last executing test programs: 44.812934003s ago: executing program 3 (id=1682): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d54549b, 0x0, [0x0, 0x0, 0x40, 0x0, 0xfffffffffffffffc]}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b80a0000000f23c80f21f866350c00a0000f23f866b9800000c00f326635000400000f300fc76a002e0f080f23742e3b5753baf80c66b8f494f78e66efbafc0c66b83ac8000066efda6509", 0xde}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 1) 44.333337575s ago: executing program 3 (id=1686): r0 = socket$kcm(0x10, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) getpgid(0xffffffffffffffff) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) r2 = shmget$private(0x0, 0x2000, 0x1, &(0x7f000045e000/0x2000)=nil) shmat(r2, &(0x7f000030f000/0x4000)=nil, 0x800) sendmmsg(0xffffffffffffffff, &(0x7f0000003a80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)='7', 0x1}], 0x1}}], 0x1, 0x2c000011) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) shutdown(0xffffffffffffffff, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @in6=@loopback, 0x4e23, 0x0, 0x4e20, 0xea, 0xa, 0x20, 0x80, 0x3b}, {0x2, 0x20000000000, 0x0, 0x82, 0x4, 0xbf54, 0x8, 0x2}, {0x3, 0x215b, 0x6fbb, 0x6}, 0x3, 0x6e6bb6, 0x0, 0x0, 0x2, 0x1}, {{@in=@multicast1, 0x4d6, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x1, 0x9, 0x6, 0x7ff, 0x2}}, 0xe8) r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000440)={'#! ', './file0', [], 0xa, "a71890885bab9a24f920fefa7d6e276d1ca98e35179e020ea69e925edbf4a3028c65153283d0c6dee96f2bb5c93c9795161d7bd1516288508577d6c6069d1c61d1a9e5f39b30617a54bbba6ddfbe906b130c8f3b3a07bc5a2edf9ece24eca967f6868d1a07dfdf1580713e6346df86d2d713e93ecb6ad2cd46aa007bef09eb0c661b577c33c50b921e811cef9b69fc377c8118b64bb7a7ae663fc0d9a0063310dbed0f179e70e8e73f3e606848cc91ba75aaeb0380971b97363c2e079bcb66f4dca71195f727985fe89ed96afdd977"}, 0xda) copy_file_range(r5, 0x0, r4, &(0x7f00000000c0)=0x3, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB], 0x22) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x7) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440309000e000a0014000000ba8000001201", 0x2e}], 0x1}, 0x0) 42.90668994s ago: executing program 0 (id=1694): openat$vcsu(0xffffff9c, &(0x7f0000000000), 0x8041, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000018c0)={0xffffffffffffffff, 0xe0, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, &(0x7f0000000380), 0x0, 0x0, 0x0, &(0x7f0000000040), 0x8, 0xc, 0x8, 0x0, 0x0}}, 0x10) socket$inet(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x563e22ec7dfea742, '\x00', 0x0, 0x2e, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x7}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x0, 0xc, 0x3}, 0x10, r0, 0xffffffffffffffff, 0x0, &(0x7f0000001900), 0x0, 0x10, 0x3}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/138, 0x8a}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x0, 0xa612, 0x3}, 0x48) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) syz_emit_ethernet(0x135, &(0x7f00000006c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @random="36e8a070c9db", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, 'i\x00', 0xff, 0x2b, 0x0, @private2={0xfc, 0x2, '\x00', 0x2}, @local, {[@dstopts={0x6, 0x1a, '\x00', [@pad1, @calipso={0x7, 0x28, {0x3, 0x8, 0x15, 0x6, [0x2, 0x7, 0x69, 0x837f]}}, @ra={0x5, 0x2, 0xb}, @generic={0x27, 0x69, "405d3b08c58ef7d28d9e98f45368737308c91666ca514b433f10a2b08b7e450c89dbf003f18084a246a86d66997db374179f8bedc68c42d52cc2925f5c7ac878e2a4a0ee9509d9e591816600e413d6806867ee2a071d19788d5abf9a0ecadb61fe9f9df918a02ceab6"}, @calipso={0x7, 0x20, {0x0, 0x6, 0xd9, 0x42, [0x5, 0x7, 0x61070350]}}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}], {0x2, 0x8, 0x27, 0x0, @gue={{0x2, 0x0, 0x1, 0x81, 0x0, @val=0x80}, "c13aa682c21e47a9a1f8d47a60f7000d2e17d823954ec6"}}}}}}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r4) sendmsg$NLBL_CALIPSO_C_REMOVE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NLBL_CALIPSO_A_DOI={0x8}]}, 0x1c}}, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33) 42.905501306s ago: executing program 0 (id=1695): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0xc, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001340)=""/102378, 0x7706c522012798af) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r1) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd024}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x24, 0x10, 0x20, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r7, 0x20000}, [@IFLA_PORT_SELF={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_clone(0x28000800, 0x0, 0xf, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, 0x0, 0x0, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x4}]}, 0x18}}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = dup(r11) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f00000cb000/0x18000)=nil, &(0x7f0000000480)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000ebffff8004"]) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) 18.470009621s ago: executing program 3 (id=1714): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@setlink={0x1f, 0x13, 0xbaa23f3d13f2d1f5, 0x0, 0x0, {}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x10000}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) 18.214068631s ago: executing program 3 (id=1738): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x20, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x13}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xffff744f, 0x0, 0x0, 0x0, 0x80000001}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}]}, &(0x7f00000003c0)='syzkaller\x00', 0x8, 0xb8, &(0x7f00000006c0)=""/184, 0x41000, 0x59, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000a80), 0x10, 0x5}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xe, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) r1 = fsopen(&(0x7f00000001c0)='erofs\x00', 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000200)='dax\x00', 0x0, 0xffffffffffffff9c) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000001700)=ANY=[@ANYRES8=r0], 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x20, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r6) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"}) r7 = openat$sequencer2(0xffffff9c, &(0x7f0000005e00), 0x0, 0x0) ioctl$SNDCTL_TMR_STOP(r7, 0x5403) 17.503607914s ago: executing program 0 (id=1716): r0 = socket$kcm(0x10, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) getpgid(0xffffffffffffffff) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) r2 = shmget$private(0x0, 0x2000, 0x1, &(0x7f000045e000/0x2000)=nil) shmat(r2, &(0x7f000030f000/0x4000)=nil, 0x800) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000003a80)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x2c000011) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) shutdown(0xffffffffffffffff, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8, 0x1, 0x80000000}]}}]}, 0x38}}, 0x0) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @in6=@loopback, 0x4e23, 0x0, 0x4e20, 0xea, 0xa, 0x20, 0x80, 0x3b, r6}, {0x2, 0x20000000000, 0x0, 0x82, 0x4, 0xbf54, 0x8, 0x2}, {0x3, 0x215b, 0x6fbb, 0x6}, 0x3, 0x6e6bb6, 0x0, 0x0, 0x2, 0x1}, {{@in=@multicast1, 0x4d6, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x1, 0x9, 0x6, 0x7ff, 0x2}}, 0xe8) r7 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000440)={'#! ', './file0', [], 0xa, "a71890885bab9a24f920fefa7d6e276d1ca98e35179e020ea69e925edbf4a3028c65153283d0c6dee96f2bb5c93c9795161d7bd1516288508577d6c6069d1c61d1a9e5f39b30617a54bbba6ddfbe906b130c8f3b3a07bc5a2edf9ece24eca967f6868d1a07dfdf1580713e6346df86d2d713e93ecb6ad2cd46aa007bef09eb0c661b577c33c50b921e811cef9b69fc377c8118b64bb7a7ae663fc0d9a0063310dbed0f179e70e8e73f3e606848cc91ba75aaeb0380971b97363c2e079bcb66f4dca71195f727985fe89ed96afdd977"}, 0xda) copy_file_range(r7, 0x0, r5, &(0x7f00000000c0)=0x3, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x7) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440309000e000a0014000000ba8000001201", 0x2e}], 0x1}, 0x0) 16.668338041s ago: executing program 3 (id=1740): r0 = msgget$private(0x0, 0x156) msgsnd(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="03000000000000001a0797b523117d2a9e9fd08e206ecb701d6afb893163be3bffda30f82fce67c5ff975152abfd8e966a09cfbde4e0fc421abd185298f8ce48be8c19b1aa9f56cd7084299d47ab1d754495131362000000000000000000"], 0x5c, 0x800) msgrcv(r0, 0xfffffffffffffffe, 0x0, 0x0, 0x1000) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000600)='memory.numa_stat\x00', 0x275a, 0x0) syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x140) r2 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000480)={0x8, 0x20000008c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f0000000a40)=[{{&(0x7f00000004c0)=@vsock, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000540)=""/152, 0x98}, 0x8}], 0x1, 0x102, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000640)='xprt_ping\x00'}, 0x10) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r6 = creat(0x0, 0x0) r7 = msgget(0x2, 0x84) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r9 = dup(r8) fsync(r6) getsockname$packet(r9, 0x0, &(0x7f0000000240)) msgctl$IPC_STAT(r7, 0x2, &(0x7f0000000340)=""/23) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000300)="ff872f0000000000c08e28bee850f34ffa7825", 0x13) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r6, 0x4040534e, &(0x7f00000002c0)={0x200, @time={0x78, 0x100}, 0x7, {0x9, 0x3}, 0x7, 0x0, 0x9d}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x10) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) 15.634305563s ago: executing program 3 (id=1741): syz_io_uring_setup(0x24ff, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f00000003c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x8003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f54], [0x9, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x91, 0x0, 0x7fffffff, 0x0, 0x3, 0x0, 0x0, 0xfffffffd]], '\x00', [{}, {0x101}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4000000}]}) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0) r4 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40580) ioctl$VIDIOC_QUERYCTRL(r4, 0xc0445624, &(0x7f00000000c0)={0x8000005, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000"}) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000040)=0x10000) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x1) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000700)=0x0) syz_clone3(&(0x7f0000000780)={0x200010100, &(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000500), {0x1b}, &(0x7f0000000580)=""/181, 0xb5, &(0x7f0000000640)=""/110, &(0x7f0000000740)=[0x0, r6], 0x2, {r2}}, 0x58) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}]}, 0x10) syz_emit_ethernet(0x42, &(0x7f00000004c0)=ANY=[@ANYBLOB="331d6a07cddcbbbbbbbbbb"], 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) clock_gettime(0x0, &(0x7f0000000080)) write$P9_RSTATu(r1, &(0x7f0000000080)={0x265, 0x2, 0xafd, {{0x500, 0x124, 0x28, 0x0, {}, 0x0, 0x0, 0xc, 0x401, 0xffffffffffffff7d, '\nnodev{evo\x03\xd3\x8b\x92\x00'/27, 0x28, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18x\x99\xa9\x16c\x88\x14\xe5p\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0xac, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4@\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x009\x86Ac\x1dD\xf4\xa3\x9b\x11\x91\x93z(\x0e\x8d\x88\x9f\xc2 \xd1\x15\xac\x8e/\x18K\x9aau\x8d&w*\xb0\xf2\x04M\x8e\xf0&=\xdd\x97\xd3\xc4\'\xb3\xa52\xef\xab\x1d\x1c\xe3,\xa7\xc1\xfc#\x1a\xf4\x84\b\xe0+%P(\xb7\xc9\xbb\x859oM\x8a\xf0\xeb\x95\xfc\x0e\xcc\x99\xf7\x80\xe2'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0xfd85) 15.313723983s ago: executing program 1 (id=1742): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x800000, 0x1, 0xffffffffffffffff, 0x2004c8, 0xfffffffffffffffc, 0x0, 0x100, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x2], 0xd000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0x8090ae81, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000480)='vegas\x00', 0x6) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r4 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 12.8925906s ago: executing program 2 (id=1744): r0 = socket$inet(0x2, 0x0, 0x0) r1 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000400)=[{0x0, 0xfd, 0x2, 0xffffffff}, {0x6, 0x1}]}, 0x10) mkdir(0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0) r7 = openat$cgroup_ro(r5, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) sendfile(r6, r7, 0x0, 0x7ffff000) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r9 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, r9, 0x2, 0x0) r10 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=r0, @ANYRESHEX=r10, @ANYRES8=r3, @ANYRES32=r2, @ANYBLOB=',group_id=', @ANYRES16=r9, @ANYRESHEX=r2]) read$FUSE(r10, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) socket$pptp(0x18, 0x1, 0x2) getpgrp(r9) fsetxattr$security_capability(r8, &(0x7f0000000240), &(0x7f00000002c0)=@v3={0x3000000, [{0x6, 0x448}, {0xfffff630, 0x1f4d4d64}], r11}, 0x18, 0x0) write$cgroup_freezer_state(r8, &(0x7f0000000000)='FREEZING\x00', 0x9) 12.770859145s ago: executing program 1 (id=1745): syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) (async, rerun: 32) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x7}, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x8000, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async) r2 = socket(0x2, 0x2, 0x2) unshare(0x8040080) (async) r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000280)='dns_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)='#$*\x00', r3) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x61) (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000300)=[@in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e22, 0x0, @remote, 0x4}], 0x2c) (async) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) (async) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) io_submit(0x0, 0x0, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) (async) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) (async, rerun: 32) timer_settime(0x0, 0x0, &(0x7f0000000180), 0x0) (async, rerun: 32) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r5, @ANYBLOB="020000000100"/16], 0x28}}, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0xd, 0x0) read$msr(r6, &(0x7f0000019680)=""/102379, 0x161e6) (async) syz_emit_vhci(&(0x7f0000000580)=ANY=[@ANYRES16=r6], 0x8b) 12.504144602s ago: executing program 1 (id=1746): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x20, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x13}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xffff744f, 0x0, 0x0, 0x0, 0x80000001}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}]}, &(0x7f00000003c0)='syzkaller\x00', 0x8, 0xb8, &(0x7f00000006c0)=""/184, 0x41000, 0x59, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000a80), 0x10, 0x5}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xe, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) r2 = fsopen(&(0x7f00000001c0)='erofs\x00', 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f0000000200)='dax\x00', 0x0, 0xffffffffffffff9c) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000001700)=ANY=[@ANYRES8=r1], 0x0) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x20, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r7) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"}) r8 = openat$sequencer2(0xffffff9c, &(0x7f0000005e00), 0x0, 0x0) ioctl$SNDCTL_TMR_STOP(r8, 0x5403) 12.36623792s ago: executing program 0 (id=1747): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbb9bbbbbb0380c200000008004500001c0000000000029078ac1e0001ac1414aa22009078e0000002"], 0x0) r1 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x73, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0x10, 0x0, 0x0) sendfile(r2, r0, &(0x7f0000002080)=0x64, 0x23b) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x3a, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000180)={0x9, 0x108, 0xfa00, {r3, 0x6, "dc6d3e", "2862945b38f7cd8aaaa8f1691f7fb5e76364fed06fcc640f57c30729b00aa5484d67227000d8b9d0f77104d3b7104e22633a85002f8d163dbc689ba359ce2025caed961b12c8a69279c4e0c0715f8588681030207b7115f56c722d24e04dd42efe456049f2b494fb30e7dafbc1f26715abc1014bfee6656eece7dfdf02ed7bfebaf2890e8c7ed00187865a4bcd12c09fb1751dff40ae514dfec800ba9503857b9b80bae14ca55f1854871977d1e72372bbdaef4b94342c9d5fe9d4e0fe0ed3362785b91e6dccf0f9f4520d1493d2c7e9f54c7f18d2e7b2b6e2b386bd8acc1caf70aa5128f439333f0476efbcb328e5d658aac7f937ded6d2b03f24cbe61d02e0"}}, 0x110) 11.899582929s ago: executing program 0 (id=1748): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x42032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000070b20b5b0e550bd3d771cb9a8400000002000000dc7c9aa93dbed7c01954f782e193179358cfe827505a72c41b54b07fa061ac51d5db6f"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sync() r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd2(0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r6, 0x0) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0xc018aec0, &(0x7f0000000140)={0x2}) mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x2, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, r6, 0x0, 0x0, 0x0, 0x0}, 0x90) 11.67210113s ago: executing program 2 (id=1749): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000020000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 6) 11.363618233s ago: executing program 1 (id=1750): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x11, 0x3, 0x10) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x8, 0x100008c}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCSBRK(r0, 0x5427) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r4 = getpgrp(0x0) r5 = syz_pidfd_open(r4, 0x0) unshare(0x400) pidfd_send_signal(r5, 0x0, 0x0, 0x4) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB="330000e5b5546139f300", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="26003300d00000000802110000010802110000005050505050500000090425030000003e01000000"], 0x44}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) mlockall(0x5) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x7, 0x3}, 0x48) syz_open_dev$dri(0x0, 0x20, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mount$9p_virtio(&(0x7f0000000340), &(0x7f0000000300)='./file0\x00', &(0x7f0000000380), 0x41, 0x0) chdir(&(0x7f0000000100)='./file0\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) 11.09400422s ago: executing program 1 (id=1751): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x42032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000070b20b5b0e550bd3d771cb9a8400000002000000dc7c9aa93dbed7c01954f782e193179358cfe827505a72c41b54b07fa061ac51d5db6f"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sync() r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd2(0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r6, 0x0) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0xc018aec0, &(0x7f0000000140)={0x2}) mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x2, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, r6, 0x0, 0x0, 0x0, 0x0}, 0x90) 11.013539457s ago: executing program 2 (id=1752): r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r2 = epoll_create(0x7fff) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000001c0)={"fe403ca4", 0x0, 0x5, 0x81, 0x0, 0x5, "de1c190000000400000000000500", "dba0a737", '\x00', "e75aef41", ["2000fdff42d783945b5b3a64", "0c13895a26e4cb6b2f9782fc", "674a440d6cdaaf6be57cc8cd", "2d66d59cea6bb67af44fa6da"]}) r3 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r3, &(0x7f00000000c0)="cb", 0x1, 0x0, &(0x7f0000000100)={0x2, 0x0, @private=0xa010102}, 0x10) sendmmsg$inet_sctp(r3, &(0x7f00000058c0)=[{&(0x7f0000000180)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000340)="a1", 0x1}], 0x1}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x1c, &(0x7f0000000400)={0x0}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r4, 0x0, 0x3}, 0xc) shmget$private(0x0, 0x3000, 0x40, &(0x7f0000ffb000/0x3000)=nil) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x9, 0x7f, 0x6, 0xb, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x40, 0x7fff, 0xd8}}) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0}, 0x20) shmget$private(0x0, 0x3000, 0x400, &(0x7f0000ffd000/0x3000)=nil) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32, @ANYRESOCT], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r5, r6, 0x30, 0x0, @val=@tracing={0xffffffffffffffff}}, 0x40) epoll_create1(0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) cachestat(r8, &(0x7f0000000080), &(0x7f00000000c0), 0x0) ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f00000000c0)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r7, 0x5501) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000140)={"04f16c91", 0x0, 0xfc, 0x0, 0x0, 0x0, "6f99e65664cdfb5f27cf398a3f7a92", '\x00', "246a8a96", "12caa207", ['\x00', "9d09b40000cf00", '\x00\x00\rk\x00\x00\n\x00']}) syz_open_dev$dmmidi(&(0x7f0000000080), 0x9, 0x180040) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'geneve1\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000040)=0x98, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f050e00e6e8120006001e0086dd", 0xe, 0x4040004, &(0x7f0000000540)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 5.15275946s ago: executing program 0 (id=1753): sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x600, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r1, 0x300, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x2, 0xe}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x80) r3 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) r4 = add_key$user(&(0x7f0000000540), &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') io_submit(r5, 0x1, &(0x7f0000000200)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r6, r7, 0x25, 0x8, @void}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) io_setup(0x4, &(0x7f00000014c0)=0x0) r9 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') io_submit(r8, 0x1, &(0x7f0000000180)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r9, 0x0}]) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x9, 0x100008b}, 0x0) r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x7) read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) r11 = syz_open_procfs(0x0, &(0x7f0000000200)='net/netlink\x00') read$msr(r11, &(0x7f0000000040)=""/59, 0xffb5) r12 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_RCVMTU(r12, 0x112, 0xd, 0x0, 0x0) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x20, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x6}, 0x48) keyctl$dh_compute(0x17, &(0x7f0000000080)={r4, r3, r4}, &(0x7f00000000c0)=""/12, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={'sha3-224\x00'}}) 5.096513715s ago: executing program 2 (id=1755): socket$inet6(0xa, 0x5, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000240)={'ip6erspan0\x00', {0x2, 0x0, @empty}}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) getitimer(0x1, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getpriority(0x1, r0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mremap(&(0x7f00007c9000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f00000003c0)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, 0x0, &(0x7f0000000340)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000040)) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) (fail_nth: 7) write$sndseq(r3, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRESOCT, @ANYRES16=r4, @ANYRESOCT=r4, @ANYRES32=r4, @ANYRES16=r3, @ANYRES32], 0x7c}, 0x1, 0x0, 0x0, 0x40010}, 0x45811) 5.09078901s ago: executing program 1 (id=1756): ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'netpci0\x00'}}) (async) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'netpci0\x00'}}) socket$inet(0x2, 0x3, 0x30) (async) r0 = socket$inet(0x2, 0x3, 0x30) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000080)=0x2c) r1 = syz_open_procfs(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0xfffffe6a, 0x0, 0x0, 0xffffffffffffff79, 0xd, 0x8, 0x1a, 0x0}}, 0x10) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000056000c02000000000000000000000d0000000000005f00"], 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000079c142536c550f4a8907c39dae3ee250"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000079c142536c550f4a8907c39dae3ee250"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r4, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r4, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2a, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, r1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2a, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, r1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0) (async) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r4, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x34, &(0x7f0000000600), 0x0, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xec, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() openat$vicodec0(0xffffff9c, 0x0, 0x2, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0) process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r6 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r6) r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[], 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x3, 0x56, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x7, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x50, 0x2, 0x2, 0x6, 0x0, 0x67, {{0x5}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x8000, 0xa95, 0x9, 0x2}, [@acm={0x4, 0x24, 0x2, 0x1}, @obex={0x5, 0x24, 0x15, 0x7}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x69, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xda, 0x10}}}}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x201, 0x4, 0x86, 0x5, 0xff, 0x3}, 0x5, &(0x7f0000000400)={0x5, 0xf, 0x5}}) (async) syz_usb_connect$cdc_ecm(0x3, 0x56, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x7, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x50, 0x2, 0x2, 0x6, 0x0, 0x67, {{0x5}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x8000, 0xa95, 0x9, 0x2}, [@acm={0x4, 0x24, 0x2, 0x1}, @obex={0x5, 0x24, 0x15, 0x7}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x69, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xda, 0x10}}}}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x201, 0x4, 0x86, 0x5, 0xff, 0x3}, 0x5, &(0x7f0000000400)={0x5, 0xf, 0x5}}) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYRES16, @ANYBLOB="2c67726f75c45f4d643de5b6ce54530eaf2e1783bbca6ef291af79c8bfb53ba7a10728ae46fce74a1065758184969923d5ea187d8a1a25cdf4beee9ffda245bd7853dbf2797f5cd0ba15893c7a4c7eab3fb6fbdec714150ed5b867d7947be7fcdebfe05a85145e73813b75123e6533294224923faa4b3fc3ffe9f5eb4ba05bf8ba52b06ad19e6b7be263a5e29d8b7043f221", @ANYRES32=r7]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) (async) r8 = syz_open_procfs(0x0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x8801) read$FUSE(r8, 0x0, 0x0) (async) read$FUSE(r8, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r7, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r7, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 214.349418ms ago: executing program 2 (id=1757): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd89, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f00000001c0)=""/166, 0xa6) getdents(r1, &(0x7f00000000c0)=""/175, 0xaf) 0s ago: executing program 2 (id=1758): r0 = socket$inet(0x2, 0x0, 0x0) r1 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000400)=[{0x0, 0xfd, 0x2, 0xffffffff}, {0x6, 0x1}]}, 0x10) mkdir(0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0) r7 = openat$cgroup_ro(r5, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) sendfile(r6, r7, 0x0, 0x7ffff000) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r9 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, r9, 0x2, 0x0) r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=r0, @ANYRESHEX=r10, @ANYRES8=r3, @ANYRES32=r2, @ANYBLOB=',group_id=', @ANYRES16=r9, @ANYRESHEX=r2]) read$FUSE(r10, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) socket$pptp(0x18, 0x1, 0x2) getpgrp(r9) fsetxattr$security_capability(r8, &(0x7f0000000240), &(0x7f00000002c0)=@v3={0x3000000, [{0x6, 0x448}, {0xfffff630, 0x1f4d4d64}], r11}, 0x18, 0x0) write$cgroup_freezer_state(r8, &(0x7f0000000000)='FREEZING\x00', 0x9) kernel console output (not intermixed with test programs): 776888.122:2639): avc: denied { read write } for pid=9428 comm="syz.1.1210" name="video0" dev="devtmpfs" ino=878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=0 [ 327.867443][ T9430] netlink: 'syz.1.1210': attribute type 10 has an invalid length. [ 327.870128][ T39] audit: type=1404 audit(1725776888.122:2640): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 327.892012][ T39] audit: type=1400 audit(1725776888.142:2641): avc: denied { read } for pid=4815 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 327.901179][ T39] audit: type=1400 audit(1725776888.142:2642): avc: denied { search } for pid=4815 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 327.909696][ T39] audit: type=1400 audit(1725776888.142:2643): avc: denied { append } for pid=4815 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 330.528867][ T9462] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 331.689943][ T58] hid-generic 0000:0000:0000.0024: unknown main item tag 0x0 [ 331.713180][ T58] hid-generic 0000:0000:0000.0024: hidraw1: HID v0.00 Device [syz0] on syz1 [ 331.815029][ T9481] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 331.818989][ T9481] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 331.825984][ T9481] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 331.983351][ T9484] netlink: 'syz.2.1225': attribute type 4 has an invalid length. [ 332.792261][ T39] kauditd_printk_skb: 81 callbacks suppressed [ 332.792274][ T39] audit: type=1400 audit(1725776893.072:2725): avc: denied { write } for pid=9498 comm="syz.1.1230" name="video7" dev="devtmpfs" ino=897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 333.073139][ T39] audit: type=1400 audit(1725776893.352:2726): avc: denied { read } for pid=9504 comm="syz.1.1231" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 333.085943][ T39] audit: type=1400 audit(1725776893.352:2727): avc: denied { open } for pid=9504 comm="syz.1.1231" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 333.200059][ T39] audit: type=1400 audit(1725776893.482:2728): avc: denied { setopt } for pid=9504 comm="syz.1.1231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 333.261605][ T9506] netlink: 'syz.1.1231': attribute type 10 has an invalid length. [ 333.271797][ T9509] netlink: 'syz.2.1232': attribute type 10 has an invalid length. [ 333.817953][ T9514] netlink: 'syz.0.1233': attribute type 10 has an invalid length. [ 333.825149][ T39] audit: type=1400 audit(1725776894.102:2729): avc: denied { accept } for pid=9512 comm="syz.3.1234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 333.835115][ T39] audit: type=1400 audit(1725776894.102:2730): avc: denied { read } for pid=9512 comm="syz.3.1234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 335.432711][ T9524] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 335.478483][ T9525] netlink: 'syz.1.1237': attribute type 4 has an invalid length. [ 336.842495][ T9547] netlink: 'syz.0.1243': attribute type 10 has an invalid length. [ 337.652055][ T9551] syz0: rxe_newlink: already configured on batadv_slave_0 [ 338.055737][ T9560] netlink: 'syz.3.1246': attribute type 10 has an invalid length. [ 339.792350][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 339.848196][ T57] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 339.853131][ T57] hid-generic 0000:0000:0000.0025: hidraw1: HID v0.00 Device [syz0] on syz1 [ 340.601719][ T39] audit: type=1400 audit(1725776900.882:2731): avc: denied { accept } for pid=9583 comm="syz.3.1254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 340.731377][ T39] audit: type=1400 audit(1725776901.012:2732): avc: denied { create } for pid=9583 comm="syz.3.1254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 340.875941][ T9593] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 341.001028][ T9595] netlink: 'syz.1.1257': attribute type 10 has an invalid length. [ 341.077267][ T9599] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1254'. [ 341.124144][ T9599] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1254'. [ 341.840049][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 343.809986][ T9627] netlink: 'syz.1.1266': attribute type 10 has an invalid length. [ 344.097421][ T9632] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 344.457560][ T9630] cgroup: fork rejected by pids controller in /syz0 [ 344.604464][ T39] audit: type=1400 audit(1725776904.882:2733): avc: denied { write } for pid=9637 comm="syz.2.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 344.640172][ T9681] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1269'. [ 345.357256][ T58] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 345.383163][ T58] hid-generic 0000:0000:0000.0026: hidraw1: HID v0.00 Device [syz0] on syz1 [ 345.405728][ T9748] netlink: 'syz.0.1272': attribute type 4 has an invalid length. [ 346.208804][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 346.698253][ T9761] netlink: 'syz.2.1276': attribute type 4 has an invalid length. [ 347.438880][ T9772] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 348.013070][ T9781] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1282'. [ 348.599738][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 348.651702][ T9786] netlink: 'syz.0.1283': attribute type 10 has an invalid length. [ 348.932513][ T9790] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 350.086264][ T39] audit: type=1400 audit(1725776910.362:2734): avc: denied { bind } for pid=9804 comm="syz.2.1289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 350.095784][ T39] audit: type=1400 audit(1725776910.362:2735): avc: denied { node_bind } for pid=9804 comm="syz.2.1289" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 350.425840][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 350.950052][ T9819] netlink: 'syz.1.1293': attribute type 10 has an invalid length. [ 351.716966][ T9825] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1294'. [ 352.065943][ T57] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0 [ 352.091652][ T57] hid-generic 0000:0000:0000.0027: hidraw1: HID v0.00 Device [syz0] on syz1 [ 352.591873][ T9845] syz0: rxe_newlink: already configured on batadv_slave_0 [ 353.080927][ T9899] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1302'. [ 353.858551][ T9962] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1304'. [ 354.049670][ T9966] netlink: 'syz.1.1305': attribute type 4 has an invalid length. [ 357.286258][ T39] audit: type=1400 audit(1725776917.562:2736): avc: denied { create } for pid=10014 comm="syz.0.1316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 357.324577][ T39] audit: type=1400 audit(1725776917.562:2737): avc: denied { bind } for pid=10014 comm="syz.0.1316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 357.468097][T10018] netlink: 'syz.2.1315': attribute type 4 has an invalid length. [ 358.185489][T10028] netlink: 7962 bytes leftover after parsing attributes in process `syz.3.1319'. [ 358.714692][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 360.231054][ T5356] Bluetooth: Frame is too long (len 18, expected len 4) [ 360.707213][ T39] audit: type=1400 audit(1725776920.982:2738): avc: denied { write } for pid=10056 comm="syz.2.1327" name="001" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 360.966044][T10063] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 361.819810][T10075] netlink: 'syz.2.1332': attribute type 4 has an invalid length. [ 362.332836][T10081] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 362.430574][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 362.446556][T10082] syz0: rxe_newlink: already configured on batadv_slave_0 [ 363.725309][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 364.840826][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 365.790165][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1345'. [ 365.941710][T10124] netlink: 7962 bytes leftover after parsing attributes in process `syz.3.1346'. [ 366.290514][T10130] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1347'. [ 367.122831][T10143] netlink: 'syz.3.1350': attribute type 10 has an invalid length. [ 367.653443][T10150] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 369.001940][T10171] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 369.110815][T10173] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1356'. [ 369.834508][T10175] netlink: 7962 bytes leftover after parsing attributes in process `syz.2.1359'. [ 370.189972][T10188] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 372.109493][T10318] netlink: 7962 bytes leftover after parsing attributes in process `syz.0.1369'. [ 372.343601][T10330] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1370'. [ 374.016435][T10347] netlink: 'syz.1.1378': attribute type 4 has an invalid length. [ 374.820450][T10352] netlink: 7962 bytes leftover after parsing attributes in process `syz.2.1380'. [ 375.819044][T10365] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1382'. [ 377.599161][T10388] netlink: 7962 bytes leftover after parsing attributes in process `syz.2.1390'. [ 378.628398][T10394] netlink: 'syz.1.1392': attribute type 10 has an invalid length. [ 378.935566][T10402] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 378.968758][T10403] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1393'. [ 379.756433][T10409] netlink: 'syz.2.1395': attribute type 10 has an invalid length. [ 380.870922][T10527] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1399'. [ 382.720562][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 382.885111][T10540] cgroup: fork rejected by pids controller in /syz3 [ 383.662905][T10656] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 383.729817][T10657] netlink: 7962 bytes leftover after parsing attributes in process `syz.0.1409'. [ 384.323746][ T1381] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.327786][ T1381] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.704281][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 384.982041][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 385.139992][T10674] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 386.070529][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 386.339313][T10690] netlink: 7962 bytes leftover after parsing attributes in process `syz.0.1418'. [ 386.362774][T10688] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1416'. [ 386.973572][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 387.276275][T10700] netlink: 'syz.3.1422': attribute type 4 has an invalid length. [ 387.458034][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 388.340615][T10709] netlink: 'syz.2.1425': attribute type 4 has an invalid length. [ 389.699355][T10733] netlink: 'syz.1.1431': attribute type 10 has an invalid length. [ 390.100660][T10836] netlink: 'syz.0.1432': attribute type 10 has an invalid length. [ 390.314585][T10847] netlink: 'syz.0.1435': attribute type 4 has an invalid length. [ 391.159440][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 392.392281][T10964] netlink: 7962 bytes leftover after parsing attributes in process `syz.0.1439'. [ 393.615119][T10977] netlink: 'syz.0.1442': attribute type 10 has an invalid length. [ 393.845922][ T5356] Bluetooth: Frame is too long (len 18, expected len 4) [ 394.671637][T10989] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 394.765334][T10990] netlink: 'syz.1.1447': attribute type 4 has an invalid length. [ 395.979558][T11001] netlink: 7962 bytes leftover after parsing attributes in process `syz.2.1450'. [ 396.553098][ T39] audit: type=1400 audit(1725776956.832:2739): avc: denied { create } for pid=11005 comm="syz.0.1453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 396.569500][T11008] FAULT_INJECTION: forcing a failure. [ 396.569500][T11008] name failslab, interval 1, probability 0, space 0, times 1 [ 396.575055][T11008] CPU: 0 UID: 0 PID: 11008 Comm: syz.3.1452 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 396.579618][T11008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 396.584401][T11008] Call Trace: [ 396.585957][T11008] [ 396.587319][T11008] dump_stack_lvl+0x16c/0x1f0 [ 396.589397][T11008] should_fail_ex+0x497/0x5b0 [ 396.591590][T11008] should_failslab+0xc2/0x120 [ 396.593593][T11008] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 396.596014][T11008] ? skb_clone+0x190/0x3f0 [ 396.597933][T11008] skb_clone+0x190/0x3f0 [ 396.599717][T11008] bpf_clone_redirect+0xb2/0x3d0 [ 396.601873][T11008] bpf_prog_c6f54bbad6dab1ee+0x5e/0x63 [ 396.604257][T11008] ? find_held_lock+0x2d/0x110 [ 396.606348][T11008] ? ktime_get+0xd9/0x1a0 [ 396.608247][T11008] ? __pfx_lock_release+0x10/0x10 [ 396.610539][T11008] ? find_held_lock+0x2d/0x110 [ 396.612563][T11008] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 396.614771][T11008] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.616790][T11008] ? read_tsc+0x9/0x20 [ 396.618347][T11008] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 396.620480][T11008] ? __pfx___cant_migrate+0x10/0x10 [ 396.622383][T11008] ? ktime_get+0xfb/0x1a0 [ 396.625221][T11008] bpf_test_run+0x49d/0xa90 [ 396.627530][T11008] ? __pfx_bpf_test_run+0x10/0x10 [ 396.630138][T11008] ? __pfx_csum_partial_ext+0x10/0x10 [ 396.632874][T11008] ? __pfx_csum_block_add_ext+0x10/0x10 [ 396.635361][T11008] ? __asan_memset+0x23/0x50 [ 396.637422][T11008] bpf_prog_test_run_skb+0xb6e/0x20f0 [ 396.639609][ T39] audit: type=1400 audit(1725776956.912:2740): avc: denied { mounton } for pid=11005 comm="syz.0.1453" path="/360/file0" dev="tmpfs" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 396.639701][T11008] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 396.657224][T11008] ? fput+0x32/0x390 [ 396.659034][T11008] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 396.661802][T11008] __sys_bpf+0x10d2/0x4a00 [ 396.663945][T11008] ? ksys_write+0x21c/0x260 [ 396.666064][T11008] ? reacquire_held_locks+0x4b0/0x4c0 [ 396.668428][T11008] ? __pfx___sys_bpf+0x10/0x10 [ 396.670611][T11008] ? vfs_write+0x14d/0x1140 [ 396.673616][T11008] ? __mutex_unlock_slowpath+0x164/0x650 [ 396.676425][T11008] ? fput+0x32/0x390 [ 396.678312][T11008] ? ksys_write+0x1ab/0x260 [ 396.679928][ T39] audit: type=1400 audit(1725776956.952:2741): avc: denied { mount } for pid=11005 comm="syz.0.1453" name="/" dev="9p" ino=39583812 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 396.691491][T11008] ? __pfx_ksys_write+0x10/0x10 [ 396.691525][T11008] __x64_sys_bpf+0x78/0xc0 [ 396.691546][T11008] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.691571][T11008] do_syscall_64+0xcd/0x250 [ 396.691596][T11008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.691614][T11008] RIP: 0033:0x7fc39f97cef9 [ 396.691629][T11008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 396.691652][T11008] RSP: 002b:00007fc39f3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 396.691672][T11008] RAX: ffffffffffffffda RBX: 00007fc39fb35f80 RCX: 00007fc39f97cef9 [ 396.691684][T11008] RDX: 0000000000000050 RSI: 0000000020000380 RDI: 000000000000000a [ 396.691695][T11008] RBP: 00007fc39f3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 396.691706][T11008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 396.691717][T11008] R13: 0000000000000000 R14: 00007fc39fb35f80 R15: 00007ffdfc0c0ba8 [ 396.691744][T11008] [ 396.804326][ T39] audit: type=1400 audit(1725776957.082:2742): avc: denied { write } for pid=11005 comm="syz.0.1453" name="/" dev="9p" ino=39583812 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 396.820065][ T39] audit: type=1400 audit(1725776957.082:2743): avc: denied { add_name } for pid=11005 comm="syz.0.1453" name="cgroup.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 396.831081][ T39] audit: type=1400 audit(1725776957.082:2744): avc: denied { create } for pid=11005 comm="syz.0.1453" name="cgroup.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 396.841433][ T39] audit: type=1400 audit(1725776957.082:2745): avc: denied { associate } for pid=11005 comm="syz.0.1453" name="cgroup.stat" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 396.854148][T11012] netlink: 'syz.2.1454': attribute type 4 has an invalid length. [ 396.883381][ T39] audit: type=1400 audit(1725776957.162:2746): avc: denied { read append open } for pid=11005 comm="syz.0.1453" path="/360/file0/cgroup.stat" dev="9p" ino=39583847 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 397.792232][ T39] audit: type=1400 audit(1725776958.042:2747): avc: denied { unmount } for pid=5343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 398.127065][T11029] netlink: 7962 bytes leftover after parsing attributes in process `syz.1.1458'. [ 398.387730][ T39] audit: type=1400 audit(1725776958.662:2748): avc: denied { write } for pid=11030 comm="syz.3.1461" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 398.428438][T11031] FAULT_INJECTION: forcing a failure. [ 398.428438][T11031] name failslab, interval 1, probability 0, space 0, times 0 [ 398.437122][T11031] CPU: 1 UID: 0 PID: 11031 Comm: syz.3.1461 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 398.441981][T11031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 398.446279][T11031] Call Trace: [ 398.447608][T11031] [ 398.448840][T11031] dump_stack_lvl+0x16c/0x1f0 [ 398.450834][T11031] should_fail_ex+0x497/0x5b0 [ 398.452876][T11031] ? fs_reclaim_acquire+0xae/0x160 [ 398.454767][T11031] should_failslab+0xc2/0x120 [ 398.456399][T11031] __kmalloc_noprof+0xcb/0x400 [ 398.458089][T11031] tomoyo_encode2+0x100/0x3e0 [ 398.459933][T11031] tomoyo_encode+0x29/0x50 [ 398.461621][T11031] tomoyo_realpath_from_path+0x19d/0x720 [ 398.463905][T11031] ? tomoyo_profile+0x47/0x60 [ 398.466101][T11031] tomoyo_path_number_perm+0x245/0x590 [ 398.468740][T11031] ? tomoyo_path_number_perm+0x232/0x590 [ 398.471515][T11031] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 398.474588][T11031] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 398.477296][T11031] ? __fget_files+0x256/0x400 [ 398.479264][T11031] security_file_ioctl+0x75/0xc0 [ 398.481291][T11031] __x64_sys_ioctl+0xbb/0x220 [ 398.483704][T11031] do_syscall_64+0xcd/0x250 [ 398.485442][T11031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.487974][T11031] RIP: 0033:0x7fc39f97cef9 [ 398.489856][T11031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.498798][T11031] RSP: 002b:00007fc39f3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.503056][T11031] RAX: ffffffffffffffda RBX: 00007fc39fb35f80 RCX: 00007fc39f97cef9 [ 398.506543][T11031] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 398.509954][T11031] RBP: 00007fc39f3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 398.513320][T11031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.516806][T11031] R13: 0000000000000000 R14: 00007fc39fb35f80 R15: 00007ffdfc0c0ba8 [ 398.520242][T11031] [ 398.530104][T11031] ERROR: Out of memory at tomoyo_realpath_from_path. [ 399.389164][T11065] netlink: 'syz.1.1465': attribute type 10 has an invalid length. [ 400.323757][T11162] netlink: 7962 bytes leftover after parsing attributes in process `syz.2.1470'. [ 400.365846][T11163] use of bytesused == 0 is deprecated and will be removed in the future, [ 400.425721][T11163] use the actual size instead. [ 400.757832][T11167] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 401.605198][T11282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1472'. [ 402.423998][ T39] audit: type=1400 audit(1725776962.702:2749): avc: denied { mount } for pid=11290 comm="syz.0.1477" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 402.650857][ T39] audit: type=1400 audit(1725776962.772:2750): avc: denied { execmem } for pid=11290 comm="syz.0.1477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 403.441293][T11451] netlink: 7962 bytes leftover after parsing attributes in process `syz.1.1480'. [ 403.712428][ T39] audit: type=1400 audit(1725776963.992:2751): avc: denied { write } for pid=11504 comm="syz.3.1481" name="ip6_flowlabel" dev="proc" ino=4026533196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 403.761675][ T39] audit: type=1400 audit(1725776964.042:2752): avc: denied { unmount } for pid=5343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 403.871584][ T39] audit: type=1400 audit(1725776964.132:2753): avc: denied { ioctl } for pid=11506 comm="syz.0.1482" path="socket:[26370]" dev="sockfs" ino=26370 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 404.750558][ T39] audit: type=1400 audit(1725776965.012:2754): avc: denied { unlink } for pid=11824 comm="syz.1.1488" name="#1" dev="tmpfs" ino=2061 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 404.760269][ T39] audit: type=1400 audit(1725776965.022:2755): avc: denied { mount } for pid=11824 comm="syz.1.1488" name="/" dev="overlay" ino=2055 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 404.779712][ T39] audit: type=1400 audit(1725776965.042:2756): avc: denied { unmount } for pid=5353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 405.275657][ T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 405.283866][T11935] FAULT_INJECTION: forcing a failure. [ 405.283866][T11935] name failslab, interval 1, probability 0, space 0, times 0 [ 405.291913][T11935] CPU: 2 UID: 0 PID: 11935 Comm: syz.3.1492 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 405.296412][T11935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 405.300937][T11935] Call Trace: [ 405.302636][T11935] [ 405.304152][T11935] dump_stack_lvl+0x16c/0x1f0 [ 405.306683][T11935] should_fail_ex+0x497/0x5b0 [ 405.308962][T11935] ? fs_reclaim_acquire+0xae/0x160 [ 405.311459][T11935] should_failslab+0xc2/0x120 [ 405.313713][T11935] kmem_cache_alloc_node_noprof+0x71/0x310 [ 405.316379][T11935] ? __alloc_skb+0x2b1/0x380 [ 405.318511][T11935] __alloc_skb+0x2b1/0x380 [ 405.320727][T11935] ? __pfx___alloc_skb+0x10/0x10 [ 405.323558][T11935] ? genl_rcv_msg+0x4bd/0x800 [ 405.325754][T11935] netlink_ack+0x164/0xb90 [ 405.327903][T11935] netlink_rcv_skb+0x348/0x440 [ 405.330173][T11935] ? __pfx_genl_rcv_msg+0x10/0x10 [ 405.332670][T11935] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 405.342722][T11935] ? down_read+0xc9/0x330 [ 405.344758][T11935] ? __pfx_down_read+0x10/0x10 [ 405.346966][T11935] ? netlink_deliver_tap+0x1ae/0xd90 [ 405.349089][T11935] genl_rcv+0x28/0x40 [ 405.350706][T11935] netlink_unicast+0x53c/0x7f0 [ 405.352622][T11935] ? __pfx_netlink_unicast+0x10/0x10 [ 405.354739][T11935] netlink_sendmsg+0x8b8/0xd70 [ 405.356653][T11935] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.358941][T11935] ? __import_iovec+0x1fd/0x6e0 [ 405.361290][T11935] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 405.364049][T11935] ____sys_sendmsg+0xab5/0xc90 [ 405.366766][T11935] ? copy_msghdr_from_user+0x10b/0x160 [ 405.369321][T11935] ? __pfx_____sys_sendmsg+0x10/0x10 [ 405.371775][T11935] ? find_held_lock+0x2d/0x110 [ 405.374004][T11935] ? __pfx___lock_acquire+0x10/0x10 [ 405.376409][T11935] ___sys_sendmsg+0x135/0x1e0 [ 405.378905][T11935] ? __pfx____sys_sendmsg+0x10/0x10 [ 405.381843][T11935] ? ksys_write+0x21c/0x260 [ 405.384195][T11935] ? __fget_light+0x173/0x210 [ 405.386659][T11935] __sys_sendmsg+0x117/0x1f0 [ 405.389158][T11935] ? __pfx___sys_sendmsg+0x10/0x10 [ 405.391518][T11935] do_syscall_64+0xcd/0x250 [ 405.393585][T11935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.396260][T11935] RIP: 0033:0x7fc39f97cef9 [ 405.398277][T11935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.407006][T11935] RSP: 002b:00007fc39f3ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 405.411166][T11935] RAX: ffffffffffffffda RBX: 00007fc39fb35f80 RCX: 00007fc39f97cef9 [ 405.415017][T11935] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 405.419076][T11935] RBP: 00007fc39f3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 405.422515][T11935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 405.425963][T11935] R13: 0000000000000000 R14: 00007fc39fb35f80 R15: 00007ffdfc0c0ba8 [ 405.430104][T11935] [ 405.474339][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 405.481594][ T8] usb 5-1: config 0 has no interfaces? [ 405.485419][T11937] ebt_among: src integrity fail: 300 [ 405.512367][ T8] usb 5-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8 [ 405.516949][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.521819][ T8] usb 5-1: Product: syz [ 405.524547][ T8] usb 5-1: Manufacturer: syz [ 405.527598][ T8] usb 5-1: SerialNumber: syz [ 405.539281][ T8] usb 5-1: config 0 descriptor?? [ 405.756595][ T8] usb 5-1: USB disconnect, device number 3 [ 405.965569][ T39] audit: type=1400 audit(1725776966.242:2757): avc: denied { connect } for pid=12021 comm="syz.1.1495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 405.977812][ T39] audit: type=1400 audit(1725776966.252:2758): avc: denied { accept } for pid=12021 comm="syz.1.1495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 407.560517][ T39] kauditd_printk_skb: 5 callbacks suppressed [ 407.560532][ T39] audit: type=1400 audit(1725776967.832:2764): avc: denied { setopt } for pid=12466 comm="syz.3.1504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 407.585942][ T39] audit: type=1400 audit(1725776967.862:2765): avc: denied { read } for pid=12466 comm="syz.3.1504" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 407.600682][ T39] audit: type=1400 audit(1725776967.862:2766): avc: denied { open } for pid=12466 comm="syz.3.1504" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 407.641367][ T39] audit: type=1400 audit(1725776967.862:2767): avc: denied { ioctl } for pid=12466 comm="syz.3.1504" path="/dev/nullb0" dev="devtmpfs" ino=693 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 407.734145][ T39] audit: type=1400 audit(1725776967.982:2768): avc: denied { getopt } for pid=12469 comm="syz.2.1505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 407.904221][T12468] team_slave_0: entered promiscuous mode [ 407.907822][T12468] team_slave_1: entered promiscuous mode [ 408.102116][ T39] audit: type=1400 audit(1725776968.372:2769): avc: denied { getopt } for pid=12476 comm="syz.3.1507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 408.346564][T12482] FAULT_INJECTION: forcing a failure. [ 408.346564][T12482] name failslab, interval 1, probability 0, space 0, times 0 [ 408.353190][T12482] CPU: 0 UID: 0 PID: 12482 Comm: syz.0.1508 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 408.358804][T12482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.363779][T12482] Call Trace: [ 408.365394][T12482] [ 408.366967][T12482] dump_stack_lvl+0x16c/0x1f0 [ 408.369422][T12482] should_fail_ex+0x497/0x5b0 [ 408.371469][T12482] ? fs_reclaim_acquire+0xae/0x160 [ 408.373780][T12482] should_failslab+0xc2/0x120 [ 408.375913][T12482] __kmalloc_noprof+0xcb/0x400 [ 408.377979][T12482] ? __pfx_lock_acquire+0x10/0x10 [ 408.380358][T12482] tomoyo_realpath_from_path+0xb9/0x720 [ 408.382787][T12482] ? tomoyo_profile+0x47/0x60 [ 408.384859][T12482] tomoyo_path_number_perm+0x245/0x590 [ 408.387277][T12482] ? tomoyo_path_number_perm+0x232/0x590 [ 408.389368][T12482] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 408.391779][T12482] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 408.394009][T12482] ? __fget_files+0x256/0x400 [ 408.395900][T12482] security_file_ioctl+0x75/0xc0 [ 408.397850][T12482] __x64_sys_ioctl+0xbb/0x220 [ 408.400303][T12482] do_syscall_64+0xcd/0x250 [ 408.403055][T12482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.406092][T12482] RIP: 0033:0x7f07a7d7cef9 [ 408.408372][T12482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.420962][T12482] RSP: 002b:00007f07a8af0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 408.425694][T12482] RAX: ffffffffffffffda RBX: 00007f07a7f35f80 RCX: 00007f07a7d7cef9 [ 408.429791][T12482] RDX: 0000000020000000 RSI: 0000000000004b47 RDI: 0000000000000007 [ 408.435066][T12482] RBP: 00007f07a8af0090 R08: 0000000000000000 R09: 0000000000000000 [ 408.439227][T12482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 408.443915][T12482] R13: 0000000000000000 R14: 00007f07a7f35f80 R15: 00007ffe95f8d3d8 [ 408.449850][T12482] [ 408.457658][T12482] ERROR: Out of memory at tomoyo_realpath_from_path. [ 408.505175][ T39] audit: type=1400 audit(1725776968.782:2770): avc: denied { create } for pid=12486 comm="syz.2.1510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 408.611329][ T39] audit: type=1400 audit(1725776968.892:2771): avc: denied { write } for pid=12486 comm="syz.2.1510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 408.621380][ T39] audit: type=1400 audit(1725776968.892:2772): avc: denied { nlmsg_read } for pid=12486 comm="syz.2.1510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 408.674505][T12592] netlink: 'syz.3.1512': attribute type 4 has an invalid length. [ 408.803739][T12597] FAULT_INJECTION: forcing a failure. [ 408.803739][T12597] name failslab, interval 1, probability 0, space 0, times 0 [ 408.840828][T12597] CPU: 1 UID: 0 PID: 12597 Comm: syz.3.1514 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 408.846092][T12597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.851195][T12597] Call Trace: [ 408.852678][T12597] [ 408.854062][T12597] dump_stack_lvl+0x16c/0x1f0 [ 408.858200][T12597] should_fail_ex+0x497/0x5b0 [ 408.860648][T12597] ? fs_reclaim_acquire+0xae/0x160 [ 408.863009][T12597] should_failslab+0xc2/0x120 [ 408.865080][T12597] __kmalloc_noprof+0xcb/0x400 [ 408.867377][T12597] ? __pfx_lock_acquire+0x10/0x10 [ 408.869908][T12597] tomoyo_realpath_from_path+0xb9/0x720 [ 408.872331][T12597] ? tomoyo_profile+0x47/0x60 [ 408.874451][T12597] tomoyo_path_number_perm+0x245/0x590 [ 408.876849][T12597] ? tomoyo_path_number_perm+0x232/0x590 [ 408.879740][T12597] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 408.882440][T12597] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 408.884781][T12597] ? __fget_files+0x256/0x400 [ 408.886498][T12597] security_file_ioctl+0x75/0xc0 [ 408.888405][T12597] __x64_sys_ioctl+0xbb/0x220 [ 408.890255][T12597] do_syscall_64+0xcd/0x250 [ 408.892028][T12597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.894921][T12597] RIP: 0033:0x7fc39f97cef9 [ 408.897248][T12597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.906401][T12597] RSP: 002b:00007fc39f3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 408.909626][T12597] RAX: ffffffffffffffda RBX: 00007fc39fb35f80 RCX: 00007fc39f97cef9 [ 408.912775][T12597] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000003 [ 408.915947][T12597] RBP: 00007fc39f3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 408.918937][T12597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 408.921925][T12597] R13: 0000000000000000 R14: 00007fc39fb35f80 R15: 00007ffdfc0c0ba8 [ 408.925026][T12597] [ 408.932240][T12597] ERROR: Out of memory at tomoyo_realpath_from_path. [ 409.144543][ T39] audit: type=1400 audit(1725776969.422:2773): avc: denied { write } for pid=12662 comm="syz.2.1518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 409.323097][T12716] netlink: 'syz.2.1522': attribute type 4 has an invalid length. [ 409.495063][T12819] FAULT_INJECTION: forcing a failure. [ 409.495063][T12819] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 409.501716][T12819] CPU: 1 UID: 0 PID: 12819 Comm: syz.2.1524 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 409.506135][T12819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 409.526543][T12819] Call Trace: [ 409.528608][T12819] [ 409.530307][T12819] dump_stack_lvl+0x16c/0x1f0 [ 409.532144][T12819] should_fail_ex+0x497/0x5b0 [ 409.533969][T12819] _copy_from_user+0x30/0xf0 [ 409.535917][T12819] copy_msghdr_from_user+0x99/0x160 [ 409.538091][T12819] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 409.540481][T12819] ? find_held_lock+0x2d/0x110 [ 409.542526][T12819] ? __pfx___lock_acquire+0x10/0x10 [ 409.544706][T12819] ___sys_sendmsg+0xff/0x1e0 [ 409.559602][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 409.562869][T12819] ? __pfx____sys_sendmsg+0x10/0x10 [ 409.562915][T12819] ? ksys_write+0x21c/0x260 [ 409.582636][T12819] ? __fget_light+0x173/0x210 [ 409.585015][T12819] __sys_sendmsg+0x117/0x1f0 [ 409.586900][T12819] ? __pfx___sys_sendmsg+0x10/0x10 [ 409.602972][T12819] do_syscall_64+0xcd/0x250 [ 409.605112][T12819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.607911][T12819] RIP: 0033:0x7f2c6b77cef9 [ 409.609821][T12819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.631426][T12819] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 409.634948][T12819] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 409.638605][T12819] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004 [ 409.642567][T12819] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 409.646575][T12819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.650318][T12819] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 409.654962][T12819] [ 409.776864][T12885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'. [ 409.818328][T12950] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1526'. [ 409.858467][T12950] netlink: 'syz.2.1526': attribute type 10 has an invalid length. [ 409.885073][T12950] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1526'. [ 409.979371][T12950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1526'. [ 410.159331][T13030] FAULT_INJECTION: forcing a failure. [ 410.159331][T13030] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.170838][T13030] CPU: 0 UID: 0 PID: 13030 Comm: syz.2.1528 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 410.176795][T13030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 410.190621][T13030] Call Trace: [ 410.192053][T13030] [ 410.197838][T13030] dump_stack_lvl+0x16c/0x1f0 [ 410.200301][T13030] should_fail_ex+0x497/0x5b0 [ 410.203230][T13030] _copy_from_user+0x30/0xf0 [ 410.205717][T13030] copy_msghdr_from_user+0x99/0x160 [ 410.208321][T13030] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 410.210686][T13030] ? find_held_lock+0x2d/0x110 [ 410.212523][T13030] ? __pfx___lock_acquire+0x10/0x10 [ 410.214603][T13030] ___sys_sendmsg+0xff/0x1e0 [ 410.216572][T13030] ? __pfx____sys_sendmsg+0x10/0x10 [ 410.218961][T13030] ? ksys_write+0x21c/0x260 [ 410.221009][T13030] ? __fget_light+0x173/0x210 [ 410.223025][T13030] __sys_sendmsg+0x117/0x1f0 [ 410.225039][T13030] ? __pfx___sys_sendmsg+0x10/0x10 [ 410.227332][T13030] do_syscall_64+0xcd/0x250 [ 410.229386][T13030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.232049][T13030] RIP: 0033:0x7f2c6b77cef9 [ 410.234118][T13030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.243229][T13030] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 410.249693][T13030] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 410.254905][T13030] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 410.258491][T13030] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 410.262041][T13030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.272634][T13030] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 410.276481][T13030] [ 411.768747][T13345] netfs: Couldn't get user pages (rc=-14) [ 411.828386][T13345] random: crng reseeded on system resumption [ 412.444955][T13345] Restarting kernel threads ... done. [ 412.886625][T13561] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1538'. [ 413.259191][T13563] FAULT_INJECTION: forcing a failure. [ 413.259191][T13563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 413.280285][T13563] CPU: 3 UID: 0 PID: 13563 Comm: syz.1.1539 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 413.287019][T13563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.293353][T13563] Call Trace: [ 413.295069][T13563] [ 413.296565][T13563] dump_stack_lvl+0x16c/0x1f0 [ 413.299107][T13563] should_fail_ex+0x497/0x5b0 [ 413.301975][T13563] _copy_from_user+0x30/0xf0 [ 413.304826][T13563] __sys_bpf+0x21c/0x4a00 [ 413.307537][T13563] ? ksys_write+0x21c/0x260 [ 413.310356][T13563] ? reacquire_held_locks+0x4b0/0x4c0 [ 413.313658][T13563] ? __pfx___sys_bpf+0x10/0x10 [ 413.316632][T13563] ? vfs_write+0x14d/0x1140 [ 413.319436][T13563] ? __mutex_unlock_slowpath+0x164/0x650 [ 413.322880][T13563] ? fput+0x32/0x390 [ 413.325222][T13563] ? ksys_write+0x1ab/0x260 [ 413.327936][T13563] ? __pfx_ksys_write+0x10/0x10 [ 413.331106][T13563] __x64_sys_bpf+0x78/0xc0 [ 413.333880][T13563] ? lockdep_hardirqs_on+0x7c/0x110 [ 413.337119][T13563] do_syscall_64+0xcd/0x250 [ 413.339980][T13563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.343643][T13563] RIP: 0033:0x7fbd36f7cef9 [ 413.346467][T13563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.356334][T13563] RSP: 002b:00007fbd37db7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 413.360130][T13563] RAX: ffffffffffffffda RBX: 00007fbd37135f80 RCX: 00007fbd36f7cef9 [ 413.364023][T13563] RDX: 0000000000000010 RSI: 0000000020000980 RDI: 0000000000000011 [ 413.368731][T13563] RBP: 00007fbd37db7090 R08: 0000000000000000 R09: 0000000000000000 [ 413.373462][T13563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 413.377814][T13563] R13: 0000000000000000 R14: 00007fbd37135f80 R15: 00007ffdff618bf8 [ 413.382795][T13563] [ 413.432391][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 413.432402][ T39] audit: type=1400 audit(1725776973.702:2783): avc: denied { write } for pid=4815 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 413.475572][ T39] audit: type=1400 audit(1725776973.722:2784): avc: denied { remove_name } for pid=4815 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 413.501709][ T39] audit: type=1400 audit(1725776973.722:2785): avc: denied { rename } for pid=4815 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 413.518016][ T39] audit: type=1400 audit(1725776973.722:2786): avc: denied { add_name } for pid=4815 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 413.529091][ T39] audit: type=1400 audit(1725776973.722:2787): avc: denied { unlink } for pid=4815 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 413.539427][ T39] audit: type=1400 audit(1725776973.732:2788): avc: denied { create } for pid=4815 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 413.561384][ T39] audit: type=1400 audit(1725776973.762:2789): avc: denied { execute } for pid=13564 comm="syz.1.1540" path="/378/blkio.bfq.group_wait_time" dev="tmpfs" ino=2117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 413.687489][T13673] syz0: rxe_newlink: already configured on batadv_slave_0 [ 414.101279][T13780] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1543'. [ 414.395410][T13981] FAULT_INJECTION: forcing a failure. [ 414.395410][T13981] name failslab, interval 1, probability 0, space 0, times 0 [ 414.430466][T13981] CPU: 3 UID: 0 PID: 13981 Comm: syz.3.1547 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 414.442281][T13981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 414.465963][T13981] Call Trace: [ 414.467498][T13981] [ 414.468907][T13981] dump_stack_lvl+0x16c/0x1f0 [ 414.471174][T13981] should_fail_ex+0x497/0x5b0 [ 414.473190][T13981] ? fs_reclaim_acquire+0xae/0x160 [ 414.475420][T13981] should_failslab+0xc2/0x120 [ 414.477397][T13981] __kmalloc_noprof+0xcb/0x400 [ 414.479569][T13981] ? __pfx_lock_acquire+0x10/0x10 [ 414.481820][T13981] tomoyo_realpath_from_path+0xb9/0x720 [ 414.484297][T13981] ? tomoyo_profile+0x47/0x60 [ 414.502463][T13981] tomoyo_path_number_perm+0x245/0x590 [ 414.504776][T13981] ? tomoyo_path_number_perm+0x232/0x590 [ 414.507272][T13981] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 414.510003][T13981] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 414.512820][T13981] ? __fget_files+0x256/0x400 [ 414.526188][T13981] security_file_ioctl+0x75/0xc0 [ 414.528402][T13981] __x64_sys_ioctl+0xbb/0x220 [ 414.539661][T13981] do_syscall_64+0xcd/0x250 [ 414.541729][T13981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.544484][T13981] RIP: 0033:0x7fc39f97cef9 [ 414.546767][T13981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.557849][T13981] RSP: 002b:00007fc39f3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 414.563315][T13981] RAX: ffffffffffffffda RBX: 00007fc39fb35f80 RCX: 00007fc39f97cef9 [ 414.569381][T13981] RDX: 0000000020000480 RSI: 00000000000089f2 RDI: 0000000000000003 [ 414.572761][T13981] RBP: 00007fc39f3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 414.576705][T13981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 414.580148][T13981] R13: 0000000000000000 R14: 00007fc39fb35f80 R15: 00007ffdfc0c0ba8 [ 414.583675][T13981] [ 414.597597][T13981] ERROR: Out of memory at tomoyo_realpath_from_path. [ 414.642672][ T39] audit: type=1400 audit(1725776974.922:2790): avc: denied { sys_module } for pid=13976 comm="syz.3.1547" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 415.286464][ T39] audit: type=1400 audit(1725776975.562:2791): avc: denied { write } for pid=14276 comm="syz.2.1552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 415.302376][ T39] audit: type=1400 audit(1725776975.572:2792): avc: denied { bind } for pid=14302 comm="syz.0.1554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 416.076452][T14614] FAULT_INJECTION: forcing a failure. [ 416.076452][T14614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.083145][T14614] CPU: 2 UID: 0 PID: 14614 Comm: syz.0.1559 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 416.087951][T14614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 416.094320][T14614] Call Trace: [ 416.095951][T14614] [ 416.097279][T14614] dump_stack_lvl+0x16c/0x1f0 [ 416.099426][T14614] should_fail_ex+0x497/0x5b0 [ 416.101533][T14614] _copy_from_user+0x30/0xf0 [ 416.103599][T14614] __sys_bpf+0x21c/0x4a00 [ 416.105509][T14614] ? ksys_write+0x21c/0x260 [ 416.107544][T14614] ? reacquire_held_locks+0x4b0/0x4c0 [ 416.109923][T14614] ? __pfx___sys_bpf+0x10/0x10 [ 416.112077][T14614] ? vfs_write+0x14d/0x1140 [ 416.114105][T14614] ? __mutex_unlock_slowpath+0x164/0x650 [ 416.116478][T14614] ? fput+0x32/0x390 [ 416.118289][T14614] ? ksys_write+0x1ab/0x260 [ 416.120295][T14614] ? __pfx_ksys_write+0x10/0x10 [ 416.122286][T14614] __x64_sys_bpf+0x78/0xc0 [ 416.123969][T14614] ? lockdep_hardirqs_on+0x7c/0x110 [ 416.125987][T14614] do_syscall_64+0xcd/0x250 [ 416.127923][T14614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.130281][T14614] RIP: 0033:0x7f07a7d7cef9 [ 416.132043][T14614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.139874][T14614] RSP: 002b:00007f07a8af0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 416.143112][T14614] RAX: ffffffffffffffda RBX: 00007f07a7f35f80 RCX: 00007f07a7d7cef9 [ 416.146390][T14614] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a [ 416.149254][T14614] RBP: 00007f07a8af0090 R08: 0000000000000000 R09: 0000000000000000 [ 416.151937][T14614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.155320][T14614] R13: 0000000000000000 R14: 00007f07a7f35f80 R15: 00007ffe95f8d3d8 [ 416.158438][T14614] [ 416.297451][T14674] overlayfs: failed to resolve './file1': -2 [ 416.632210][T14826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1563'. [ 417.232715][T14940] FAULT_INJECTION: forcing a failure. [ 417.232715][T14940] name failslab, interval 1, probability 0, space 0, times 0 [ 417.239403][T14940] CPU: 0 UID: 0 PID: 14940 Comm: syz.1.1569 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 417.244220][T14940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 417.249100][T14940] Call Trace: [ 417.250720][T14940] [ 417.252061][T14940] dump_stack_lvl+0x16c/0x1f0 [ 417.254135][T14940] should_fail_ex+0x497/0x5b0 [ 417.256193][T14940] ? fs_reclaim_acquire+0xae/0x160 [ 417.258434][T14940] should_failslab+0xc2/0x120 [ 417.260644][T14940] __kmalloc_noprof+0xcb/0x400 [ 417.262672][T14940] ? __pfx_lock_acquire+0x10/0x10 [ 417.264760][T14940] tomoyo_realpath_from_path+0xb9/0x720 [ 417.267223][T14940] ? tomoyo_profile+0x47/0x60 [ 417.269589][T14940] tomoyo_path_number_perm+0x245/0x590 [ 417.272125][T14940] ? tomoyo_path_number_perm+0x232/0x590 [ 417.274645][T14940] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 417.277395][T14940] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 417.279958][T14940] ? __fget_files+0x256/0x400 [ 417.281982][T14940] security_file_ioctl+0x75/0xc0 [ 417.284026][T14940] __x64_sys_ioctl+0xbb/0x220 [ 417.286241][T14940] do_syscall_64+0xcd/0x250 [ 417.288216][T14940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.291519][T14940] RIP: 0033:0x7fbd36f7cef9 [ 417.293530][T14940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.301440][T14940] RSP: 002b:00007fbd37db7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 417.304852][T14940] RAX: ffffffffffffffda RBX: 00007fbd37135f80 RCX: 00007fbd36f7cef9 [ 417.308187][T14940] RDX: 0000000020000080 RSI: 00000000c008561c RDI: 0000000000000003 [ 417.311563][T14940] RBP: 00007fbd37db7090 R08: 0000000000000000 R09: 0000000000000000 [ 417.315039][T14940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.318242][T14940] R13: 0000000000000000 R14: 00007fbd37135f80 R15: 00007ffdff618bf8 [ 417.321327][T14940] [ 417.330102][T14940] ERROR: Out of memory at tomoyo_realpath_from_path. [ 417.333985][T14940] vivid-007: disconnect [ 417.337723][T14939] vivid-007: reconnect [ 418.095150][T15260] netlink: 'syz.0.1576': attribute type 4 has an invalid length. [ 418.440268][T15365] FAULT_INJECTION: forcing a failure. [ 418.440268][T15365] name failslab, interval 1, probability 0, space 0, times 0 [ 418.447493][T15365] CPU: 3 UID: 0 PID: 15365 Comm: syz.2.1579 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 418.452748][T15365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 418.461076][T15365] Call Trace: [ 418.463964][T15365] [ 418.466080][T15365] dump_stack_lvl+0x16c/0x1f0 [ 418.468758][T15365] should_fail_ex+0x497/0x5b0 [ 418.471656][T15365] ? fs_reclaim_acquire+0xae/0x160 [ 418.474541][T15365] should_failslab+0xc2/0x120 [ 418.477004][T15365] __kmalloc_noprof+0xcb/0x400 [ 418.479486][T15365] ? __pfx_lock_acquire+0x10/0x10 [ 418.481814][T15365] tomoyo_realpath_from_path+0xb9/0x720 [ 418.485561][T15365] ? tomoyo_profile+0x47/0x60 [ 418.488292][T15365] tomoyo_path_number_perm+0x245/0x590 [ 418.493286][T15365] ? tomoyo_path_number_perm+0x232/0x590 [ 418.495884][T15365] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 418.499105][T15365] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 418.502322][T15365] ? __fget_files+0x256/0x400 [ 418.504795][T15365] security_file_ioctl+0x75/0xc0 [ 418.507527][T15365] __x64_sys_ioctl+0xbb/0x220 [ 418.509963][T15365] do_syscall_64+0xcd/0x250 [ 418.512794][T15365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.516522][T15365] RIP: 0033:0x7f2c6b77cef9 [ 418.519322][T15365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.532629][T15365] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.537049][T15365] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 418.540801][T15365] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000005 [ 418.545301][T15365] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 418.549648][T15365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.554142][T15365] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 418.558548][T15365] [ 418.611187][T15365] ERROR: Out of memory at tomoyo_realpath_from_path. [ 418.740447][T15372] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.746496][T15372] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.775306][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 418.775320][ T39] audit: type=1400 audit(1725776979.052:2810): avc: denied { bind } for pid=15371 comm="syz.2.1581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 418.793639][ T39] audit: type=1400 audit(1725776979.052:2811): avc: denied { name_bind } for pid=15371 comm="syz.2.1581" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 418.807110][ T39] audit: type=1400 audit(1725776979.052:2812): avc: denied { node_bind } for pid=15371 comm="syz.2.1581" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 418.817551][ T39] audit: type=1400 audit(1725776979.052:2813): avc: denied { name_connect } for pid=15371 comm="syz.2.1581" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 418.854915][T15473] FAULT_INJECTION: forcing a failure. [ 418.854915][T15473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.855364][T15476] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1581'. [ 418.876503][T15473] CPU: 3 UID: 0 PID: 15473 Comm: syz.1.1582 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 418.876530][T15473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 418.876540][T15473] Call Trace: [ 418.876546][T15473] [ 418.876553][T15473] dump_stack_lvl+0x16c/0x1f0 [ 418.876578][T15473] should_fail_ex+0x497/0x5b0 [ 418.876602][T15473] _copy_from_user+0x30/0xf0 [ 418.876622][T15473] copy_msghdr_from_user+0x99/0x160 [ 418.876646][T15473] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 418.876675][T15473] ? __pfx___lock_acquire+0x10/0x10 [ 418.876704][T15473] ___sys_sendmsg+0xff/0x1e0 [ 418.876728][T15473] ? __pfx____sys_sendmsg+0x10/0x10 [ 418.876760][T15473] ? __pfx_lock_release+0x10/0x10 [ 418.876780][T15473] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 418.876812][T15473] ? __fget_light+0x173/0x210 [ 418.876834][T15473] __sys_sendmmsg+0x1a1/0x450 [ 418.876855][T15473] ? __pfx___sys_sendmmsg+0x10/0x10 [ 418.876874][T15473] ? vfs_write+0x14d/0x1140 [ 418.876896][T15473] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 418.876923][T15473] ? fput+0x32/0x390 [ 418.876941][T15473] ? ksys_write+0x1ab/0x260 [ 418.876955][T15473] ? __pfx_ksys_write+0x10/0x10 [ 418.876972][T15473] __x64_sys_sendmmsg+0x9c/0x100 [ 418.876992][T15473] ? lockdep_hardirqs_on+0x7c/0x110 [ 418.877010][T15473] do_syscall_64+0xcd/0x250 [ 418.877030][T15473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.877045][T15473] RIP: 0033:0x7fbd36f7cef9 [ 418.877059][T15473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.877072][T15473] RSP: 002b:00007fbd37db7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 418.877087][T15473] RAX: ffffffffffffffda RBX: 00007fbd37135f80 RCX: 00007fbd36f7cef9 [ 418.877097][T15473] RDX: 00000000040002a4 RSI: 00000000200017c0 RDI: 0000000000000003 [ 418.877105][T15473] RBP: 00007fbd37db7090 R08: 0000000000000000 R09: 0000000000000000 [ 418.877114][T15473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.877122][T15473] R13: 0000000000000000 R14: 00007fbd37135f80 R15: 00007ffdff618bf8 [ 418.877140][T15473] [ 419.142149][ T5455] IPVS: starting estimator thread 0... [ 419.259388][T15631] IPVS: using max 20 ests per chain, 48000 per kthread [ 419.292070][T15750] netlink: 'syz.1.1588': attribute type 4 has an invalid length. [ 419.706628][T16008] x_tables: unsorted underflow at hook 3 [ 419.715276][T16006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1594'. [ 419.787097][T16006] FAULT_INJECTION: forcing a failure. [ 419.787097][T16006] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.793363][T16006] CPU: 0 UID: 0 PID: 16006 Comm: syz.1.1594 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 419.797696][T16006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 419.801993][T16006] Call Trace: [ 419.803374][T16006] [ 419.804624][T16006] dump_stack_lvl+0x16c/0x1f0 [ 419.807085][T16006] should_fail_ex+0x497/0x5b0 [ 419.809306][T16006] _copy_from_user+0x30/0xf0 [ 419.811984][T16006] move_addr_to_kernel+0x68/0x160 [ 419.814073][T16006] __sys_connect+0xbd/0x170 [ 419.815991][T16006] ? __pfx___sys_connect+0x10/0x10 [ 419.819278][T16006] ? __pfx_ksys_write+0x10/0x10 [ 419.823126][T16006] __x64_sys_connect+0x72/0xb0 [ 419.826829][T16006] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.829256][T16006] do_syscall_64+0xcd/0x250 [ 419.831438][T16006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.834553][T16006] RIP: 0033:0x7fbd36f7cef9 [ 419.837344][T16006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.855135][T16006] RSP: 002b:00007fbd37db7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 419.860521][T16006] RAX: ffffffffffffffda RBX: 00007fbd37135f80 RCX: 00007fbd36f7cef9 [ 419.864964][T16006] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000009 [ 419.868421][T16006] RBP: 00007fbd37db7090 R08: 0000000000000000 R09: 0000000000000000 [ 419.872158][T16006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.876075][T16006] R13: 0000000000000000 R14: 00007fbd37135f80 R15: 00007ffdff618bf8 [ 419.879962][T16006] [ 419.958823][T16013] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 420.282200][T16164] futex_wake_op: syz.1.1598 tries to shift op by -1; fix this program [ 420.662108][ T39] audit: type=1400 audit(1725776980.942:2814): avc: denied { read } for pid=16426 comm="syz.3.1603" path="socket:[29940]" dev="sockfs" ino=29940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 420.890118][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 421.299641][T16591] FAULT_INJECTION: forcing a failure. [ 421.299641][T16591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.311369][T16591] CPU: 0 UID: 0 PID: 16591 Comm: syz.1.1608 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 421.315724][T16591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.320098][T16591] Call Trace: [ 421.321511][T16591] [ 421.323629][T16591] dump_stack_lvl+0x16c/0x1f0 [ 421.325615][T16591] should_fail_ex+0x497/0x5b0 [ 421.330013][T16591] _copy_to_user+0x30/0xc0 [ 421.332319][T16591] simple_read_from_buffer+0xd0/0x160 [ 421.334556][T16591] proc_fail_nth_read+0x19e/0x280 [ 421.336699][T16591] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 421.339239][T16591] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 421.341577][T16591] vfs_read+0x1d4/0xbd0 [ 421.344698][T16591] ? __fdget_pos+0xeb/0x180 [ 421.347404][T16591] ? __pfx_vfs_read+0x10/0x10 [ 421.350230][T16591] ? __pfx___mutex_lock+0x10/0x10 [ 421.353229][T16591] ? __fget_files+0x256/0x400 [ 421.355517][T16591] ksys_read+0x12f/0x260 [ 421.357384][T16591] ? __pfx_ksys_read+0x10/0x10 [ 421.359474][T16591] do_syscall_64+0xcd/0x250 [ 421.361472][T16591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.363949][T16591] RIP: 0033:0x7fbd36f7b93c [ 421.365652][T16591] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 421.373738][T16591] RSP: 002b:00007fbd37d96030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 421.377175][T16591] RAX: ffffffffffffffda RBX: 00007fbd37136058 RCX: 00007fbd36f7b93c [ 421.380541][T16591] RDX: 000000000000000f RSI: 00007fbd37d960a0 RDI: 0000000000000006 [ 421.385567][T16591] RBP: 00007fbd37d96090 R08: 0000000000000000 R09: 0000000000000000 [ 421.389461][T16591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.394129][T16591] R13: 0000000000000000 R14: 00007fbd37136058 R15: 00007ffdff618bf8 [ 421.397478][T16591] [ 421.399429][ T39] audit: type=1400 audit(1725776981.672:2815): avc: denied { create } for pid=16476 comm="syz.2.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 421.414588][ T39] audit: type=1400 audit(1725776981.672:2816): avc: denied { write } for pid=16476 comm="syz.2.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 421.430659][T16592] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 421.466739][ T39] audit: type=1400 audit(1725776981.742:2817): avc: denied { create } for pid=16476 comm="syz.2.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 421.824154][T16804] netlink: 'syz.1.1611': attribute type 10 has an invalid length. [ 421.924700][T16805] netlink: 'syz.0.1612': attribute type 4 has an invalid length. [ 422.446211][T17142] FAULT_INJECTION: forcing a failure. [ 422.446211][T17142] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.454110][T17142] CPU: 3 UID: 0 PID: 17142 Comm: syz.2.1616 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 422.467242][T17142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 422.472135][T17142] Call Trace: [ 422.473685][T17142] [ 422.474915][T17142] dump_stack_lvl+0x16c/0x1f0 [ 422.476839][T17142] should_fail_ex+0x497/0x5b0 [ 422.486682][T17142] _copy_to_user+0x30/0xc0 [ 422.489409][T17142] simple_read_from_buffer+0xd0/0x160 [ 422.492003][T17142] proc_fail_nth_read+0x19e/0x280 [ 422.494698][T17142] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 422.497933][T17142] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 422.500518][T17142] vfs_read+0x1d4/0xbd0 [ 422.502444][T17142] ? __fdget_pos+0xeb/0x180 [ 422.504833][T17142] ? __pfx_vfs_read+0x10/0x10 [ 422.507281][T17142] ? __pfx___mutex_lock+0x10/0x10 [ 422.509663][T17142] ? __fget_files+0x256/0x400 [ 422.511878][T17142] ksys_read+0x12f/0x260 [ 422.513898][T17142] ? __pfx_ksys_read+0x10/0x10 [ 422.516143][T17142] do_syscall_64+0xcd/0x250 [ 422.518300][T17142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.521041][T17142] RIP: 0033:0x7f2c6b77b93c [ 422.523239][T17142] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 422.531775][T17142] RSP: 002b:00007f2c6c4e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 422.535058][T17142] RAX: ffffffffffffffda RBX: 00007f2c6b936058 RCX: 00007f2c6b77b93c [ 422.538352][T17142] RDX: 000000000000000f RSI: 00007f2c6c4e40a0 RDI: 0000000000000005 [ 422.541883][T17142] RBP: 00007f2c6c4e4090 R08: 0000000000000000 R09: 0000000000000000 [ 422.545411][T17142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.548956][T17142] R13: 0000000000000000 R14: 00007f2c6b936058 R15: 00007ffe161bd828 [ 422.552684][T17142] [ 422.554710][ C3] vkms_vblank_simulate: vblank timer overrun [ 422.789891][ C3] vkms_vblank_simulate: vblank timer overrun [ 422.917893][ C3] vkms_vblank_simulate: vblank timer overrun [ 423.005275][T17339] FAULT_INJECTION: forcing a failure. [ 423.005275][T17339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.010957][T17339] CPU: 3 UID: 0 PID: 17339 Comm: syz.2.1619 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 423.028452][T17339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 423.032603][T17339] Call Trace: [ 423.033881][T17339] [ 423.034673][T17339] dump_stack_lvl+0x16c/0x1f0 [ 423.035947][T17339] should_fail_ex+0x497/0x5b0 [ 423.037653][T17339] _copy_to_user+0x30/0xc0 [ 423.039504][T17339] simple_read_from_buffer+0xd0/0x160 [ 423.041819][T17339] proc_fail_nth_read+0x19e/0x280 [ 423.044142][T17339] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 423.046333][T17339] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 423.048807][T17339] vfs_read+0x1d4/0xbd0 [ 423.051072][T17339] ? __fdget_pos+0xeb/0x180 [ 423.053188][T17339] ? __pfx_vfs_read+0x10/0x10 [ 423.055258][T17339] ? __pfx___mutex_lock+0x10/0x10 [ 423.057295][T17339] ? __fget_files+0x256/0x400 [ 423.059166][T17339] ksys_read+0x12f/0x260 [ 423.060844][T17339] ? __pfx_ksys_read+0x10/0x10 [ 423.063131][T17339] do_syscall_64+0xcd/0x250 [ 423.065419][T17339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.067855][T17339] RIP: 0033:0x7f2c6b77b93c [ 423.069653][T17339] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 423.077872][T17339] RSP: 002b:00007f2c6c4e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 423.081692][T17339] RAX: ffffffffffffffda RBX: 00007f2c6b936058 RCX: 00007f2c6b77b93c [ 423.085038][T17339] RDX: 000000000000000f RSI: 00007f2c6c4e40a0 RDI: 0000000000000009 [ 423.088996][T17339] RBP: 00007f2c6c4e4090 R08: 0000000000000000 R09: 0000000000000000 [ 423.092144][T17339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.095146][T17339] R13: 0000000000000000 R14: 00007f2c6b936058 R15: 00007ffe161bd828 [ 423.098223][T17339] [ 423.099485][ C3] vkms_vblank_simulate: vblank timer overrun [ 423.169949][ C3] vkms_vblank_simulate: vblank timer overrun [ 423.462281][T17383] netlink: 'syz.2.1622': attribute type 4 has an invalid length. [ 423.575843][ T39] audit: type=1400 audit(1725776983.852:2818): avc: denied { mounton } for pid=17445 comm="syz.2.1624" path="/391/file1" dev="tmpfs" ino=2184 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 423.661077][T17484] FAULT_INJECTION: forcing a failure. [ 423.661077][T17484] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 423.680451][T17484] CPU: 2 UID: 0 PID: 17484 Comm: syz.2.1625 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 423.685422][T17484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 423.690709][T17484] Call Trace: [ 423.692365][T17484] [ 423.693671][T17484] dump_stack_lvl+0x16c/0x1f0 [ 423.695875][T17484] should_fail_ex+0x497/0x5b0 [ 423.698120][T17484] ? fs_reclaim_acquire+0xae/0x160 [ 423.700503][T17484] should_fail_alloc_page+0xe7/0x130 [ 423.703098][T17484] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 423.706118][T17484] ? __pfx_mark_lock+0x10/0x10 [ 423.708652][T17484] __alloc_pages_noprof+0x194/0x2460 [ 423.711360][T17484] ? hlock_class+0x4e/0x130 [ 423.713597][T17484] ? hlock_class+0x4e/0x130 [ 423.716023][T17484] ? __lock_acquire+0xbdd/0x3cb0 [ 423.718707][T17484] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 423.721732][T17484] ? __pfx___lock_acquire+0x10/0x10 [ 423.724583][T17484] ? __pfx_mark_lock+0x10/0x10 [ 423.727411][T17484] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 423.730061][T17484] ? policy_nodemask+0xea/0x4e0 [ 423.732288][T17484] alloc_pages_mpol_noprof+0x275/0x610 [ 423.735045][T17484] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 423.737999][T17484] folio_alloc_mpol_noprof+0x36/0xd0 [ 423.740350][T17484] vma_alloc_folio_noprof+0xee/0x1b0 [ 423.742631][T17484] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 423.745627][T17484] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 423.748100][T17484] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 423.751037][T17484] __handle_mm_fault+0x2de3/0x5660 [ 423.753863][T17484] ? down_read_trylock+0x1ed/0x3f0 [ 423.756443][T17484] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 423.758991][T17484] ? __pfx___handle_mm_fault+0x10/0x10 [ 423.762100][T17484] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 423.765462][T17484] handle_mm_fault+0x498/0xa60 [ 423.768047][T17484] ? __pkru_allows_pkey+0x21/0xb0 [ 423.771143][T17484] do_user_addr_fault+0x60d/0x13f0 [ 423.774315][T17484] exc_page_fault+0x5c/0xc0 [ 423.777082][T17484] asm_exc_page_fault+0x26/0x30 [ 423.779844][T17484] RIP: 0033:0x7f2c6b72a21b [ 423.782205][T17484] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01 [ 423.791690][T17484] RSP: 002b:00007f2c6c502e10 EFLAGS: 00010246 [ 423.794111][T17484] RAX: 00007f2c6c504f30 RBX: 00007f2c6b8ff620 RCX: 0000000000000000 [ 423.796769][T17484] RDX: 00007f2c6c504f78 RSI: 00007f2c6b7db900 RDI: 00007f2c6c502e30 [ 423.799643][T17484] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 423.802700][T17484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.805829][T17484] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 423.809332][T17484] [ 423.812456][T17484] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 423.936506][ T39] audit: type=1400 audit(1725776984.202:2819): avc: denied { setcurrent } for pid=17574 comm="syz.2.1627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 423.949637][T17576] process 'syz.2.1627' launched './file0' with NULL argv: empty string added [ 424.148165][ T39] audit: type=1400 audit(1725776984.232:2820): avc: denied { execute_no_trans } for pid=17574 comm="syz.2.1627" path="/393/file0" dev="tmpfs" ino=2195 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 425.550594][ T5455] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 425.752365][ T5455] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.758600][ T5455] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.774987][ T5455] usb 8-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 425.779322][ T5455] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.799178][ T5455] usb 8-1: config 0 descriptor?? [ 425.898713][ T39] audit: type=1400 audit(1725776986.172:2821): avc: denied { write } for pid=18104 comm="syz.1.1633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 426.587982][ T5455] usbhid 8-1:0.0: can't add hid device: -71 [ 426.593379][ T5455] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 426.601796][ T5455] usb 8-1: USB disconnect, device number 5 [ 426.690287][T18218] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 427.593671][T18523] 9pnet_fd: Insufficient options for proto=fd [ 427.620397][ T39] audit: type=1400 audit(1725776987.892:2822): avc: denied { create } for pid=18520 comm="syz.0.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 427.629237][ T39] audit: type=1400 audit(1725776987.892:2823): avc: denied { write } for pid=18520 comm="syz.0.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 427.699095][ T39] audit: type=1400 audit(1725776987.972:2824): avc: denied { mount } for pid=18520 comm="syz.0.1640" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 428.836748][T18733] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1645'. [ 429.143108][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 429.662952][T18839] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 430.534152][ T5616] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 430.723469][ T5616] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 430.727699][ T5616] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.734667][ T5616] usb 6-1: config 0 descriptor?? [ 430.944546][T18844] FAULT_INJECTION: forcing a failure. [ 430.944546][T18844] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 430.950915][T18844] CPU: 3 UID: 0 PID: 18844 Comm: syz.1.1647 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 430.955077][T18844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 430.959079][T18844] Call Trace: [ 430.960459][T18844] [ 430.961502][T18844] dump_stack_lvl+0x16c/0x1f0 [ 430.964274][T18844] should_fail_ex+0x497/0x5b0 [ 430.966281][T18844] _copy_to_user+0x30/0xc0 [ 430.968172][T18844] simple_read_from_buffer+0xd0/0x160 [ 430.970410][T18844] proc_fail_nth_read+0x19e/0x280 [ 430.972525][T18844] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 430.974923][T18844] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 430.977471][T18844] vfs_read+0x1d4/0xbd0 [ 430.979461][T18844] ? __fdget_pos+0xeb/0x180 [ 430.981298][T18844] ? __pfx_vfs_read+0x10/0x10 [ 430.983288][T18844] ? __pfx___mutex_lock+0x10/0x10 [ 430.985279][T18844] ? __fget_files+0x256/0x400 [ 430.987073][T18844] ksys_read+0x12f/0x260 [ 430.988676][T18844] ? __pfx_ksys_read+0x10/0x10 [ 430.990667][T18844] do_syscall_64+0xcd/0x250 [ 430.993284][T18844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.996624][T18844] RIP: 0033:0x7fbd36f7b93c [ 430.998803][T18844] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 431.006589][T18844] RSP: 002b:00007fbd37d75030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 431.010065][T18844] RAX: ffffffffffffffda RBX: 00007fbd37136130 RCX: 00007fbd36f7b93c [ 431.013269][T18844] RDX: 000000000000000f RSI: 00007fbd37d750a0 RDI: 0000000000000005 [ 431.017339][T18844] RBP: 00007fbd37d75090 R08: 0000000000000000 R09: 0000000000000000 [ 431.021357][T18844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.025202][T18844] R13: 0000000000000000 R14: 00007fbd37136130 R15: 00007ffdff618bf8 [ 431.029484][T18844] [ 431.045339][ T5616] ath6kl: Failed to submit usb control message: -71 [ 431.048400][ T5616] ath6kl: unable to send the bmi data to the device: -71 [ 431.051722][ T5616] ath6kl: Unable to send get target info: -71 [ 431.076644][ T5616] ath6kl: Failed to init ath6kl core: -71 [ 431.082443][ T5616] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 431.089017][ T5616] usb 6-1: USB disconnect, device number 5 [ 431.361432][ T39] audit: type=1400 audit(1725776991.622:2825): avc: denied { mount } for pid=18848 comm="syz.1.1649" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 431.382111][ T39] audit: type=1400 audit(1725776991.662:2826): avc: denied { unmount } for pid=18848 comm="syz.1.1649" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 432.173738][ T39] audit: type=1400 audit(1725776992.452:2827): avc: denied { mounton } for pid=18961 comm="syz.0.1653" path="/proc/4988/task" dev="proc" ino=30348 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 432.242614][ T39] audit: type=1400 audit(1725776992.522:2828): avc: denied { read } for pid=18959 comm="syz.1.1652" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 432.271138][ T39] audit: type=1400 audit(1725776992.522:2829): avc: denied { open } for pid=18959 comm="syz.1.1652" path="/403/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 432.279231][ T39] audit: type=1400 audit(1725776992.532:2830): avc: denied { ioctl } for pid=18959 comm="syz.1.1652" path="/403/file0/file0" dev="fuse" ino=0 ioctlcmd=0x70cc scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 432.352368][ T39] audit: type=1400 audit(1725776992.632:2831): avc: denied { mounton } for pid=18959 comm="syz.1.1652" path="/403/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 432.476701][ T39] audit: type=1400 audit(1725776992.752:2832): avc: denied { read write } for pid=19032 comm="syz.2.1654" name="sg0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 432.488616][ T39] audit: type=1400 audit(1725776992.752:2833): avc: denied { open } for pid=19032 comm="syz.2.1654" path="/dev/sg0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 432.601499][ T39] audit: type=1400 audit(1725776992.882:2834): avc: denied { write } for pid=19068 comm="syz.2.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 432.679893][T19071] FAULT_INJECTION: forcing a failure. [ 432.679893][T19071] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 432.701868][T19071] CPU: 3 UID: 0 PID: 19071 Comm: syz.2.1656 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 432.706848][T19071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 432.714845][T19071] Call Trace: [ 432.716774][T19071] [ 432.718399][T19071] dump_stack_lvl+0x16c/0x1f0 [ 432.720428][T19071] should_fail_ex+0x497/0x5b0 [ 432.722303][T19071] _copy_from_iter+0x2a1/0x1150 [ 432.724193][T19071] ? __pfx__copy_from_iter+0x10/0x10 [ 432.726544][T19071] vhost_chr_write_iter+0xc5/0x1070 [ 432.729406][T19071] ? inode_security+0x101/0x130 [ 432.731718][T19071] ? __pfx_vhost_chr_write_iter+0x10/0x10 [ 432.735101][T19071] ? avc_policy_seqno+0x9/0x20 [ 432.737329][T19071] ? bpf_lsm_file_permission+0x9/0x10 [ 432.739877][T19071] ? security_file_permission+0x98/0xc0 [ 432.742358][T19071] vfs_write+0x6b6/0x1140 [ 432.744172][T19071] ? __pfx_vhost_net_chr_write_iter+0x10/0x10 [ 432.746437][T19071] ? __pfx_vfs_write+0x10/0x10 [ 432.748603][T19071] ? __fget_files+0x256/0x400 [ 432.750919][T19071] ? __fget_light+0x173/0x210 [ 432.753043][T19071] ksys_write+0x12f/0x260 [ 432.754837][T19071] ? __pfx_ksys_write+0x10/0x10 [ 432.756890][T19071] do_syscall_64+0xcd/0x250 [ 432.758843][T19071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.761695][T19071] RIP: 0033:0x7f2c6b77cef9 [ 432.764262][T19071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.772469][T19071] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 432.776179][T19071] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 432.779653][T19071] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000008 [ 432.783202][T19071] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 432.786711][T19071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.789856][T19071] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 432.799412][T19071] [ 433.454468][T19147] netlink: 'syz.1.1660': attribute type 10 has an invalid length. [ 433.455841][T19168] FAULT_INJECTION: forcing a failure. [ 433.455841][T19168] name failslab, interval 1, probability 0, space 0, times 0 [ 433.471293][T19168] CPU: 2 UID: 0 PID: 19168 Comm: syz.0.1661 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 433.478082][T19168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 433.483273][T19168] Call Trace: [ 433.485526][T19168] [ 433.486878][T19168] dump_stack_lvl+0x16c/0x1f0 [ 433.488996][T19168] should_fail_ex+0x497/0x5b0 [ 433.498486][T19168] ? fs_reclaim_acquire+0xae/0x160 [ 433.501142][T19168] should_failslab+0xc2/0x120 [ 433.503444][T19168] __kmalloc_noprof+0xcb/0x400 [ 433.506557][T19168] ? __pfx_lock_acquire+0x10/0x10 [ 433.509524][T19168] tomoyo_realpath_from_path+0xb9/0x720 [ 433.513073][T19168] ? tomoyo_profile+0x47/0x60 [ 433.516010][T19168] tomoyo_path_number_perm+0x245/0x590 [ 433.522906][T19168] ? tomoyo_path_number_perm+0x232/0x590 [ 433.525254][T19168] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 433.527783][T19168] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 433.530319][T19168] ? __fget_files+0x256/0x400 [ 433.532138][T19168] security_file_ioctl+0x75/0xc0 [ 433.533912][T19168] __x64_sys_ioctl+0xbb/0x220 [ 433.535524][T19168] do_syscall_64+0xcd/0x250 [ 433.537187][T19168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.559736][T19168] RIP: 0033:0x7f07a7d7cef9 [ 433.561582][T19168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.569662][T19168] RSP: 002b:00007f07a8af0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.580236][T19168] RAX: ffffffffffffffda RBX: 00007f07a7f35f80 RCX: 00007f07a7d7cef9 [ 433.585689][T19168] RDX: 0000000020000100 RSI: 000000004030ae7b RDI: 0000000000000004 [ 433.589081][T19168] RBP: 00007f07a8af0090 R08: 0000000000000000 R09: 0000000000000000 [ 433.592852][T19168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.596349][T19168] R13: 0000000000000000 R14: 00007f07a7f35f80 R15: 00007ffe95f8d3d8 [ 433.599743][T19168] [ 433.606406][T19168] ERROR: Out of memory at tomoyo_realpath_from_path. [ 434.404774][T19498] vivid-007: disconnect [ 434.407084][T19497] vivid-007: reconnect [ 435.541257][T19918] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1672'. [ 435.750762][T20083] netlink: 'syz.2.1674': attribute type 4 has an invalid length. [ 436.192795][T20329] rdma_rxe: rxe_newlink: failed to add batadv_slave_0 [ 436.859253][ T5356] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 437.509618][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 437.509660][ T39] audit: type=1400 audit(1725776997.782:2838): avc: denied { bind } for pid=20644 comm="syz.0.1683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 437.547009][T20647] FAULT_INJECTION: forcing a failure. [ 437.547009][T20647] name failslab, interval 1, probability 0, space 0, times 0 [ 437.554518][T20647] CPU: 3 UID: 0 PID: 20647 Comm: syz.3.1682 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 437.560097][T20647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 437.566729][T20647] Call Trace: [ 437.568076][T20647] [ 437.569304][T20647] dump_stack_lvl+0x16c/0x1f0 [ 437.571312][T20647] should_fail_ex+0x497/0x5b0 [ 437.573258][T20647] ? fs_reclaim_acquire+0xae/0x160 [ 437.575347][T20647] should_failslab+0xc2/0x120 [ 437.576917][T20647] __kmalloc_noprof+0xcb/0x400 [ 437.578629][T20647] ? __pfx_lock_acquire+0x10/0x10 [ 437.580713][T20647] tomoyo_realpath_from_path+0xb9/0x720 [ 437.583439][T20647] ? tomoyo_profile+0x47/0x60 [ 437.585697][T20647] tomoyo_path_number_perm+0x245/0x590 [ 437.587967][T20647] ? tomoyo_path_number_perm+0x232/0x590 [ 437.591654][T20647] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 437.595761][T20647] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 437.598985][T20647] ? __fget_files+0x256/0x400 [ 437.600924][T20647] security_file_ioctl+0x75/0xc0 [ 437.602980][T20647] __x64_sys_ioctl+0xbb/0x220 [ 437.604918][T20647] do_syscall_64+0xcd/0x250 [ 437.606822][T20647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.609350][T20647] RIP: 0033:0x7fc39f97cef9 [ 437.611273][T20647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.619435][T20647] RSP: 002b:00007fc39f3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 437.622835][T20647] RAX: ffffffffffffffda RBX: 00007fc39fb35f80 RCX: 00007fc39f97cef9 [ 437.626047][T20647] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 437.629361][T20647] RBP: 00007fc39f3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 437.632840][T20647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 437.636252][T20647] R13: 0000000000000000 R14: 00007fc39fb35f80 R15: 00007ffdfc0c0ba8 [ 437.639660][T20647] [ 437.642852][T20647] ERROR: Out of memory at tomoyo_realpath_from_path. [ 439.036538][ T39] audit: type=1400 audit(1725776999.312:2839): avc: denied { create } for pid=21065 comm="syz.0.1691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 439.044588][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 439.259421][T21066] block nbd0: shutting down sockets [ 440.841141][T21285] FAULT_INJECTION: forcing a failure. [ 440.841141][T21285] name failslab, interval 1, probability 0, space 0, times 0 [ 440.849588][T21285] CPU: 3 UID: 0 PID: 21285 Comm: syz.2.1697 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 440.855650][T21285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 440.861202][T21285] Call Trace: [ 440.862880][T21285] [ 440.864342][T21285] dump_stack_lvl+0x16c/0x1f0 [ 440.866941][T21285] should_fail_ex+0x497/0x5b0 [ 440.869929][T21285] ? fs_reclaim_acquire+0xae/0x160 [ 440.872678][T21285] should_failslab+0xc2/0x120 [ 440.875067][T21285] kmem_cache_alloc_node_noprof+0x71/0x310 [ 440.878076][T21285] ? __alloc_skb+0x2b1/0x380 [ 440.880352][T21285] __alloc_skb+0x2b1/0x380 [ 440.882789][T21285] ? __pfx___alloc_skb+0x10/0x10 [ 440.885035][T21285] ? genl_rcv_msg+0x4bd/0x800 [ 440.887551][T21285] netlink_ack+0x164/0xb90 [ 440.889763][T21285] netlink_rcv_skb+0x348/0x440 [ 440.891860][T21285] ? __pfx_genl_rcv_msg+0x10/0x10 [ 440.894229][T21285] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 440.896474][T21285] ? down_read+0xc9/0x330 [ 440.899154][T21285] ? __pfx_down_read+0x10/0x10 [ 440.901265][T21285] ? rcu_is_watching+0x12/0xc0 [ 440.903320][T21285] genl_rcv+0x28/0x40 [ 440.905349][T21285] netlink_unicast+0x53c/0x7f0 [ 440.907482][T21285] ? __pfx_netlink_unicast+0x10/0x10 [ 440.909844][T21285] netlink_sendmsg+0x8b8/0xd70 [ 440.911990][T21285] ? __pfx_netlink_sendmsg+0x10/0x10 [ 440.915409][T21285] ? __import_iovec+0x1fd/0x6e0 [ 440.917720][T21285] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 440.919979][T21285] ____sys_sendmsg+0xab5/0xc90 [ 440.922297][T21285] ? copy_msghdr_from_user+0x10b/0x160 [ 440.925141][T21285] ? __pfx_____sys_sendmsg+0x10/0x10 [ 440.927958][T21285] ? find_held_lock+0x2d/0x110 [ 440.930324][T21285] ? __pfx___lock_acquire+0x10/0x10 [ 440.932952][T21285] ___sys_sendmsg+0x135/0x1e0 [ 440.934983][T21285] ? __pfx____sys_sendmsg+0x10/0x10 [ 440.937238][T21285] ? ksys_write+0x21c/0x260 [ 440.939278][T21285] ? __fget_light+0x173/0x210 [ 440.941062][T21285] __sys_sendmsg+0x117/0x1f0 [ 440.942806][T21285] ? __pfx___sys_sendmsg+0x10/0x10 [ 440.944833][T21285] do_syscall_64+0xcd/0x250 [ 440.946790][T21285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.950063][T21285] RIP: 0033:0x7f2c6b77cef9 [ 440.952374][T21285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.960503][T21285] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 440.964009][T21285] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 440.967560][T21285] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 440.971487][T21285] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 440.975517][T21285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 440.979774][T21285] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 440.984102][T21285] [ 441.333453][T21288] netlink: 'syz.2.1698': attribute type 4 has an invalid length. [ 441.729565][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 442.697768][T21295] FAULT_INJECTION: forcing a failure. [ 442.697768][T21295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.715743][T21295] CPU: 2 UID: 0 PID: 21295 Comm: syz.2.1701 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 442.719932][T21295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 442.723976][T21295] Call Trace: [ 442.725248][T21295] [ 442.726450][T21295] dump_stack_lvl+0x16c/0x1f0 [ 442.728365][T21295] should_fail_ex+0x497/0x5b0 [ 442.730154][T21295] _copy_to_user+0x30/0xc0 [ 442.731837][T21295] simple_read_from_buffer+0xd0/0x160 [ 442.733898][T21295] proc_fail_nth_read+0x19e/0x280 [ 442.735587][T21295] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 442.737744][T21295] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 442.740058][T21295] vfs_read+0x1d4/0xbd0 [ 442.741666][T21295] ? __fdget_pos+0xeb/0x180 [ 442.743367][T21295] ? __pfx_vfs_read+0x10/0x10 [ 442.745144][T21295] ? __pfx___mutex_lock+0x10/0x10 [ 442.747049][T21295] ? __fget_files+0x256/0x400 [ 442.749019][T21295] ksys_read+0x12f/0x260 [ 442.750833][T21295] ? __pfx_ksys_read+0x10/0x10 [ 442.752683][T21295] do_syscall_64+0xcd/0x250 [ 442.754449][T21295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.756635][T21295] RIP: 0033:0x7f2c6b77b93c [ 442.758492][T21295] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 442.765852][T21295] RSP: 002b:00007f2c6c505030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 442.769104][T21295] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77b93c [ 442.772146][T21295] RDX: 000000000000000f RSI: 00007f2c6c5050a0 RDI: 0000000000000004 [ 442.775054][T21295] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 442.778009][T21295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.780646][T21295] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 442.784087][T21295] [ 443.205994][ T5356] Bluetooth: hci0: unexpected event 0x13 length: 0 < 1 [ 445.211737][ T39] audit: type=1400 audit(1725777005.492:2840): avc: denied { read write } for pid=21314 comm="syz.2.1707" name="uinput" dev="devtmpfs" ino=866 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 445.231681][ T39] audit: type=1400 audit(1725777005.512:2841): avc: denied { open } for pid=21314 comm="syz.2.1707" path="/dev/uinput" dev="devtmpfs" ino=866 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 445.257098][ T39] audit: type=1400 audit(1725777005.532:2842): avc: denied { create } for pid=21314 comm="syz.2.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 445.324498][ T39] audit: type=1400 audit(1725777005.602:2843): avc: denied { ioctl } for pid=21314 comm="syz.2.1707" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 445.330815][T21315] input: syz0 as /devices/virtual/input/input5 [ 445.379199][ T39] audit: type=1400 audit(1725777005.642:2844): avc: denied { read } for pid=4818 comm="acpid" name="event4" dev="devtmpfs" ino=2545 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 445.407990][ C2] vkms_vblank_simulate: vblank timer overrun [ 445.416729][ T39] audit: type=1400 audit(1725777005.642:2845): avc: denied { open } for pid=4818 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2545 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 445.438508][ T39] audit: type=1400 audit(1725777005.642:2846): avc: denied { ioctl } for pid=4818 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2545 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 445.543892][ T39] audit: type=1400 audit(1725777005.812:2847): avc: denied { mounton } for pid=21314 comm="syz.2.1707" path="/414/bus/bus" dev="ramfs" ino=33426 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 445.559022][T21315] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 445.566182][T21315] overlayfs: failed to set xattr on upper [ 445.568765][T21315] overlayfs: ...falling back to redirect_dir=nofollow. [ 445.572680][T21315] overlayfs: ...falling back to index=off. [ 445.578374][T21315] overlayfs: ...falling back to uuid=null. [ 446.107588][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 446.450272][ T1381] ieee802154 phy0 wpan0: encryption failed: -22 [ 446.481666][ T1381] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.050235][ T39] audit: type=1326 audit(1725777007.322:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21325 comm="syz.2.1711" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c6b77cef9 code=0x0 [ 447.185048][T21329] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1711'. [ 447.209013][ T39] audit: type=1400 audit(1725777007.482:2849): avc: denied { map } for pid=21327 comm="syz.1.1712" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 447.915563][ T5356] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 449.191278][ T5352] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 449.217885][ T5352] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 449.236440][ T5352] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 449.442443][ T5352] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 449.447024][ T5352] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 449.450997][ T5352] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 450.049412][T21343] input: syz0 as /devices/virtual/input/input6 [ 451.521557][ T5356] Bluetooth: hci4: command tx timeout [ 452.194502][ T5352] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 452.210519][ T5352] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 452.216326][ T5352] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 452.226371][ T5352] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 452.231505][ T5352] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 452.236370][ T5352] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 452.562895][T21336] chnl_net:caif_netlink_parms(): no params data found [ 453.600433][ T5356] Bluetooth: hci4: command tx timeout [ 453.780558][T21336] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.783730][T21336] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.786948][T21336] bridge_slave_0: entered allmulticast mode [ 453.808311][T21336] bridge_slave_0: entered promiscuous mode [ 453.813940][T21336] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.831776][T21336] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.835093][T21336] bridge_slave_1: entered allmulticast mode [ 453.839130][T21336] bridge_slave_1: entered promiscuous mode [ 453.931240][T21336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.936849][T21336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.048239][T21336] team0: Port device team_slave_0 added [ 454.057927][T21336] team0: Port device team_slave_1 added [ 454.320625][ T5356] Bluetooth: hci5: command tx timeout [ 454.604101][T21336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.607941][T21336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.640494][T21336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.656699][T21336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.660070][T21336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.691016][T21336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.823093][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 454.823107][ T39] audit: type=1400 audit(1725777015.102:2856): avc: denied { bind } for pid=21369 comm="syz.1.1722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 454.928901][T21352] chnl_net:caif_netlink_parms(): no params data found [ 455.224381][T21377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1724'. [ 455.246895][T21336] hsr_slave_0: entered promiscuous mode [ 455.269140][T21336] hsr_slave_1: entered promiscuous mode [ 455.273510][T21336] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 455.278091][T21336] Cannot create hsr debugfs directory [ 455.282545][T21379] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1724'. [ 455.320419][ T5356] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 455.525490][ T39] audit: type=1400 audit(1725777015.802:2857): avc: denied { setopt } for pid=21382 comm="syz.2.1725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 455.680782][ T5356] Bluetooth: hci4: command tx timeout [ 456.402273][ T5356] Bluetooth: hci5: command tx timeout [ 456.408316][T21352] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.411621][T21352] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.414294][T21352] bridge_slave_0: entered allmulticast mode [ 456.426879][T21352] bridge_slave_0: entered promiscuous mode [ 456.523953][T21352] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.528483][T21352] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.533050][T21352] bridge_slave_1: entered allmulticast mode [ 456.538046][T21352] bridge_slave_1: entered promiscuous mode [ 456.847684][ T39] audit: type=1400 audit(1725777017.122:2858): avc: denied { read } for pid=21395 comm="syz.1.1726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 456.918510][ T39] audit: type=1400 audit(1725777017.152:2859): avc: denied { write } for pid=21395 comm="syz.1.1726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 457.003791][T21336] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.032060][T21352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 457.039702][T21352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.430046][T21336] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.568351][T21352] team0: Port device team_slave_0 added [ 457.601805][T21352] team0: Port device team_slave_1 added [ 457.771086][ T5356] Bluetooth: hci4: command tx timeout [ 458.490541][ T5356] Bluetooth: hci5: command tx timeout [ 459.023763][T21336] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.102585][T21352] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 459.105648][T21352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.157647][T21352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 459.177300][T21352] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 459.217022][T21352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.250667][T21352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.267013][ T39] audit: type=1400 audit(1725777019.542:2860): avc: denied { append } for pid=21409 comm="syz.1.1730" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 459.293048][T21336] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.389305][T21412] xt_ipcomp: unknown flags B [ 459.482283][T21352] hsr_slave_0: entered promiscuous mode [ 459.497987][T21352] hsr_slave_1: entered promiscuous mode [ 459.503278][T21352] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 459.510183][T21352] Cannot create hsr debugfs directory [ 459.950268][T21418] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1732'. [ 460.266867][T21336] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 460.316682][T21336] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 460.564648][ T5356] Bluetooth: hci5: command tx timeout [ 460.634439][T21352] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.666062][T21421] FAULT_INJECTION: forcing a failure. [ 460.666062][T21421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 460.674347][T21421] CPU: 3 UID: 0 PID: 21421 Comm: syz.2.1734 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 460.679053][T21421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 460.684210][T21421] Call Trace: [ 460.685703][T21421] [ 460.687773][T21421] dump_stack_lvl+0x16c/0x1f0 [ 460.690059][T21421] should_fail_ex+0x497/0x5b0 [ 460.692538][T21421] _copy_from_iter+0x2a1/0x1150 [ 460.696292][T21421] ? __alloc_skb+0x1fe/0x380 [ 460.699336][T21421] ? __pfx__copy_from_iter+0x10/0x10 [ 460.702289][T21421] ? __virt_addr_valid+0x5e/0x590 [ 460.705187][T21421] ? __phys_addr_symbol+0x30/0x80 [ 460.707503][T21421] ? __check_object_size+0x497/0x720 [ 460.709853][T21421] netlink_sendmsg+0x813/0xd70 [ 460.711992][T21421] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.714339][T21421] ? __import_iovec+0x1fd/0x6e0 [ 460.716608][T21421] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 460.718972][T21421] ____sys_sendmsg+0xab5/0xc90 [ 460.721491][T21421] ? copy_msghdr_from_user+0x10b/0x160 [ 460.725582][T21421] ? __pfx_____sys_sendmsg+0x10/0x10 [ 460.727865][T21421] ? find_held_lock+0x2d/0x110 [ 460.729959][T21421] ? __pfx___lock_acquire+0x10/0x10 [ 460.732275][T21421] ___sys_sendmsg+0x135/0x1e0 [ 460.734382][T21421] ? __pfx____sys_sendmsg+0x10/0x10 [ 460.736750][T21421] ? ksys_write+0x21c/0x260 [ 460.739313][T21421] ? __fget_light+0x173/0x210 [ 460.741775][T21421] __sys_sendmsg+0x117/0x1f0 [ 460.744931][T21421] ? __pfx___sys_sendmsg+0x10/0x10 [ 460.747461][T21421] do_syscall_64+0xcd/0x250 [ 460.749540][T21421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.752676][T21421] RIP: 0033:0x7f2c6b77cef9 [ 460.755466][T21421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.772638][T21421] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 460.778346][T21421] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 460.783676][T21421] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 460.787417][T21421] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 460.791723][T21421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.795253][T21421] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 460.799337][T21421] [ 460.803551][T21336] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 460.812154][T21336] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 460.935953][T21352] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.164012][T21336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.210863][ T39] audit: type=1400 audit(1725777021.482:2861): avc: denied { create } for pid=21419 comm="syz.1.1733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 461.223290][T21352] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.260738][T21336] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.337085][T21352] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.387186][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.390598][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.430864][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.433985][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.770942][T21352] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 461.792719][T21352] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 461.824887][T21352] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 461.858176][T21352] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 462.045428][T21352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.082906][T21352] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.091917][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.095246][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.154607][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.157914][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.286449][T21336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.476453][T21336] veth0_vlan: entered promiscuous mode [ 462.533781][T21336] veth1_vlan: entered promiscuous mode [ 462.625948][T21336] veth0_macvtap: entered promiscuous mode [ 462.692153][T21336] veth1_macvtap: entered promiscuous mode [ 462.807925][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.818814][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.829393][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.844580][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.881484][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.886000][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.957463][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.962606][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.968781][T21336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 463.006021][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.023951][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.030548][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.035052][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.066565][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.072077][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.076389][T21336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.082474][T21336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.088881][T21336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 463.123615][T21336] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.138466][T21336] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.143075][T21336] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.147985][T21336] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.310862][T21352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.499476][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.514885][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.525544][T21352] veth0_vlan: entered promiscuous mode [ 463.601203][T21352] veth1_vlan: entered promiscuous mode [ 463.621080][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.625735][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.648317][ T39] audit: type=1400 audit(1725777023.922:2862): avc: denied { mounton } for pid=21336 comm="syz-executor" path="/syzkaller.yOo2Qm/syz-tmp" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 463.674710][T21352] veth0_macvtap: entered promiscuous mode [ 463.684701][ T39] audit: type=1400 audit(1725777023.962:2863): avc: denied { mounton } for pid=21336 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 463.702046][T21352] veth1_macvtap: entered promiscuous mode [ 463.795614][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.826420][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.859858][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.901203][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.904953][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.945173][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.950630][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.956615][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.968387][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.973865][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.984025][T21352] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.007552][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.024199][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.039213][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.053018][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.062054][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.067319][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.076537][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.081377][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.086542][T21352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.099190][T21352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.105881][T21352] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.116522][ T39] audit: type=1400 audit(1725777024.392:2864): avc: denied { bind } for pid=21443 comm="syz.2.1737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 464.137518][T21352] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.150279][T21352] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.179088][T21352] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.183517][T21352] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.399955][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.429700][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.537428][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.560828][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.293850][T21458] netlink: 'syz.0.1716': attribute type 10 has an invalid length. [ 465.298234][T21458] ipvlan1: entered promiscuous mode [ 465.326362][T21458] batman_adv: batadv0: Adding interface: ipvlan1 [ 465.329278][T21458] batman_adv: batadv0: The MTU of interface ipvlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 465.341221][T21458] batman_adv: batadv0: Not using interface ipvlan1 (retrying later): interface not active [ 465.530832][ T39] audit: type=1400 audit(1725777025.792:2865): avc: denied { block_suspend } for pid=21460 comm="syz.2.1739" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 469.615732][ T39] audit: type=1400 audit(1725777029.842:2866): avc: denied { bind } for pid=21484 comm="syz.1.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 469.652786][ T39] audit: type=1400 audit(1725777029.872:2867): avc: denied { setopt } for pid=21484 comm="syz.1.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 470.254274][T21495] syz.0.1747 (21495): drop_caches: 2 [ 470.272641][T21495] syz.0.1747 (21495): drop_caches: 2 [ 470.964796][T21504] ======================================================= [ 470.964796][T21504] WARNING: The mand mount option has been deprecated and [ 470.964796][T21504] and is ignored by this kernel. Remove the mand [ 470.964796][T21504] option from the mount to silence this warning. [ 470.964796][T21504] ======================================================= [ 471.059630][T21505] FAULT_INJECTION: forcing a failure. [ 471.059630][T21505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 471.069612][T21505] CPU: 2 UID: 0 PID: 21505 Comm: syz.2.1749 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 471.073672][T21505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 471.078272][T21505] Call Trace: [ 471.080278][T21505] [ 471.081895][T21505] dump_stack_lvl+0x16c/0x1f0 [ 471.084062][T21505] should_fail_ex+0x497/0x5b0 [ 471.086198][T21505] _copy_to_user+0x30/0xc0 [ 471.088455][T21505] bpf_test_finish.isra.0+0x5b6/0x6b0 [ 471.091760][T21505] ? __pfx___static_call_update+0x10/0x10 [ 471.094254][T21505] ? __pfx_bpf_test_finish.isra.0+0x10/0x10 [ 471.097443][T21505] ? 0xffffffffa00045c0 [ 471.099256][T21505] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 471.101808][T21505] bpf_prog_test_run_xdp+0xa1f/0x1530 [ 471.104171][T21505] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 471.106727][T21505] ? fput+0x32/0x390 [ 471.108280][T21505] ? __bpf_prog_get+0xa0/0x2f0 [ 471.110223][T21505] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 471.112718][T21505] __sys_bpf+0x10d2/0x4a00 [ 471.114732][T21505] ? ksys_write+0x21c/0x260 [ 471.116748][T21505] ? reacquire_held_locks+0x4b0/0x4c0 [ 471.119844][T21505] ? __pfx___sys_bpf+0x10/0x10 [ 471.122416][T21505] ? vfs_write+0x14d/0x1140 [ 471.124443][T21505] ? __mutex_unlock_slowpath+0x164/0x650 [ 471.127598][T21505] ? fput+0x32/0x390 [ 471.129766][T21505] ? ksys_write+0x1ab/0x260 [ 471.132267][T21505] ? __pfx_ksys_write+0x10/0x10 [ 471.134754][T21505] __x64_sys_bpf+0x78/0xc0 [ 471.136707][T21505] ? lockdep_hardirqs_on+0x7c/0x110 [ 471.139086][T21505] do_syscall_64+0xcd/0x250 [ 471.141082][T21505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.143813][T21505] RIP: 0033:0x7f2c6b77cef9 [ 471.145802][T21505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.154782][T21505] RSP: 002b:00007f2c6c505038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 471.158245][T21505] RAX: ffffffffffffffda RBX: 00007f2c6b935f80 RCX: 00007f2c6b77cef9 [ 471.161664][T21505] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 471.165329][T21505] RBP: 00007f2c6c505090 R08: 0000000000000000 R09: 0000000000000000 [ 471.169153][T21505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.172666][T21505] R13: 0000000000000000 R14: 00007f2c6b935f80 R15: 00007ffe161bd828 [ 471.179407][T21505] [ 471.390477][T21512] input: syz1 as /devices/virtual/input/input7 [ 477.178731][ T39] audit: type=1400 audit(1725777037.452:2868): avc: denied { append } for pid=21514 comm="syz.0.1753" name="nvme-fabrics" dev="devtmpfs" ino=700 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 477.302143][ T39] audit: type=1400 audit(1725777037.582:2869): avc: denied { getopt } for pid=21517 comm="syz.1.1756" lport=48 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 477.385372][T21521] FAULT_INJECTION: forcing a failure. [ 477.385372][T21521] name failslab, interval 1, probability 0, space 0, times 0 [ 477.392842][T21521] CPU: 3 UID: 0 PID: 21521 Comm: syz.2.1755 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 477.397468][T21521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 477.401966][T21521] Call Trace: [ 477.403380][T21521] [ 477.404621][T21521] dump_stack_lvl+0x16c/0x1f0 [ 477.406550][T21521] should_fail_ex+0x497/0x5b0 [ 477.408230][T21521] ? fs_reclaim_acquire+0xae/0x160 [ 477.410159][T21521] should_failslab+0xc2/0x120 [ 477.412043][T21521] __kmalloc_cache_noprof+0x6b/0x300 [ 477.414563][T21521] ? seq_create_client1+0x4d/0x5c0 [ 477.416881][T21521] ? __pfx_snd_seq_open+0x10/0x10 [ 477.418960][T21521] seq_create_client1+0x4d/0x5c0 [ 477.420720][T21521] ? __pfx_snd_seq_open+0x10/0x10 [ 477.422988][T21521] snd_seq_open+0x59/0x550 [ 477.425068][T21521] ? __pfx_snd_seq_open+0x10/0x10 [ 477.427432][T21521] snd_open+0x23a/0x4d0 [ 477.429334][T21521] ? __pfx_snd_open+0x10/0x10 [ 477.431485][T21521] chrdev_open+0x26d/0x6f0 [ 477.433524][T21521] ? __pfx_chrdev_open+0x10/0x10 [ 477.435814][T21521] ? security_file_open+0x9d/0x8b0 [ 477.438234][T21521] do_dentry_open+0x91f/0x15f0 [ 477.440310][T21521] ? __pfx_chrdev_open+0x10/0x10 [ 477.442425][T21521] ? inode_permission+0xdd/0x5f0 [ 477.444569][T21521] vfs_open+0x82/0x3f0 [ 477.446397][T21521] ? may_open+0x1f2/0x400 [ 477.448339][T21521] path_openat+0x2141/0x2d20 [ 477.450395][T21521] ? __pfx_path_openat+0x10/0x10 [ 477.452625][T21521] ? __pfx___lock_acquire+0x10/0x10 [ 477.455016][T21521] ? find_held_lock+0x2d/0x110 [ 477.457177][T21521] do_filp_open+0x1dc/0x430 [ 477.459653][T21521] ? __pfx_do_filp_open+0x10/0x10 [ 477.462054][T21521] ? find_held_lock+0x2d/0x110 [ 477.464448][T21521] ? _raw_spin_unlock+0x28/0x50 [ 477.466893][T21521] ? alloc_fd+0x2d7/0x6c0 [ 477.468881][T21521] do_sys_openat2+0x17a/0x1e0 [ 477.471097][T21521] ? __pfx_do_sys_openat2+0x10/0x10 [ 477.473567][T21521] __x64_sys_openat+0x175/0x210 [ 477.475820][T21521] ? __pfx___x64_sys_openat+0x10/0x10 [ 477.478195][T21521] ? ksys_write+0x1ab/0x260 [ 477.480270][T21521] do_syscall_64+0xcd/0x250 [ 477.482436][T21521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.485096][T21521] RIP: 0033:0x7f2c6b77cef9 [ 477.487134][T21521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.495148][T21521] RSP: 002b:00007f2c6c4e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 477.498767][T21521] RAX: ffffffffffffffda RBX: 00007f2c6b936058 RCX: 00007f2c6b77cef9 [ 477.502274][T21521] RDX: 00000000000a8c01 RSI: 00000000200018c0 RDI: ffffffffffffff9c [ 477.505772][T21521] RBP: 00007f2c6c4e4090 R08: 0000000000000000 R09: 0000000000000000 [ 477.509292][T21521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.512821][T21521] R13: 0000000000000000 R14: 00007f2c6b936058 R15: 00007ffe161bd828 [ 477.516374][T21521] [ 477.874035][ T58] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 477.883719][ C2] raw-gadget.0 gadget.1: ignoring, device is not running [ 477.984718][ T39] audit: type=1400 audit(1725777037.922:2870): avc: denied { getopt } for pid=21514 comm="syz.0.1753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 478.114366][ T58] usb 6-1: device descriptor read/64, error -32 [ 478.450578][ T58] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 478.670938][ T58] usb 6-1: Using ep0 maxpacket: 32 [ 478.717403][ T58] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 478.734041][ T58] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 478.779062][ T58] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 478.784635][ T58] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 478.789942][ T58] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 478.800921][ T58] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 478.808697][ T58] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 478.816090][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.831027][ T58] usb 6-1: config 0 descriptor?? [ 479.251179][ T58] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 479.292266][ T58] usb 6-1: USB disconnect, device number 7 [ 479.317654][ T58] usblp0: removed [ 479.519680][ T5352] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 479.526735][ T5352] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 479.532374][ T5352] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 479.537957][ T5352] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 479.545075][ T5352] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 479.549027][ T5352] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 479.830532][ T58] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 480.010410][ T58] usb 6-1: Using ep0 maxpacket: 32 [ 480.014548][ T58] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 480.018749][ T58] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 480.028797][ T58] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 480.032349][ T58] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 480.037771][ T58] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 480.043372][ T58] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 480.049121][ T58] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 480.054222][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.060579][ T58] usb 6-1: config 0 descriptor?? [ 480.083310][T21526] chnl_net:caif_netlink_parms(): no params data found [ 481.609972][ T5352] Bluetooth: hci6: command tx timeout [ 482.230884][ T58] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 482.247563][ T58] usb 6-1: USB disconnect, device number 8 [ 482.277453][ T58] usblp0: removed [ 482.304489][T21520] ================================================================== [ 482.308525][T21520] BUG: KASAN: double-free in dev_free+0x446/0x700 [ 482.311469][T21520] Free of addr ffff88803acc4bc0 by task syz.1.1756/21520 [ 482.314605][T21520] [ 482.318838][T21520] CPU: 3 UID: 0 PID: 21520 Comm: syz.1.1756 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 482.324391][T21520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 482.329067][T21520] Call Trace: [ 482.330554][T21520] [ 482.331615][T21520] dump_stack_lvl+0x116/0x1f0 [ 482.333736][T21520] print_report+0xc3/0x620 [ 482.335728][T21520] ? __virt_addr_valid+0x5e/0x590 [ 482.337931][T21520] ? __phys_addr+0xc6/0x150 [ 482.340703][T21520] ? dev_free+0x446/0x700 [ 482.343231][T21520] kasan_report_invalid_free+0xaa/0xd0 [ 482.345810][T21520] ? dev_free+0x446/0x700 [ 482.347665][T21520] ? dev_free+0x446/0x700 [ 482.349512][T21520] poison_slab_object+0x135/0x160 [ 482.351660][T21520] __kasan_slab_free+0x32/0x50 [ 482.353987][T21520] kfree+0x12a/0x3b0 [ 482.355794][T21520] ? dev_free+0x446/0x700 [ 482.357565][T21520] dev_free+0x446/0x700 [ 482.359335][T21520] ? __pfx_raw_release+0x10/0x10 [ 482.361207][T21520] raw_release+0x16e/0x2c0 [ 482.362893][T21520] __fput+0x408/0xbb0 [ 482.364410][T21520] task_work_run+0x14e/0x250 [ 482.366478][T21520] ? __pfx_task_work_run+0x10/0x10 [ 482.368758][T21520] ? do_raw_spin_unlock+0x172/0x230 [ 482.371353][T21520] do_exit+0xaa3/0x2bb0 [ 482.373097][T21520] ? get_signal+0x8f2/0x2770 [ 482.375047][T21520] ? __pfx_do_exit+0x10/0x10 [ 482.376940][T21520] ? do_raw_spin_lock+0x12d/0x2c0 [ 482.379035][T21520] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 482.381338][T21520] do_group_exit+0xd3/0x2a0 [ 482.383135][T21520] get_signal+0x25fb/0x2770 [ 482.385001][T21520] ? __pfx_get_signal+0x10/0x10 [ 482.387178][T21520] arch_do_signal_or_restart+0x90/0x7e0 [ 482.389341][T21520] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 482.392070][T21520] ? kmem_cache_free+0x12f/0x3a0 [ 482.394100][T21520] syscall_exit_to_user_mode+0x150/0x2a0 [ 482.396962][T21520] do_syscall_64+0xda/0x250 [ 482.399498][T21520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.403155][T21520] RIP: 0033:0x7fbd36f7bb8a [ 482.405898][T21520] Code: Unable to access opcode bytes at 0x7fbd36f7bb60. [ 482.410102][T21520] RSP: 002b:00007fbd37d95ff0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 482.414807][T21520] RAX: 0000000000000000 RBX: 00007fbd37136058 RCX: 00007fbd36f7bb8a [ 482.418632][T21520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 482.422706][T21520] RBP: 00007fbd36fef046 R08: 0000000000000000 R09: 0000000000000000 [ 482.427335][T21520] R10: 0000000000000005 R11: 0000000000000293 R12: 0000000000000000 [ 482.430575][T21520] R13: 0000000000000000 R14: 00007fbd37136058 R15: 00007ffdff618bf8 [ 482.433971][T21520] [ 482.435757][T21520] [ 482.436952][T21520] Allocated by task 21525: [ 482.438973][T21520] kasan_save_stack+0x33/0x60 [ 482.441289][T21520] kasan_save_track+0x14/0x30 [ 482.443913][T21520] __kasan_kmalloc+0xaa/0xb0 [ 482.446137][T21520] __kmalloc_node_track_caller_noprof+0x20f/0x430 [ 482.449053][T21520] memdup_user+0x2a/0xd0 [ 482.450980][T21520] raw_ioctl+0xbca/0x2b90 [ 482.453001][T21520] __x64_sys_ioctl+0x193/0x220 [ 482.454938][T21520] do_syscall_64+0xcd/0x250 [ 482.456665][T21520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.472691][T21520] [ 482.473780][T21520] Freed by task 21520: [ 482.475594][T21520] kasan_save_stack+0x33/0x60 [ 482.477704][T21520] kasan_save_track+0x14/0x30 [ 482.480161][T21520] kasan_save_free_info+0x3b/0x60 [ 482.482851][T21520] poison_slab_object+0xf7/0x160 [ 482.485015][T21520] __kasan_slab_free+0x32/0x50 [ 482.487120][T21520] kfree+0x12a/0x3b0 [ 482.488851][T21520] dev_free+0x446/0x700 [ 482.490678][T21520] raw_release+0x16e/0x2c0 [ 482.492430][T21520] __fput+0x408/0xbb0 [ 482.493968][T21520] __fput_sync+0x47/0x50 [ 482.495614][T21520] __x64_sys_close+0x86/0x100 [ 482.497506][T21520] do_syscall_64+0xcd/0x250 [ 482.499418][T21520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.502007][T21520] [ 482.503035][T21520] The buggy address belongs to the object at ffff88803acc4bc0 [ 482.503035][T21520] which belongs to the cache kmalloc-16 of size 16 [ 482.508915][T21520] The buggy address is located 0 bytes inside of [ 482.508915][T21520] 16-byte region [ffff88803acc4bc0, ffff88803acc4bd0) [ 482.524921][T21520] [ 482.526001][T21520] The buggy address belongs to the physical page: [ 482.529213][T21520] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3acc4 [ 482.533787][T21520] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 482.536589][T21520] page_type: 0xfdffffff(slab) [ 482.538563][T21520] raw: 00fff00000000000 ffff88801ac42640 dead000000000100 dead000000000122 [ 482.543128][T21520] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 482.546857][T21520] page dumped because: kasan: bad access detected [ 482.549905][T21520] page_owner tracks the page as allocated [ 482.552305][T21520] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x352800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 21352, tgid 21352 (syz-executor), ts 477098267045, free_ts 477083308326 [ 482.562528][T21520] post_alloc_hook+0x2d1/0x350 [ 482.565170][T21520] get_page_from_freelist+0x1351/0x2e50 [ 482.568104][T21520] __alloc_pages_noprof+0x22b/0x2460 [ 482.570901][T21520] alloc_slab_page+0x4e/0xf0 [ 482.573402][T21520] new_slab+0x84/0x260 [ 482.575568][T21520] ___slab_alloc+0xdac/0x1870 [ 482.578178][T21520] __slab_alloc.constprop.0+0x56/0xb0 [ 482.580991][T21520] __kmalloc_node_noprof+0x357/0x430 [ 482.583134][T21520] __kvmalloc_node_noprof+0x9d/0x1a0 [ 482.585213][T21520] xt_replace_table+0x1c7/0x910 [ 482.587406][T21520] __do_replace+0x1d9/0x9c0 [ 482.589522][T21520] do_ip6t_set_ctl+0x94b/0xc40 [ 482.591692][T21520] nf_setsockopt+0x8a/0xf0 [ 482.594394][T21520] ipv6_setsockopt+0x133/0x1a0 [ 482.597293][T21520] tcp_setsockopt+0xa4/0x100 [ 482.600151][T21520] do_sock_setsockopt+0x222/0x480 [ 482.606676][T21520] page last free pid 5405 tgid 5405 stack trace: [ 482.609822][T21520] free_unref_page+0x64a/0xe40 [ 482.612325][T21520] vfree+0x181/0x7a0 [ 482.614316][T21520] delayed_vfree_work+0x56/0x70 [ 482.616777][T21520] process_one_work+0x9c5/0x1b40 [ 482.619691][T21520] worker_thread+0x6c8/0xed0 [ 482.622060][T21520] kthread+0x2c1/0x3a0 [ 482.624092][T21520] ret_from_fork+0x45/0x80 [ 482.626024][T21520] ret_from_fork_asm+0x1a/0x30 [ 482.628090][T21520] [ 482.629172][T21520] Memory state around the buggy address: [ 482.632160][T21520] ffff88803acc4a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 482.636361][T21520] ffff88803acc4b00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 482.640692][T21520] >ffff88803acc4b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 482.655728][T21520] ^ [ 482.656334][ T39] audit: type=1400 audit(1725777042.912:2871): avc: denied { write } for pid=5302 comm="syz-executor" path="pipe:[4835]" dev="pipefs" ino=4835 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 482.658944][T21520] ffff88803acc4c00: 00 00 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 482.674524][T21520] ffff88803acc4c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 482.678055][T21520] ================================================================== [ 482.792623][T21520] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 482.795669][T21520] CPU: 2 UID: 0 PID: 21520 Comm: syz.1.1756 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 482.799765][T21520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 482.806832][T21520] Call Trace: [ 482.808131][T21520] [ 482.809306][T21520] dump_stack_lvl+0x3d/0x1f0 [ 482.811324][T21520] panic+0x6dc/0x7c0 [ 482.813240][T21520] ? __pfx_panic+0x10/0x10 [ 482.815212][T21520] ? irqentry_exit+0x3b/0x90 [ 482.817319][T21520] ? lockdep_hardirqs_on+0x7c/0x110 [ 482.819659][T21520] ? preempt_schedule_thunk+0x1a/0x30 [ 482.822106][T21520] ? preempt_schedule_common+0x44/0xc0 [ 482.824647][T21520] ? check_panic_on_warn+0x1f/0xb0 [ 482.826967][T21520] check_panic_on_warn+0xab/0xb0 [ 482.829278][T21520] end_report+0x117/0x180 [ 482.831067][T21520] ? dev_free+0x446/0x700 [ 482.833237][T21520] kasan_report_invalid_free+0xba/0xd0 [ 482.835481][T21520] ? dev_free+0x446/0x700 [ 482.837425][T21520] ? dev_free+0x446/0x700 [ 482.839169][T21520] poison_slab_object+0x135/0x160 [ 482.840979][T21520] __kasan_slab_free+0x32/0x50 [ 482.843190][T21520] kfree+0x12a/0x3b0 [ 482.844859][T21520] ? dev_free+0x446/0x700 [ 482.846709][T21520] dev_free+0x446/0x700 [ 482.848459][T21520] ? __pfx_raw_release+0x10/0x10 [ 482.850377][T21520] raw_release+0x16e/0x2c0 [ 482.851994][T21520] __fput+0x408/0xbb0 [ 482.853571][T21520] task_work_run+0x14e/0x250 [ 482.855444][T21520] ? __pfx_task_work_run+0x10/0x10 [ 482.861938][T21520] ? do_raw_spin_unlock+0x172/0x230 [ 482.864217][T21520] do_exit+0xaa3/0x2bb0 [ 482.866304][T21520] ? get_signal+0x8f2/0x2770 [ 482.868368][T21520] ? __pfx_do_exit+0x10/0x10 [ 482.870727][T21520] ? do_raw_spin_lock+0x12d/0x2c0 [ 482.872951][T21520] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 482.875370][T21520] do_group_exit+0xd3/0x2a0 [ 482.877445][T21520] get_signal+0x25fb/0x2770 [ 482.879480][T21520] ? __pfx_get_signal+0x10/0x10 [ 482.881600][T21520] arch_do_signal_or_restart+0x90/0x7e0 [ 482.884050][T21520] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 482.886763][T21520] ? kmem_cache_free+0x12f/0x3a0 [ 482.888977][T21520] syscall_exit_to_user_mode+0x150/0x2a0 [ 482.891514][T21520] do_syscall_64+0xda/0x250 [ 482.893563][T21520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.896171][T21520] RIP: 0033:0x7fbd36f7bb8a [ 482.898173][T21520] Code: Unable to access opcode bytes at 0x7fbd36f7bb60. [ 482.901261][T21520] RSP: 002b:00007fbd37d95ff0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 482.904930][T21520] RAX: 0000000000000000 RBX: 00007fbd37136058 RCX: 00007fbd36f7bb8a [ 482.908534][T21520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 482.912069][T21520] RBP: 00007fbd36fef046 R08: 0000000000000000 R09: 0000000000000000 [ 482.915576][T21520] R10: 0000000000000005 R11: 0000000000000293 R12: 0000000000000000 [ 482.919075][T21520] R13: 0000000000000000 R14: 00007fbd37136058 R15: 00007ffdff618bf8 [ 482.922630][T21520] [ 482.924495][T21520] Kernel Offset: disabled [ 482.926342][T21520] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:30:42 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fd RBX=ffff88801d6c4880 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000001 RSP=ffffffff8da07bb8 R8 =0000000000000000 R9 =fffffbfff202898b R10=ffffffff90144c5f R11=0000000000000000 R12=1ffffffff1b40f78 R13=ffffffff8da07be0 R14=ffffffff8d7ba1d0 R15=ffffffff90147f58 RIP=ffffffff813b9108 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b31820218 CR3=0000000053160000 CR4=00350ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff759f2310 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9f783efe6a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9f783efe77 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9f783efe71 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9f783efe85 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9f783eff0b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9f783effe9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000007 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000230 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000007 0000000000000000 0000000000000000 0000000000000230 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000edc873 RBX=0000000000000001 RCX=ffffffff8b16fad9 RDX=0000000000000000 RSI=ffffffff8b4cd740 RDI=ffffffff8bb0fb40 RBP=ffffed1003ad8910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d4e6fd9 R10=ffff88806a737ecb R11=0000000000000000 R12=0000000000000001 R13=ffff88801d6c4880 R14=ffffffff90144c58 R15=0000000000000000 RIP=ffffffff8b170ecf RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000203bb000 CR3=0000000024e5e000 CR4=00350ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=102502e10486057b 5dcbdebfbb1b665d 102502e10486057b 5dcbdebfbb1b665d 102502e10486057b 5dcbdebfbb1b665d 102502e10486057b 5dcbdebfbb1b665d ZMM18=8bc3ff810d1ddf9d d2daeb40883175aa 8bc3ff810d1ddf9d d2daeb40883175aa 8bc3ff810d1ddf9d d2daeb40883175aa 8bc3ff810d1ddf9d d2daeb40883175aa ZMM19=0710000000000000 000000000000001e 0710000000000000 000000000000001d 0710000000000000 000000000000001c 0710000000000000 000000000000001b ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=5dcbdebf5dcbdebf 5dcbdebf5dcbdebf 5dcbdebf5dcbdebf 5dcbdebf5dcbdebf 5dcbdebf5dcbdebf 5dcbdebf5dcbdebf 5dcbdebf5dcbdebf 5dcbdebf5dcbdebf ZMM22=0486057b0486057b 0486057b0486057b 0486057b0486057b 0486057b0486057b 0486057b0486057b 0486057b0486057b 0486057b0486057b 0486057b0486057b ZMM23=102502e1102502e1 102502e1102502e1 102502e1102502e1 102502e1102502e1 102502e1102502e1 102502e1102502e1 102502e1102502e1 102502e1102502e1 ZMM24=883175aa883175aa 883175aa883175aa 883175aa883175aa 883175aa883175aa 883175aa883175aa 883175aa883175aa 883175aa883175aa 883175aa883175aa ZMM25=d2daeb40d2daeb40 d2daeb40d2daeb40 d2daeb40d2daeb40 d2daeb40d2daeb40 d2daeb40d2daeb40 d2daeb40d2daeb40 d2daeb40d2daeb40 d2daeb40d2daeb40 ZMM26=0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d 0d1ddf9d0d1ddf9d ZMM27=8bc3ff818bc3ff81 8bc3ff818bc3ff81 8bc3ff818bc3ff81 8bc3ff818bc3ff81 8bc3ff818bc3ff81 8bc3ff818bc3ff81 8bc3ff818bc3ff81 8bc3ff818bc3ff81 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0710000007100000 0710000007100000 0710000007100000 0710000007100000 0710000007100000 0710000007100000 0710000007100000 0710000007100000 info registers vcpu 2 CPU#2 RAX=0000000000000002 RBX=ffffea00013d3480 RCX=ffffffff81da21e3 RDX=ffff88802c968000 RSI=0000000020000000 RDI=0000000000000006 RBP=ffff8880210275d0 RSP=ffffc90021bdf4a0 R8 =0000000000000006 R9 =0000000020000000 R10=000000002006b000 R11=0000000000000000 R12=000000002006b000 R13=0000000000000001 R14=ffffea00013d34b0 R15=0000000000000001 RIP=ffffffff818bd112 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f2c6c4e46c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002006b000 CR3=000000005d4d6000 CR4=00350ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fefffc00 Opmask01=0000000000000000 Opmask02=000000000000ffdf Opmask03=0000000000000000 Opmask04=00000000ffffffdf Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b5f5455504e495f 4449006b636f6c62 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ac93b1940 0000558ac93b1a40 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737373 737326fce2e6d931 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73730cdf4d4c6833 73730cdf4d4c6833 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000331 0000000000000000 000000000000312d 362f366273752f31 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ac953ab48 0000558ac953ab48 0000000000000041 0000558f9100302e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 59647a305f474f5b 647c79303a243a78 68303e3b3a38253b 3a253e3a6e68303b ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 382432273f397b27 697a787c69303b7e 69305f474f5b647c 6930382432273f39 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85030b00 RDI=ffffffff9a5b4f60 RBP=ffffffff9a5b4f20 RSP=ffffc90021787458 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2065657246 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34b6a3e R15=dffffc0000000000 RIP=ffffffff85030b27 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002000a008 CR3=0000000031fd8000 CR4=00350ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe161bdbc0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2c6b7efe6a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2c6b7efe77 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2c6b7efe71 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2c6b7efe85 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2c6b7eff0b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2c6b7effe9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000