810][T14960] ? __pfx_vcpu_run+0x10/0x10 [ 233.506825][T14960] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 233.506839][T14960] ? __local_bh_enable_ip+0xa4/0x120 [ 233.506856][T14960] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 233.506869][T14960] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 233.506886][T14960] kvm_vcpu_ioctl+0x5eb/0x1690 [ 233.506902][T14960] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 233.506916][T14960] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 233.506930][T14960] ? do_vfs_ioctl+0x128/0x14f0 [ 233.506945][T14960] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 233.506960][T14960] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 233.506977][T14960] ? hook_file_ioctl_common+0x145/0x410 [ 233.506994][T14960] ? selinux_file_ioctl+0x180/0x270 [ 233.507004][T14960] ? selinux_file_ioctl+0xb4/0x270 [ 233.507016][T14960] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 233.507030][T14960] __x64_sys_ioctl+0x18b/0x210 [ 233.507046][T14960] do_syscall_64+0xcd/0x4c0 [ 233.507060][T14960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.507070][T14960] RIP: 0033:0x7f912898e9a9 [ 233.507080][T14960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.507090][T14960] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.507101][T14960] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 233.507108][T14960] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 233.507114][T14960] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 233.507121][T14960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 233.507127][T14960] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 233.507140][T14960] [ 233.538190][T14965] FAULT_INJECTION: forcing a failure. [ 233.538190][T14965] name failslab, interval 1, probability 0, space 0, times 0 [ 233.601112][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.602368][T14965] CPU: 2 UID: 0 PID: 14965 Comm: syz.3.2979 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 233.602384][T14965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 233.602391][T14965] Call Trace: [ 233.602396][T14965] [ 233.602400][T14965] dump_stack_lvl+0x16c/0x1f0 [ 233.602417][T14965] should_fail_ex+0x512/0x640 [ 233.602430][T14965] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 233.602449][T14965] should_failslab+0xc2/0x120 [ 233.602461][T14965] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 233.602477][T14965] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 233.602493][T14965] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 233.602507][T14965] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 233.602524][T14965] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 233.602544][T14965] mmu_topup_memory_caches+0x25/0x170 [ 233.602559][T14965] kvm_mmu_load+0xd9/0x22a0 [ 233.602574][T14965] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 233.602585][T14965] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 233.602597][T14965] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 233.602611][T14965] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 233.602623][T14965] ? __pfx_kvm_mmu_load+0x10/0x10 [ 233.602636][T14965] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 233.602652][T14965] ? kvm_check_and_inject_events+0x71c/0x1310 [ 233.602669][T14965] vcpu_run+0x34eb/0x5500 [ 233.602681][T14965] ? kvm_mmu_post_init_vm+0x269/0x370 [ 233.602697][T14965] ? __lock_acquire+0xb8a/0x1c90 [ 233.602712][T14965] ? __pfx_vcpu_run+0x10/0x10 [ 233.602727][T14965] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 233.602741][T14965] ? __local_bh_enable_ip+0xa4/0x120 [ 233.602758][T14965] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 233.602770][T14965] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 233.602788][T14965] kvm_vcpu_ioctl+0x5eb/0x1690 [ 233.602804][T14965] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 233.602818][T14965] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 233.602832][T14965] ? do_vfs_ioctl+0x128/0x14f0 [ 233.602847][T14965] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 233.602861][T14965] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 233.602878][T14965] ? hook_file_ioctl_common+0x145/0x410 [ 233.602895][T14965] ? selinux_file_ioctl+0x180/0x270 [ 233.602906][T14965] ? selinux_file_ioctl+0xb4/0x270 [ 233.602917][T14965] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 233.602932][T14965] __x64_sys_ioctl+0x18b/0x210 [ 233.602951][T14965] do_syscall_64+0xcd/0x4c0 [ 233.602968][T14965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.602979][T14965] RIP: 0033:0x7f52fbd8e9a9 [ 233.602988][T14965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.602999][T14965] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.603009][T14965] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 233.603015][T14965] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 233.603022][T14965] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 233.603028][T14965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 233.603034][T14965] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 233.603047][T14965] [ 233.744334][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.747428][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.750432][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.753616][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.756631][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.759601][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.768662][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.770937][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.773842][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.776634][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.779464][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.782404][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.785133][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.788006][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.790965][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.794390][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.797563][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.800511][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.804428][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.807483][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.810548][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.812424][ T5966] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 233.813596][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.817400][ T5966] Bluetooth: hci2: Injecting HCI hardware error event [ 233.819712][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.824882][ T5966] Bluetooth: hci2: hardware error 0x00 [ 233.825500][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.826876][T14984] netlink: 'syz.0.2981': attribute type 10 has an invalid length. [ 233.826896][T14984] openvswitch: netlink: Flow key attr not present in new flow. [ 233.827254][T14984] __nla_validate_parse: 31 callbacks suppressed [ 233.827265][T14984] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2981'. [ 233.841080][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.844008][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.847238][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.849793][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.853289][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.855874][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.858416][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.860974][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.863992][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.866446][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.869364][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.872015][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.875189][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.878558][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.882437][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.885511][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.888611][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.891957][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.895187][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.899334][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.901953][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.904810][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.907052][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.909538][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.913316][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.917118][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.920135][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.922598][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.925058][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.928401][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.931032][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.933762][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.936168][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.938487][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.940804][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.943449][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.945830][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.948332][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.950559][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.953348][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.955704][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.958287][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.960955][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.963924][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.966590][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.969243][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.972314][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.974924][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.977329][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.979660][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.982132][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.984491][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.987585][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.990257][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.992639][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.994892][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 233.997110][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.000103][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.002765][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.005173][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.007743][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.010156][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.012603][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.014989][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.017488][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.020410][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.022878][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.025271][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.027613][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.029957][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.032612][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.035138][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.037512][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.039831][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.042338][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.044621][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.046986][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.049375][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.051867][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.054284][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.056623][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.058914][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.061213][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.063785][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.066101][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.068496][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.070790][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.073672][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.076084][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.078414][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.080004][T14998] FAULT_INJECTION: forcing a failure. [ 234.080004][T14998] name failslab, interval 1, probability 0, space 0, times 0 [ 234.080738][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.084622][T14998] CPU: 2 UID: 0 PID: 14998 Comm: syz.1.2986 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 234.084638][T14998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 234.084645][T14998] Call Trace: [ 234.084649][T14998] [ 234.084654][T14998] dump_stack_lvl+0x16c/0x1f0 [ 234.084672][T14998] should_fail_ex+0x512/0x640 [ 234.084688][T14998] should_failslab+0xc2/0x120 [ 234.084700][T14998] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 234.084719][T14998] ? __alloc_skb+0x2b2/0x380 [ 234.084734][T14998] __alloc_skb+0x2b2/0x380 [ 234.084746][T14998] ? __pfx___alloc_skb+0x10/0x10 [ 234.084759][T14998] ? find_held_lock+0x2b/0x80 [ 234.084774][T14998] ? fdb_to_nud+0xeb/0x330 [ 234.084783][T14998] ? br_fdb_find+0xe4/0x240 [ 234.084793][T14998] fdb_notify+0xa4/0x1a0 [ 234.084804][T14998] __br_fdb_add+0x908/0xd90 [ 234.084818][T14998] br_fdb_add+0x769/0xe30 [ 234.084833][T14998] ? __pfx_br_fdb_add+0x10/0x10 [ 234.084847][T14998] ? __nla_parse+0x40/0x60 [ 234.084863][T14998] rtnl_fdb_add+0x4bc/0xac0 [ 234.084878][T14998] ? __pfx_br_fdb_add+0x10/0x10 [ 234.084889][T14998] ? __mutex_lock+0x1ca/0xb90 [ 234.084903][T14998] ? __pfx_rtnl_fdb_add+0x10/0x10 [ 234.084926][T14998] ? __pfx_rtnl_fdb_add+0x10/0x10 [ 234.084940][T14998] rtnetlink_rcv_msg+0x3c6/0xe90 [ 234.084955][T14998] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 234.084973][T14998] ? ref_tracker_free+0x37c/0x830 [ 234.084988][T14998] netlink_rcv_skb+0x155/0x420 [ 234.085004][T14998] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 234.085018][T14998] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 234.085038][T14998] ? netlink_deliver_tap+0x1ae/0xd30 [ 234.085055][T14998] netlink_unicast+0x58d/0x850 [ 234.085073][T14998] ? __pfx_netlink_unicast+0x10/0x10 [ 234.085098][T14998] netlink_sendmsg+0x8d1/0xdd0 [ 234.085115][T14998] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.085135][T14998] ____sys_sendmsg+0xa95/0xc70 [ 234.085152][T14998] ? copy_msghdr_from_user+0x10a/0x160 [ 234.085165][T14998] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.085184][T14998] ? __pfx__kstrtoull+0x10/0x10 [ 234.085197][T14998] ___sys_sendmsg+0x134/0x1d0 [ 234.085211][T14998] ? __pfx____sys_sendmsg+0x10/0x10 [ 234.085230][T14998] ? find_held_lock+0x2b/0x80 [ 234.085251][T14998] __sys_sendmmsg+0x200/0x420 [ 234.085266][T14998] ? __pfx___sys_sendmmsg+0x10/0x10 [ 234.085283][T14998] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 234.085302][T14998] ? fput+0x70/0xf0 [ 234.085315][T14998] ? ksys_write+0x1ac/0x250 [ 234.085324][T14998] ? __pfx_ksys_write+0x10/0x10 [ 234.085336][T14998] __x64_sys_sendmmsg+0x9c/0x100 [ 234.085349][T14998] ? lockdep_hardirqs_on+0x7c/0x110 [ 234.085362][T14998] do_syscall_64+0xcd/0x4c0 [ 234.085376][T14998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.085387][T14998] RIP: 0033:0x7f912898e9a9 [ 234.085396][T14998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.085407][T14998] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 234.085418][T14998] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 234.085424][T14998] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 234.085431][T14998] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 234.085437][T14998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.085443][T14998] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 234.085455][T14998] [ 234.144852][T14996] FAULT_INJECTION: forcing a failure. [ 234.144852][T14996] name failslab, interval 1, probability 0, space 0, times 0 [ 234.146105][ T2298] hid-generic 000E:0E1F:0069.0006: unknown main item tag 0x0 [ 234.148331][T14996] CPU: 1 UID: 0 PID: 14996 Comm: syz.3.2985 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 234.148346][T14996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 234.148353][T14996] Call Trace: [ 234.148357][T14996] [ 234.148361][T14996] dump_stack_lvl+0x16c/0x1f0 [ 234.148378][T14996] should_fail_ex+0x512/0x640 [ 234.148391][T14996] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 234.148409][T14996] should_failslab+0xc2/0x120 [ 234.148421][T14996] __kmalloc_cache_noprof+0x6a/0x3e0 [ 234.148435][T14996] ? __pfx___might_resched+0x10/0x10 [ 234.148450][T14996] ? vhost_task_create+0xe5/0x2e0 [ 234.148462][T14996] ? rcu_is_watching+0x12/0xc0 [ 234.148475][T14996] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 234.148510][T14996] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 234.148528][T14996] vhost_task_create+0xe5/0x2e0 [ 234.148540][T14996] ? __pfx_vhost_task_create+0x10/0x10 [ 234.148555][T14996] ? __pfx_vhost_task_fn+0x10/0x10 [ 234.148573][T14996] kvm_mmu_post_init_vm+0x1b7/0x370 [ 234.148589][T14996] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 234.148605][T14996] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 234.148622][T14996] kvm_vcpu_ioctl+0x5eb/0x1690 [ 234.148637][T14996] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 234.148651][T14996] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 234.148666][T14996] ? do_vfs_ioctl+0x128/0x14f0 [ 234.148681][T14996] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 234.148696][T14996] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 234.148713][T14996] ? hook_file_ioctl_common+0x145/0x410 [ 234.148731][T14996] ? selinux_file_ioctl+0x180/0x270 [ 234.148741][T14996] ? selinux_file_ioctl+0xb4/0x270 [ 234.148753][T14996] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 234.148767][T14996] __x64_sys_ioctl+0x18b/0x210 [ 234.148783][T14996] do_syscall_64+0xcd/0x4c0 [ 234.148798][T14996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.148809][T14996] RIP: 0033:0x7f52fbd8e9a9 [ 234.148818][T14996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.148829][T14996] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 234.148840][T14996] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 234.148857][T14996] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 234.148863][T14996] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 234.148870][T14996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.148876][T14996] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 234.148890][T14996] [ 234.160378][T15005] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 234.161421][ T40] audit: type=1400 audit(1753754619.256:58053): avc: denied { name_connect } for pid=15004 comm="syz.1.2988" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 234.293793][ T2298] hid-generic 000E:0E1F:0069.0006: hidraw1: HID v0.03 Device [syz0] on syz1 [ 234.433438][T15017] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2991'. [ 234.708251][T15027] Bluetooth: hci0: Frame reassembly failed (-84) [ 234.714865][ T1141] Bluetooth: hci0: Frame reassembly failed (-84) [ 234.869703][T15042] loop6: detected capacity change from 0 to 524287999 [ 235.267704][T15047] bio_check_eod: 3 callbacks suppressed [ 235.267714][T15047] syz.0.3000: attempt to access beyond end of device [ 235.267714][T15047] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 235.274413][T15047] XFS (nbd0): SB validate failed with error -5. [ 235.891632][ T5966] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 236.039692][T15074] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3007'. [ 236.246321][T15078] xt_hashlimit: size too large, truncated to 1048576 [ 236.291288][ T40] audit: type=1400 audit(1753754621.386:58054): avc: denied { ioctl } for pid=15076 comm="syz.0.3008" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 236.488471][T15084] FAULT_INJECTION: forcing a failure. [ 236.488471][T15084] name failslab, interval 1, probability 0, space 0, times 0 [ 236.492699][T15084] CPU: 3 UID: 0 PID: 15084 Comm: syz.0.3010 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 236.492714][T15084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 236.492721][T15084] Call Trace: [ 236.492726][T15084] [ 236.492731][T15084] dump_stack_lvl+0x16c/0x1f0 [ 236.492762][T15084] should_fail_ex+0x512/0x640 [ 236.492780][T15084] ? __kmalloc_noprof+0xbf/0x510 [ 236.492792][T15084] ? fib_create_info+0x53f/0x46b0 [ 236.492804][T15084] should_failslab+0xc2/0x120 [ 236.492815][T15084] __kmalloc_noprof+0xd2/0x510 [ 236.492824][T15084] ? __lock_acquire+0xb8a/0x1c90 [ 236.492838][T15084] fib_create_info+0x53f/0x46b0 [ 236.492850][T15084] ? __kasan_slab_free+0x51/0x70 [ 236.492863][T15084] ? __lock_acquire+0xb8a/0x1c90 [ 236.492876][T15084] ? __pfx_fib_create_info+0x10/0x10 [ 236.492889][T15084] ? __mutex_trylock_common+0xe9/0x250 [ 236.492903][T15084] fib_table_insert+0x177/0x1c40 [ 236.492919][T15084] ? rcu_is_watching+0x12/0xc0 [ 236.492933][T15084] ? trace_contention_end+0xdd/0x130 [ 236.492945][T15084] ? __pfx___nla_validate_parse+0x10/0x10 [ 236.492961][T15084] ? inet_rtm_newroute+0xfa/0x210 [ 236.492972][T15084] ? __pfx_fib_table_insert+0x10/0x10 [ 236.492997][T15084] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 236.493012][T15084] ? rtm_to_fib_config+0x895/0x1390 [ 236.493024][T15084] ? inet_rtm_newroute+0x124/0x210 [ 236.493034][T15084] inet_rtm_newroute+0x124/0x210 [ 236.493045][T15084] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 236.493061][T15084] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 236.493071][T15084] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 236.493081][T15084] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 236.493097][T15084] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 236.493109][T15084] rtnetlink_rcv_msg+0x95b/0xe90 [ 236.493124][T15084] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 236.493142][T15084] ? ref_tracker_free+0x37c/0x830 [ 236.493157][T15084] netlink_rcv_skb+0x155/0x420 [ 236.493173][T15084] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 236.493188][T15084] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 236.493208][T15084] ? netlink_deliver_tap+0x1ae/0xd30 [ 236.493226][T15084] netlink_unicast+0x58d/0x850 [ 236.493244][T15084] ? __pfx_netlink_unicast+0x10/0x10 [ 236.493263][T15084] netlink_sendmsg+0x8d1/0xdd0 [ 236.493281][T15084] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.493301][T15084] ____sys_sendmsg+0xa95/0xc70 [ 236.493318][T15084] ? copy_msghdr_from_user+0x10a/0x160 [ 236.493331][T15084] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.493349][T15084] ? kfree+0x24f/0x4d0 [ 236.493362][T15084] ? __pfx__kstrtoull+0x10/0x10 [ 236.493375][T15084] ___sys_sendmsg+0x134/0x1d0 [ 236.493389][T15084] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.493420][T15084] ? __pfx___might_resched+0x10/0x10 [ 236.493438][T15084] __sys_sendmmsg+0x200/0x420 [ 236.493453][T15084] ? __pfx___sys_sendmmsg+0x10/0x10 [ 236.493470][T15084] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 236.493490][T15084] ? fput+0x70/0xf0 [ 236.493502][T15084] ? ksys_write+0x1ac/0x250 [ 236.493512][T15084] ? __pfx_ksys_write+0x10/0x10 [ 236.493523][T15084] __x64_sys_sendmmsg+0x9c/0x100 [ 236.493536][T15084] ? lockdep_hardirqs_on+0x7c/0x110 [ 236.493549][T15084] do_syscall_64+0xcd/0x4c0 [ 236.493563][T15084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.493574][T15084] RIP: 0033:0x7fd1c1f8e9a9 [ 236.493583][T15084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.493593][T15084] RSP: 002b:00007fd1c2dd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 236.493603][T15084] RAX: ffffffffffffffda RBX: 00007fd1c21b5fa0 RCX: 00007fd1c1f8e9a9 [ 236.493610][T15084] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 236.493616][T15084] RBP: 00007fd1c2dd1090 R08: 0000000000000000 R09: 0000000000000000 [ 236.493622][T15084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 236.493628][T15084] R13: 0000000000000000 R14: 00007fd1c21b5fa0 R15: 00007ffe95370358 [ 236.493642][T15084] [ 236.585438][T15086] syz.0.3011: attempt to access beyond end of device [ 236.585438][T15086] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 236.630931][T15086] XFS (nbd0): SB validate failed with error -5. [ 236.761551][ T5967] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 236.761562][ T5966] Bluetooth: hci0: command 0xfc11 tx timeout [ 236.831061][T15105] FAULT_INJECTION: forcing a failure. [ 236.831061][T15105] name failslab, interval 1, probability 0, space 0, times 0 [ 236.838488][T15105] CPU: 3 UID: 0 PID: 15105 Comm: syz.1.3016 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 236.838510][T15105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 236.838520][T15105] Call Trace: [ 236.838525][T15105] [ 236.838532][T15105] dump_stack_lvl+0x16c/0x1f0 [ 236.838555][T15105] should_fail_ex+0x512/0x640 [ 236.838572][T15105] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 236.838598][T15105] should_failslab+0xc2/0x120 [ 236.838614][T15105] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 236.838635][T15105] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 236.838658][T15105] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 236.838677][T15105] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 236.838703][T15105] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 236.838731][T15105] mmu_topup_memory_caches+0x25/0x170 [ 236.838753][T15105] kvm_mmu_load+0xd9/0x22a0 [ 236.838772][T15105] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 236.838788][T15105] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 236.838805][T15105] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 236.838825][T15105] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 236.838842][T15105] ? __pfx_kvm_mmu_load+0x10/0x10 [ 236.838859][T15105] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 236.838882][T15105] ? kvm_check_and_inject_events+0x71c/0x1310 [ 236.838906][T15105] vcpu_run+0x34eb/0x5500 [ 236.838922][T15105] ? kvm_mmu_post_init_vm+0x269/0x370 [ 236.838944][T15105] ? __lock_acquire+0xb8a/0x1c90 [ 236.838966][T15105] ? __pfx_vcpu_run+0x10/0x10 [ 236.838989][T15105] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 236.839007][T15105] ? __local_bh_enable_ip+0xa4/0x120 [ 236.839032][T15105] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 236.839050][T15105] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 236.839075][T15105] kvm_vcpu_ioctl+0x5eb/0x1690 [ 236.839097][T15105] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 236.839117][T15105] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 236.839137][T15105] ? do_vfs_ioctl+0x128/0x14f0 [ 236.839157][T15105] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 236.839178][T15105] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 236.839202][T15105] ? hook_file_ioctl_common+0x145/0x410 [ 236.839233][T15105] ? selinux_file_ioctl+0x180/0x270 [ 236.839248][T15105] ? selinux_file_ioctl+0xb4/0x270 [ 236.839264][T15105] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 236.839285][T15105] __x64_sys_ioctl+0x18b/0x210 [ 236.839307][T15105] do_syscall_64+0xcd/0x4c0 [ 236.839328][T15105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.839343][T15105] RIP: 0033:0x7f912898e9a9 [ 236.839357][T15105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.839371][T15105] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 236.839386][T15105] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 236.839397][T15105] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 236.839407][T15105] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 236.839416][T15105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 236.839425][T15105] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 236.839447][T15105] [ 237.057917][T15117] netlink: 'syz.0.3020': attribute type 1 has an invalid length. [ 237.187969][T15131] sg_write: process 422 (syz.3.3025) changed security contexts after opening file descriptor, this is not allowed. [ 237.312417][T15142] FAULT_INJECTION: forcing a failure. [ 237.312417][T15142] name failslab, interval 1, probability 0, space 0, times 0 [ 237.317366][T15142] CPU: 3 UID: 0 PID: 15142 Comm: syz.3.3029 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 237.317381][T15142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 237.317388][T15142] Call Trace: [ 237.317392][T15142] [ 237.317397][T15142] dump_stack_lvl+0x16c/0x1f0 [ 237.317415][T15142] should_fail_ex+0x512/0x640 [ 237.317428][T15142] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 237.317447][T15142] should_failslab+0xc2/0x120 [ 237.317459][T15142] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 237.317474][T15142] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 237.317490][T15142] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 237.317505][T15142] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 237.317523][T15142] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 237.317543][T15142] mmu_topup_memory_caches+0x25/0x170 [ 237.317558][T15142] kvm_mmu_load+0xd9/0x22a0 [ 237.317572][T15142] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 237.317583][T15142] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 237.317595][T15142] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 237.317609][T15142] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 237.317621][T15142] ? __pfx_kvm_mmu_load+0x10/0x10 [ 237.317634][T15142] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 237.317650][T15142] ? kvm_check_and_inject_events+0x71c/0x1310 [ 237.317667][T15142] vcpu_run+0x34eb/0x5500 [ 237.317679][T15142] ? kvm_mmu_post_init_vm+0x269/0x370 [ 237.317695][T15142] ? __lock_acquire+0xb8a/0x1c90 [ 237.317710][T15142] ? __pfx_vcpu_run+0x10/0x10 [ 237.317725][T15142] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 237.317738][T15142] ? __local_bh_enable_ip+0xa4/0x120 [ 237.317755][T15142] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 237.317768][T15142] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 237.317785][T15142] kvm_vcpu_ioctl+0x5eb/0x1690 [ 237.317801][T15142] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 237.317815][T15142] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 237.317829][T15142] ? do_vfs_ioctl+0x128/0x14f0 [ 237.317844][T15142] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 237.317859][T15142] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 237.317876][T15142] ? hook_file_ioctl_common+0x145/0x410 [ 237.317893][T15142] ? selinux_file_ioctl+0x180/0x270 [ 237.317903][T15142] ? selinux_file_ioctl+0xb4/0x270 [ 237.317914][T15142] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 237.317928][T15142] __x64_sys_ioctl+0x18b/0x210 [ 237.317944][T15142] do_syscall_64+0xcd/0x4c0 [ 237.317958][T15142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.317969][T15142] RIP: 0033:0x7f52fbd8e9a9 [ 237.317978][T15142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.317988][T15142] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.317998][T15142] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 237.318005][T15142] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 237.318011][T15142] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 237.318017][T15142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.318024][T15142] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 237.318039][T15142] [ 237.323900][T15137] syz.0.3028: attempt to access beyond end of device [ 237.323900][T15137] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 237.445309][T15137] XFS (nbd0): SB validate failed with error -5. [ 237.461626][T15156] warn_alloc: 5 callbacks suppressed [ 237.461637][T15156] syz.2.3032: vmalloc error: size 12288, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 237.468311][T15156] CPU: 0 UID: 0 PID: 15156 Comm: syz.2.3032 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 237.468327][T15156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 237.468334][T15156] Call Trace: [ 237.468338][T15156] [ 237.468343][T15156] dump_stack_lvl+0x16c/0x1f0 [ 237.468360][T15156] warn_alloc+0x248/0x3a0 [ 237.468378][T15156] ? __pfx_warn_alloc+0x10/0x10 [ 237.468396][T15156] ? alloc_pages_mpol+0x25a/0x550 [ 237.468409][T15156] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 237.468421][T15156] ? trace_kmalloc+0x2b/0xd0 [ 237.468437][T15156] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 237.468457][T15156] ? vhost_task_create+0x1d2/0x2e0 [ 237.468473][T15156] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 237.468487][T15156] ? __memcg_slab_post_alloc_hook+0x4a0/0x960 [ 237.468505][T15156] ? vhost_task_create+0x1d2/0x2e0 [ 237.468516][T15156] __vmalloc_node_noprof+0xad/0xf0 [ 237.468530][T15156] ? vhost_task_create+0x1d2/0x2e0 [ 237.468543][T15156] copy_process+0x2c70/0x7650 [ 237.468565][T15156] ? __pfx_copy_process+0x10/0x10 [ 237.468582][T15156] ? lockdep_init_map_type+0x5c/0x280 [ 237.468595][T15156] ? lockdep_init_map_type+0x5c/0x280 [ 237.468606][T15156] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 237.468631][T15156] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 237.468651][T15156] vhost_task_create+0x1d2/0x2e0 [ 237.468671][T15156] ? __pfx_vhost_task_create+0x10/0x10 [ 237.468696][T15156] ? __pfx_vhost_task_fn+0x10/0x10 [ 237.468727][T15156] kvm_mmu_post_init_vm+0x1b7/0x370 [ 237.468745][T15156] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 237.468759][T15156] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 237.468776][T15156] kvm_vcpu_ioctl+0x5eb/0x1690 [ 237.468791][T15156] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 237.468805][T15156] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 237.468835][T15156] ? do_vfs_ioctl+0x128/0x14f0 [ 237.468851][T15156] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 237.468865][T15156] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 237.468882][T15156] ? hook_file_ioctl_common+0x145/0x410 [ 237.468900][T15156] ? selinux_file_ioctl+0x180/0x270 [ 237.468910][T15156] ? selinux_file_ioctl+0xb4/0x270 [ 237.468921][T15156] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 237.468935][T15156] __x64_sys_ioctl+0x18b/0x210 [ 237.468951][T15156] do_syscall_64+0xcd/0x4c0 [ 237.468966][T15156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.468976][T15156] RIP: 0033:0x7fd4d258e9a9 [ 237.468986][T15156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.468996][T15156] RSP: 002b:00007fd4d3487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.469006][T15156] RAX: ffffffffffffffda RBX: 00007fd4d27b5fa0 RCX: 00007fd4d258e9a9 [ 237.469013][T15156] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 237.469019][T15156] RBP: 00007fd4d3487090 R08: 0000000000000000 R09: 0000000000000000 [ 237.469025][T15156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.469031][T15156] R13: 0000000000000000 R14: 00007fd4d27b5fa0 R15: 00007ffeec0982f8 [ 237.469045][T15156] [ 237.469049][T15156] Mem-Info: [ 237.577036][T15156] active_anon:9099 inactive_anon:0 isolated_anon:0 [ 237.577036][T15156] active_file:22636 inactive_file:43070 isolated_file:0 [ 237.577036][T15156] unevictable:1768 dirty:3655 writeback:0 [ 237.577036][T15156] slab_reclaimable:13153 slab_unreclaimable:80241 [ 237.577036][T15156] mapped:28343 shmem:2400 pagetables:1301 [ 237.577036][T15156] sec_pagetables:328 bounce:0 [ 237.577036][T15156] kernel_misc_reclaimable:0 [ 237.577036][T15156] free:428779 free_pcp:14873 free_cma:0 [ 237.590844][T15156] Node 0 active_anon:36396kB inactive_anon:0kB active_file:90480kB inactive_file:172080kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:113308kB dirty:14580kB writeback:0kB shmem:6064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:15056kB pagetables:4996kB sec_pagetables:1312kB all_unreclaimable? no Balloon:0kB [ 237.601573][T15156] Node 1 active_anon:0kB inactive_anon:0kB active_file:64kB inactive_file:200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:40kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:208kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 237.611104][T15156] Node 0 DMA free:9148kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:68kB local_pcp:0kB free_cma:0kB [ 237.620856][T15156] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 237.623120][T15156] Node 0 DMA32 free:90924kB boost:2048kB min:29564kB low:36440kB high:43316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36520kB inactive_anon:0kB active_file:90480kB inactive_file:172080kB unevictable:3536kB writepending:14580kB present:2080628kB managed:1263964kB mlocked:0kB bounce:0kB free_pcp:49388kB local_pcp:11324kB free_cma:0kB [ 237.629097][T15162] FAULT_INJECTION: forcing a failure. [ 237.629097][T15162] name failslab, interval 1, probability 0, space 0, times 0 [ 237.637731][T15156] lowmem_reserve[]: 0 0 0 0 0 [ 237.637758][T15156] Node 1 Normal free:1616020kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:64kB inactive_file:200kB unevictable:3536kB writepending:40kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:10444kB local_pcp:208kB free_cma:0kB [ 237.637790][T15156] lowmem_reserve[]: 0 0 0 0 0 [ 237.637811][T15156] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 2*64kB (U) 2*128kB (U) 2*256kB (U) 2*512kB (U) 3*1024kB (U) 2*2048kB (UM) 0*4096kB = 9148kB [ 237.637899][T15156] Node 0 DMA32: [ 237.638010][T15162] CPU: 1 UID: 0 PID: 15162 Comm: syz.1.3034 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 237.638026][T15162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 237.638033][T15162] Call Trace: [ 237.638037][T15162] [ 237.638042][T15162] dump_stack_lvl+0x16c/0x1f0 [ 237.638059][T15162] should_fail_ex+0x512/0x640 [ 237.638072][T15162] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 237.638091][T15162] should_failslab+0xc2/0x120 [ 237.638103][T15162] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 237.638120][T15162] ? __pfx_selinux_socket_create+0x10/0x10 [ 237.638132][T15162] ? sock_alloc_inode+0x25/0x1c0 [ 237.638149][T15162] ? __pfx_sock_alloc_inode+0x10/0x10 [ 237.638164][T15162] sock_alloc_inode+0x25/0x1c0 [ 237.638178][T15162] alloc_inode+0x61/0x240 [ 237.638192][T15162] sock_alloc+0x40/0x280 [ 237.638207][T15162] __sock_create+0xc1/0x8d0 [ 237.638219][T15162] mptcp_subflow_create_socket+0xf5/0xed0 [ 237.638238][T15162] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 237.638259][T15162] __mptcp_nmpc_sk+0x182/0x7d0 [ 237.638269][T15162] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 237.638281][T15162] ? __local_bh_enable_ip+0xa4/0x120 [ 237.638297][T15162] mptcp_sendmsg+0x163d/0x1eb0 [ 237.638313][T15162] ? sock_has_perm+0x259/0x2f0 [ 237.638328][T15162] ? __pfx_sock_has_perm+0x10/0x10 [ 237.638345][T15162] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 237.638357][T15162] ? __might_fault+0xe3/0x190 [ 237.638367][T15162] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 237.638380][T15162] ? __import_iovec+0x1dd/0x650 [ 237.638395][T15162] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 237.638409][T15162] inet_sendmsg+0x119/0x140 [ 237.638422][T15162] ____sys_sendmsg+0x973/0xc70 [ 237.638438][T15162] ? copy_msghdr_from_user+0x10a/0x160 [ 237.638451][T15162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 237.638470][T15162] ? __pfx__kstrtoull+0x10/0x10 [ 237.638482][T15162] ___sys_sendmsg+0x134/0x1d0 [ 237.638497][T15162] ? __pfx____sys_sendmsg+0x10/0x10 [ 237.638516][T15162] ? find_held_lock+0x2b/0x80 [ 237.638539][T15162] __sys_sendmmsg+0x200/0x420 [ 237.638554][T15162] ? __pfx___sys_sendmmsg+0x10/0x10 [ 237.638572][T15162] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 237.638592][T15162] ? fput+0x70/0xf0 [ 237.638604][T15162] ? ksys_write+0x1ac/0x250 [ 237.638613][T15162] ? __pfx_ksys_write+0x10/0x10 [ 237.638625][T15162] __x64_sys_sendmmsg+0x9c/0x100 [ 237.638638][T15162] ? lockdep_hardirqs_on+0x7c/0x110 [ 237.638650][T15162] do_syscall_64+0xcd/0x4c0 [ 237.638665][T15162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.638676][T15162] RIP: 0033:0x7f912898e9a9 [ 237.638684][T15162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.638695][T15162] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 237.638705][T15162] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 237.638712][T15162] RDX: 0000000000000001 RSI: 0000200000002300 RDI: 0000000000000005 [ 237.638719][T15162] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 237.638725][T15162] R10: 000000002000c000 R11: 0000000000000246 R12: 0000000000000001 [ 237.638731][T15162] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 237.638744][T15162] [ 237.638750][T15162] socket: no more sockets [ 237.639346][T15156] 105*4kB (M) 59*8kB (M) 45*16kB (UME) 739*32kB (UME) [ 237.640557][T15165] FAULT_INJECTION: forcing a failure. [ 237.640557][T15165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.640584][T15165] CPU: 3 UID: 0 PID: 15165 Comm: syz.3.3035 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 237.640597][T15165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 237.640603][T15165] Call Trace: [ 237.640607][T15165] [ 237.640611][T15165] dump_stack_lvl+0x16c/0x1f0 [ 237.640627][T15165] should_fail_ex+0x512/0x640 [ 237.640641][T15165] _copy_to_user+0x32/0xd0 [ 237.640656][T15165] simple_read_from_buffer+0xcb/0x170 [ 237.640675][T15165] proc_fail_nth_read+0x197/0x270 [ 237.640687][T15165] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 237.640699][T15165] ? rw_verify_area+0xcf/0x680 [ 237.640714][T15165] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 237.640725][T15165] vfs_read+0x1e1/0xc60 [ 237.640743][T15165] ? __pfx___mutex_lock+0x10/0x10 [ 237.640756][T15165] ? __pfx_vfs_read+0x10/0x10 [ 237.640776][T15165] ? __fget_files+0x20e/0x3c0 [ 237.640790][T15165] ksys_read+0x12a/0x250 [ 237.640800][T15165] ? __pfx_ksys_read+0x10/0x10 [ 237.640813][T15165] do_syscall_64+0xcd/0x4c0 [ 237.640827][T15165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.640838][T15165] RIP: 0033:0x7f52fbd8d3bc [ 237.640846][T15165] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 237.640857][T15165] RSP: 002b:00007f52fcb2b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 237.640867][T15165] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8d3bc [ 237.640873][T15165] RDX: 000000000000000f RSI: 00007f52fcb2b0a0 RDI: 0000000000000004 [ 237.640880][T15165] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 237.640886][T15165] R10: 000000000000114a R11: 0000000000000246 R12: 0000000000000001 [ 237.640892][T15165] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 237.640905][T15165] [ 237.819483][T15156] 521*64kB (UME) 77*128kB (UME) 15*256kB (UM) 16*512kB (UM) 10*1024kB (UM) 0*2048kB 0*4096kB = 90732kB [ 237.824312][T15156] Node 1 Normal: 11*4kB (UME) 45*8kB (UME) 19*16kB (UE) 195*32kB (UME) 86*64kB (UME) 45*128kB (UME) 25*256kB (UE) 20*512kB (UME) 10*1024kB (U) 5*2048kB (UME) 381*4096kB (UM) = 1615908kB [ 237.829762][T15156] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 237.833415][T15156] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 237.836429][T15156] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 237.839238][T15156] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 237.843792][T15156] 68104 total pagecache pages [ 237.845293][T15156] 0 pages in swap cache [ 237.846475][T15156] Free swap = 124996kB [ 237.847738][T15156] Total swap = 124996kB [ 237.849031][T15156] 1048443 pages RAM [ 237.850187][T15156] 0 pages HighMem/MovableOnly [ 237.852089][T15156] 283123 pages reserved [ 237.853473][T15156] 0 pages cma reserved [ 238.088164][T15185] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3043'. [ 238.178437][T15195] FAULT_INJECTION: forcing a failure. [ 238.178437][T15195] name failslab, interval 1, probability 0, space 0, times 0 [ 238.185629][T15195] CPU: 2 UID: 0 PID: 15195 Comm: syz.1.3045 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 238.185653][T15195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 238.185665][T15195] Call Trace: [ 238.185672][T15195] [ 238.185679][T15195] dump_stack_lvl+0x16c/0x1f0 [ 238.185705][T15195] should_fail_ex+0x512/0x640 [ 238.185725][T15195] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 238.185751][T15195] should_failslab+0xc2/0x120 [ 238.185770][T15195] __kmalloc_cache_noprof+0x6a/0x3e0 [ 238.185794][T15195] ? __pfx___might_resched+0x10/0x10 [ 238.185817][T15195] ? vhost_task_create+0xe5/0x2e0 [ 238.185835][T15195] ? rcu_is_watching+0x12/0xc0 [ 238.185857][T15195] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 238.185884][T15195] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 238.185905][T15195] vhost_task_create+0xe5/0x2e0 [ 238.185922][T15195] ? __pfx_vhost_task_create+0x10/0x10 [ 238.185949][T15195] ? __pfx_vhost_task_fn+0x10/0x10 [ 238.185980][T15195] kvm_mmu_post_init_vm+0x1b7/0x370 [ 238.186005][T15195] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 238.186028][T15195] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 238.186054][T15195] kvm_vcpu_ioctl+0x5eb/0x1690 [ 238.186080][T15195] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 238.186101][T15195] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 238.186124][T15195] ? do_vfs_ioctl+0x128/0x14f0 [ 238.186148][T15195] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 238.186171][T15195] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 238.186197][T15195] ? hook_file_ioctl_common+0x145/0x410 [ 238.186226][T15195] ? selinux_file_ioctl+0x180/0x270 [ 238.186242][T15195] ? selinux_file_ioctl+0xb4/0x270 [ 238.186266][T15195] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 238.186289][T15195] __x64_sys_ioctl+0x18b/0x210 [ 238.186314][T15195] do_syscall_64+0xcd/0x4c0 [ 238.186336][T15195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.186354][T15195] RIP: 0033:0x7f912898e9a9 [ 238.186368][T15195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.186383][T15195] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 238.186399][T15195] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 238.186410][T15195] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 238.186420][T15195] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 238.186430][T15195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.186440][T15195] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 238.186463][T15195] [ 238.428589][ T40] audit: type=1400 audit(1753754623.526:58055): avc: denied { mount } for pid=15204 comm="syz.0.3050" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 238.619653][T15221] FAULT_INJECTION: forcing a failure. [ 238.619653][T15221] name failslab, interval 1, probability 0, space 0, times 0 [ 238.625715][T15221] CPU: 0 UID: 0 PID: 15221 Comm: syz.1.3054 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 238.625740][T15221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 238.625751][T15221] Call Trace: [ 238.625758][T15221] [ 238.625766][T15221] dump_stack_lvl+0x16c/0x1f0 [ 238.625795][T15221] should_fail_ex+0x512/0x640 [ 238.625815][T15221] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 238.625846][T15221] should_failslab+0xc2/0x120 [ 238.625866][T15221] __kmalloc_cache_node_noprof+0x6d/0x420 [ 238.625893][T15221] ? __get_vm_area_node+0x101/0x330 [ 238.625920][T15221] __get_vm_area_node+0x101/0x330 [ 238.625947][T15221] __vmalloc_node_range_noprof+0x271/0x14b0 [ 238.625979][T15221] ? vhost_task_create+0x1d2/0x2e0 [ 238.626000][T15221] ? local_lock_release+0x99/0x140 [ 238.626030][T15221] ? vhost_task_create+0x1d2/0x2e0 [ 238.626049][T15221] ? rcu_read_unlock+0x17/0x60 [ 238.626074][T15221] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 238.626097][T15221] ? __memcg_slab_post_alloc_hook+0x4a0/0x960 [ 238.626129][T15221] ? vhost_task_create+0x1d2/0x2e0 [ 238.626147][T15221] __vmalloc_node_noprof+0xad/0xf0 [ 238.626172][T15221] ? vhost_task_create+0x1d2/0x2e0 [ 238.626196][T15221] copy_process+0x2c70/0x7650 [ 238.626234][T15221] ? __pfx_copy_process+0x10/0x10 [ 238.626264][T15221] ? lockdep_init_map_type+0x5c/0x280 [ 238.626288][T15221] ? lockdep_init_map_type+0x5c/0x280 [ 238.626307][T15221] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 238.626335][T15221] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 238.626357][T15221] vhost_task_create+0x1d2/0x2e0 [ 238.626376][T15221] ? __pfx_vhost_task_create+0x10/0x10 [ 238.626403][T15221] ? __pfx_vhost_task_fn+0x10/0x10 [ 238.626436][T15221] kvm_mmu_post_init_vm+0x1b7/0x370 [ 238.626463][T15221] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 238.626487][T15221] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 238.626516][T15221] kvm_vcpu_ioctl+0x5eb/0x1690 [ 238.626542][T15221] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 238.626566][T15221] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 238.626590][T15221] ? do_vfs_ioctl+0x128/0x14f0 [ 238.626616][T15221] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 238.626640][T15221] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 238.626667][T15221] ? hook_file_ioctl_common+0x145/0x410 [ 238.626695][T15221] ? selinux_file_ioctl+0x180/0x270 [ 238.626729][T15221] ? selinux_file_ioctl+0xb4/0x270 [ 238.626750][T15221] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 238.626775][T15221] __x64_sys_ioctl+0x18b/0x210 [ 238.626802][T15221] do_syscall_64+0xcd/0x4c0 [ 238.626826][T15221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.626844][T15221] RIP: 0033:0x7f912898e9a9 [ 238.626859][T15221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.626876][T15221] RSP: 002b:00007f91297aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 238.626893][T15221] RAX: ffffffffffffffda RBX: 00007f9128bb5fa0 RCX: 00007f912898e9a9 [ 238.626904][T15221] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 238.626915][T15221] RBP: 00007f91297aa090 R08: 0000000000000000 R09: 0000000000000000 [ 238.626926][T15221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.626936][T15221] R13: 0000000000000000 R14: 00007f9128bb5fa0 R15: 00007ffede041f78 [ 238.626965][T15221] [ 238.629470][T15210] syz.3.3052: attempt to access beyond end of device [ 238.629470][T15210] nbd3: rw=4096, sector=0, nr_sectors = 2 limit=0 [ 238.746257][T15210] XFS (nbd3): SB validate failed with error -5. [ 238.849266][ T40] audit: type=1400 audit(1753754623.946:58056): avc: denied { mounton } for pid=15225 comm="syz.0.3055" path="/sys/kernel/debug/sync/info" dev="debugfs" ino=2490 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 239.087589][T15242] devpts: Unknown parameter 'skx' [ 239.089243][ T40] audit: type=1400 audit(1753754624.186:58057): avc: denied { remount } for pid=15241 comm="syz.1.3060" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 239.381593][ T2298] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 239.531594][ T2298] usb 6-1: Using ep0 maxpacket: 8 [ 239.536309][ T2298] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 239.539676][ T2298] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 239.546289][ T2298] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 239.549950][ T2298] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 239.554378][ T2298] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.559587][ T2298] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 239.563766][ T2298] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.772970][ T2298] usb 6-1: usb_control_msg returned -32 [ 239.774804][ T2298] usbtmc 6-1:16.0: can't read capabilities [ 239.970571][T15248] FAULT_INJECTION: forcing a failure. [ 239.970571][T15248] name failslab, interval 1, probability 0, space 0, times 0 [ 239.974947][T15248] CPU: 1 UID: 0 PID: 15248 Comm: syz.3.3062 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 239.974965][T15248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 239.974972][T15248] Call Trace: [ 239.974976][T15248] [ 239.974980][T15248] dump_stack_lvl+0x16c/0x1f0 [ 239.974997][T15248] should_fail_ex+0x512/0x640 [ 239.975010][T15248] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 239.975029][T15248] should_failslab+0xc2/0x120 [ 239.975041][T15248] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 239.975057][T15248] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 239.975073][T15248] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 239.975087][T15248] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 239.975104][T15248] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 239.975124][T15248] mmu_topup_memory_caches+0x25/0x170 [ 239.975139][T15248] kvm_mmu_load+0xd9/0x22a0 [ 239.975153][T15248] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 239.975164][T15248] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 239.975176][T15248] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 239.975190][T15248] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 239.975202][T15248] ? __pfx_kvm_mmu_load+0x10/0x10 [ 239.975216][T15248] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 239.975233][T15248] ? kvm_check_and_inject_events+0x71c/0x1310 [ 239.975250][T15248] vcpu_run+0x34eb/0x5500 [ 239.975262][T15248] ? kvm_mmu_post_init_vm+0x269/0x370 [ 239.975278][T15248] ? __lock_acquire+0xb8a/0x1c90 [ 239.975293][T15248] ? __pfx_vcpu_run+0x10/0x10 [ 239.975308][T15248] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 239.975321][T15248] ? __local_bh_enable_ip+0xa4/0x120 [ 239.975338][T15248] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 239.975351][T15248] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 239.975369][T15248] kvm_vcpu_ioctl+0x5eb/0x1690 [ 239.975384][T15248] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 239.975398][T15248] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 239.975413][T15248] ? do_vfs_ioctl+0x128/0x14f0 [ 239.975428][T15248] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 239.975442][T15248] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 239.975459][T15248] ? hook_file_ioctl_common+0x145/0x410 [ 239.975476][T15248] ? selinux_file_ioctl+0x180/0x270 [ 239.975486][T15248] ? selinux_file_ioctl+0xb4/0x270 [ 239.975498][T15248] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 239.975512][T15248] __x64_sys_ioctl+0x18b/0x210 [ 239.975527][T15248] do_syscall_64+0xcd/0x4c0 [ 239.975541][T15248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.975552][T15248] RIP: 0033:0x7f52fbd8e9a9 [ 239.975561][T15248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.975571][T15248] RSP: 002b:00007f52fcb2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 239.975581][T15248] RAX: ffffffffffffffda RBX: 00007f52fbfb5fa0 RCX: 00007f52fbd8e9a9 [ 239.975588][T15248] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 239.975594][T15248] RBP: 00007f52fcb2b090 R08: 0000000000000000 R09: 0000000000000000 [ 239.975600][T15248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 239.975607][T15248] R13: 0000000000000000 R14: 00007f52fbfb5fa0 R15: 00007ffc8d4ae198 [ 239.975621][T15248] [ 240.128309][T15251] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 240.193693][ T40] audit: type=1400 audit(1753754625.296:58058): avc: denied { read } for pid=15250 comm="syz.3.3063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 240.254261][T15251] syz.3.3063 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 240.351554][T15257] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 240.842248][T15267] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 240.845867][T15267] overlayfs: overlapping lowerdir path [ 241.344033][T15269] syz.2.3069: attempt to access beyond end of device [ 241.344033][T15269] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 241.349391][T15269] XFS (nbd2): SB validate failed with error -5. [ 241.721110][T15286] 9pnet_fd: Insufficient options for proto=fd [ 242.049797][T15303] syz.2.3078: attempt to access beyond end of device [ 242.049797][T15303] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 242.054088][T15303] XFS (nbd2): SB validate failed with error -5. [ 242.202759][T15312] lo speed is unknown, defaulting to 1000 [ 242.207365][T15312] lo speed is unknown, defaulting to 1000 [ 242.209555][T15312] lo speed is unknown, defaulting to 1000 [ 242.255439][ T40] audit: type=1400 audit(1753754627.356:58059): avc: denied { map } for pid=15311 comm="syz.0.3080" path="socket:[145170]" dev="sockfs" ino=145170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 242.255706][T15313] xt_hashlimit: size too large, truncated to 1048576 [ 242.264320][ T40] audit: type=1400 audit(1753754627.356:58060): avc: denied { accept } for pid=15311 comm="syz.0.3080" path="socket:[145170]" dev="sockfs" ino=145170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 242.300258][T15312] infiniband syz0: set active [ 242.303373][ T8523] lo speed is unknown, defaulting to 1000 [ 242.305616][T15312] infiniband syz0: added lo [ 242.327238][T15312] RDS/IB: syz0: added [ 242.329303][T15312] smc: adding ib device syz0 with port count 1 [ 242.331860][T15312] smc: ib device syz0 port 1 has pnetid [ 242.333828][ T8523] lo speed is unknown, defaulting to 1000 [ 242.336366][T15312] lo speed is unknown, defaulting to 1000 [ 242.393884][ T8523] libceph: connect (1)[c::]:6789 error -101 [ 242.395925][ T8523] libceph: mon0 (1)[c::]:6789 connect error [ 242.438965][T15312] lo speed is unknown, defaulting to 1000 [ 242.454079][ T53] libceph: connect (1)[c::]:6789 error -101 [ 242.456093][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 242.492252][T15318] ceph: No mds server is up or the cluster is laggy [ 242.492356][T15321] ceph: No mds server is up or the cluster is laggy [ 242.538855][T15312] lo speed is unknown, defaulting to 1000 [ 242.632174][ C3] ------------[ cut here ]------------ [ 242.634100][ C3] WARNING: CPU: 3 PID: 33 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x684/0x830 [ 242.636990][ C3] Modules linked in: [ 242.637799][T15329] FAULT_INJECTION: forcing a failure. [ 242.637799][T15329] name failslab, interval 1, probability 0, space 0, times 0 [ 242.638474][ C3] CPU: 3 UID: 0 PID: 33 Comm: ksoftirqd/3 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 242.638492][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 242.638499][ C3] RIP: 0010:inet_sock_destruct+0x684/0x830 [ 242.641521][T15312] lo speed is unknown, defaulting to 1000 [ 242.643919][T15329] CPU: 2 UID: 0 PID: 15329 Comm: syz.2.3083 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 242.643935][T15329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 242.643942][T15329] Call Trace: [ 242.643946][T15329] [ 242.643951][T15329] dump_stack_lvl+0x16c/0x1f0 [ 242.643968][T15329] should_fail_ex+0x512/0x640 [ 242.643981][T15329] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 242.644000][T15329] should_failslab+0xc2/0x120 [ 242.644012][T15329] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 242.644028][T15329] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 242.644045][T15329] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 242.644059][T15329] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 242.644077][T15329] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 242.644096][T15329] mmu_topup_memory_caches+0x25/0x170 [ 242.644112][T15329] kvm_mmu_load+0xd9/0x22a0 [ 242.644126][T15329] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 242.644138][T15329] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 242.644149][T15329] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 242.644163][T15329] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 242.644175][T15329] ? __pfx_kvm_mmu_load+0x10/0x10 [ 242.644188][T15329] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 242.644204][T15329] ? kvm_check_and_inject_events+0x71c/0x1310 [ 242.644221][T15329] vcpu_run+0x34eb/0x5500 [ 242.644233][T15329] ? kvm_mmu_post_init_vm+0x269/0x370 [ 242.644249][T15329] ? __lock_acquire+0xb8a/0x1c90 [ 242.644269][T15329] ? __pfx_vcpu_run+0x10/0x10 [ 242.644284][T15329] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 242.644297][T15329] ? __local_bh_enable_ip+0xa4/0x120 [ 242.644314][T15329] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 242.644327][T15329] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 242.644345][T15329] kvm_vcpu_ioctl+0x5eb/0x1690 [ 242.644361][T15329] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 242.644375][T15329] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 242.644389][T15329] ? do_vfs_ioctl+0x128/0x14f0 [ 242.644404][T15329] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 242.644419][T15329] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 242.644436][T15329] ? hook_file_ioctl_common+0x145/0x410 [ 242.644453][T15329] ? selinux_file_ioctl+0x180/0x270 [ 242.644464][T15329] ? selinux_file_ioctl+0xb4/0x270 [ 242.644475][T15329] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 242.644489][T15329] __x64_sys_ioctl+0x18b/0x210 [ 242.644505][T15329] do_syscall_64+0xcd/0x4c0 [ 242.644519][T15329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.644530][T15329] RIP: 0033:0x7fd4d258e9a9 [ 242.644539][T15329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.644550][T15329] RSP: 002b:00007fd4d3487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.644561][T15329] RAX: ffffffffffffffda RBX: 00007fd4d27b5fa0 RCX: 00007fd4d258e9a9 [ 242.644567][T15329] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 242.644574][T15329] RBP: 00007fd4d3487090 R08: 0000000000000000 R09: 0000000000000000 [ 242.644580][T15329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 242.644586][T15329] R13: 0000000000000000 R14: 00007fd4d27b5fa0 R15: 00007ffeec0982f8 [ 242.644600][T15329] [ 242.657126][ T40] audit: type=1400 audit(1753754627.756:58061): avc: denied { write } for pid=5932 comm="syz-executor" path="pipe:[2802]" dev="pipefs" ino=2802 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 242.657696][ C3] Code: 0f 0b 90 e9 12 fe ff ff e8 09 bb b0 f7 90 0f 0b 90 e9 5e fe ff ff e8 fb ba b0 f7 90 0f 0b 90 e9 94 fe ff ff e8 ed ba b0 f7 90 <0f> 0b 90 e9 d3 fe ff ff e8 bf 14 16 f8 e9 d7 fc ff ff 4c 89 ff e8 [ 242.762842][T15312] lo speed is unknown, defaulting to 1000 [ 242.763873][ C3] RSP: 0018:ffffc900006cfbd0 EFLAGS: 00010246 [ 242.767441][ C3] RAX: 0000000000000000 RBX: ffff88805e41d100 RCX: ffffffff8a0b3d07 [ 242.769805][ C3] RDX: ffff88801eaaa440 RSI: ffffffff8a0b3e33 RDI: 0000000000000005 [ 242.772221][ C3] RBP: 0000000000000ffd R08: 0000000000000005 R09: 0000000000000000 [ 242.774579][ C3] R10: 0000000000000ffd R11: 0000000000000001 R12: ffff88805e41d100 [ 242.777110][ C3] R13: ffff88805e41d190 R14: ffffc900006cfcd0 R15: 0000000000000001 [ 242.779570][ C3] FS: 0000000000000000(0000) GS:ffff8880d69f9000(0000) knlGS:0000000000000000 [ 242.782389][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.784406][ C3] CR2: 000000110c3bd1f3 CR3: 000000000e382000 CR4: 0000000000352ef0 [ 242.786795][ C3] Call Trace: [ 242.787868][ C3] [ 242.788809][ C3] ? inet6_cleanup_sock+0x117/0x210 [ 242.790364][ C3] ? __pfx_inet6_sock_destruct+0x10/0x10 [ 242.792150][ C3] __sk_destruct+0x84/0x980 [ 242.793558][ C3] ? rcu_core+0x797/0x14e0 [ 242.794921][ C3] rcu_core+0x79c/0x14e0 [ 242.796226][ C3] ? __pfx_rcu_core+0x10/0x10 [ 242.797692][ C3] ? rcu_is_watching+0x12/0xc0 [ 242.799158][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 242.800931][ C3] handle_softirqs+0x219/0x8e0 [ 242.802492][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 242.804134][ C3] ? __pfx_run_ksoftirqd+0x10/0x10 [ 242.805691][ C3] ? smpboot_thread_fn+0x326/0xae0 [ 242.807275][ C3] run_ksoftirqd+0x3a/0x60 [ 242.808633][ C3] smpboot_thread_fn+0x3f7/0xae0 [ 242.810154][ C3] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 242.811905][ C3] kthread+0x3c5/0x780 [ 242.813166][ C3] ? __pfx_kthread+0x10/0x10 [ 242.814584][ C3] ? rcu_is_watching+0x12/0xc0 [ 242.816040][ C3] ? __pfx_kthread+0x10/0x10 [ 242.817455][ C3] ret_from_fork+0x5d4/0x6f0 [ 242.818898][ C3] ? __pfx_kthread+0x10/0x10 [ 242.820375][ C3] ret_from_fork_asm+0x1a/0x30 [ 242.821915][ C3] [ 242.822883][ C3] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 242.825151][ C3] CPU: 3 UID: 0 PID: 33 Comm: ksoftirqd/3 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 242.828674][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 242.832064][ C3] Call Trace: [ 242.833133][ C3] [ 242.834081][ C3] dump_stack_lvl+0x3d/0x1f0 [ 242.835535][ C3] panic+0x71c/0x800 [ 242.836786][ C3] ? __pfx_panic+0x10/0x10 [ 242.838215][ C3] ? show_trace_log_lvl+0x29b/0x3e0 [ 242.840002][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 242.841664][ C3] ? inet_sock_destruct+0x684/0x830 [ 242.843278][ C3] check_panic_on_warn+0xab/0xb0 [ 242.844849][ C3] __warn+0xf6/0x3c0 [ 242.846102][ C3] ? inet_sock_destruct+0x684/0x830 [ 242.847750][ C3] report_bug+0x3c3/0x580 [ 242.849125][ C3] ? inet_sock_destruct+0x684/0x830 [ 242.850808][ C3] handle_bug+0x184/0x210 [ 242.852205][ C3] exc_invalid_op+0x17/0x50 [ 242.853637][ C3] asm_exc_invalid_op+0x1a/0x20 [ 242.855165][ C3] RIP: 0010:inet_sock_destruct+0x684/0x830 [ 242.857028][ C3] Code: 0f 0b 90 e9 12 fe ff ff e8 09 bb b0 f7 90 0f 0b 90 e9 5e fe ff ff e8 fb ba b0 f7 90 0f 0b 90 e9 94 fe ff ff e8 ed ba b0 f7 90 <0f> 0b 90 e9 d3 fe ff ff e8 bf 14 16 f8 e9 d7 fc ff ff 4c 89 ff e8 [ 242.862928][ C3] RSP: 0018:ffffc900006cfbd0 EFLAGS: 00010246 [ 242.864840][ C3] RAX: 0000000000000000 RBX: ffff88805e41d100 RCX: ffffffff8a0b3d07 [ 242.867285][ C3] RDX: ffff88801eaaa440 RSI: ffffffff8a0b3e33 RDI: 0000000000000005 [ 242.869750][ C3] RBP: 0000000000000ffd R08: 0000000000000005 R09: 0000000000000000 [ 242.872198][ C3] R10: 0000000000000ffd R11: 0000000000000001 R12: ffff88805e41d100 [ 242.874625][ C3] R13: ffff88805e41d190 R14: ffffc900006cfcd0 R15: 0000000000000001 [ 242.877058][ C3] ? inet_sock_destruct+0x557/0x830 [ 242.878663][ C3] ? inet_sock_destruct+0x683/0x830 [ 242.880288][ C3] ? inet6_cleanup_sock+0x117/0x210 [ 242.881845][ C3] ? __pfx_inet6_sock_destruct+0x10/0x10 [ 242.883533][ C3] __sk_destruct+0x84/0x980 [ 242.884941][ C3] ? rcu_core+0x797/0x14e0 [ 242.886299][ C3] rcu_core+0x79c/0x14e0 [ 242.887637][ C3] ? __pfx_rcu_core+0x10/0x10 [ 242.889139][ C3] ? rcu_is_watching+0x12/0xc0 [ 242.890601][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 242.892428][ C3] handle_softirqs+0x219/0x8e0 [ 242.893934][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 242.895592][ C3] ? __pfx_run_ksoftirqd+0x10/0x10 [ 242.897204][ C3] ? smpboot_thread_fn+0x326/0xae0 [ 242.898787][ C3] run_ksoftirqd+0x3a/0x60 [ 242.900208][ C3] smpboot_thread_fn+0x3f7/0xae0 [ 242.901789][ C3] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 242.903467][ C3] kthread+0x3c5/0x780 [ 242.904759][ C3] ? __pfx_kthread+0x10/0x10 [ 242.906212][ C3] ? rcu_is_watching+0x12/0xc0 [ 242.907732][ C3] ? __pfx_kthread+0x10/0x10 [ 242.909202][ C3] ret_from_fork+0x5d4/0x6f0 [ 242.910655][ C3] ? __pfx_kthread+0x10/0x10 [ 242.912127][ C3] ret_from_fork_asm+0x1a/0x30 [ 242.913636][ C3] [ 242.915151][ C3] Kernel Offset: disabled [ 242.916500][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:03:47 Registers: info registers vcpu 0 CPU#0 RAX=00000000002068d7 RBX=0000000000000000 RCX=ffffffff8b8d1c99 RDX=0000000000000000 RSI=ffffffff8de35f27 RDI=ffffffff8c15bf20 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed100d486645 R10=ffff88806a43322b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a96150 R15=0000000000000000 RIP=ffffffff8b8d07ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d66f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c31746d CR3=0000000031c8a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000feffff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=0000000001041000 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055def6919120 000055def6919120 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055def68f6ee0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055def68f09e0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fccea9f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000000000ff 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737312 7373737373730a07 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000039 000055db00636475 0000000000000021 0000000000000032 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000641 0000000000007974 00736576616c7300 306d656d702f6b63 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffc900068c0000 RBX=0000000000000000 RCX=ffff8880298f9070 RDX=000000000000009d RSI=ffffffff86ade8b8 RDI=ffff8880298f92d0 RBP=0000000000000001 RSP=ffffc900006a0b60 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000001 R13=0000000000004e20 R14=ffff8880298f9070 R15=0000000000000001 RIP=ffffffff86ade8f5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fd1c2dd16c0 ffffffff 00c00000 GS =0000 ffff8880d67f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005555581fd808 CR3=0000000026fab000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=000000000000f30d DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=92ed2316bc7fcf27 4e817ba538ef374f 92ed2316bc7fcf27 4e817ba538ef374f 92ed2316bc7fcf27 4e817ba538ef374f 92ed2316bc7fcf27 4e817ba538ef374f ZMM18=e12937e78f4ee56d cca1972abd705b5d e12937e78f4ee56d cca1972abd705b5d e12937e78f4ee56d cca1972abd705b5d e12937e78f4ee56d cca1972abd705b5d ZMM19=0326000000000000 0000000000000005 0326000000000000 0000000000000004 0326000000000000 0000000000000003 0326000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 040003000401a003 0008000190030fff ffffffffff040180 0300080006100020 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1000060871a01001 859006050180c010 0001858004010800 060151c000040004 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0800000401c71000 080449dc00657375 662f7665642f01ff ffffffffffffffeb ZMM24=bd705b5dbd705b5d bd705b5dbd705b5d bd705b5dbd705b5d bd705b5dbd705b5d bd705b5dbd705b5d bd705b5dbd705b5d bd705b5dbd705b5d bd705b5dbd705b5d ZMM25=cca1972acca1972a cca1972acca1972a cca1972acca1972a cca1972acca1972a cca1972acca1972a cca1972acca1972a cca1972acca1972a cca1972acca1972a ZMM26=8f4ee56d8f4ee56d 8f4ee56d8f4ee56d 8f4ee56d8f4ee56d 8f4ee56d8f4ee56d 8f4ee56d8f4ee56d 8f4ee56d8f4ee56d 8f4ee56d8f4ee56d 8f4ee56d8f4ee56d ZMM27=e12937e7e12937e7 e12937e7e12937e7 e12937e7e12937e7 e12937e7e12937e7 e12937e7e12937e7 e12937e7e12937e7 e12937e7e12937e7 e12937e7e12937e7 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0226000002260000 0226000002260000 0226000002260000 0226000002260000 0226000002260000 0226000002260000 0226000002260000 0226000002260000 info registers vcpu 2 CPU#2 RAX=0000000000000054 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8560d865 RDI=ffffffff9b0e1160 RBP=ffffffff9b0e1120 RSP=ffffc9000c85f398 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000054 R14=ffffffff9b0e1120 R15=ffffffff8560d800 RIP=ffffffff8560d88f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd4d34876c0 ffffffff 00c00000 GS =0000 ffff8880d68f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555573c87808 CR3=000000002e5b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611de3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611ec1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000028 RCX=ffffffff819b9f22 RDX=ffff88801eaaa440 RSI=ffffffff819b9f10 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc900006cf850 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=1ffff920000d9f0c R13=0000000000000200 R14=ffff88803c204880 R15=ffffc900006cf918 RIP=ffffffff819b9f19 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3bd1f3 CR3=0000000051aa4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000002000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffeec098680 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611d5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611de3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd4d2611ec1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000