last executing test programs: 3.399648106s ago: executing program 0 (id=5040): syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap$dsp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x100010, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x1, 0x0, 0x0, {@ip4=@broadcast}}}]}, 0x38}}, 0x0) 3.337780284s ago: executing program 2 (id=5041): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) getdents64(r1, &(0x7f0000001f80)=""/4088, 0xff8) 3.228984983s ago: executing program 0 (id=5044): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x400, 0x2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_emit_ethernet(0x11e, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60122d9200e83afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000500000000c238b78c3a2a5600000000000e06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d99ce8a6aafb6ba325575475e0ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc06fad07c94822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182105b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d900045e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d3"], 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000080)) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f00000000c0), 0x4) socket(0x10, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r9, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f00000001c0)='m', 0xfffffdfc}]) io_destroy(r9) fcntl$setstatus(r8, 0x4, 0x42800) read$FUSE(r7, &(0x7f0000003240)={0x2020}, 0x2020) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) 2.472062215s ago: executing program 2 (id=5048): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000000)="8252", 0x2}], 0x1}}], 0x1, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe80"], 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f00000002c0)={0x3, r2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000140)={0x0, 0x3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001700000048000680"], 0x5c}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) 2.459135966s ago: executing program 0 (id=5049): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000001c80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x1000) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x39, 0x9, 0x30000, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x3a, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4}]}]}, 0x34}}, 0x0) 2.273743473s ago: executing program 3 (id=5050): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) connect(r0, &(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80) r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x808502, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x8000)=nil, 0x0, 0x3000006, 0x810, r1, 0x0) 2.255558466s ago: executing program 3 (id=5051): r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x90) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000500)={&(0x7f0000000840)={0xfc, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xa}]}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x57}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xbb}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x25}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}]}]}, 0xfc}}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000001680), 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) fanotify_init(0x0, 0x0) unshare(0x20400) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0x0, 0x40000}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r1 = socket(0x840000000002, 0x3, 0x100) connect$inet(r1, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000007c0)=[0x0, 0x0, 0x0]}) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @match={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}], {0x14, 0x10}}, 0xa4}}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(0xffffffffffffffff, 0x0) 2.198326119s ago: executing program 1 (id=5052): syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap$dsp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x100010, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x1, 0x0, 0x0, {@ip4=@broadcast}}}]}, 0x38}}, 0x0) 2.12337302s ago: executing program 1 (id=5053): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be04020506050e130204430009003f0020480a0000000d0085a168d0bf46d32345653600648d27000b000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000b000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) userfaultfd(0x80001) r1 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0), 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000001c0)={@rand_addr=0x64010102, @multicast1, 0x1, 0xa, [@multicast1, @remote, @empty, @rand_addr=0x64010101, @private=0xa010100, @private=0xa010100, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x32}, @rand_addr=0x64010101, @rand_addr=0x64010100]}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x40) 2.073961978s ago: executing program 2 (id=5054): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, &(0x7f0000000380)="b9800000c00f3235000100000f300f017ee8c4e189e36ff7ea00100000e700b88f5ebe390f23c00f21f83503000e000f23f80fc71e0f01b20001c0feb805000000b92a0000000f01c10f7945f0b9800000c00f3235000400000f30", 0x5b}], 0x1, 0x74, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x0) socket$kcm(0x10, 0x0, 0x10) timer_create(0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000100), 0x80) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00'}, 0x10) process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x90) r6 = dup(r4) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) ioctl$KVM_NMI(r7, 0xae9a) ioctl$KVM_RUN(r7, 0xae80, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="00f68bf5cf650e8a000000", @ANYRES16=0x0, @ANYBLOB="030300000000000000000a0600003400018014000200697036746e6c30000000000000000000080003000000000014000200626174616476300000000000000000000400018020000280140002007465616d5f736c6176655f30000000000800030000000000"], 0x6c}}, 0x0) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="e4010000", @ANYRES16, @ANYBLOB="000427bd7000fbdbdf2567000000080001003300000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1e4}, 0x1, 0x0, 0x0, 0x2004801c}, 0x0) r8 = epoll_create1(0x0) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r9, &(0x7f00000000c0)) 2.073634713s ago: executing program 1 (id=5055): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "6d4dfdeb8cf7bbfe143803bec2ce783e04cd32308cdd8dde", "c71cb8adfce542a4bc5a026c208fd0c45787e4aa384e3d26b21ea41cc128364c"}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (fail_nth: 9) 1.940151047s ago: executing program 1 (id=5056): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x0, 0xc4}, 0x15, 0x0}) socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r3) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = fanotify_init(0x200, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.kill\x00', 0x275a, 0x0) fanotify_mark(r5, 0x101, 0x8001043, r6, 0x0) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r5, 0x1, 0x2, r7, &(0x7f0000000040)='./file0\x00') fanotify_mark(r5, 0x1, 0x800003e, r7, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_FALLOCATE={0x11, 0x50, 0x0, @fd=r1, 0x3, 0x0, 0x47b95f07}) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) setuid(0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04350600b58e0000000000"], 0x9) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x20}) write$tun(r2, &(0x7f0000003040)=ANY=[], 0x36) 1.58004593s ago: executing program 0 (id=5057): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x38011, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) getdents64(r1, &(0x7f0000001f80)=""/4088, 0xff8) 1.579706838s ago: executing program 0 (id=5058): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x400, 0x2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_emit_ethernet(0x11e, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60122d9200e83afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000500000000c238b78c3a2a5600000000000e06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d99ce8a6aafb6ba325575475e0ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc06fad07c94822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182105b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d900045e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d3"], 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000080)) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f00000000c0), 0x4) socket(0x10, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r9, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f00000001c0)='m', 0xfffffdfc}]) io_destroy(r9) fcntl$setstatus(r8, 0x4, 0x42800) read$FUSE(r7, &(0x7f0000003240)={0x2020}, 0x2020) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) 1.369981361s ago: executing program 2 (id=5059): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x400, 0x2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_emit_ethernet(0x11e, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60122d9200e83afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000500000000c238b78c3a2a5600000000000e06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d99ce8a6aafb6ba325575475e0ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc06fad07c94822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182105b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d900045e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d3"], 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000080)) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f00000000c0), 0x4) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r10, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r9, &(0x7f00000001c0)='m', 0xfffffdfc}]) io_destroy(r10) fcntl$setstatus(r9, 0x4, 0x42800) read$FUSE(r8, &(0x7f0000003240)={0x2020}, 0x2020) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) 1.308742051s ago: executing program 1 (id=5060): r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x90) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000500)={&(0x7f0000000840)={0xfc, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xa}]}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x57}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xbb}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x25}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}]}]}, 0xfc}}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000001680), 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) fanotify_init(0x0, 0x0) unshare(0x20400) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0x0, 0x40000}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r1 = socket(0x840000000002, 0x3, 0x100) connect$inet(r1, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000007c0)=[0x0, 0x0, 0x0]}) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @match={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}], {0x14, 0x10}}, 0xa4}}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(0xffffffffffffffff, 0x0) 1.146755525s ago: executing program 3 (id=5061): syz_open_dev$vim2m(&(0x7f0000000480), 0x80000000, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'veth0\x00', 0xc201}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$vcs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) select(0x40, &(0x7f0000000000), &(0x7f0000000240)={0xcc}, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x202, '\x00', 0x0, 0x0, 0x0, 0xffffffff}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x2000000000000001, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x0) inotify_init1(0x0) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r6) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000001000000380001b4460000000200000008000500000000080c0007000000000000000000080009000000000008000800000000000800060073697000"], 0x4c}}, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) socket(0x200000100000011, 0xa, 0x0) pselect6(0x40, &(0x7f0000000800)={0x0, 0x5, 0x0, 0x0, 0x100000000000000, 0x20000, 0x8000}, 0x0, &(0x7f00000002c0)={0x3fc, 0xfffffffffffffffe}, 0x0, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) preadv(r9, &(0x7f0000002340)=[{&(0x7f00000041c0)=""/178, 0xb2}], 0x1, 0x3, 0x0) 360.107991ms ago: executing program 3 (id=5062): socket$nl_generic(0x10, 0x3, 0x10) memfd_secret(0x0) socket$packet(0x11, 0x3, 0x300) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_sctp(0xa, 0x801, 0x84) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = socket$rxrpc(0x21, 0x2, 0xa) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c010000", @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300", @ANYRES16], 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff", @ANYRES32=r2], 0x4}}, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x100000002) 302.700098ms ago: executing program 0 (id=5063): syz_open_dev$vim2m(&(0x7f0000000480), 0x80000000, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'veth0\x00', 0xc201}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$vcs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) select(0x40, &(0x7f0000000000), &(0x7f0000000240)={0xcc}, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x202, '\x00', 0x0, 0x0, 0x0, 0xffffffff}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x2000000000000001, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x0) inotify_init1(0x0) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r6) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000001000000380001b4460000000200000008000500000000080c0007000000000000000000080009000000000008000800000000000800060073697000"], 0x4c}}, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) socket(0x200000100000011, 0xa, 0x0) pselect6(0x40, &(0x7f0000000800)={0x0, 0x5, 0x0, 0x0, 0x100000000000000, 0x20000, 0x8000}, 0x0, &(0x7f00000002c0)={0x3fc, 0xfffffffffffffffe}, 0x0, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) preadv(r9, &(0x7f0000002340)=[{&(0x7f00000041c0)=""/178, 0xb2}], 0x1, 0x3, 0x0) 299.955709ms ago: executing program 3 (id=5064): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f00000011c0)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x2, 'wrr\x00', 0x1, 0x9}, 0x2c) sendmsg$nl_route_sched(r1, 0x0, 0x0) pipe(0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r3, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) signalfd4(r2, &(0x7f0000000140), 0x8, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0x80, 0x7f, 0x6, 0x2001, 0x1, 0xffffffc0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1}, 0x48) r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x40086602, &(0x7f0000000080)={@desc={0x4000, 0x0, @desc3}}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 136.335305ms ago: executing program 1 (id=5065): setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000080)=@req3={0x1, 0x7, 0x7, 0x4, 0x6, 0x6, 0x7fffffff}, 0x1c) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x1}, 0x1c) socket(0x2c, 0x4, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000480), 0x5a9602, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44}) 72.359451ms ago: executing program 2 (id=5066): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x38011, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) getdents64(r1, &(0x7f0000001f80)=""/4088, 0xff8) 71.976433ms ago: executing program 3 (id=5067): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000001c80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x1000) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x39, 0x9, 0x30000, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x3a, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4}]}]}, 0x34}}, 0x0) 0s ago: executing program 2 (id=5068): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x0, 0xc4}, 0x15, 0x0}) socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r3) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = fanotify_init(0x200, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.kill\x00', 0x275a, 0x0) fanotify_mark(r5, 0x101, 0x8001043, r6, 0x0) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r5, 0x1, 0x2, r7, &(0x7f0000000040)='./file0\x00') fanotify_mark(r5, 0x1, 0x800003e, r7, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_FALLOCATE={0x11, 0x50, 0x0, @fd=r1, 0x3, 0x0, 0x47b95f07}) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) setuid(0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04350600b58e0000000000"], 0x9) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x20}) write$tun(r2, &(0x7f0000003040)=ANY=[], 0x36) kernel console output (not intermixed with test programs): _adv: batadv0: Removing interface: batadv_slave_1 [ 908.138227][ T13] veth1_macvtap: left promiscuous mode [ 908.144950][ T13] veth0_macvtap: left promiscuous mode [ 908.147354][ T13] veth1_vlan: left promiscuous mode [ 908.149701][ T13] veth0_vlan: left promiscuous mode [ 909.223883][T18935] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4007'. [ 909.554701][T18942] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4009'. [ 910.194431][ T13] team0 (unregistering): Port device team_slave_1 removed [ 910.296868][ T13] team0 (unregistering): Port device team_slave_0 removed [ 911.161301][T18960] FAULT_INJECTION: forcing a failure. [ 911.161301][T18960] name failslab, interval 1, probability 0, space 0, times 0 [ 911.168528][T18960] CPU: 0 UID: 0 PID: 18960 Comm: syz.1.4015 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 911.172714][T18960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 911.176708][T18960] Call Trace: [ 911.177739][T18960] [ 911.178670][T18960] dump_stack_lvl+0x16c/0x1f0 [ 911.180430][T18960] should_fail_ex+0x497/0x5b0 [ 911.182218][T18960] ? fs_reclaim_acquire+0xae/0x160 [ 911.183796][T18960] should_failslab+0xc2/0x120 [ 911.185223][T18960] __kmalloc_cache_noprof+0x6b/0x300 [ 911.187012][T18960] ? sctp_auth_shkey_create+0x87/0x1f0 [ 911.188631][T18960] sctp_auth_shkey_create+0x87/0x1f0 [ 911.190414][T18960] sctp_auth_asoc_copy_shkeys+0x1f4/0x360 [ 911.192566][T18960] sctp_association_new+0x1973/0x2ad0 [ 911.194295][T18960] sctp_connect_new_asoc+0x1b7/0x790 [ 911.195981][T18960] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 911.198194][T18960] sctp_sendmsg+0x1610/0x1eb0 [ 911.199764][T18960] ? __pfx_sctp_sendmsg+0x10/0x10 [ 911.201312][T18960] ? sock_has_perm+0x25a/0x2f0 [ 911.203110][T18960] ? __import_iovec+0x1fd/0x6e0 [ 911.204963][T18960] ? __pfx_sctp_sendmsg+0x10/0x10 [ 911.206478][T18960] inet_sendmsg+0x119/0x140 [ 911.207972][T18960] ____sys_sendmsg+0x992/0xc90 [ 911.209788][T18960] ? copy_msghdr_from_user+0x10b/0x160 [ 911.211831][T18960] ? __pfx_____sys_sendmsg+0x10/0x10 [ 911.213705][T18960] ? find_held_lock+0x2d/0x110 [ 911.215316][T18960] ? __pfx___lock_acquire+0x10/0x10 [ 911.217065][T18960] ___sys_sendmsg+0x135/0x1e0 [ 911.218496][T18960] ? __pfx____sys_sendmsg+0x10/0x10 [ 911.220459][T18960] ? ksys_write+0x21c/0x260 [ 911.222002][T18960] ? __fget_light+0x173/0x210 [ 911.223444][T18960] __sys_sendmsg+0x117/0x1f0 [ 911.225158][T18960] ? __pfx___sys_sendmsg+0x10/0x10 [ 911.227039][T18960] do_syscall_64+0xcd/0x250 [ 911.228390][T18960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.230419][T18960] RIP: 0033:0x7fa8a3f77299 [ 911.232115][T18960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 911.238639][T18960] RSP: 002b:00007fa8a4d96048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 911.241501][T18960] RAX: ffffffffffffffda RBX: 00007fa8a4105f80 RCX: 00007fa8a3f77299 [ 911.244456][T18960] RDX: 00000000000003e8 RSI: 00000000200004c0 RDI: 0000000000000005 [ 911.246843][T18960] RBP: 00007fa8a4d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 911.249641][T18960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 911.252352][T18960] R13: 000000000000000b R14: 00007fa8a4105f80 R15: 00007ffeace6d348 [ 911.255072][T18960] [ 911.803600][T18982] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4022'. [ 912.759014][ T39] audit: type=1400 audit(1722302402.847:2947): avc: denied { create } for pid=18991 comm="syz.1.4025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 912.768434][ T39] audit: type=1400 audit(1722302402.857:2948): avc: denied { ioctl } for pid=18991 comm="syz.1.4025" path="socket:[60253]" dev="sockfs" ino=60253 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 913.043670][T19009] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4031'. [ 913.355767][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 914.039095][T19026] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4036'. [ 918.199454][ T39] audit: type=1400 audit(1722302408.287:2949): avc: denied { write } for pid=19101 comm="syz.1.4062" path="socket:[61084]" dev="sockfs" ino=61084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 918.209697][ T39] audit: type=1400 audit(1722302408.287:2950): avc: denied { setopt } for pid=19101 comm="syz.1.4062" lport=46301 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 918.224941][ T39] audit: type=1400 audit(1722302408.287:2951): avc: denied { ioctl } for pid=19101 comm="syz.1.4062" path="socket:[61084]" dev="sockfs" ino=61084 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 918.540856][ T5340] Bluetooth: hci3: Malformed LE Event: 0x0d [ 919.770261][ T5340] Bluetooth: hci3: Malformed LE Event: 0x0d [ 920.848497][T19156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4076'. [ 921.348381][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 922.231394][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 922.570160][T10447] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 922.762865][T10447] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 922.768104][T10447] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 922.772486][T10447] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 922.777439][T10447] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 922.780746][T10447] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 922.786331][T10447] usb 5-1: config 0 descriptor?? [ 922.790826][T19194] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 923.240079][ T8] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 923.424310][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 923.439767][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 923.449499][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 923.459836][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 923.467938][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.479437][ T8] usb 7-1: config 0 descriptor?? [ 923.483374][T19201] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 923.578295][T19211] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 923.842819][ T39] audit: type=1400 audit(1722302413.937:2952): avc: denied { bind } for pid=19193 comm="syz.0.4089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 923.863687][ T39] audit: type=1400 audit(1722302413.947:2953): avc: denied { connect } for pid=19193 comm="syz.0.4089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 923.915630][ T39] audit: type=1400 audit(1722302414.007:2954): avc: denied { accept } for pid=19193 comm="syz.0.4089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 924.060587][ T39] audit: type=1400 audit(1722302414.157:2955): avc: denied { write } for pid=19214 comm="syz.3.4095" name="/" dev="9p" ino=36575639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 924.069777][ T39] audit: type=1400 audit(1722302414.157:2956): avc: denied { add_name } for pid=19214 comm="syz.3.4095" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 924.078759][ T39] audit: type=1400 audit(1722302414.157:2957): avc: denied { create } for pid=19214 comm="syz.3.4095" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 924.110242][ T39] audit: type=1400 audit(1722302414.157:2958): avc: denied { associate } for pid=19214 comm="syz.3.4095" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 924.117530][T19215] syz.3.4095 (19215) used greatest stack depth: 19840 bytes left [ 924.118678][ T39] audit: type=1400 audit(1722302414.157:2959): avc: denied { read } for pid=19214 comm="syz.3.4095" name="file0" dev="9p" ino=36575664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 924.140170][ T39] audit: type=1400 audit(1722302414.157:2960): avc: denied { open } for pid=19214 comm="syz.3.4095" path="/237/file0/file0" dev="9p" ino=36575664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 924.161838][ T39] audit: type=1400 audit(1722302414.177:2961): avc: denied { remove_name } for pid=19214 comm="syz.3.4095" name="file1" dev="9p" ino=36575673 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 924.177162][T19217] FAULT_INJECTION: forcing a failure. [ 924.177162][T19217] name failslab, interval 1, probability 0, space 0, times 0 [ 924.177188][T19217] CPU: 2 UID: 0 PID: 19217 Comm: syz.2.4091 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 924.177210][T19217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 924.177222][T19217] Call Trace: [ 924.177229][T19217] [ 924.177236][T19217] dump_stack_lvl+0x16c/0x1f0 [ 924.177277][T19217] should_fail_ex+0x497/0x5b0 [ 924.177303][T19217] ? fs_reclaim_acquire+0xae/0x160 [ 924.177322][T19217] should_failslab+0xc2/0x120 [ 924.177346][T19217] __kmalloc_noprof+0xcb/0x400 [ 924.177367][T19217] ? __pfx_lock_acquire+0x10/0x10 [ 924.177390][T19217] tomoyo_realpath_from_path+0xb9/0x720 [ 924.177418][T19217] ? tomoyo_profile+0x47/0x60 [ 924.177436][T19217] tomoyo_path_number_perm+0x245/0x590 [ 924.177459][T19217] ? tomoyo_path_number_perm+0x232/0x590 [ 924.177482][T19217] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 924.177513][T19217] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 924.177536][T19217] ? __fget_files+0x256/0x400 [ 924.177563][T19217] security_file_ioctl+0x75/0xc0 [ 924.177588][T19217] __x64_sys_ioctl+0xbb/0x220 [ 924.177614][T19217] do_syscall_64+0xcd/0x250 [ 924.177633][T19217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.177656][T19217] RIP: 0033:0x7f0f71177299 [ 924.177671][T19217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 924.177688][T19217] RSP: 002b:00007f0f71f1c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 924.177707][T19217] RAX: ffffffffffffffda RBX: 00007f0f71306058 RCX: 00007f0f71177299 [ 924.177720][T19217] RDX: 0000000020000180 RSI: 000000004004662b RDI: 000000000000000a [ 924.177733][T19217] RBP: 00007f0f71f1c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 924.177744][T19217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 924.177756][T19217] R13: 000000000000006e R14: 00007f0f71306058 R15: 00007ffd0dc450a8 [ 924.177771][T19217] [ 924.177836][T19217] ERROR: Out of memory at tomoyo_realpath_from_path. [ 924.177855][T19217] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 924.417201][ T8] usbhid 7-1:0.0: can't add hid device: -71 [ 924.424475][ T8] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 924.431295][ T8] usb 7-1: USB disconnect, device number 8 [ 924.794406][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 925.474811][T10447] usbhid 5-1:0.0: can't add hid device: -71 [ 925.479271][T10447] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 925.492136][T10447] usb 5-1: USB disconnect, device number 12 [ 925.680358][ T8] psmouse serio98: Failed to reset mouse on : -5 [ 926.807559][T19264] FAULT_INJECTION: forcing a failure. [ 926.807559][T19264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 926.812970][T19264] CPU: 2 UID: 0 PID: 19264 Comm: syz.1.4110 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 926.816973][T19264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 926.821258][T19264] Call Trace: [ 926.822553][T19264] [ 926.823872][T19264] dump_stack_lvl+0x16c/0x1f0 [ 926.825878][T19264] should_fail_ex+0x497/0x5b0 [ 926.827974][T19264] _copy_from_user+0x30/0xf0 [ 926.830039][T19264] vhost_vsock_dev_ioctl+0x22a/0xb50 [ 926.832662][T19264] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 926.835555][T19264] ? selinux_file_ioctl+0x180/0x270 [ 926.837866][T19264] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 926.840449][T19264] __x64_sys_ioctl+0x193/0x220 [ 926.842604][T19264] do_syscall_64+0xcd/0x250 [ 926.844606][T19264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.847344][T19264] RIP: 0033:0x7fa8a3f77299 [ 926.849182][T19264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 926.857735][T19264] RSP: 002b:00007fa8a4d96048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 926.861412][T19264] RAX: ffffffffffffffda RBX: 00007fa8a4105f80 RCX: 00007fa8a3f77299 [ 926.864914][T19264] RDX: 0000000000000000 RSI: 000000004004af61 RDI: 0000000000000003 [ 926.868332][T19264] RBP: 00007fa8a4d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 926.871802][T19264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 926.875259][T19264] R13: 000000000000000b R14: 00007fa8a4105f80 R15: 00007ffeace6d348 [ 926.878694][T19264] [ 926.880132][ C2] vkms_vblank_simulate: vblank timer overrun [ 927.368385][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 927.544365][T19275] program syz.2.4114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 927.571663][T19275] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4114'. [ 929.359050][ T8] misc userio: Buffer overflowed, userio client isn't keeping up [ 930.651302][ T8] input: PS/2 Generic Mouse as /devices/serio98/input/input108 [ 930.755931][T19309] FAULT_INJECTION: forcing a failure. [ 930.755931][T19309] name failslab, interval 1, probability 0, space 0, times 0 [ 930.761071][T19309] CPU: 3 UID: 0 PID: 19309 Comm: syz.1.4125 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 930.764770][T19309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 930.768508][T19309] Call Trace: [ 930.769707][T19309] [ 930.770841][T19309] dump_stack_lvl+0x16c/0x1f0 [ 930.772477][T19309] should_fail_ex+0x497/0x5b0 [ 930.774298][T19309] ? fs_reclaim_acquire+0xae/0x160 [ 930.776143][T19309] should_failslab+0xc2/0x120 [ 930.777829][T19309] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 930.779834][T19309] ? sock_alloc_inode+0x25/0x1c0 [ 930.781638][T19309] ? __pfx_sock_alloc_inode+0x10/0x10 [ 930.783607][T19309] sock_alloc_inode+0x25/0x1c0 [ 930.785373][T19309] alloc_inode+0x5d/0x230 [ 930.786976][T19309] sock_alloc+0x40/0x280 [ 930.788456][T19309] __sock_create+0xc0/0x800 [ 930.790230][T19309] udp_sock_create4+0xa7/0x450 [ 930.791922][T19309] ? __pfx_udp_sock_create4+0x10/0x10 [ 930.793805][T19309] wg_socket_init+0x642/0xb60 [ 930.795459][T19309] ? __pfx_wg_socket_init+0x10/0x10 [ 930.797288][T19309] ? mark_lock+0xb5/0xc60 [ 930.798928][T19309] ? __pfx_wg_receive+0x10/0x10 [ 930.800805][T19309] ? find_held_lock+0x2d/0x110 [ 930.802715][T19309] ? __pfx_lock_release+0x10/0x10 [ 930.804675][T19309] ? mark_held_locks+0x9f/0xe0 [ 930.806548][T19309] ? wg_set_device+0x582/0x13e0 [ 930.808406][T19309] ? __local_bh_enable_ip+0xa4/0x120 [ 930.810492][T19309] wg_set_device+0xda6/0x13e0 [ 930.812324][T19309] ? __pfx_wg_set_device+0x10/0x10 [ 930.814327][T19309] ? __nla_parse+0x40/0x60 [ 930.816066][T19309] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 930.818920][T19309] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 930.821778][T19309] genl_family_rcv_msg_doit+0x202/0x2f0 [ 930.823934][T19309] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 930.826303][T19309] ? ns_capable+0xd7/0x110 [ 930.828074][T19309] genl_rcv_msg+0x565/0x800 [ 930.829869][T19309] ? __pfx_genl_rcv_msg+0x10/0x10 [ 930.831851][T19309] ? __pfx___lock_acquire+0x10/0x10 [ 930.833884][T19309] ? __pfx_wg_set_device+0x10/0x10 [ 930.835876][T19309] netlink_rcv_skb+0x16b/0x440 [ 930.837751][T19309] ? __pfx_genl_rcv_msg+0x10/0x10 [ 930.839712][T19309] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 930.841787][T19309] ? down_read+0xc9/0x330 [ 930.843476][T19309] ? __pfx_down_read+0x10/0x10 [ 930.845347][T19309] ? netlink_deliver_tap+0x1ae/0xd90 [ 930.847399][T19309] genl_rcv+0x28/0x40 [ 930.848978][T19309] netlink_unicast+0x544/0x830 [ 930.850757][T19309] ? __pfx_netlink_unicast+0x10/0x10 [ 930.852566][T19309] netlink_sendmsg+0x8b8/0xd70 [ 930.854211][T19309] ? __pfx_netlink_sendmsg+0x10/0x10 [ 930.856001][T19309] ? __import_iovec+0x1fd/0x6e0 [ 930.857710][T19309] ____sys_sendmsg+0xab5/0xc90 [ 930.859406][T19309] ? copy_msghdr_from_user+0x10b/0x160 [ 930.861544][T19309] ? __pfx_____sys_sendmsg+0x10/0x10 [ 930.863583][T19309] ? find_held_lock+0x2d/0x110 [ 930.865484][T19309] ? __pfx___lock_acquire+0x10/0x10 [ 930.867500][T19309] ___sys_sendmsg+0x135/0x1e0 [ 930.869340][T19309] ? __pfx____sys_sendmsg+0x10/0x10 [ 930.871374][T19309] ? ksys_write+0x21c/0x260 [ 930.873155][T19309] ? __fget_light+0x173/0x210 [ 930.874991][T19309] __sys_sendmsg+0x117/0x1f0 [ 930.876810][T19309] ? __pfx___sys_sendmsg+0x10/0x10 [ 930.878839][T19309] do_syscall_64+0xcd/0x250 [ 930.880616][T19309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.882884][T19309] RIP: 0033:0x7fa8a3f77299 [ 930.884408][T19309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 930.891877][T19309] RSP: 002b:00007fa8a4d96048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 930.895024][T19309] RAX: ffffffffffffffda RBX: 00007fa8a4105f80 RCX: 00007fa8a3f77299 [ 930.898074][T19309] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 930.901198][T19309] RBP: 00007fa8a4d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 930.904246][T19309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 930.907309][T19309] R13: 000000000000000b R14: 00007fa8a4105f80 R15: 00007ffeace6d348 [ 930.910392][T19309] [ 930.913047][T19309] socket: no more sockets [ 930.915020][T19309] wireguard: wg1: Could not create IPv4 socket [ 930.920183][ T8] psmouse serio98: Failed to enable mouse on [ 931.297122][T19318] nbd: must specify a size in bytes for the device [ 931.448548][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 931.452988][ T39] audit: type=1400 audit(1722302421.537:2964): avc: denied { create } for pid=19321 comm="syz.2.4130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 931.470903][ T39] audit: type=1400 audit(1722302421.567:2965): avc: denied { setopt } for pid=19321 comm="syz.2.4130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 931.592530][ T39] audit: type=1326 audit(1722302421.687:2966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19321 comm="syz.2.4130" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f71177299 code=0x7fc00000 [ 931.654657][ T39] audit: type=1326 audit(1722302421.747:2967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19321 comm="syz.2.4130" exe="/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f0f71177299 code=0x7fc00000 [ 932.280263][ T39] audit: type=1326 audit(1722302422.337:2968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19321 comm="syz.2.4130" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f71177299 code=0x7fc00000 [ 932.660339][T14677] psmouse serio100: Failed to reset mouse on : -5 [ 934.383347][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 936.020485][ T39] audit: type=1326 audit(1722302426.117:2969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19391 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292f177299 code=0x7fc00000 [ 936.052740][ T39] audit: type=1326 audit(1722302426.147:2970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19391 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f292f177299 code=0x7fc00000 [ 936.280207][T14677] misc userio: Buffer overflowed, userio client isn't keeping up [ 936.742285][ T39] audit: type=1326 audit(1722302426.817:2971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19391 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292f177299 code=0x7fc00000 [ 937.233216][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 937.240044][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.563311][T14677] input: PS/2 Generic Mouse as /devices/serio100/input/input110 [ 937.802776][T14677] psmouse serio100: Failed to enable mouse on [ 938.169256][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 940.914410][ T39] audit: type=1400 audit(1722302431.007:2972): avc: denied { wake_alarm } for pid=19436 comm="syz.3.4161" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 941.190401][T10447] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 945.302471][T19508] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4184'. [ 945.379068][T19508] bridge_slave_1: left allmulticast mode [ 945.381534][T19508] bridge_slave_1: left promiscuous mode [ 945.390659][T19508] bridge0: port 2(bridge_slave_1) entered disabled state [ 945.420595][T19508] bridge1: port 1(bridge_slave_1) entered blocking state [ 945.502878][T19508] bridge1: port 1(bridge_slave_1) entered disabled state [ 945.509012][T19508] bridge_slave_1: entered allmulticast mode [ 945.513701][T19508] bridge_slave_1: entered promiscuous mode [ 945.517586][T19508] bridge1: port 1(bridge_slave_1) entered blocking state [ 945.521149][T19508] bridge1: port 1(bridge_slave_1) entered forwarding state [ 945.529179][T19509] bridge1: port 2(veth1_to_bond) entered blocking state [ 945.541654][T19509] bridge1: port 2(veth1_to_bond) entered disabled state [ 945.544859][T19509] veth1_to_bond: entered allmulticast mode [ 945.550474][T19509] veth1_to_bond: entered promiscuous mode [ 945.554078][T19509] bridge1: port 2(veth1_to_bond) entered blocking state [ 945.557140][T19509] bridge1: port 2(veth1_to_bond) entered forwarding state [ 945.591942][T19513] FAULT_INJECTION: forcing a failure. [ 945.591942][T19513] name failslab, interval 1, probability 0, space 0, times 0 [ 945.597360][T19513] CPU: 0 UID: 0 PID: 19513 Comm: syz.0.4186 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 945.601887][T19513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 945.606380][T19513] Call Trace: [ 945.607886][T19513] [ 945.609186][T19513] dump_stack_lvl+0x16c/0x1f0 [ 945.611191][T19513] should_fail_ex+0x497/0x5b0 [ 945.613184][T19513] ? fs_reclaim_acquire+0xae/0x160 [ 945.615353][T19513] should_failslab+0xc2/0x120 [ 945.617362][T19513] kmem_cache_alloc_node_noprof+0x71/0x310 [ 945.619835][T19513] ? __alloc_skb+0x2b1/0x380 [ 945.622310][T19513] __alloc_skb+0x2b1/0x380 [ 945.624764][T19513] ? __pfx___alloc_skb+0x10/0x10 [ 945.627110][T19513] ? genl_rcv_msg+0x4bd/0x800 [ 945.628898][T19513] netlink_ack+0x164/0xb90 [ 945.631160][T19513] netlink_rcv_skb+0x348/0x440 [ 945.633174][T19513] ? __pfx_genl_rcv_msg+0x10/0x10 [ 945.635614][T19513] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 945.638017][T19513] ? down_read+0xc9/0x330 [ 945.639789][T19513] ? __pfx_down_read+0x10/0x10 [ 945.641906][T19513] ? rcu_is_watching+0x12/0xc0 [ 945.644025][T19513] genl_rcv+0x28/0x40 [ 945.645749][T19513] netlink_unicast+0x544/0x830 [ 945.647864][T19513] ? __pfx_netlink_unicast+0x10/0x10 [ 945.649883][T19513] netlink_sendmsg+0x8b8/0xd70 [ 945.651617][T19513] ? __pfx_netlink_sendmsg+0x10/0x10 [ 945.653870][T19513] ? __import_iovec+0x1fd/0x6e0 [ 945.655896][T19513] ____sys_sendmsg+0xab5/0xc90 [ 945.657809][T19513] ? copy_msghdr_from_user+0x10b/0x160 [ 945.660089][T19513] ? __pfx_____sys_sendmsg+0x10/0x10 [ 945.662206][T19513] ? __pfx___lock_acquire+0x10/0x10 [ 945.664052][T19513] ___sys_sendmsg+0x135/0x1e0 [ 945.666114][T19513] ? __pfx____sys_sendmsg+0x10/0x10 [ 945.668348][T19513] ? __fget_light+0x173/0x210 [ 945.670026][T19513] __sys_sendmsg+0x117/0x1f0 [ 945.671816][T19513] ? __pfx___sys_sendmsg+0x10/0x10 [ 945.673913][T19513] do_syscall_64+0xcd/0x250 [ 945.675728][T19513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.677933][T19513] RIP: 0033:0x7f292f177299 [ 945.679869][T19513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.686673][T19513] RSP: 002b:00007f292ff27048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 945.689731][T19513] RAX: ffffffffffffffda RBX: 00007f292f305f80 RCX: 00007f292f177299 [ 945.692471][T19513] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 945.695262][T19513] RBP: 00007f292ff270a0 R08: 0000000000000000 R09: 0000000000000000 [ 945.698590][T19513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 945.701815][T19513] R13: 000000000000000b R14: 00007f292f305f80 R15: 00007ffe440ee028 [ 945.705213][T19513] [ 946.458292][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 947.011704][T19553] FAULT_INJECTION: forcing a failure. [ 947.011704][T19553] name failslab, interval 1, probability 0, space 0, times 0 [ 947.017880][T19553] CPU: 3 UID: 0 PID: 19553 Comm: syz.0.4199 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 947.022638][T19553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 947.027351][T19553] Call Trace: [ 947.028877][T19553] [ 947.030226][T19553] dump_stack_lvl+0x16c/0x1f0 [ 947.032345][T19553] should_fail_ex+0x497/0x5b0 [ 947.034384][T19553] should_failslab+0xc2/0x120 [ 947.036448][T19553] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 947.038824][T19553] ? __build_skb+0x3f/0x90 [ 947.040842][T19553] __build_skb+0x3f/0x90 [ 947.042731][T19553] netlink_alloc_large_skb+0xb5/0x130 [ 947.045097][T19553] netlink_sendmsg+0x689/0xd70 [ 947.047198][T19553] ? __pfx_netlink_sendmsg+0x10/0x10 [ 947.049581][T19553] ? __import_iovec+0x1fd/0x6e0 [ 947.051880][T19553] ____sys_sendmsg+0xab5/0xc90 [ 947.054019][T19553] ? copy_msghdr_from_user+0x10b/0x160 [ 947.056401][T19553] ? __pfx_____sys_sendmsg+0x10/0x10 [ 947.058681][T19553] ? find_held_lock+0x2d/0x110 [ 947.060786][T19553] ? __pfx___lock_acquire+0x10/0x10 [ 947.063096][T19553] ___sys_sendmsg+0x135/0x1e0 [ 947.065187][T19553] ? __pfx____sys_sendmsg+0x10/0x10 [ 947.067479][T19553] ? ksys_write+0x21c/0x260 [ 947.069532][T19553] ? __fget_light+0x173/0x210 [ 947.071674][T19553] __sys_sendmsg+0x117/0x1f0 [ 947.073733][T19553] ? __pfx___sys_sendmsg+0x10/0x10 [ 947.075956][T19553] do_syscall_64+0xcd/0x250 [ 947.077940][T19553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.080715][T19553] RIP: 0033:0x7f292f177299 [ 947.082642][T19553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 947.091176][T19553] RSP: 002b:00007f292ff27048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 947.094958][T19553] RAX: ffffffffffffffda RBX: 00007f292f305f80 RCX: 00007f292f177299 [ 947.097950][T19553] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 947.100911][T19553] RBP: 00007f292ff270a0 R08: 0000000000000000 R09: 0000000000000000 [ 947.103833][T19553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 947.106743][T19553] R13: 000000000000000b R14: 00007f292f305f80 R15: 00007ffe440ee028 [ 947.109651][T19553] [ 947.241492][T19560] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4202'. [ 948.033473][T19585] misc userio: No port type given on /dev/userio [ 948.062148][T19585] misc userio: The device must be registered before sending interrupts [ 948.065962][T19585] misc userio: The device must be registered before sending interrupts [ 948.123103][T11345] IPVS: starting estimator thread 0... [ 948.128224][T19588] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 948.220610][T19591] IPVS: using max 34 ests per chain, 81600 per kthread [ 948.604162][T19598] tun0: tun_chr_ioctl cmd 1074025672 [ 948.606637][T19598] tun0: ignored: set checksum enabled [ 948.787040][ T39] audit: type=1400 audit(1722302438.827:2973): avc: denied { write } for pid=19597 comm="syz.2.4213" name="snmp" dev="proc" ino=4026532937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 949.154859][ C1] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 950.391384][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 950.415363][T19617] misc userio: No port type given on /dev/userio [ 950.442279][T19617] misc userio: The device must be registered before sending interrupts [ 950.446261][T19617] misc userio: The device must be registered before sending interrupts [ 951.017767][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 952.364303][ T39] audit: type=1400 audit(1722302442.457:2974): avc: denied { checkpoint_restore } for pid=19643 comm="syz.3.4228" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 952.401859][T19644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4228'. [ 952.405792][T19644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4228'. [ 952.537454][ T39] audit: type=1400 audit(1722302442.627:2975): avc: denied { connect } for pid=19650 comm="syz.0.4230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 952.550150][ T39] audit: type=1400 audit(1722302442.627:2976): avc: denied { bind } for pid=19650 comm="syz.0.4230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 952.559528][ T39] audit: type=1400 audit(1722302442.627:2977): avc: denied { write } for pid=19650 comm="syz.0.4230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 952.940857][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 953.125834][T19670] FAULT_INJECTION: forcing a failure. [ 953.125834][T19670] name failslab, interval 1, probability 0, space 0, times 0 [ 953.132890][T19670] CPU: 2 UID: 0 PID: 19670 Comm: syz.0.4237 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 953.137614][T19670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 953.142251][T19670] Call Trace: [ 953.143736][T19670] [ 953.145040][T19670] dump_stack_lvl+0x16c/0x1f0 [ 953.147172][T19670] should_fail_ex+0x497/0x5b0 [ 953.149347][T19670] ? fs_reclaim_acquire+0xae/0x160 [ 953.151680][T19670] should_failslab+0xc2/0x120 [ 953.153820][T19670] __kmalloc_cache_noprof+0x6b/0x300 [ 953.156152][T19670] ? nf_tables_newtable+0xd6d/0x1b20 [ 953.158541][T19670] nf_tables_newtable+0xd6d/0x1b20 [ 953.160817][T19670] ? net_generic+0xea/0x2a0 [ 953.162859][T19670] ? __pfx_nf_tables_newtable+0x10/0x10 [ 953.165308][T19670] ? __nla_parse+0x40/0x60 [ 953.167109][T19670] nfnetlink_rcv_batch+0x1a19/0x24e0 [ 953.169270][T19670] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 953.171771][T19670] ? find_held_lock+0x2d/0x110 [ 953.173934][T19670] ? avc_has_perm_noaudit+0x119/0x3a0 [ 953.176296][T19670] ? avc_has_perm_noaudit+0x143/0x3a0 [ 953.178779][T19670] ? __nla_parse+0x40/0x60 [ 953.180800][T19670] nfnetlink_rcv+0x3c3/0x430 [ 953.182858][T19670] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 953.185128][T19670] netlink_unicast+0x544/0x830 [ 953.187241][T19670] ? __pfx_netlink_unicast+0x10/0x10 [ 953.189469][T19670] netlink_sendmsg+0x8b8/0xd70 [ 953.191613][T19670] ? __pfx_netlink_sendmsg+0x10/0x10 [ 953.193969][T19670] ? __import_iovec+0x1fd/0x6e0 [ 953.196000][T19670] ____sys_sendmsg+0xab5/0xc90 [ 953.198135][T19670] ? copy_msghdr_from_user+0x10b/0x160 [ 953.200065][T19670] ? __pfx_____sys_sendmsg+0x10/0x10 [ 953.202282][T19670] ? find_held_lock+0x2d/0x110 [ 953.204127][T19670] ? __pfx___lock_acquire+0x10/0x10 [ 953.206298][T19670] ___sys_sendmsg+0x135/0x1e0 [ 953.208180][T19670] ? __pfx____sys_sendmsg+0x10/0x10 [ 953.210403][T19670] ? ksys_write+0x21c/0x260 [ 953.212313][T19670] ? __fget_light+0x173/0x210 [ 953.214302][T19670] __sys_sendmsg+0x117/0x1f0 [ 953.216250][T19670] ? __pfx___sys_sendmsg+0x10/0x10 [ 953.218452][T19670] do_syscall_64+0xcd/0x250 [ 953.220289][T19670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.222305][T19670] RIP: 0033:0x7f292f177299 [ 953.223802][T19670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 953.231709][T19670] RSP: 002b:00007f292ff27048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 953.235075][T19670] RAX: ffffffffffffffda RBX: 00007f292f305f80 RCX: 00007f292f177299 [ 953.238432][T19670] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 953.241467][T19670] RBP: 00007f292ff270a0 R08: 0000000000000000 R09: 0000000000000000 [ 953.244772][T19670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 953.248218][T19670] R13: 000000000000000b R14: 00007f292f305f80 R15: 00007ffe440ee028 [ 953.251646][T19670] [ 953.847137][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 955.157403][T19705] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.4249'. [ 958.040214][T19739] FAULT_INJECTION: forcing a failure. [ 958.040214][T19739] name failslab, interval 1, probability 0, space 0, times 0 [ 958.045864][T19739] CPU: 3 UID: 0 PID: 19739 Comm: syz.0.4260 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 958.050672][T19739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 958.054981][T19739] Call Trace: [ 958.056256][T19739] [ 958.057634][T19739] dump_stack_lvl+0x16c/0x1f0 [ 958.059456][T19739] should_fail_ex+0x497/0x5b0 [ 958.061529][T19739] ? fs_reclaim_acquire+0xae/0x160 [ 958.063703][T19739] should_failslab+0xc2/0x120 [ 958.065731][T19739] __kmalloc_noprof+0xcb/0x400 [ 958.067531][T19739] tomoyo_encode2+0x100/0x3e0 [ 958.069182][T19739] tomoyo_encode+0x29/0x50 [ 958.070732][T19739] tomoyo_realpath_from_path+0x19d/0x720 [ 958.072949][T19739] ? tomoyo_profile+0x47/0x60 [ 958.075036][T19739] tomoyo_path_number_perm+0x245/0x590 [ 958.077477][T19739] ? tomoyo_path_number_perm+0x232/0x590 [ 958.079891][T19739] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 958.082456][T19739] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 958.084843][T19739] ? __fget_files+0x256/0x400 [ 958.086273][T19739] security_file_ioctl+0x75/0xc0 [ 958.087892][T19739] __x64_sys_ioctl+0xbb/0x220 [ 958.089543][T19739] do_syscall_64+0xcd/0x250 [ 958.090989][T19739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.093090][T19739] RIP: 0033:0x7f292f177299 [ 958.095076][T19739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 958.103699][T19739] RSP: 002b:00007f292ff27048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 958.107405][T19739] RAX: ffffffffffffffda RBX: 00007f292f305f80 RCX: 00007f292f177299 [ 958.110910][T19739] RDX: 0000000020000a40 RSI: 000000004008b100 RDI: 0000000000000003 [ 958.114328][T19739] RBP: 00007f292ff270a0 R08: 0000000000000000 R09: 0000000000000000 [ 958.117754][T19739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 958.121233][T19739] R13: 000000000000000b R14: 00007f292f305f80 R15: 00007ffe440ee028 [ 958.124442][T19739] [ 958.130352][T19739] ERROR: Out of memory at tomoyo_realpath_from_path. [ 958.150196][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 958.461807][T19750] libceph: resolve '. [ 958.461807][T19750] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 958.461807][T19750] ' (ret=-3): failed [ 959.859890][ C0] vkms_vblank_simulate: vblank timer overrun [ 960.064893][ C0] vkms_vblank_simulate: vblank timer overrun [ 960.214964][ C0] vkms_vblank_simulate: vblank timer overrun [ 961.685336][T19778] misc userio: No port type given on /dev/userio [ 961.730906][T19778] misc userio: The device must be registered before sending interrupts [ 961.735855][T19778] misc userio: The device must be registered before sending interrupts [ 961.855808][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 962.475495][ T39] audit: type=1400 audit(1722302452.567:2978): avc: denied { remount } for pid=19787 comm="syz.1.4273" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 962.680522][T19800] nbd3: detected capacity change from 0 to 22 [ 962.701357][T19805] block nbd3: shutting down sockets [ 962.744226][ C0] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.748602][ C0] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.752893][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.756089][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.759674][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.763218][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.766542][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.769649][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.773011][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.776791][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.780908][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.784667][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.787921][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.791764][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.795015][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.798630][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.799631][ T39] audit: type=1400 audit(1722302452.887:2979): avc: denied { write } for pid=19798 comm="syz.3.4275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 962.801825][T19796] ldm_validate_partition_table(): Disk read failed. [ 962.801907][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.816639][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.821944][T19796] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 962.825730][T19796] Buffer I/O error on dev nbd3, logical block 0, async page read [ 962.828870][T19796] Dev nbd3: unable to read RDB block 0 [ 962.831599][T19796] nbd3: unable to read partition table [ 962.834299][T19796] nbd3: partition table beyond EOD, truncated [ 962.991215][T19796] ldm_validate_partition_table(): Disk read failed. [ 963.000406][T19796] Dev nbd3: unable to read RDB block 0 [ 963.003319][T19796] nbd3: unable to read partition table [ 963.008855][T19796] nbd3: partition table beyond EOD, truncated [ 963.016093][T19807] ldm_validate_partition_table(): Disk read failed. [ 963.022638][T19807] Dev nbd3: unable to read RDB block 0 [ 963.054414][T19807] nbd3: unable to read partition table [ 963.090369][T19807] nbd3: partition table beyond EOD, truncated [ 963.719294][T19822] misc userio: No port type given on /dev/userio [ 963.774881][T19824] misc userio: The device must be registered before sending interrupts [ 963.807755][T19822] misc userio: The device must be registered before sending interrupts [ 963.984547][T19829] libceph: resolve '. [ 963.984547][T19829] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 963.984547][T19829] ' (ret=-3): failed [ 964.446134][T19840] FAULT_INJECTION: forcing a failure. [ 964.446134][T19840] name failslab, interval 1, probability 0, space 0, times 0 [ 964.471479][T19840] CPU: 3 UID: 0 PID: 19840 Comm: syz.2.4286 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 964.475998][T19840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 964.480521][T19840] Call Trace: [ 964.481963][T19840] [ 964.483272][T19840] dump_stack_lvl+0x16c/0x1f0 [ 964.485385][T19840] should_fail_ex+0x497/0x5b0 [ 964.487363][T19840] ? fs_reclaim_acquire+0xae/0x160 [ 964.489369][T19840] should_failslab+0xc2/0x120 [ 964.491273][T19840] __kmalloc_cache_noprof+0x6b/0x300 [ 964.493254][T19840] ? wakeup_source_create+0x43/0x160 [ 964.495316][T19840] wakeup_source_create+0x43/0x160 [ 964.497591][T19840] wakeup_source_register+0x1b/0x140 [ 964.499933][T19840] ep_create_wakeup_source+0x1df/0x2e0 [ 964.502038][T19840] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 964.504361][T19840] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 964.506508][T19840] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 964.508583][T19840] ? kmem_cache_alloc_noprof+0x174/0x2f0 [ 964.510873][T19840] ? security_capable+0x98/0xd0 [ 964.512810][T19840] do_epoll_ctl+0x1deb/0x3570 [ 964.514709][T19840] ? __pfx_do_epoll_ctl+0x10/0x10 [ 964.516791][T19840] ? __pfx___might_resched+0x10/0x10 [ 964.518838][T19840] ? __might_fault+0xe3/0x190 [ 964.520801][T19840] ? __x64_sys_epoll_ctl+0x15d/0x1e0 [ 964.522648][T19840] __x64_sys_epoll_ctl+0x15d/0x1e0 [ 964.524705][T19840] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 964.526932][T19840] do_syscall_64+0xcd/0x250 [ 964.528511][T19840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.530944][T19840] RIP: 0033:0x7f0f71177299 [ 964.532851][T19840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 964.540933][T19840] RSP: 002b:00007f0f71f1c048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 964.544502][T19840] RAX: ffffffffffffffda RBX: 00007f0f71306058 RCX: 00007f0f71177299 [ 964.548599][T19840] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000003 [ 964.552803][T19840] RBP: 00007f0f71f1c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 964.557056][T19840] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 964.560774][T19840] R13: 000000000000006e R14: 00007f0f71306058 R15: 00007ffd0dc450a8 [ 964.565037][T19840] [ 964.758899][T19848] FAULT_INJECTION: forcing a failure. [ 964.758899][T19848] name failslab, interval 1, probability 0, space 0, times 0 [ 964.773410][T19848] CPU: 0 UID: 0 PID: 19848 Comm: syz.0.4289 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 964.777969][T19848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 964.782479][T19848] Call Trace: [ 964.783953][T19848] [ 964.785261][T19848] dump_stack_lvl+0x16c/0x1f0 [ 964.787266][T19848] should_fail_ex+0x497/0x5b0 [ 964.788908][T19848] ? fs_reclaim_acquire+0xae/0x160 [ 964.791101][T19848] should_failslab+0xc2/0x120 [ 964.792962][T19848] __kmalloc_cache_noprof+0x6b/0x300 [ 964.794737][T19848] ? nfnl_err_add+0x4e/0x2d0 [ 964.796662][T19848] nfnl_err_add+0x4e/0x2d0 [ 964.798667][T19848] nfnetlink_rcv_batch+0xe47/0x24e0 [ 964.800968][T19848] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 964.803386][T19848] ? find_held_lock+0x2d/0x110 [ 964.805412][T19848] ? avc_has_perm_noaudit+0x119/0x3a0 [ 964.807357][T19848] ? avc_has_perm_noaudit+0x143/0x3a0 [ 964.809400][T19848] ? __nla_parse+0x40/0x60 [ 964.811305][T19848] nfnetlink_rcv+0x3c3/0x430 [ 964.813268][T19848] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 964.815406][T19848] netlink_unicast+0x544/0x830 [ 964.817457][T19848] ? __pfx_netlink_unicast+0x10/0x10 [ 964.819682][T19848] netlink_sendmsg+0x8b8/0xd70 [ 964.821265][T19848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 964.823466][T19848] ? __import_iovec+0x1fd/0x6e0 [ 964.825533][T19848] ____sys_sendmsg+0xab5/0xc90 [ 964.827297][T19848] ? copy_msghdr_from_user+0x10b/0x160 [ 964.829112][T19848] ? __pfx_____sys_sendmsg+0x10/0x10 [ 964.830684][T19848] ? find_held_lock+0x2d/0x110 [ 964.832104][T19848] ? __pfx___lock_acquire+0x10/0x10 [ 964.833859][T19848] ___sys_sendmsg+0x135/0x1e0 [ 964.835847][T19848] ? __pfx____sys_sendmsg+0x10/0x10 [ 964.837878][T19848] ? ksys_write+0x21c/0x260 [ 964.839792][T19848] ? __fget_light+0x173/0x210 [ 964.841781][T19848] __sys_sendmsg+0x117/0x1f0 [ 964.843361][T19848] ? __pfx___sys_sendmsg+0x10/0x10 [ 964.845791][T19848] do_syscall_64+0xcd/0x250 [ 964.847933][T19848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.850453][T19848] RIP: 0033:0x7f292f177299 [ 964.852333][T19848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 964.860184][T19848] RSP: 002b:00007f292ff27048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 964.863611][T19848] RAX: ffffffffffffffda RBX: 00007f292f305f80 RCX: 00007f292f177299 [ 964.866641][T19848] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 964.869698][T19848] RBP: 00007f292ff270a0 R08: 0000000000000000 R09: 0000000000000000 [ 964.872907][T19848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 964.876151][T19848] R13: 000000000000000b R14: 00007f292f305f80 R15: 00007ffe440ee028 [ 964.879655][T19848] [ 965.069438][T19849] nbd2: detected capacity change from 0 to 22 [ 965.080339][T19853] block nbd2: shutting down sockets [ 965.080814][T19796] ldm_validate_partition_table(): Disk read failed. [ 965.112296][T19796] Dev nbd2: unable to read RDB block 0 [ 965.114447][T19796] nbd2: unable to read partition table [ 965.119101][T19796] nbd2: partition table beyond EOD, truncated [ 965.136773][T19796] ldm_validate_partition_table(): Disk read failed. [ 965.139705][T19796] Dev nbd2: unable to read RDB block 0 [ 965.165455][T19796] nbd2: unable to read partition table [ 965.169496][T19796] nbd2: partition table beyond EOD, truncated [ 965.189844][T19849] ldm_validate_partition_table(): Disk read failed. [ 965.194815][T19849] Dev nbd2: unable to read RDB block 0 [ 965.199770][T19849] nbd2: unable to read partition table [ 965.203366][T19849] nbd2: partition table beyond EOD, truncated [ 968.808889][T15962] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 968.822326][T15962] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 968.830790][T15962] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 968.838078][T15962] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 968.844465][T15962] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 968.848275][T15962] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 969.480390][T19892] chnl_net:caif_netlink_parms(): no params data found [ 970.031785][T19892] bridge0: port 1(bridge_slave_0) entered blocking state [ 970.036316][T19892] bridge0: port 1(bridge_slave_0) entered disabled state [ 970.039690][T19892] bridge_slave_0: entered allmulticast mode [ 970.051833][T19892] bridge_slave_0: entered promiscuous mode [ 970.067195][T19892] bridge0: port 2(bridge_slave_1) entered blocking state [ 970.069870][T19892] bridge0: port 2(bridge_slave_1) entered disabled state [ 970.074407][T19892] bridge_slave_1: entered allmulticast mode [ 970.094817][T19892] bridge_slave_1: entered promiscuous mode [ 970.404994][T19892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 970.419123][T19892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 970.706196][T19892] team0: Port device team_slave_0 added [ 970.722254][T19892] team0: Port device team_slave_1 added [ 970.873613][T19892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 970.876925][T19892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 970.894595][T19892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 970.904943][T19892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 970.908146][T19892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 970.921415][ T5340] Bluetooth: hci1: command tx timeout [ 970.922459][T19892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 971.139888][T19892] hsr_slave_0: entered promiscuous mode [ 971.142793][T19892] hsr_slave_1: entered promiscuous mode [ 971.146893][T19892] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 971.150611][T19892] Cannot create hsr debugfs directory [ 971.305618][T19935] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4311'. [ 971.367411][T19892] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 971.373196][T19892] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 971.411180][T19936] nbd0: detected capacity change from 0 to 22 [ 971.416997][T19932] block nbd0: shutting down sockets [ 971.420095][ C0] blk_print_req_error: 90 callbacks suppressed [ 971.420111][ C0] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.426758][ C0] buffer_io_error: 90 callbacks suppressed [ 971.426765][ C0] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.433184][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.437082][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.443069][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.446471][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.449336][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.453407][T19938] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 971.454837][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.456294][T19938] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 971.459712][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.463139][T19938] vhci_hcd vhci_hcd.0: Device attached [ 971.470460][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.473801][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.476537][T19939] vhci_hcd: connection closed [ 971.477497][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.478965][ T45] vhci_hcd: stop threads [ 971.479658][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.483416][ T45] vhci_hcd: release socket [ 971.484805][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.484893][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.488738][ T45] vhci_hcd: disconnect device [ 971.491061][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.496832][T19892] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 971.497677][T19893] ldm_validate_partition_table(): Disk read failed. [ 971.502823][T19892] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 971.504013][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.519852][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.525480][T19893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 971.529566][T19893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.533299][T19893] Dev nbd0: unable to read RDB block 0 [ 971.536518][T19893] nbd0: unable to read partition table [ 971.538934][T19893] nbd0: partition table beyond EOD, truncated [ 971.543277][T19932] ldm_validate_partition_table(): Disk read failed. [ 971.548137][T19932] Dev nbd0: unable to read RDB block 0 [ 971.551242][T19932] nbd0: unable to read partition table [ 971.554189][T19932] nbd0: partition table beyond EOD, truncated [ 971.560785][T19893] ldm_validate_partition_table(): Disk read failed. [ 971.564197][T19893] Dev nbd0: unable to read RDB block 0 [ 971.566747][T19893] nbd0: unable to read partition table [ 971.569275][T19893] nbd0: partition table beyond EOD, truncated [ 971.602894][T19892] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 971.607452][T19892] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 971.886140][T19945] overlayfs: failed to resolve '/0000000 00000000000000000000': -2 [ 973.000201][ T5340] Bluetooth: hci1: command tx timeout [ 973.648183][T19892] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 973.653193][T19892] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.679823][T19944] netlink: 'syz.3.4313': attribute type 6 has an invalid length. [ 973.685157][T19954] ip6tnl0: mtu greater than device maximum [ 973.856456][T19892] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 973.862956][T19892] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 973.873099][T19892] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 973.893504][T19892] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 973.986851][T19892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.011333][T19892] 8021q: adding VLAN 0 to HW filter on device team0 [ 974.019471][ T5373] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.022569][ T5373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 974.043747][ T5373] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.047041][ T5373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 974.121942][T19964] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4320'. [ 974.369057][T19892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 974.437901][T19892] veth0_vlan: entered promiscuous mode [ 974.448983][T19892] veth1_vlan: entered promiscuous mode [ 974.545293][T19892] veth0_macvtap: entered promiscuous mode [ 974.557341][T19892] veth1_macvtap: entered promiscuous mode [ 974.613340][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 974.618129][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.623792][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 974.628384][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.633370][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 974.640195][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.654590][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 974.659138][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.665895][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 974.674394][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.681186][T19892] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 974.695283][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.699469][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.704770][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.710496][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.714422][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.718430][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.727783][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.733091][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.737080][T19892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.741518][T19892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.748191][T19892] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 974.765814][T19892] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.772671][T19892] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.776420][T19892] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.782498][T19892] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.926522][T10996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 974.945005][T10996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 975.002587][ T214] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 975.022371][ T214] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 975.084691][ T5340] Bluetooth: hci1: command tx timeout [ 976.014100][T19990] autofs: Bad value for 'fd' [ 977.160179][ T5340] Bluetooth: hci1: command tx timeout [ 977.475909][T20020] netlink: 'syz.2.4336': attribute type 10 has an invalid length. [ 977.477705][ T39] audit: type=1400 audit(1722302467.567:2980): avc: denied { shutdown } for pid=20011 comm="syz.1.4332" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 977.479438][T20020] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4336'. [ 977.504294][T20025] FAULT_INJECTION: forcing a failure. [ 977.504294][T20025] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 977.509893][T20025] CPU: 0 UID: 0 PID: 20025 Comm: syz.0.4337 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 977.514416][T20025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 977.519203][T20025] Call Trace: [ 977.520663][T20025] [ 977.522021][T20025] dump_stack_lvl+0x16c/0x1f0 [ 977.524052][T20025] should_fail_ex+0x497/0x5b0 [ 977.526075][T20025] strncpy_from_user+0x38/0x320 [ 977.527989][T20025] getname_flags.part.0+0x8f/0x550 [ 977.529974][T20025] getname_flags+0x93/0xf0 [ 977.531663][T20025] user_path_at+0x24/0x60 [ 977.533502][T20025] __do_sys_pivot_root+0x175/0x1660 [ 977.535752][T20025] ? __pfx___do_sys_pivot_root+0x10/0x10 [ 977.538161][T20025] ? fput+0x32/0x390 [ 977.539856][T20025] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 977.542502][T20025] do_syscall_64+0xcd/0x250 [ 977.544459][T20025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 977.546860][T20025] RIP: 0033:0x7f292f177299 [ 977.548784][T20025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 977.556753][T20025] RSP: 002b:00007f292ff27048 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 977.560370][T20025] RAX: ffffffffffffffda RBX: 00007f292f305f80 RCX: 00007f292f177299 [ 977.563734][T20025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 977.567203][T20025] RBP: 00007f292ff270a0 R08: 0000000000000000 R09: 0000000000000000 [ 977.570546][T20025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 977.573926][T20025] R13: 000000000000000b R14: 00007f292f305f80 R15: 00007ffe440ee028 [ 977.577333][T20025] [ 977.616017][T20020] team0: Port device geneve0 added [ 977.626814][ T39] audit: type=1400 audit(1722302467.717:2981): avc: denied { create } for pid=20011 comm="syz.1.4332" name="cpu.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 977.649818][ T39] audit: type=1400 audit(1722302467.737:2982): avc: denied { associate } for pid=20011 comm="syz.1.4332" name="cpu.stat" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 977.673659][ T39] audit: type=1400 audit(1722302467.767:2983): avc: denied { append } for pid=20011 comm="syz.1.4332" path="/142/file0/cpu.stat" dev="9p" ino=36575664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 977.700161][ T39] audit: type=1400 audit(1722302467.767:2984): avc: denied { map } for pid=20014 comm="syz.3.4335" path="socket:[65945]" dev="sockfs" ino=65945 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 977.703835][T20033] netlink: 'syz.3.4335': attribute type 6 has an invalid length. [ 977.888964][T20016] overlayfs: failed to resolve '/0000000 00000000000000000000': -2 [ 978.235405][ T39] audit: type=1400 audit(1722302468.327:2985): avc: denied { unmount } for pid=16405 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 978.894068][T20053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4342'. [ 978.904670][T20051] netlink: 'syz.0.4341': attribute type 1 has an invalid length. [ 978.910478][T20051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4341'. [ 979.095020][T20063] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4346'. [ 979.224921][T20065] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 979.228704][T20065] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 979.237126][T20065] vhci_hcd vhci_hcd.0: Device attached [ 979.244576][T20066] vhci_hcd: connection closed [ 979.266385][ T1103] vhci_hcd: stop threads [ 979.270856][ T1103] vhci_hcd: release socket [ 979.272790][ T1103] vhci_hcd: disconnect device [ 979.426989][T20069] FAULT_INJECTION: forcing a failure. [ 979.426989][T20069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 979.433712][T20069] CPU: 2 UID: 0 PID: 20069 Comm: syz.3.4347 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 979.438165][T20069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 979.442715][T20069] Call Trace: [ 979.444213][T20069] [ 979.445511][T20069] dump_stack_lvl+0x16c/0x1f0 [ 979.447593][T20069] should_fail_ex+0x497/0x5b0 [ 979.449700][T20069] _copy_to_iter+0x44f/0x1150 [ 979.451757][T20069] ? __pfx__copy_to_iter+0x10/0x10 [ 979.454001][T20069] ? __virt_addr_valid+0x5e/0x590 [ 979.456198][T20069] ? __phys_addr_symbol+0x30/0x80 [ 979.458400][T20069] ? __check_object_size+0x497/0x720 [ 979.460703][T20069] seq_read_iter+0xd06/0x12c0 [ 979.462557][T20069] seq_read+0x390/0x4d0 [ 979.464288][T20069] ? __pfx___might_resched+0x10/0x10 [ 979.466600][T20069] ? __pfx_seq_read+0x10/0x10 [ 979.468654][T20069] ? lock_acquire+0x1b1/0x560 [ 979.470837][T20069] ? avc_policy_seqno+0x9/0x20 [ 979.472858][T20069] ? selinux_file_permission+0x125/0x590 [ 979.475271][T20069] ? __pfx_seq_read+0x10/0x10 [ 979.477361][T20069] vfs_read+0x1d4/0xbd0 [ 979.479256][T20069] ? __fdget_pos+0xeb/0x180 [ 979.481252][T20069] ? __pfx_vfs_read+0x10/0x10 [ 979.483298][T20069] ? __pfx___mutex_lock+0x10/0x10 [ 979.485527][T20069] ? __fget_files+0x256/0x400 [ 979.487577][T20069] ksys_read+0x12f/0x260 [ 979.489354][T20069] ? __pfx_ksys_read+0x10/0x10 [ 979.491067][T20069] do_syscall_64+0xcd/0x250 [ 979.493011][T20069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.495246][T20069] RIP: 0033:0x7f8374577299 [ 979.496862][T20069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 979.504855][T20069] RSP: 002b:00007f83753f1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 979.508494][T20069] RAX: ffffffffffffffda RBX: 00007f8374705f80 RCX: 00007f8374577299 [ 979.511495][T20069] RDX: 0000000000002020 RSI: 0000000020000080 RDI: 0000000000000004 [ 979.514572][T20069] RBP: 00007f83753f10a0 R08: 0000000000000000 R09: 0000000000000000 [ 979.517975][T20069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 979.521364][T20069] R13: 000000000000000b R14: 00007f8374705f80 R15: 00007fff008bc088 [ 979.524836][T20069] [ 979.634656][T20074] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4350'. [ 980.025462][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 981.492135][ T5373] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 981.542236][T20109] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4361'. [ 981.650217][ T5373] usb 6-1: device descriptor read/64, error -71 [ 981.941946][ T5373] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 982.100085][ T5373] usb 6-1: device descriptor read/64, error -71 [ 982.177708][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 982.221494][ T5373] usb usb6-port1: attempt power cycle [ 982.537335][ T5340] Bluetooth: hci3: Malformed LE Event: 0x0d [ 982.630195][ T5373] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 982.671723][ T5373] usb 6-1: device descriptor read/8, error -71 [ 982.753237][ T39] audit: type=1400 audit(1722302472.847:2986): avc: denied { append } for pid=20135 comm="syz.3.4372" name="fb0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 982.763004][ T39] audit: type=1400 audit(1722302472.847:2987): avc: denied { map } for pid=20135 comm="syz.3.4372" path="/dev/fb0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 982.767207][T20136] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4372'. [ 982.772467][ T39] audit: type=1400 audit(1722302472.847:2988): avc: denied { write execute } for pid=20135 comm="syz.3.4372" path="/dev/fb0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 982.940374][ T5373] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 982.976389][ T5373] usb 6-1: device descriptor read/8, error -71 [ 983.092802][ T5373] usb usb6-port1: unable to enumerate USB device [ 985.390341][ T5340] Bluetooth: hci4: command 0x0406 tx timeout [ 985.453429][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 986.489042][ T13] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 987.672322][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 989.209804][T20235] netlink: 'syz.2.4401': attribute type 1 has an invalid length. [ 989.213415][T20235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4401'. [ 990.207434][T20259] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4408'. [ 990.870255][ T4758] psmouse serio101: Failed to reset mouse on : -5 [ 991.523273][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 994.430091][ T4758] misc userio: Buffer overflowed, userio client isn't keeping up [ 995.585208][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 995.718871][ T4758] input: PS/2 Generic Mouse as /devices/serio101/input/input111 [ 995.940121][ T4758] psmouse serio101: Failed to enable mouse on [ 996.449560][T20345] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4434'. [ 996.798490][T20351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4436'. [ 996.853975][T20353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4437'. [ 997.280949][T20356] netlink: 'syz.3.4438': attribute type 12 has an invalid length. [ 997.481358][T20361] misc userio: Invalid payload size [ 997.625433][T20367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4441'. [ 997.670470][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 997.690591][ T5398] psmouse serio102: Failed to reset mouse on : -5 [ 998.800765][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.802985][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 999.848042][T20393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4450'. [ 1000.049136][T20397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4452'. [ 1000.288807][T20402] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4453'. [ 1001.062344][ T5411] kernel write not supported for file /vcs (pid: 5411 comm: kworker/3:4) [ 1001.300876][ T5398] misc userio: Buffer overflowed, userio client isn't keeping up [ 1002.053398][T20425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1002.305887][T20430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4462'. [ 1002.477711][T20432] FAULT_INJECTION: forcing a failure. [ 1002.477711][T20432] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.484051][T20432] CPU: 3 UID: 0 PID: 20432 Comm: syz.1.4463 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1002.488682][T20432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1002.492875][T20432] Call Trace: [ 1002.494222][T20432] [ 1002.495521][T20432] dump_stack_lvl+0x16c/0x1f0 [ 1002.497591][T20432] should_fail_ex+0x497/0x5b0 [ 1002.499657][T20432] ? fs_reclaim_acquire+0xae/0x160 [ 1002.501919][T20432] should_failslab+0xc2/0x120 [ 1002.504023][T20432] __kmalloc_noprof+0xcb/0x400 [ 1002.505971][T20432] tomoyo_encode2+0x100/0x3e0 [ 1002.507890][T20432] tomoyo_encode+0x29/0x50 [ 1002.509877][T20432] tomoyo_realpath_from_path+0x19d/0x720 [ 1002.512323][T20432] ? tomoyo_profile+0x47/0x60 [ 1002.514370][T20432] tomoyo_path_number_perm+0x245/0x590 [ 1002.516811][T20432] ? tomoyo_path_number_perm+0x232/0x590 [ 1002.519292][T20432] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1002.521977][T20432] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1002.524633][T20432] ? __fget_files+0x256/0x400 [ 1002.526739][T20432] security_file_ioctl+0x75/0xc0 [ 1002.528925][T20432] __x64_sys_ioctl+0xbb/0x220 [ 1002.530937][T20432] do_syscall_64+0xcd/0x250 [ 1002.532783][T20432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.534830][T20432] RIP: 0033:0x7fa8a3f77299 [ 1002.536822][T20432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.545219][T20432] RSP: 002b:00007fa8a4d96048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1002.548540][T20432] RAX: ffffffffffffffda RBX: 00007fa8a4105f80 RCX: 00007fa8a3f77299 [ 1002.551821][T20432] RDX: 0000000020000140 RSI: 0000000000008914 RDI: 0000000000000009 [ 1002.555305][T20432] RBP: 00007fa8a4d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 1002.558789][T20432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1002.562336][T20432] R13: 000000000000000b R14: 00007fa8a4105f80 R15: 00007ffeace6d348 [ 1002.565692][T20432] [ 1002.567661][T20432] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1002.570895][T20432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1002.581245][ T5398] input: PS/2 Generic Mouse as /devices/serio102/input/input112 [ 1002.715122][T14677] kernel write not supported for file /vcs (pid: 14677 comm: kworker/2:1) [ 1002.810102][ T5398] psmouse serio102: Failed to enable mouse on [ 1002.886968][T20440] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4466'. [ 1005.100540][ T39] audit: type=1400 audit(1722302495.187:2989): avc: denied { mount } for pid=20471 comm="syz.3.4476" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1005.120740][ T39] audit: type=1400 audit(1722302495.207:2990): avc: denied { mounton } for pid=20471 comm="syz.3.4476" path="/318/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 1006.645811][T20489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4481'. [ 1007.238093][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1007.370547][ T39] audit: type=1400 audit(1722302497.467:2991): avc: denied { unmount } for pid=16405 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1007.420651][ T4758] kernel write not supported for file /vcs (pid: 4758 comm: kworker/3:2) [ 1007.445316][T20500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4485'. [ 1009.148524][T20529] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4495'. [ 1012.331230][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1017.701089][T20592] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4513'. [ 1024.674630][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1025.961331][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1025.979202][T20723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4551'. [ 1029.414241][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1029.588171][T20771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4565'. [ 1032.395151][T20819] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4578'. [ 1033.051561][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1033.267566][T20830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4582'. [ 1034.744491][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1035.932981][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1037.780832][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1039.676420][ T1105] bridge_slave_0: left allmulticast mode [ 1039.678950][ T1105] bridge_slave_0: left promiscuous mode [ 1039.682907][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state [ 1039.693996][ T1105] veth1_to_bond: left allmulticast mode [ 1039.695983][ T1105] veth1_to_bond: left promiscuous mode [ 1039.697912][ T1105] bridge1: port 2(veth1_to_bond) entered disabled state [ 1039.735603][ T1105] bridge_slave_1: left allmulticast mode [ 1039.738087][ T1105] bridge_slave_1: left promiscuous mode [ 1039.743780][ T1105] bridge1: port 1(bridge_slave_1) entered disabled state [ 1040.433795][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1040.440719][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1040.456183][ T1105] bond0 (unregistering): Released all slaves [ 1040.559551][ T1105] tipc: Left network mode [ 1041.323710][ T1105] hsr_slave_0: left promiscuous mode [ 1041.338099][ T1105] hsr_slave_1: left promiscuous mode [ 1041.359128][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1041.370250][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1041.380517][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1041.384983][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1041.388371][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1041.476462][ T1105] veth1_macvtap: left promiscuous mode [ 1041.479821][ T1105] veth0_macvtap: left promiscuous mode [ 1041.484594][ T1105] veth1_vlan: left promiscuous mode [ 1041.489929][ T1105] veth0_vlan: left promiscuous mode [ 1042.983967][ T1105] team0 (unregistering): Port device team_slave_1 removed [ 1043.135068][ T1105] team0 (unregistering): Port device team_slave_0 removed [ 1049.359808][T21081] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4656'. [ 1051.884845][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1054.936168][T21177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4684'. [ 1055.051598][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1057.140592][T21215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4697'. [ 1058.122957][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1058.177687][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1060.117857][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 1060.121020][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.309223][ T39] audit: type=1326 audit(1722302550.397:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21261 comm="syz.0.4711" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292f177299 code=0x7ffc0000 [ 1060.321424][ T39] audit: type=1326 audit(1722302550.397:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21261 comm="syz.0.4711" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292f177299 code=0x7ffc0000 [ 1060.339766][ T39] audit: type=1326 audit(1722302550.407:2994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21261 comm="syz.0.4711" exe="/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f292f177299 code=0x7ffc0000 [ 1060.361757][ T39] audit: type=1326 audit(1722302550.407:2995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21261 comm="syz.0.4711" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292f177299 code=0x7ffc0000 [ 1060.380449][ T39] audit: type=1326 audit(1722302550.407:2996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21261 comm="syz.0.4711" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292f177299 code=0x7ffc0000 [ 1061.356301][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1064.121912][T21323] FAULT_INJECTION: forcing a failure. [ 1064.121912][T21323] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.126703][T21323] CPU: 0 UID: 0 PID: 21323 Comm: syz.1.4727 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1064.131555][T21323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1064.135612][T21323] Call Trace: [ 1064.136948][T21323] [ 1064.138331][T21323] dump_stack_lvl+0x16c/0x1f0 [ 1064.140217][T21323] should_fail_ex+0x497/0x5b0 [ 1064.142024][T21323] ? fs_reclaim_acquire+0xae/0x160 [ 1064.143868][T21323] should_failslab+0xc2/0x120 [ 1064.145517][T21323] __kmalloc_noprof+0xcb/0x400 [ 1064.147175][T21323] fib6_info_alloc+0x40/0x160 [ 1064.148994][T21323] ip6_route_info_create+0x337/0x1940 [ 1064.151509][T21323] ? hlock_class+0x4e/0x130 [ 1064.153273][T21323] ? __pfx_ip6_route_info_create+0x10/0x10 [ 1064.155601][T21323] ? __asan_memcpy+0x3c/0x60 [ 1064.157236][T21323] ? lwtunnel_valid_encap_type_attr+0x7c/0x2b0 [ 1064.159260][T21323] ip6_route_multipath_add+0xb4d/0x2180 [ 1064.161115][T21323] ? __pfx_ip6_route_multipath_add+0x10/0x10 [ 1064.163522][T21323] ? __mutex_trylock_common+0xea/0x250 [ 1064.165740][T21323] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1064.168145][T21323] ? inet6_rtm_newroute+0xe5/0x170 [ 1064.170310][T21323] inet6_rtm_newroute+0xe5/0x170 [ 1064.172345][T21323] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 1064.174633][T21323] ? __mutex_lock+0x1a6/0x9c0 [ 1064.176627][T21323] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 1064.178656][T21323] rtnetlink_rcv_msg+0x3c7/0xea0 [ 1064.180533][T21323] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1064.182753][T21323] netlink_rcv_skb+0x16b/0x440 [ 1064.184757][T21323] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1064.186596][T21323] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1064.188462][T21323] ? netlink_deliver_tap+0x1ae/0xd90 [ 1064.190489][T21323] netlink_unicast+0x544/0x830 [ 1064.192442][T21323] ? __pfx_netlink_unicast+0x10/0x10 [ 1064.194473][T21323] netlink_sendmsg+0x8b8/0xd70 [ 1064.196145][T21323] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1064.198078][T21323] ? __import_iovec+0x1fd/0x6e0 [ 1064.200041][T21323] ____sys_sendmsg+0xab5/0xc90 [ 1064.201745][T21323] ? copy_msghdr_from_user+0x10b/0x160 [ 1064.203625][T21323] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1064.205662][T21323] ? find_held_lock+0x2d/0x110 [ 1064.207346][T21323] ? __pfx___lock_acquire+0x10/0x10 [ 1064.209374][T21323] ___sys_sendmsg+0x135/0x1e0 [ 1064.211331][T21323] ? __pfx____sys_sendmsg+0x10/0x10 [ 1064.213347][T21323] ? ksys_write+0x21c/0x260 [ 1064.215284][T21323] ? __fget_light+0x173/0x210 [ 1064.217396][T21323] __sys_sendmsg+0x117/0x1f0 [ 1064.219341][T21323] ? __pfx___sys_sendmsg+0x10/0x10 [ 1064.221595][T21323] do_syscall_64+0xcd/0x250 [ 1064.223547][T21323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.225875][T21323] RIP: 0033:0x7fa8a3f77299 [ 1064.227682][T21323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1064.234549][T21323] RSP: 002b:00007fa8a4d96048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1064.237660][T21323] RAX: ffffffffffffffda RBX: 00007fa8a4105f80 RCX: 00007fa8a3f77299 [ 1064.240581][T21323] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 1064.243859][T21323] RBP: 00007fa8a4d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 1064.246941][T21323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1064.249782][T21323] R13: 000000000000000b R14: 00007fa8a4105f80 R15: 00007ffeace6d348 [ 1064.252603][T21323] [ 1064.349301][T15962] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1068.293779][ T5340] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1068.299063][ T5340] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1068.310167][ T5340] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1068.314254][ T5340] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1068.317545][ T5340] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1068.320774][ T5340] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1068.450831][ T1105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.608285][ T1105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.714791][ T1105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.867752][ T1105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.993179][T21401] chnl_net:caif_netlink_parms(): no params data found [ 1069.097775][ T1105] bridge_slave_1: left allmulticast mode [ 1069.101539][ T1105] bridge_slave_1: left promiscuous mode [ 1069.105010][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state [ 1069.133164][ T1105] bridge_slave_0: left allmulticast mode [ 1069.137068][ T1105] bridge_slave_0: left promiscuous mode [ 1069.141158][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state [ 1069.919314][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1069.932233][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1069.941645][ T1105] bond0 (unregistering): Released all slaves [ 1069.953880][ T1105] bond1 (unregistering): Released all slaves [ 1070.087869][T21401] bridge0: port 1(bridge_slave_0) entered blocking state [ 1070.091689][T21401] bridge0: port 1(bridge_slave_0) entered disabled state [ 1070.094875][T21401] bridge_slave_0: entered allmulticast mode [ 1070.098094][T21401] bridge_slave_0: entered promiscuous mode [ 1070.103705][T21401] bridge0: port 2(bridge_slave_1) entered blocking state [ 1070.106261][T21401] bridge0: port 2(bridge_slave_1) entered disabled state [ 1070.109093][T21401] bridge_slave_1: entered allmulticast mode [ 1070.113481][T21401] bridge_slave_1: entered promiscuous mode [ 1070.274508][T21401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1070.279934][T21401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1070.350760][T15962] Bluetooth: hci2: command tx timeout [ 1070.437376][T21401] team0: Port device team_slave_0 added [ 1070.443966][T21401] team0: Port device team_slave_1 added [ 1070.484502][T21444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4761'. [ 1070.510560][ T1105] hsr_slave_0: left promiscuous mode [ 1070.517642][ T1105] hsr_slave_1: left promiscuous mode [ 1070.526141][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1070.528951][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1070.536869][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1070.539258][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1070.572220][ T1105] veth1_macvtap: left promiscuous mode [ 1070.574029][ T1105] veth0_macvtap: left promiscuous mode [ 1070.575840][ T1105] veth1_vlan: left promiscuous mode [ 1070.577568][ T1105] veth0_vlan: left promiscuous mode [ 1072.005437][ T1105] team0 (unregistering): Port device team_slave_1 removed [ 1072.225866][ T1105] team0 (unregistering): Port device team_slave_0 removed [ 1072.440140][T15962] Bluetooth: hci2: command tx timeout [ 1073.040651][T21401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1073.043644][T21401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1073.060157][T21401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1073.075459][T21401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1073.090181][T21401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1073.110828][T21401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1073.209156][T21401] hsr_slave_0: entered promiscuous mode [ 1073.221462][T21401] hsr_slave_1: entered promiscuous mode [ 1073.919406][T21401] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1073.928985][T21401] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1073.936081][T21401] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1073.942948][T21401] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1074.072672][T21401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1074.124355][T21401] 8021q: adding VLAN 0 to HW filter on device team0 [ 1074.142823][ T5411] bridge0: port 1(bridge_slave_0) entered blocking state [ 1074.146015][ T5411] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1074.163959][T15308] bridge0: port 2(bridge_slave_1) entered blocking state [ 1074.167054][T15308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1074.215070][T21401] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1074.485218][T21401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1074.510098][T15962] Bluetooth: hci2: command tx timeout [ 1074.523233][T21401] veth0_vlan: entered promiscuous mode [ 1074.531962][T21401] veth1_vlan: entered promiscuous mode [ 1074.556365][T21401] veth0_macvtap: entered promiscuous mode [ 1074.563645][T21401] veth1_macvtap: entered promiscuous mode [ 1074.580817][T21401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1074.585278][T21401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.589374][T21401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1074.595044][T21401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.600557][T21401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1074.606545][T21401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.612551][T21401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.616629][T21401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.621045][T21401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.625174][T21401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.629208][T21401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.633232][T21401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.637674][T21401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.642955][T21401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1074.652624][T21401] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.656299][T21401] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.659931][T21401] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.664201][T21401] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.715035][T10996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1074.718387][T10996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1074.746606][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1074.750535][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1074.812795][T21502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4749'. [ 1075.855701][T15962] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1076.600153][T15962] Bluetooth: hci2: command tx timeout [ 1076.970168][T21542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4787'. [ 1076.999593][ T39] audit: type=1400 audit(1722302567.087:2997): avc: denied { getopt } for pid=21544 comm="syz.3.4789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1077.026137][ T39] audit: type=1400 audit(1722302567.117:2998): avc: denied { setopt } for pid=21544 comm="syz.3.4789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1077.914087][ T39] audit: type=1804 audit(1722302567.997:2999): pid=21561 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.4793" name="/newroot/3/file0/bus" dev="ramfs" ino=76347 res=1 errno=0 [ 1078.062203][ T39] audit: type=1800 audit(1722302568.147:3000): pid=21561 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.4793" name="bus" dev="ramfs" ino=76347 res=0 errno=0 [ 1078.659868][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1082.207703][T21630] FAULT_INJECTION: forcing a failure. [ 1082.207703][T21630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1082.214964][T21630] CPU: 2 UID: 0 PID: 21630 Comm: syz.0.4813 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1082.219429][T21630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1082.224023][T21630] Call Trace: [ 1082.225456][T21630] [ 1082.226722][T21630] dump_stack_lvl+0x16c/0x1f0 [ 1082.228670][T21630] should_fail_ex+0x497/0x5b0 [ 1082.230710][T21630] _copy_from_iter+0x2a1/0x1150 [ 1082.232843][T21630] ? __pfx__copy_from_iter+0x10/0x10 [ 1082.235102][T21630] ? __virt_addr_valid+0x5e/0x590 [ 1082.237322][T21630] ? __phys_addr_symbol+0x30/0x80 [ 1082.239468][T21630] ? __check_object_size+0x497/0x720 [ 1082.241650][T21630] kernfs_fop_write_iter+0x1a3/0x500 [ 1082.243892][T21630] vfs_write+0x6b6/0x1140 [ 1082.245721][T21630] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1082.248224][T21630] ? __pfx_vfs_write+0x10/0x10 [ 1082.250262][T21630] ? __pfx___mutex_lock+0x10/0x10 [ 1082.252400][T21630] ? __fget_files+0x256/0x400 [ 1082.254397][T21630] ksys_write+0x12f/0x260 [ 1082.256245][T21630] ? __pfx_ksys_write+0x10/0x10 [ 1082.258301][T21630] do_syscall_64+0xcd/0x250 [ 1082.260207][T21630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1082.262465][T21630] RIP: 0033:0x7fd6c3577299 [ 1082.264447][T21630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1082.272737][T21630] RSP: 002b:00007fd6c437d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1082.276224][T21630] RAX: ffffffffffffffda RBX: 00007fd6c3705f80 RCX: 00007fd6c3577299 [ 1082.279630][T21630] RDX: 000000000000002f RSI: 0000000020000340 RDI: 0000000000000007 [ 1082.282886][T21630] RBP: 00007fd6c437d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1082.286190][T21630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1082.289544][T21630] R13: 000000000000000b R14: 00007fd6c3705f80 R15: 00007fffdd5b9788 [ 1082.292940][T21630] [ 1082.801692][ T5398] psmouse serio103: Failed to reset mouse on : -5 [ 1082.864485][ T5364] bridge0: port 2(bridge_slave_1) entered disabled state [ 1082.947332][T21654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4822'. [ 1083.590236][ T5411] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1083.773438][ T5411] usb 5-1: Using ep0 maxpacket: 8 [ 1083.777901][ T5411] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1083.783537][ T5411] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1083.789195][ T5411] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1083.795101][ T5411] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1083.802599][ T5411] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1083.806635][ T5411] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.825970][ T5411] hub 5-1:1.0: bad descriptor, ignoring hub [ 1083.828958][ T5411] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1083.839826][ T5411] cdc_wdm 5-1:1.0: skipping garbage [ 1083.842698][ T5411] cdc_wdm 5-1:1.0: skipping garbage [ 1083.847859][ T5411] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1083.851901][ T5411] cdc_wdm 5-1:1.0: Unknown control protocol [ 1084.028107][ T5411] usb 5-1: USB disconnect, device number 13 [ 1084.613931][ T5411] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1084.790196][ T5411] usb 5-1: Using ep0 maxpacket: 8 [ 1084.794819][ T5411] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1084.800659][ T5411] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1084.804829][ T5411] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1084.810776][ T5411] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1084.815840][ T5411] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1084.819855][ T5411] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1084.829883][ T5411] hub 5-1:1.0: bad descriptor, ignoring hub [ 1084.832932][ T5411] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1084.836609][ T5411] cdc_wdm 5-1:1.0: skipping garbage [ 1084.838925][ T5411] cdc_wdm 5-1:1.0: skipping garbage [ 1084.843254][ T5411] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1084.845903][ T5411] cdc_wdm 5-1:1.0: Unknown control protocol [ 1085.095114][T15308] kernel write not supported for file /vbi1 (pid: 15308 comm: kworker/3:6) [ 1085.150480][ T5411] usb 5-1: USB disconnect, device number 14 [ 1086.018489][ T39] audit: type=1804 audit(1722302576.107:3001): pid=21685 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.4832" name="/newroot/134/file0/bus" dev="ramfs" ino=77968 res=1 errno=0 [ 1086.131751][ T39] audit: type=1800 audit(1722302576.217:3002): pid=21685 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.4832" name="bus" dev="ramfs" ino=77968 res=0 errno=0 [ 1086.420202][ T5398] misc userio: Buffer overflowed, userio client isn't keeping up [ 1086.433335][T21695] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1086.590044][ T39] audit: type=1400 audit(1722302576.667:3003): avc: denied { write } for pid=21692 comm="syz.2.4834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1087.698361][ T5398] input: PS/2 Generic Mouse as /devices/serio103/input/input113 [ 1087.914476][ T5398] psmouse serio103: Failed to enable mouse on [ 1088.167210][T20662] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 1088.380044][T20662] usb 7-1: Using ep0 maxpacket: 8 [ 1088.384869][T20662] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1088.398789][T20662] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1088.410226][T20662] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1088.416529][T20662] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1088.422206][T20662] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1088.430450][T20662] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1088.441322][T20662] hub 7-1:1.0: bad descriptor, ignoring hub [ 1088.444005][T20662] hub 7-1:1.0: probe with driver hub failed with error -5 [ 1088.450882][T20662] cdc_wdm 7-1:1.0: skipping garbage [ 1088.455568][T20662] cdc_wdm 7-1:1.0: skipping garbage [ 1088.457105][T20662] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 1088.461375][T20662] cdc_wdm 7-1:1.0: Unknown control protocol [ 1089.148597][T21719] usb 7-1: reset high-speed USB device number 9 using dummy_hcd [ 1089.432655][ T39] audit: type=1400 audit(1722302579.527:3004): avc: denied { setopt } for pid=21754 comm="syz.1.4852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1089.523187][ T5340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1089.528490][ T5340] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1089.535154][ T5340] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1089.541014][ T5340] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1089.554510][ T5340] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1089.557777][ T5340] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1089.724784][T21762] chnl_net:caif_netlink_parms(): no params data found [ 1089.726498][T20662] usb 7-1: USB disconnect, device number 9 [ 1089.792874][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1089.867727][ T1103] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1089.953991][ T1103] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1089.964875][T21762] bridge0: port 1(bridge_slave_0) entered blocking state [ 1089.969088][T21762] bridge0: port 1(bridge_slave_0) entered disabled state [ 1089.978228][T21762] bridge_slave_0: entered allmulticast mode [ 1089.982621][T21762] bridge_slave_0: entered promiscuous mode [ 1089.988231][T21762] bridge0: port 2(bridge_slave_1) entered blocking state [ 1089.991798][T21762] bridge0: port 2(bridge_slave_1) entered disabled state [ 1089.995210][T21762] bridge_slave_1: entered allmulticast mode [ 1089.999560][T21762] bridge_slave_1: entered promiscuous mode [ 1090.080521][ T1103] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.092250][T21762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1090.099687][T21762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1090.174876][ T1103] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.190632][T21762] team0: Port device team_slave_0 added [ 1090.198449][T21762] team0: Port device team_slave_1 added [ 1090.315814][T21762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1090.318185][T21762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1090.327677][T21762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1090.342311][T21762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1090.345188][T21762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1090.356423][T21762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1090.424345][T21762] hsr_slave_0: entered promiscuous mode [ 1090.427403][T21762] hsr_slave_1: entered promiscuous mode [ 1090.434358][T21762] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1090.437539][T21762] Cannot create hsr debugfs directory [ 1090.496319][T15962] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1090.546643][ T1103] bridge_slave_1: left allmulticast mode [ 1090.549153][ T1103] bridge_slave_1: left promiscuous mode [ 1090.551950][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state [ 1090.565359][ T1103] bridge_slave_0: left allmulticast mode [ 1090.567857][ T1103] bridge_slave_0: left promiscuous mode [ 1090.571050][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state [ 1091.075124][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1091.082513][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1091.091443][ T1103] bond0 (unregistering): Released all slaves [ 1091.592358][ T1103] hsr_slave_0: left promiscuous mode [ 1091.596616][ T1103] hsr_slave_1: left promiscuous mode [ 1091.605667][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1091.612606][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1091.615977][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1091.630295][ T5340] Bluetooth: hci0: command tx timeout [ 1091.657804][ T1103] veth1_macvtap: left promiscuous mode [ 1091.660937][ T1103] veth0_macvtap: left promiscuous mode [ 1091.663493][ T1103] veth1_vlan: left promiscuous mode [ 1091.665381][ T1103] veth0_vlan: left promiscuous mode [ 1092.911058][ T5340] Bluetooth: hci1: command 0x0406 tx timeout [ 1093.393818][ T1103] team0 (unregistering): Port device team_slave_1 removed [ 1093.712290][T15962] Bluetooth: hci0: command tx timeout [ 1094.664785][T21837] raw_sendmsg: syz.2.4873 forgot to set AF_INET. Fix it! [ 1094.827963][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1094.952562][T21762] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1094.959407][T21762] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1094.966418][T21762] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1094.979805][T21762] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1095.073557][T21762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1095.099119][T21762] 8021q: adding VLAN 0 to HW filter on device team0 [ 1095.109595][T20662] bridge0: port 1(bridge_slave_0) entered blocking state [ 1095.112879][T20662] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1095.132380][T20662] bridge0: port 2(bridge_slave_1) entered blocking state [ 1095.135616][T20662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1095.304656][T21762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1095.353784][T21762] veth0_vlan: entered promiscuous mode [ 1095.363104][T21762] veth1_vlan: entered promiscuous mode [ 1095.388453][T21762] veth0_macvtap: entered promiscuous mode [ 1095.399703][T21762] veth1_macvtap: entered promiscuous mode [ 1095.429934][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.436476][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.441898][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.446478][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.451644][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.456138][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.465871][T21762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1095.474891][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.479303][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.483153][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.487212][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.491617][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.495681][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.499528][T21762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.503208][T21762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.509092][T21762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1095.517746][T21762] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.521935][T21762] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.525784][T21762] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.529583][T21762] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.583768][ T214] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1095.588028][ T214] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1095.607600][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1095.611681][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1095.800207][T15962] Bluetooth: hci0: command tx timeout [ 1096.578773][ T39] audit: type=1400 audit(1722302586.667:3005): avc: denied { ioctl } for pid=21870 comm="syz.3.4881" path="socket:[77172]" dev="sockfs" ino=77172 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 1097.870263][T15962] Bluetooth: hci0: command tx timeout [ 1098.093277][T15962] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1099.592057][T21949] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1100.120259][T21949] Bluetooth: hci4: command 0x0406 tx timeout [ 1100.129831][ T5340] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1100.699082][T21977] netlink: 'syz.2.4913': attribute type 1 has an invalid length. [ 1100.709360][T21977] syz.2.4913: attempt to access beyond end of device [ 1100.709360][T21977] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 1100.716777][T21977] syz.2.4913: attempt to access beyond end of device [ 1100.716777][T21977] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1100.722984][T21977] syz.2.4913: attempt to access beyond end of device [ 1100.722984][T21977] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1100.730065][T21977] syz.2.4913: attempt to access beyond end of device [ 1100.730065][T21977] nbd2: rw=0, sector=18, nr_sectors = 2 limit=0 [ 1100.736962][T21977] syz.2.4913: attempt to access beyond end of device [ 1100.736962][T21977] nbd2: rw=0, sector=30, nr_sectors = 2 limit=0 [ 1100.742919][T21977] syz.2.4913: attempt to access beyond end of device [ 1100.742919][T21977] nbd2: rw=0, sector=36, nr_sectors = 2 limit=0 [ 1100.748542][T21977] VFS: unable to find oldfs superblock on device nbd2 [ 1100.788828][ T39] audit: type=1400 audit(1722302590.877:3006): avc: denied { unmount } for pid=19892 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1100.879885][ T39] audit: type=1400 audit(1722302590.967:3007): avc: denied { ioctl } for pid=21974 comm="syz.1.4912" path="socket:[80312]" dev="sockfs" ino=80312 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 1100.924606][ T39] audit: type=1326 audit(1722302591.017:3008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1100.942812][ T39] audit: type=1326 audit(1722302591.017:3009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1100.956751][ T39] audit: type=1326 audit(1722302591.017:3010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1100.967342][ T39] audit: type=1326 audit(1722302591.017:3011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1100.992081][ T39] audit: type=1326 audit(1722302591.017:3012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1101.002374][ T39] audit: type=1326 audit(1722302591.017:3013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1101.012470][ T39] audit: type=1326 audit(1722302591.017:3014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21964 comm="syz.0.4911" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6c3577299 code=0x7fc00000 [ 1101.240025][ C3] vkms_vblank_simulate: vblank timer overrun [ 1101.575303][ T5340] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1101.630089][ T5340] Bluetooth: hci2: command 0x206a tx timeout [ 1101.630152][T15962] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1103.260697][T15962] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1103.445371][T22026] FAULT_INJECTION: forcing a failure. [ 1103.445371][T22026] name failslab, interval 1, probability 0, space 0, times 0 [ 1103.452658][T22026] CPU: 3 UID: 0 PID: 22026 Comm: syz.1.4926 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1103.456578][T22026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1103.460338][T22026] Call Trace: [ 1103.461530][T22026] [ 1103.462696][T22026] dump_stack_lvl+0x16c/0x1f0 [ 1103.464541][T22026] should_fail_ex+0x497/0x5b0 [ 1103.466372][T22026] ? fs_reclaim_acquire+0xae/0x160 [ 1103.468407][T22026] should_failslab+0xc2/0x120 [ 1103.470165][T22026] __kmalloc_noprof+0xcb/0x400 [ 1103.471798][T22026] ? unwind_get_return_address+0x45/0xe0 [ 1103.473971][T22026] ext4_find_extent+0x95c/0xce0 [ 1103.475898][T22026] ? hlock_class+0x4e/0x130 [ 1103.477687][T22026] ext4_ext_map_blocks+0x27d/0x5cd0 [ 1103.479709][T22026] ? __pfx___lock_acquire+0x10/0x10 [ 1103.481069][T22026] ? __pfx___lock_acquire+0x10/0x10 [ 1103.482608][T22026] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 1103.484650][T22026] ? __pfx_lock_acquire+0x10/0x10 [ 1103.486583][T22026] ? __pfx___might_resched+0x10/0x10 [ 1103.488635][T22026] ? start_this_handle+0xfa4/0x1430 [ 1103.490282][T22026] ? __pfx_down_write+0x10/0x10 [ 1103.491957][T22026] ext4_map_blocks+0x61d/0x17d0 [ 1103.493779][T22026] ? trace_jbd2_handle_start+0x1b4/0x240 [ 1103.495840][T22026] ? __pfx_ext4_map_blocks+0x10/0x10 [ 1103.497414][T22026] ? __ext4_journal_start_sb+0x358/0x660 [ 1103.499330][T22026] ? __ext4_journal_start_sb+0x206/0x660 [ 1103.501399][T22026] ? ext4_alloc_file_blocks.isra.0+0x2a0/0xba0 [ 1103.503544][T22026] ext4_alloc_file_blocks.isra.0+0x2dc/0xba0 [ 1103.505310][T22026] ? __pfx_ext4_alloc_file_blocks.isra.0+0x10/0x10 [ 1103.507740][T22026] ? rcu_is_watching+0x12/0xc0 [ 1103.509489][T22026] ? generic_update_time+0xcf/0xf0 [ 1103.510945][T22026] ? mnt_put_write_access_file+0x45/0xf0 [ 1103.512689][T22026] ext4_fallocate+0x4dc/0x3f60 [ 1103.514559][T22026] ? __pfx_ext4_fallocate+0x10/0x10 [ 1103.516320][T22026] ? avc_policy_seqno+0x9/0x20 [ 1103.517733][T22026] ? selinux_file_permission+0x125/0x590 [ 1103.519844][T22026] ? __pfx_ext4_fallocate+0x10/0x10 [ 1103.521893][T22026] vfs_fallocate+0x4ca/0xfc0 [ 1103.523744][T22026] ioctl_preallocate+0x1a8/0x220 [ 1103.525582][T22026] ? __pfx_ioctl_preallocate+0x10/0x10 [ 1103.527593][T22026] do_vfs_ioctl+0x16da/0x1ad0 [ 1103.529389][T22026] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1103.531391][T22026] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x470 [ 1103.533864][T22026] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 1103.536381][T22026] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1103.539069][T22026] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1103.541252][T22026] ? selinux_file_ioctl+0x180/0x270 [ 1103.543263][T22026] ? selinux_file_ioctl+0xb4/0x270 [ 1103.545050][T22026] __x64_sys_ioctl+0x116/0x220 [ 1103.546873][T22026] do_syscall_64+0xcd/0x250 [ 1103.548574][T22026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.550870][T22026] RIP: 0033:0x7fa8a3f77299 [ 1103.552576][T22026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.559313][T22026] RSP: 002b:00007fa8a4d75048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1103.562101][T22026] RAX: ffffffffffffffda RBX: 00007fa8a4106058 RCX: 00007fa8a3f77299 [ 1103.565094][T22026] RDX: 0000000020000240 RSI: 000000004030582a RDI: 000000000000000b [ 1103.568048][T22026] RBP: 00007fa8a4d750a0 R08: 0000000000000000 R09: 0000000000000000 [ 1103.570865][T22026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1103.573570][T22026] R13: 000000000000006e R14: 00007fa8a4106058 R15: 00007ffeace6d348 [ 1103.576607][T22026] [ 1103.577739][ C3] vkms_vblank_simulate: vblank timer overrun [ 1103.829885][T22028] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4927'. [ 1103.848034][ T39] kauditd_printk_skb: 52 callbacks suppressed [ 1103.848049][ T39] audit: type=1400 audit(1722302593.937:3067): avc: denied { lock } for pid=22027 comm="syz.3.4927" path="socket:[80341]" dev="sockfs" ino=80341 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1106.458084][T15962] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1107.829927][T22087] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4943'. [ 1108.510999][T15962] Bluetooth: hci2: command 0x206a tx timeout [ 1108.633115][T22096] syz_tun: entered promiscuous mode [ 1108.640325][T22096] batadv_slave_1: entered promiscuous mode [ 1108.731829][ T5340] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1111.435170][T22138] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4957'. [ 1112.087489][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1113.971704][T22188] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4974'. [ 1114.110251][T15962] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1114.112920][T15962] Bluetooth: hci4: command 0x0406 tx timeout [ 1114.912500][T22199] netlink: 'syz.1.4976': attribute type 11 has an invalid length. [ 1115.100289][ T5340] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1116.736294][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1117.070331][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1117.313207][ T5340] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1117.553961][ T5340] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1118.240260][ T39] audit: type=1400 audit(1722302608.327:3068): avc: denied { create } for pid=22266 comm="syz.3.4997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1118.260117][ T39] audit: type=1400 audit(1722302608.327:3069): avc: denied { setopt } for pid=22266 comm="syz.3.4997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1118.279825][ T39] audit: type=1400 audit(1722302608.327:3070): avc: denied { ioctl } for pid=22266 comm="syz.3.4997" path="socket:[77634]" dev="sockfs" ino=77634 ioctlcmd=0x64a7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1118.294178][ T39] audit: type=1400 audit(1722302608.337:3071): avc: denied { write } for pid=22266 comm="syz.3.4997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1118.306180][ T39] audit: type=1400 audit(1722302608.347:3072): avc: denied { ioctl } for pid=22266 comm="syz.3.4997" path="socket:[77635]" dev="sockfs" ino=77635 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1118.320200][ T39] audit: type=1400 audit(1722302608.347:3073): avc: denied { accept } for pid=22266 comm="syz.3.4997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1118.332894][ T39] audit: type=1400 audit(1722302608.347:3074): avc: denied { getopt } for pid=22266 comm="syz.3.4997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1118.344046][ T39] audit: type=1400 audit(1722302608.347:3075): avc: denied { write } for pid=22266 comm="syz.3.4997" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 1118.365232][T22272] netlink: 'syz.3.4999': attribute type 11 has an invalid length. [ 1119.000095][T15962] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1119.004594][T15962] Bluetooth: hci4: command 0x0406 tx timeout [ 1119.310660][T21949] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1119.313764][ T5340] Bluetooth: hci2: command 0x206a tx timeout [ 1120.456239][T22306] netlink: 'syz.1.5008': attribute type 11 has an invalid length. [ 1121.552371][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.555664][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.782382][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1122.477966][ T5340] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1123.486462][T21949] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1124.033457][T22388] netlink: 'syz.2.5033': attribute type 11 has an invalid length. [ 1124.765230][T22411] FAULT_INJECTION: forcing a failure. [ 1124.765230][T22411] name failslab, interval 1, probability 0, space 0, times 0 [ 1124.771720][T22411] CPU: 0 UID: 0 PID: 22411 Comm: syz.3.5038 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1124.776321][T22411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1124.780901][T22411] Call Trace: [ 1124.782362][T22411] [ 1124.783722][T22411] dump_stack_lvl+0x16c/0x1f0 [ 1124.785902][T22411] should_fail_ex+0x497/0x5b0 [ 1124.787967][T22411] ? fs_reclaim_acquire+0xae/0x160 [ 1124.790172][T22411] should_failslab+0xc2/0x120 [ 1124.792247][T22411] __kmalloc_noprof+0xcb/0x400 [ 1124.794316][T22411] nla_strdup+0xc6/0x150 [ 1124.796167][T22411] nf_tables_newtable+0xdfc/0x1b20 [ 1124.798373][T22411] ? net_generic+0xea/0x2a0 [ 1124.800352][T22411] ? __pfx_nf_tables_newtable+0x10/0x10 [ 1124.802756][T22411] ? __nla_parse+0x40/0x60 [ 1124.804713][T22411] nfnetlink_rcv_batch+0x1a19/0x24e0 [ 1124.806974][T22411] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 1124.809412][T22411] ? find_held_lock+0x2d/0x110 [ 1124.811503][T22411] ? avc_has_perm_noaudit+0x119/0x3a0 [ 1124.813820][T22411] ? avc_has_perm_noaudit+0x143/0x3a0 [ 1124.816161][T22411] ? __nla_parse+0x40/0x60 [ 1124.818096][T22411] nfnetlink_rcv+0x3c3/0x430 [ 1124.820119][T22411] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1124.822322][T22411] netlink_unicast+0x544/0x830 [ 1124.824375][T22411] ? __pfx_netlink_unicast+0x10/0x10 [ 1124.826607][T22411] netlink_sendmsg+0x8b8/0xd70 [ 1124.828699][T22411] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1124.831000][T22411] ? __import_iovec+0x1fd/0x6e0 [ 1124.833398][T22411] ____sys_sendmsg+0xab5/0xc90 [ 1124.835514][T22411] ? copy_msghdr_from_user+0x10b/0x160 [ 1124.837741][T22411] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1124.839926][T22411] ? mark_held_locks+0x9f/0xe0 [ 1124.841749][T22411] ? __pfx___lock_acquire+0x10/0x10 [ 1124.843885][T22411] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 1124.846121][T22411] ___sys_sendmsg+0x135/0x1e0 [ 1124.847875][T22411] ? __pfx____sys_sendmsg+0x10/0x10 [ 1124.849872][T22411] ? ksys_write+0x21c/0x260 [ 1124.851638][T22411] ? __fget_light+0x173/0x210 [ 1124.853617][T22411] __sys_sendmsg+0x117/0x1f0 [ 1124.855424][T22411] ? __pfx___sys_sendmsg+0x10/0x10 [ 1124.857355][T22411] do_syscall_64+0xcd/0x250 [ 1124.858993][T22411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1124.861177][T22411] RIP: 0033:0x7f1973d77299 [ 1124.862885][T22411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1124.870255][T22411] RSP: 002b:00007f1974bf0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1124.873457][T22411] RAX: ffffffffffffffda RBX: 00007f1973f05f80 RCX: 00007f1973d77299 [ 1124.876519][T22411] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 1124.879586][T22411] RBP: 00007f1974bf00a0 R08: 0000000000000000 R09: 0000000000000000 [ 1124.882553][T22411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1124.885425][T22411] R13: 000000000000000b R14: 00007f1973f05f80 R15: 00007ffde55b3678 [ 1124.888248][T22411] [ 1124.932909][T22413] FAULT_INJECTION: forcing a failure. [ 1124.932909][T22413] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1124.938706][T22413] CPU: 3 UID: 0 PID: 22413 Comm: syz.3.5039 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1124.943478][T22413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1124.948262][T22413] Call Trace: [ 1124.949784][T22413] [ 1124.951143][T22413] dump_stack_lvl+0x16c/0x1f0 [ 1124.953058][T22413] should_fail_ex+0x497/0x5b0 [ 1124.954655][T22413] _copy_to_user+0x30/0xc0 [ 1124.956407][T22413] simple_read_from_buffer+0xd0/0x160 [ 1124.958422][T22413] proc_fail_nth_read+0x1b0/0x290 [ 1124.960763][T22413] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1124.963631][T22413] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1124.966088][T22413] vfs_read+0x1d4/0xbd0 [ 1124.967912][T22413] ? __fdget_pos+0xeb/0x180 [ 1124.970059][T22413] ? __pfx_vfs_read+0x10/0x10 [ 1124.972112][T22413] ? __pfx___mutex_lock+0x10/0x10 [ 1124.974328][T22413] ? __fget_files+0x256/0x400 [ 1124.976820][T22413] ksys_read+0x12f/0x260 [ 1124.978664][T22413] ? __pfx_ksys_read+0x10/0x10 [ 1124.981947][T22413] do_syscall_64+0xcd/0x250 [ 1124.983901][T22413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1124.986540][T22413] RIP: 0033:0x7f1973d75d7c [ 1124.988535][T22413] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1124.996761][T22413] RSP: 002b:00007f1974bf0040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1125.000359][T22413] RAX: ffffffffffffffda RBX: 00007f1973f05f80 RCX: 00007f1973d75d7c [ 1125.005961][T22413] RDX: 000000000000000f RSI: 00007f1974bf00b0 RDI: 0000000000000007 [ 1125.005977][T22413] RBP: 00007f1974bf00a0 R08: 0000000000000000 R09: 0000000000000000 [ 1125.005990][T22413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1125.006002][T22413] R13: 000000000000000b R14: 00007f1973f05f80 R15: 00007ffde55b3678 [ 1125.006017][T22413] [ 1125.057704][T22420] netlink: 'syz.3.5042': attribute type 11 has an invalid length. [ 1125.208324][T21949] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1125.470265][ T5340] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1125.480136][T21949] Bluetooth: hci4: command 0x0406 tx timeout [ 1125.490300][ T5340] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1126.075368][ T39] audit: type=1400 audit(1722302616.167:3076): avc: denied { connect } for pid=22446 comm="syz.3.5050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1126.100785][T22444] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5048'. [ 1126.228638][T22454] netlink: 'syz.1.5053': attribute type 11 has an invalid length. [ 1126.461308][T21949] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1127.554997][T21949] Bluetooth: hci4: command 0x0406 tx timeout [ 1127.557938][ T5340] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1128.283018][T22496] bridge_slave_0: left allmulticast mode [ 1128.285408][T22496] bridge_slave_0: left promiscuous mode [ 1128.288082][T22496] bridge0: port 1(bridge_slave_0) entered disabled state [ 1128.314765][T22496] bridge_slave_1: left allmulticast mode [ 1128.317403][T22496] bridge_slave_1: left promiscuous mode [ 1128.322275][T22496] bridge0: port 2(bridge_slave_1) entered disabled state [ 1128.367891][T22496] bond0: (slave bond_slave_0): Releasing backup interface [ 1128.382668][T22496] bond0: (slave bond_slave_1): Releasing backup interface [ 1128.471112][ T5340] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 1128.472678][T22496] team0: Port device team_slave_0 removed [ 1128.478306][ T5340] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5340, name: kworker/u33:5 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1128.488901][ T5340] preempt_count: 0, expected: 0 [ 1128.492551][ T5340] RCU nest depth: 1, expected: 0 [ 1128.496667][ T5340] 4 locks held by kworker/u33:5/5340: [ 1128.498473][ T5340] #0: ffff88805163a148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 1128.503114][ T5340] #1: ffffc90003697d80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 1128.507952][ T5340] #2: ffff888042780078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 [ 1128.512297][ T5340] #3: ffffffff8ddb53a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 [ 1128.516547][ T5340] CPU: 3 UID: 0 PID: 5340 Comm: kworker/u33:5 Not tainted 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1128.521048][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1128.525015][ T5340] Workqueue: hci1 hci_rx_work [ 1128.526818][ T5340] Call Trace: [ 1128.528062][ T5340] [ 1128.529155][ T5340] dump_stack_lvl+0x16c/0x1f0 [ 1128.530967][ T5340] __might_resched+0x3c0/0x5e0 [ 1128.532990][ T5340] ? __pfx___might_resched+0x10/0x10 [ 1128.535244][ T5340] ? __pfx___lock_acquire+0x10/0x10 [ 1128.537397][ T5340] ? rcu_is_watching+0x12/0xc0 [ 1128.539386][ T5340] __mutex_lock+0xe2/0x9c0 [ 1128.541248][ T5340] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.543866][ T5340] ? __pfx___mutex_lock+0x10/0x10 [ 1128.545959][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1128.548036][ T5340] ? find_held_lock+0x2d/0x110 [ 1128.550010][ T5340] ? hci_event_packet+0x438/0x1180 [ 1128.552149][ T5340] ? __pfx_lock_release+0x10/0x10 [ 1128.554244][ T5340] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.556831][ T5340] hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.559398][ T5340] ? __mutex_unlock_slowpath+0x164/0x650 [ 1128.561979][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1128.564881][ T5340] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1128.567503][ T5340] ? skb_pull_data+0x166/0x210 [ 1128.569589][ T5340] hci_le_meta_evt+0x2e2/0x5d0 [ 1128.571648][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1128.574499][ T5340] hci_event_packet+0x666/0x1180 [ 1128.576564][ T5340] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1128.578816][ T5340] ? __pfx_hci_event_packet+0x10/0x10 [ 1128.581325][ T5340] ? mark_held_locks+0x9f/0xe0 [ 1128.583479][ T5340] ? kcov_remote_start+0x3d1/0x6e0 [ 1128.585759][ T5340] ? lockdep_hardirqs_on+0x7c/0x110 [ 1128.587920][ T5340] hci_rx_work+0x2c6/0x1610 [ 1128.589516][ T5340] process_one_work+0x9c5/0x1b40 [ 1128.591657][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1128.593761][ T5340] ? __pfx_process_one_work+0x10/0x10 [ 1128.595885][ T5340] ? assign_work+0x1a0/0x250 [ 1128.597866][ T5340] worker_thread+0x6c8/0xf20 [ 1128.599818][ T5340] ? __pfx_worker_thread+0x10/0x10 [ 1128.601835][ T5340] kthread+0x2c1/0x3a0 [ 1128.603535][ T5340] ? _raw_spin_unlock_irq+0x23/0x50 [ 1128.605876][ T5340] ? __pfx_kthread+0x10/0x10 [ 1128.607574][ T5340] ret_from_fork+0x45/0x80 [ 1128.609469][ T5340] ? __pfx_kthread+0x10/0x10 [ 1128.611431][ T5340] ret_from_fork_asm+0x1a/0x30 [ 1128.613333][ T5340] [ 1128.616831][ T5340] [ 1128.617893][ T5340] ============================= [ 1128.619668][ T5340] [ BUG: Invalid wait context ] [ 1128.621605][ T5340] 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 Tainted: G W [ 1128.625197][ T5340] ----------------------------- [ 1128.627256][ T5340] kworker/u33:5/5340 is trying to lock: [ 1128.629627][ T5340] ffffffff8fc83128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.633855][ T5340] other info that might help us debug this: [ 1128.636277][ T5340] context-{4:4} [ 1128.637638][ T5340] 4 locks held by kworker/u33:5/5340: [ 1128.639776][ T5340] #0: ffff88805163a148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 1128.644030][ T5340] #1: ffffc90003697d80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 1128.648926][ T5340] #2: ffff888042780078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 [ 1128.653029][ T5340] #3: ffffffff8ddb53a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 [ 1128.657368][ T5340] stack backtrace: [ 1128.658989][ T5340] CPU: 3 UID: 0 PID: 5340 Comm: kworker/u33:5 Tainted: G W 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1128.663949][ T5340] Tainted: [W]=WARN [ 1128.665309][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1128.669734][ T5340] Workqueue: hci1 hci_rx_work [ 1128.671468][ T5340] Call Trace: [ 1128.672946][ T5340] [ 1128.674272][ T5340] dump_stack_lvl+0x116/0x1f0 [ 1128.676237][ T5340] __lock_acquire+0x13cc/0x3cb0 [ 1128.678141][ T5340] ? __pfx___lock_acquire+0x10/0x10 [ 1128.680293][ T5340] ? irqentry_exit+0x3b/0x90 [ 1128.682072][ T5340] ? lockdep_hardirqs_on+0x7c/0x110 [ 1128.684106][ T5340] lock_acquire+0x1b1/0x560 [ 1128.686050][ T5340] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.688685][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1128.690578][ T5340] ? dump_stack_lvl+0x1a3/0x1f0 [ 1128.692839][ T5340] ? add_taint+0x5f/0xd0 [ 1128.694639][ T5340] ? __might_resched+0x3cc/0x5e0 [ 1128.696964][ T5340] ? __pfx___might_resched+0x10/0x10 [ 1128.699259][ T5340] ? __pfx___lock_acquire+0x10/0x10 [ 1128.701479][ T5340] __mutex_lock+0x175/0x9c0 [ 1128.703511][ T5340] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.706180][ T5340] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.708949][ T5340] ? __pfx___mutex_lock+0x10/0x10 [ 1128.711187][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1128.713199][ T5340] ? find_held_lock+0x2d/0x110 [ 1128.715076][ T5340] ? hci_event_packet+0x438/0x1180 [ 1128.717314][ T5340] ? __pfx_lock_release+0x10/0x10 [ 1128.719593][ T5340] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.722500][ T5340] hci_le_create_big_complete_evt+0x387/0xb30 [ 1128.725073][ T5340] ? __mutex_unlock_slowpath+0x164/0x650 [ 1128.727320][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1128.730136][ T5340] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1128.732642][ T5340] ? skb_pull_data+0x166/0x210 [ 1128.734725][ T5340] hci_le_meta_evt+0x2e2/0x5d0 [ 1128.736816][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1128.739604][ T5340] hci_event_packet+0x666/0x1180 [ 1128.741802][ T5340] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1128.744079][ T5340] ? __pfx_hci_event_packet+0x10/0x10 [ 1128.746379][ T5340] ? mark_held_locks+0x9f/0xe0 [ 1128.748513][ T5340] ? kcov_remote_start+0x3d1/0x6e0 [ 1128.751243][ T5340] ? lockdep_hardirqs_on+0x7c/0x110 [ 1128.753942][ T5340] hci_rx_work+0x2c6/0x1610 [ 1128.756509][ T5340] process_one_work+0x9c5/0x1b40 [ 1128.758956][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1128.761281][ T5340] ? __pfx_process_one_work+0x10/0x10 [ 1128.763710][ T5340] ? assign_work+0x1a0/0x250 [ 1128.765939][ T5340] worker_thread+0x6c8/0xf20 [ 1128.768327][ T5340] ? __pfx_worker_thread+0x10/0x10 [ 1128.770627][ T5340] kthread+0x2c1/0x3a0 [ 1128.772373][ T5340] ? _raw_spin_unlock_irq+0x23/0x50 [ 1128.774729][ T5340] ? __pfx_kthread+0x10/0x10 [ 1128.776765][ T5340] ret_from_fork+0x45/0x80 [ 1128.778777][ T5340] ? __pfx_kthread+0x10/0x10 [ 1128.780682][ T5340] ret_from_fork_asm+0x1a/0x30 [ 1128.782628][ T5340] [ 1128.791744][ T5340] ================================================================== [ 1128.795194][ T5340] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30 [ 1128.798965][ T5340] Read of size 8 at addr ffff88804672c000 by task kworker/u33:5/5340 [ 1128.802730][ T5340] [ 1128.803787][ T5340] CPU: 3 UID: 0 PID: 5340 Comm: kworker/u33:5 Tainted: G W 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1128.809263][ T5340] Tainted: [W]=WARN [ 1128.810979][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1128.811011][T22496] team0: Port device team_slave_1 removed [ 1128.815670][ T5340] Workqueue: hci1 hci_rx_work [ 1128.819511][T22496] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1128.820290][ T5340] Call Trace: [ 1128.820301][ T5340] [ 1128.820309][ T5340] dump_stack_lvl+0x116/0x1f0 [ 1128.820339][ T5340] print_report+0xc3/0x620 [ 1128.830681][ T5340] ? __virt_addr_valid+0x5e/0x590 [ 1128.832664][ T5340] ? __phys_addr+0xc6/0x150 [ 1128.834581][ T5340] kasan_report+0xd9/0x110 [ 1128.836499][ T5340] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 1128.839149][ T5340] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 1128.841864][ T5340] hci_le_create_big_complete_evt+0xa62/0xb30 [ 1128.844370][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1128.847155][ T5340] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1128.849721][ T5340] ? skb_pull_data+0x166/0x210 [ 1128.851803][ T5340] hci_le_meta_evt+0x2e2/0x5d0 [ 1128.853894][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1128.856314][ T5340] hci_event_packet+0x666/0x1180 [ 1128.858436][ T5340] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1128.860398][ T5340] ? __pfx_hci_event_packet+0x10/0x10 [ 1128.862603][ T5340] ? mark_held_locks+0x9f/0xe0 [ 1128.864629][ T5340] ? kcov_remote_start+0x3d1/0x6e0 [ 1128.866796][ T5340] ? lockdep_hardirqs_on+0x7c/0x110 [ 1128.868706][ T5340] hci_rx_work+0x2c6/0x1610 [ 1128.870209][ T5340] process_one_work+0x9c5/0x1b40 [ 1128.872339][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1128.874537][ T5340] ? __pfx_process_one_work+0x10/0x10 [ 1128.876872][ T5340] ? assign_work+0x1a0/0x250 [ 1128.878748][ T5340] worker_thread+0x6c8/0xf20 [ 1128.880535][ T5340] ? __pfx_worker_thread+0x10/0x10 [ 1128.882806][ T5340] kthread+0x2c1/0x3a0 [ 1128.884491][ T5340] ? _raw_spin_unlock_irq+0x23/0x50 [ 1128.886760][ T5340] ? __pfx_kthread+0x10/0x10 [ 1128.888469][ T5340] ret_from_fork+0x45/0x80 [ 1128.890234][ T5340] ? __pfx_kthread+0x10/0x10 [ 1128.892055][ T5340] ret_from_fork_asm+0x1a/0x30 [ 1128.893993][ T5340] [ 1128.895305][ T5340] [ 1128.896214][ T5340] Allocated by task 15962: [ 1128.897770][ T5340] kasan_save_stack+0x33/0x60 [ 1128.899414][ T5340] kasan_save_track+0x14/0x30 [ 1128.900959][ T5340] __kasan_kmalloc+0xaa/0xb0 [ 1128.902623][ T5340] __hci_conn_add+0x131/0x1a50 [ 1128.904426][ T5340] hci_conn_add+0x56/0x70 [ 1128.906334][ T5340] hci_le_big_sync_established_evt+0x73f/0xad0 [ 1128.909070][ T5340] hci_le_meta_evt+0x2e2/0x5d0 [ 1128.911079][ T5340] hci_event_packet+0x666/0x1180 [ 1128.913134][ T5340] hci_rx_work+0x2c6/0x1610 [ 1128.914870][ T5340] process_one_work+0x9c5/0x1b40 [ 1128.916913][ T5340] worker_thread+0x6c8/0xf20 [ 1128.918890][ T5340] kthread+0x2c1/0x3a0 [ 1128.920456][ T5340] ret_from_fork+0x45/0x80 [ 1128.922247][ T5340] ret_from_fork_asm+0x1a/0x30 [ 1128.924079][ T5340] [ 1128.925117][ T5340] Freed by task 5340: [ 1128.926853][ T5340] kasan_save_stack+0x33/0x60 [ 1128.928884][ T5340] kasan_save_track+0x14/0x30 [ 1128.930555][ T5340] kasan_save_free_info+0x3b/0x60 [ 1128.932217][ T5340] poison_slab_object+0xf7/0x160 [ 1128.933720][ T5340] __kasan_slab_free+0x32/0x50 [ 1128.935694][ T5340] kfree+0x12a/0x3b0 [ 1128.937149][ T5340] device_release+0xa1/0x240 [ 1128.938817][ T5340] kobject_put+0x1fa/0x5b0 [ 1128.940567][ T5340] device_unregister+0x2f/0xc0 [ 1128.942779][ T5340] hci_conn_del_sysfs+0xb4/0x180 [ 1128.945083][ T5340] hci_conn_del+0x54e/0xdb0 [ 1128.947049][ T5340] hci_le_create_big_complete_evt+0x4ba/0xb30 [ 1128.949646][ T5340] hci_le_meta_evt+0x2e2/0x5d0 [ 1128.951679][ T5340] hci_event_packet+0x666/0x1180 [ 1128.953401][ T5340] hci_rx_work+0x2c6/0x1610 [ 1128.954964][ T5340] process_one_work+0x9c5/0x1b40 [ 1128.956858][ T5340] worker_thread+0x6c8/0xf20 [ 1128.958517][ T5340] kthread+0x2c1/0x3a0 [ 1128.959924][ T5340] ret_from_fork+0x45/0x80 [ 1128.961815][ T5340] ret_from_fork_asm+0x1a/0x30 [ 1128.963849][ T5340] [ 1128.964838][ T5340] The buggy address belongs to the object at ffff88804672c000 [ 1128.964838][ T5340] which belongs to the cache kmalloc-8k of size 8192 [ 1128.970141][ T5340] The buggy address is located 0 bytes inside of [ 1128.970141][ T5340] freed 8192-byte region [ffff88804672c000, ffff88804672e000) [ 1128.975483][ T5340] [ 1128.976312][ T5340] The buggy address belongs to the physical page: [ 1128.978448][ T5340] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46728 [ 1128.981729][ T5340] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1128.985172][ T5340] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1128.988312][ T5340] page_type: 0xfdffffff(slab) [ 1128.989923][ T5340] raw: 00fff00000000040 ffff888015843180 ffffea00008b6a00 dead000000000002 [ 1128.993530][ T5340] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 1128.997128][ T5340] head: 00fff00000000040 ffff888015843180 ffffea00008b6a00 dead000000000002 [ 1129.000796][ T5340] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 1129.004252][ T5340] head: 00fff00000000003 ffffea000119ca01 ffffffffffffffff 0000000000000000 [ 1129.007538][ T5340] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1129.011186][ T5340] page dumped because: kasan: bad access detected [ 1129.013422][ T5340] page_owner tracks the page as allocated [ 1129.015844][ T5340] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5419, tgid 5415 (syz.0.7), ts 62919219914, free_ts 62832253801 [ 1129.024566][ T5340] post_alloc_hook+0x2d1/0x350 [ 1129.026522][ T5340] get_page_from_freelist+0x1351/0x2e50 [ 1129.028458][ T5340] __alloc_pages_noprof+0x22b/0x2460 [ 1129.030724][ T5340] alloc_slab_page+0x4e/0xf0 [ 1129.032724][ T5340] new_slab+0x84/0x260 [ 1129.034252][ T5340] ___slab_alloc+0xdac/0x1870 [ 1129.036281][ T5340] __slab_alloc.constprop.0+0x56/0xb0 [ 1129.038592][ T5340] __kmalloc_node_noprof+0x357/0x430 [ 1129.040865][ T5340] __kvmalloc_node_noprof+0x6f/0x1a0 [ 1129.042685][ T5340] pfifo_fast_init+0x125/0x3b0 [ 1129.044662][ T5340] qdisc_create_dflt+0x101/0x440 [ 1129.046811][ T5340] dev_activate+0x63c/0x12c0 [ 1129.048833][ T5340] __dev_open+0x396/0x4e0 [ 1129.050229][ T5340] __dev_change_flags+0x561/0x720 [ 1129.052009][ T5340] dev_change_flags+0x8f/0x160 [ 1129.053460][ T5340] devinet_ioctl+0x127a/0x1f10 [ 1129.055402][ T5340] page last free pid 5364 tgid 5364 stack trace: [ 1129.058116][ T5340] free_unref_page+0x64a/0xe40 [ 1129.059978][ T5340] __put_partials+0x14c/0x170 [ 1129.061979][ T5340] qlist_free_all+0x4e/0x140 [ 1129.063734][ T5340] kasan_quarantine_reduce+0x192/0x1e0 [ 1129.065948][ T5340] __kasan_slab_alloc+0x69/0x90 [ 1129.068040][ T5340] kmem_cache_alloc_node_noprof+0x153/0x310 [ 1129.070559][ T5340] __alloc_skb+0x2b1/0x380 [ 1129.072323][ T5340] alloc_skb_with_frags+0xe4/0x710 [ 1129.074181][ T5340] sock_alloc_send_pskb+0x7f1/0x980 [ 1129.076436][ T5340] mld_newpack.isra.0+0x1ed/0x790 [ 1129.078481][ T5340] add_grhead+0x299/0x340 [ 1129.080360][ T5340] add_grec+0x111e/0x1670 [ 1129.082324][ T5340] mld_send_initial_cr.part.0+0xe2/0x260 [ 1129.084512][ T5340] mld_dad_work+0x51/0x2f0 [ 1129.086469][ T5340] process_one_work+0x9c5/0x1b40 [ 1129.088666][ T5340] worker_thread+0x6c8/0xf20 [ 1129.090629][ T5340] [ 1129.091719][ T5340] Memory state around the buggy address: [ 1129.093871][ T5340] ffff88804672bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1129.097293][ T5340] ffff88804672bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1129.100786][ T5340] >ffff88804672c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1129.103954][ T5340] ^ [ 1129.105501][ T5340] ffff88804672c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1129.108596][ T5340] ffff88804672c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1129.111977][ T5340] ================================================================== [ 1129.117176][ T5340] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1129.119729][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: kworker/u33:5 Tainted: G W 6.11.0-rc1-syzkaller-00042-g6b5faec9f564 #0 [ 1129.124986][ T5340] Tainted: [W]=WARN [ 1129.126618][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1129.131058][ T5340] Workqueue: hci1 hci_rx_work [ 1129.133041][ T5340] Call Trace: [ 1129.134449][ T5340] [ 1129.135741][ T5340] dump_stack_lvl+0x3d/0x1f0 [ 1129.137376][ T5340] panic+0x6f5/0x7a0 [ 1129.138890][ T5340] ? __pfx_panic+0x10/0x10 [ 1129.140797][ T5340] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 1129.143316][ T5340] ? preempt_schedule_thunk+0x1a/0x30 [ 1129.145523][ T5340] ? preempt_schedule_common+0x44/0xc0 [ 1129.147586][ T5340] check_panic_on_warn+0xab/0xb0 [ 1129.149230][ T5340] end_report+0x117/0x180 [ 1129.150520][ T5340] kasan_report+0xe9/0x110 [ 1129.152365][ T5340] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 1129.154771][ T5340] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 1129.157053][ T5340] hci_le_create_big_complete_evt+0xa62/0xb30 [ 1129.159624][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1129.162482][ T5340] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1129.165074][ T5340] ? skb_pull_data+0x166/0x210 [ 1129.167187][ T5340] hci_le_meta_evt+0x2e2/0x5d0 [ 1129.169350][ T5340] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1129.172313][ T5340] hci_event_packet+0x666/0x1180 [ 1129.174550][ T5340] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1129.176590][ T5340] ? __pfx_hci_event_packet+0x10/0x10 [ 1129.178384][ T5340] ? mark_held_locks+0x9f/0xe0 [ 1129.180200][ T5340] ? kcov_remote_start+0x3d1/0x6e0 [ 1129.182331][ T5340] ? lockdep_hardirqs_on+0x7c/0x110 [ 1129.184568][ T5340] hci_rx_work+0x2c6/0x1610 [ 1129.186546][ T5340] process_one_work+0x9c5/0x1b40 [ 1129.188705][ T5340] ? __pfx_lock_acquire+0x10/0x10 [ 1129.190854][ T5340] ? __pfx_process_one_work+0x10/0x10 [ 1129.193144][ T5340] ? assign_work+0x1a0/0x250 [ 1129.195101][ T5340] worker_thread+0x6c8/0xf20 [ 1129.197089][ T5340] ? __pfx_worker_thread+0x10/0x10 [ 1129.199301][ T5340] kthread+0x2c1/0x3a0 [ 1129.201020][ T5340] ? _raw_spin_unlock_irq+0x23/0x50 [ 1129.203464][ T5340] ? __pfx_kthread+0x10/0x10 [ 1129.205262][ T5340] ret_from_fork+0x45/0x80 [ 1129.206965][ T5340] ? __pfx_kthread+0x10/0x10 [ 1129.208947][ T5340] ret_from_fork_asm+0x1a/0x30 [ 1129.210967][ T5340] [ 1129.212890][ T5340] Kernel Offset: disabled [ 1129.214756][ T5340] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:19:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fe1245 RDI=ffffffff9519a720 RBP=ffffffff9519a6e0 RSP=ffffc90003686b78 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000031 R14=ffffffff84fe11e0 R15=0000000000000000 RIP=ffffffff84fe126f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fa8a4d966c0 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f957d707d58 CR3=0000000024e64000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000054 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff88e06bb1 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973de56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973de56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973de56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973de56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973de5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973de5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973ed5488 00007f1973ed5480 00007f1973ed5478 00007f1973ed5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1974a3d100 00007f1973ed5440 00007f1973ed5458 00007f1973ed54a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1973ed5498 00007f1973ed5490 00007f1973ed5488 00007f1973ed5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffc90006400000 RBX=0000000000000000 RCX=ffff888023540fb0 RDX=000000000000009d RSI=ffffffff863c2b36 RDI=ffff888023541188 RBP=0000000000000001 RSP=ffffc900008b0b78 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=ffffffff8b4f4160 R12=0000000000000001 R13=0000000000004e20 R14=ffff888023540fb0 R15=0000000000000001 RIP=ffffffff863c2b73 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020163000 CR3=0000000031e28000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957cad5488 00007f957cad5480 00007f957cad5478 00007f957cad5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957d63d100 00007f957cad5440 00007f957cad5458 00007f957cad54a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957cad5498 00007f957cad5490 00007f957cad5488 00007f957cad5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffc900034d7b18 RDX=1ffff11004351a6a RSI=ffffffff8b4cc880 RDI=ffff888021a8ccc4 RBP=ffff888021a8c880 RSP=ffffc900034d7b60 R8 =0000000000000000 R9 =fffffbfff202549b R10=ffffffff9012a4df R11=0000000000000000 R12=ffff88801f079640 R13=0000000000000000 R14=dffffc0000000000 R15=0000000000000001 RIP=ffffffff81716e6b RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002099d000 CR3=0000000011c84000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957c9e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957cad5488 00007f957cad5480 00007f957cad5478 00007f957cad5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957d63d100 00007f957cad5440 00007f957cad5458 00007f957cad54a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f957cad5498 00007f957cad5490 00007f957cad5488 00007f957cad5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000160 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000001fccc RBX=0000000000000001 RCX=ffffc90028d05000 RDX=0000000000100000 RSI=ffffffff816b653c RDI=0000000000000001 RBP=0000000000000050 RSP=ffffc90003697718 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=000000000000000e R12=0000000000000200 R13=ffff88804edda440 R14=ffffffff8b4c3aa0 R15=ffffc90003697798 RIP=ffffffff816b653e RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000203ff000 CR3=0000000011c84000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8130765d ffffffff8130763d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307682 ffffffff8130765d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff81340d89 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd6c35e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd6c35e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd6c35e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd6c35e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd6c35e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd6c35e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307682 ffffffff8130765d ffffffff8130763d ffffffff81307633 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0070697300060008 0000000000080008 0000000000040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007000c08000000 0005000800000002 00000046b4010038 0000000100000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000