last executing test programs: 5.243637003s ago: executing program 1 (id=734): r0 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="6cd00ad9f547265a31f7d344d48ed30299fa5fd73b19d1f8a9f626397c910e91fb3a98c88d0987820a26c1c4e55e683f1753436a41b8bf78fc6f5f169d163656ccfdee8c9bcba4fba85466571b28291fc14ab0fecb9f2851be69cc058d4d09287245d21d95e0f5205e354fbe11826e82a3a1c702f312809b512887c12553de7db249c5fc32c6b683fbf69f29b4b5fed579374c6c268803e0e243f08527f785885efd2723ed864b84a190d3f86d5e76d252311bcf8a418489771c4fef", 0xbc}, {&(0x7f00000001c0)="16fd5ac6041186eef5d43ee1688cb6bce5c4e531c42c3f06d36b8d094024bedd54e972553ffa378f78da3e8833b8fe7543b3965118397eebf12583b0e7aa29acaef29022c9ee289eba53bc538cb65da9550256577f198a0be1b31e319cb22caa352546babd6b4029ea679ce3ecd6476a4ac011dd9f3219df219929f9effb", 0x7e}, {&(0x7f0000001180)="8e01d0aa846ccf3d26e71c54161768a5c07eec0a33c7ccdd8f113cabc3392827fb3bfbbd14c1d49186c6c7bd84ce3ef36fece20be3be0d01b76271952864da83fb4161482cbdc99b4c80c7843091d1175343f129d74b0346ec4d891366272d4aaa8011a57f6c29b690aa1f8fb50625eb58ddf29b2d8d5f0085117a610790f194ce23b1b00eeccb0cf52f42097d8e017be35114aeb6cdc794f050d02d01c1d023a9621323f28254da712f9d2d66c581ffa5395da085b28d3715db5254469b1ea34be74168b16d0d920c57447ede95ddd5055c3b191a7349d5418c978308fc927da60e48099af88ec6b20bc5c3bcae69e6e64520f4ad424b9988e9c94bac64a67ba63572f0b282bacb8948482040e960055d9b3833963a5ca8e4fd8e531203d3d575cb58e2525921fdd462551139973cc1225a1236d7e6ba7e88acff444f935f392e08b46f146a411828782656f490a4f2d73faba200ec35c60aab97649b67e79e1441cf8df57c46ab9b53a4a43b9047ee955b7fdc45a8bde8205db0addcbf2e97302bfa887c23adbe36d4cf8ce3751394369525a4c38e871c347cf0685d5c0cb3c4a94d46746d51c28b907985e200974a5bf5ce3aacf662361e61b5c525eb4ee0fccc5d4a27d0372fc8e9d3c0b3bc6e71d566b7ccaa36f784ae5b46ccd35dabda2fcc604c9f08681d1423f5243ac4e25762d7d27449a1cbf954bc4bea82990253583b841b2b3cbb26d8101d824a22a75911f84dab6f9e74e04e3a2ff349ec9853957f64275b35f5b065388944b1bb58d62bcd4b726d5d3bd51b05ff083de4cd6108dc177e7700d0221a6c99d58bb9de204b0ba7e789f38cda41216822bd32dc33f4a8e9300fcf295cad27ffae7c040ca71d014b0255c159d6bdd8fe67de63b8422a9119949e193a43afe71a347c1bb39e831336dd4789246420a76af8f1bef90ed697dd52618c2ad39dfb0121f92f735ff7b6d3249177b33e1014a3e0ac104b41cb6c9b4ea6d6adf3e13df16acb4bd7a6bdee678ad786d0bc40434bdb51a5513d948717c5b87542ecb4f165c45bd5d88f2b437a161a679d596de550f7e50ae88bb976fbc5f69e7c3d28f1eab1af0398a78cb5dc0acdb874d1012a65631d69c5f2405261fe197c31803893b90e8927c29dafd1997e9aa50a373cfcbb91414438fee474d7e56afb23eee0e1c9bbb6a7cab3a629d1c5c0c39a580ce4b8453a31348555bdfc5a6a44bf15228a42a90b1d3739ce2cdb806a6b780e593b7a11b150d9827375e49d5c77be2e3813e938fe1a25da9c3cc8f07a5997c3efae2b6ac8dc55e1a738834a4888a14cdd47fe5e8996b1d14d813ade3e9753347f35609d88e1cd88a0c644c8a1d8234e91b4b9de70f3fee09c4b49e0f664bfcd5091ebce2afae207d1b877e3ad8544069010d02e50643a87d2ba2bda543f917669a55ac22067899c397989ee836c2a28e9e66a33f87d55438188b1a8bb59d49a9fddb6109dfde49473ea0004db04e73cbad5eb19208cda9b59f71e0b341001e0dc7e608d6b3501f16a101d388603c21f5a3221f555249b9bd6b6e9218636f577aa2bcb4b55b8fa23ef2b44fc017be9726929660267e18a467da3686bf9de250e4f527e8b96a470cdb9335337b5601bdd46e2802ccd0a26054fbee751fa974cd934381b271ccb7b2eb6b4ba3ff14b7bb22f8984b723a6fda0ed4f200c3ed463e36e4569bb9065c9a57937b149ad68f3005b7ee3dca19588eb8aecc99989fbaee1278f1c984228362871b6dfe8fa31a76eb56bc668e9dd99661b0795be6dd1ea65aefa08c2ed4a73101eb00d8c677e132e716bc753f194c780530c9e1b6537aa3a3d8cc6174343be21b01dd7577f684db6d89048825b74a4a183db74d78aacc0288006b03cbe71c96f2271bdd78076fdb6d14143bb6243c42d34e426389f245c2f04ab2906003daf5511d27ce0bf03741d6994dc7b4fee6087d9cc3512b5764deb9dcf8d846c2dd4cb98dea282e82a5f5da1096007b35842209e52b1eedcc09758da0173c27005080b7927a3524d1e852cbbfdf4d2cee77f215787797b028ba48796e7cebee8582b535de9a98a51fdea866eb0ee74d9c89f98d255b71cb426764c3cd690942d7b17fc606f8a25104829e6f410c71bb26702d26539a6594191f4971de0d58e443fbe409f9e52de470e1ec7acad5892589e1bc192588e4c24bab29263d2095034bf1d684697d43ff389863ceef76a360b42245b6cfafdcdbc3e369d48c35f737d3e7c7559fbbf215dcfb25139503401a1f9f89c2a4e4b111712ed675b2c036423ebe0fda6bed3aaa4c94c46166fdf2183568131dec27b373a949d13fb20a47a793383d371d9d010179db207c188e8ad1046c92ec2b7e9d692ea0b3bdb0196cb3cb449ac30bc8b38f19fdff28afbf7c9e60ca0dfc263482a8942962f578749498ac80b6f4c9c847bf7ecfd0db0fcea36a0729ea8f6c655a368760c3ad8ec3c85194a9558cc268d6c7dd004bd2fbc025d9e538067ba48c184bd5c215d1f1037e4e72d95b986207997a5bd442320a297f83541dfab8fbfaa90b2aaf28c0d1668e9f7224395f843a23cb417bb0e1147afabe5bdaaa7540f315e3aa16aadcb0b8fad5f416b95124ce2f8ff63aceb090e2b495016a4977defba2cf34735614b4112214c1409174d37dab3902a415fd3227ff5f8ea6c330a45da38e24f048ad2dd8623644277314eb51afaa0874a75a443a2ffee1ed507afe5b15bbcd8c5330e71c5a71fdab5ec9f808e6a4d90a0dd7c1fbcf80f01e27d9057f42a5c4ecfe49db302f8069661b2b13e43072efd60ffc434039937eb50e43b82ae39f144d89bdc3e805664753e378798483ecec8d3ad4339f4efdd5b6a33ab7d14692c1528debfa27e7363a75efa8f5e9b0ea34389dd5b13e206cb664fec41ff9c7c224944db0bef60805060953d953949fb8e9d31603dfb8b42b197bb16ebaf6056622b64f7e4a2dcdc26fdb90b17de3541a663885fbe932641146213d1cfb8a6248af3fbcaccde9d70880f574435cfce013b110ee10ea4d36bc068d59c70dc83ff6d43bda431dc72b4b41652b3cadf84cdc2698bf3823d149266899ee42b4c83d738d725923803b61f3d6a932f026e070e2b6f29fe83427366a01876e03aeb91a67c3bf7fb098083e0e4efff893c630299f4a994e5537dd5864e87c73f752c757e9bcb115b1f68ae7cccbbbfc1be0c93c6d6a44c9924c5eb919d2ea300ee716fdb28d903afafd90530a426079bef36b605090c07b2dab66b657f0386205ed78925513972e164a45c6dced6d69c89c57b93682056f5d7f62601f3ef098b03eadcb2729ad7094d7a81a48c46ef873c781cdd2666e893b4e7007a2fa7657354d863f39ec8c1a86ff6770e6faa1b9af249504be2ce171b6c64d7d2b268bbe603e06081ac2d9e1cf8778dcb8d04fecddf121838172951cfece08758715ebea7c3fb3dbf6f2c1657fe11ea73d3d11fb0300e44823ae5c32ea1644c0736e202111fbd9bfb5660d174409664c07aaa2fc317159e22d0bd9aca1e88757cca502209ce169ce5e8f93467c2daa039c9c5b916f490271605e640b59ec2689d9ba2c26ea77067509e9cd75a0be96c0b6b531a43817ddbbd6bc8b680ce6cd1143287a498f3e4611354d8f0a566dcae72fbe0b5385ea2dfb723b1383715673d94581ebb111e37ff6cd840bc3333584d8b76312691244c29ab7a45481a4341695efff77a9b0550e249f34f45a736325a63228ea2f4d2efe6063627a51cbb52fc4375be965c998ec5739426a9220acde4283347a551204ddbef1edd8edc1883b93f62481ae97d40697b637c203671c8bcae552b69d586f93de423f88bd4ea2553ffd5e7a3ee69d633ce7535af8f0d3ed5d4178d2637e0edbfd70d6542e019140124285046a09f9b140c658e62cca6913d29921d04ede853e45f4e74ecb6a4d66c06c368a9e56278675fee2b7879b855e2a6072ed1c5ddaf7f92c0c79b5b9d7f500d23e233542f132357f863c4c000514cb6033110e0fcf57d56bce8be44223b63fcfac3202a65d4207b82340c589fc4e40a5017e07a1db2fed61024d9e0f91feaeab91a321502942751847ef4f7f448720e84079269d2bb56eb55fa01205ea298d966a9af00cc5b153740a9080ac017c0ca194b5a202215222d93eb1b811831ced7173dd3a93cfd004d89f5e7db569927468652d056619a1e8fe24c0fd41e7243ec56bb9fbdade9ecdcace4a0fbca6233c3a9f0819537b921159c8c511cf3e411883dd2742a17416e6c05ac813a57a6e08f28261d26b2b8d32b35b75d4eac2ee9af8750c4c7e92612548b64ccebc78f4a3fd8e218daf3a6faa145b1591ade055d19880940f08379aad5f3913cdcf2013fcbb753a54b69ce35f415932de24975cd1607263adff799da664ff04f811ec2752cc2b4d914ba8ceb2661c2eaab1b08617fac128687ea85029c73e87fe5ca662a553dd35eb393de5193193bfec363c55da49529a0854d34ceaac346a068fc0c1593ba1ce10ea2ab1238e978e01e71feac18e9d55c79582181fa6e501e4fda65bc45093ecef7f665a87b93d2102b1dc0f7273d00eed5a743e311df28f3460778d5657bf8af71ad94f0220452005b4dc6a5a981404d1b23fd2cb63c46af5ce9d80d44cfe3249478f3308c4a938899bd11e642d8430f9b661b3337a856eecf1769dd3fdaf1264ac0260a364d1739b7101b8e1f277bd182b0277570d7f5406658b3da74a6af4120de4250b73a357155f0f426671bfdf345e67eda9b83775fd474869e60340b132333dbf828db3ca6f4588ac938946c993c8d21ecd951da3ca301fdae69ae7ed863366917c2640e441c641b734e3771288ec6b6364af6defbfe14b07c61d5a60a9c7bcb8b8b93818ac2a360090f56da4747e3c327946cf6d180e25609fc30c94f7a2b56f7921f4830186fc45075603b53d18c1db62dfa88ca04748fce7c2ed069c091fd2e390ce04851e8a0523c0f2af97cccc2cc30cb0d5cc1730d91bff4dc606f30452ac0a158c7c78db7b02482a38c60917941b982316fdf32e5576c95a899713584ab1683b72b0c415a5633fb7aafd434ac03b71aed12041944de3810a810083bd23c12fd2911344b693b17471ada59614cae5563bb70c9fcd0834f8e3923a6febaaa1052e1c60c035d3526b1f9d3fd4a462f848da7276e84a2caa11aad468de287c3318babf41aa85e163773ee6f5bdce03e0b54a1ea361ea3e62aa2ddbd925cfbab4bdd23c14474e2c68387108601365631da7ce303a985188ccbc330ef01d3cee9885757a1ec8844d5b60fb6513aff2ef26a7b9e2dfb7e991a8e49bfeee6afddb0d068f84b2ecad13463a5ce55b7f45fa7f280ac48445efd330c58f1389c27dffab5a9ab2bcec020267b955156b890b23f9910c0a7a12d49fdb962519b82c539f5d48c925d8d9f290c956c837e40b419958a3e77fd338517c0d12cabeb5c6824ce070a1b4960cbbfee60785ec3330668897958ac85fa0c58ae0bfa6bae534c91d8f8e9ec552edbe2135c929dd48ac232f2526741b0dd75e09d1018d7449424547c7d9bc65f388a13c2f11ceb2ff7b458f89b26cb114dcd82d2bde7b40f4d9d2d987941c5f7db2a450b01289623a41037962ec23cf835cb1343fb8f9b34b9dc2f7f0d1722d75b334f5121375d6c7c23c0a83a6393faa3ea36ad8434e71a88a317f15779bfbb9116f1e852ff714db49de627a6ae64f75fde46320a0ab06bd1837fea3b740b6feca5670d8ae6a0381b5f4f7467ab7b2b0e25c91c5745e4cb82", 0x1000}], 0x3, 0x8) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000380)={0x3, 0x5}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000300)='1\x00', 0xffffff4a) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') fchdir(r2) r3 = eventfd2(0x0, 0x801) readv(r3, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/55, 0x37}], 0x1) r4 = syz_clone(0x88200, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_pidfd_open(r4, 0x0) pidfd_getfd(r5, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2) 4.865194586s ago: executing program 1 (id=737): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) sendmsg$inet(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000980)="b9", 0x1}], 0x1}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xec1}], 0x1}, 0x0) (fail_nth: 3) 4.693384862s ago: executing program 1 (id=738): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x1f, 0x2020}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="900000001000210100"/20, @ANYRES32=0x0, @ANYBLOB="001000000002040071001880040001806000018b140005001bd93258109a805690d8ac8f04dab31414000400c6bfeb49a2b9d11b8d12fe81c75bffe114000500d8ddcef789d5993fa539c858bdc1c03307000200fd96e5ac08000100020000000500060000000000080001000700000008001b0000000000"], 0x90}}, 0x0) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="02c80010000c000100030508000000000004fc000061b71808419bd7b9166299d65da957dfa518f797dc651316c182f93a2563ffb1ad684c557aef73142c3508ae9b84dfc88ea0bfcdc86d86eec53f9fdb9a001165a5b4c540d8e9862867f80f14551240c05a"], 0x15) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="04310600eeff000000"], 0x9) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/81, 0x51}, {&(0x7f00000000c0)=""/231, 0xe7}, {&(0x7f0000000200)=""/73, 0x49}, {&(0x7f0000000280)=""/25, 0x19}], 0x4, 0x337070cc, 0x9) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="045c0500c9000200"], 0x8) r1 = socket(0xa, 0x6, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x14, &(0x7f0000000040), 0x50) listen(0xffffffffffffffff, 0x0) accept$inet6(r2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2c, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0x220, 0x0, 0x4, 0x0, 0x25dfdbfb, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x44, 0xc5, "bf72ebb928a61e707b9b713c0900dc24c0461b4512d21e4c5a67a2e7ae6c9df3f750361ee18dde99ee534082ef25106d02dd35489551a820948406a2199f126a"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x80}, @NL80211_ATTR_VENDOR_DATA={0xaf, 0xc5, "6db7db648e1c8c5c15c3818582acda504b38fc75b9f8b96032474d280aaa2af8a359afd28f366e7d7ba3e3e2a6eee4cba1a566c2f82e6ab80005d8c05fc05a55f3544af7e19884f05c83b6581b00f58b6fcd2144cab142b997f6c5f1e263ba3853a29b8394d55aff9e256adeb3a65f6aabc34174a4eb23bcf3917a2e4ee3d0992fcc239df1c7d1b7d8242eb029654d8daf332f5445f5e2be73c6a0400c723f1ae251f87e3f8c700d30dbaa"}, @NL80211_ATTR_VENDOR_DATA={0xf0, 0xc5, "2cf63e876057421211e5dea968676e1380e149becd172604d623eb0cb7c8821e91fb541f9e8fc38f31b1a50058f2036cf058667956e2e182a1e70a8e17849decf6b6cf3e5f510f5b2d7db664e6fd684a5f5ba41cad65dcfd904597b183305ca572e7c9a96f8f7c57626a52d786568609fc06a753ec050ba364bcf82c4a36b37a296e26ffefbd18e14a285b729b781a9104ae02200edcd26dba5c2872d87ddb08d57997f70cc2247fcc0e86e2fea9ea2eb36f0ebc1328bfc996661cbec24c6351e78201c694140b429ace4d6dd2532e4cd29845c3d4c452642c94f0e5d2fa46c21a511da11d62dba92e5d337c"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x8}]}, 0x220}, 0x1, 0x0, 0x0, 0x400}, 0x4040014) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1a, 0x0, 0x0, 0x8}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r5 = dup(0xffffffffffffffff) write$P9_RLERRORu(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, &(0x7f0000000280)) 4.219323628s ago: executing program 3 (id=745): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x20, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16, @ANYRESDEC]) 4.090943997s ago: executing program 3 (id=746): r0 = socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) r2 = io_uring_setup(0x4d63, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) getpid() openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0) r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote}, 0x20) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000500)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r6, 0x5}) sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="92001fdb", @ANYRES16=r3, @ANYBLOB="270e00000000fcffffff04070200"], 0x14}, 0x1, 0x40030000000000}, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) openat$vnet(0xffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) chdir(0x0) 3.543489307s ago: executing program 0 (id=751): socket$kcm(0x10, 0x3, 0x10) syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x29aa}, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r4, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000002540)={'filter\x00', 0x5, "42de391533"}, 0x0) setsockopt$inet6_int(r4, 0x29, 0x8, &(0x7f0000000380)=0x3f, 0x4) recvmmsg(r4, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186, 0xba}, {0xffffffffffffffff}], 0x2, &(0x7f0000000280)=""/239, 0xef}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18, 0x12}, {&(0x7f00000004c0)=""/165, 0xa5}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000000580)=""/245, 0xf5}], 0x4, &(0x7f0000000700)=""/27, 0x1b}}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180, 0xb4}}], 0x4, 0x10162, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) read$msr(r2, &(0x7f0000000240)=""/45, 0x2d) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="1b0b00000000000000001fffffff200001801c0002006261746164765f736c6176655f31"], 0x34}}, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[], 0x1c}}, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096}) chdir(&(0x7f00000002c0)='\x00') 2.933512486s ago: executing program 2 (id=756): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0xfffe, @remote}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) lstat(0x0, 0x0) lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791090000000000061000000000000009500000000000000a45c8b106d45385a1964b904e462de529745a4cd61a7a0d25ddfd38b8b9a36c14ae1ee5ae29051b28b53a4182deb5ae03bc2644f3f168925ab06dcde9fe4ee40405e10326cb901765f30c1d039e73af80f39ba982e44fe40c17211db9c82e6da61712f41775115599d65c29cfcd0bffdff01000000000000d375c71938d9faa1df3117a99ecbddbfee7f7abeba22c29a9cb001001079a87ed5790000000b8fc3b5fd11e6ca750a6dc5dba2b8b8cd1d9fed1fb63bafef7d7bdd5bad81e40379623de90000000000"], &(0x7f0000000080)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x15, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x2}, 0x49) socket$packet(0x11, 0x2, 0x300) write$binfmt_elf64(r1, &(0x7f00000028c0)=ANY=[@ANYBLOB="7f454c46f9c0940e08000000000000000300000006000000c40300000000000040000000000000002a00000000000000060000005b0038000100f200ff7f040005000000ffffffff0a5b000000000000010000000100000005000000000000000500000000000000080000000000000000000080000000000000007007000000ff0f00000000000000000000010000000100000000000000eede7739000000000900000000000000dfef0000000000005e7b2c12959dd422641fb63cfec7319cb9d2f3edc08e494719f3e0ff0ed6a816d8d6c026f69f29b49fe3f5e467490b12323ab581569f21ee30be8669bc93c25230f86c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d051b08cd07f3841a6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffa76b7a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000085c473af50917b3490b9679d8f5006c9d050b46bcd5c0d080653791d5a5c5d593bbb783dc83a10d9611781c1cd420700308a6acb763b245ed53ef842b2c940a48f180d0bd543624dd86b518eb35139a32db77d3cca7b2e5439009f53fa312ebc1b1faacc14e8fe1bb70dd639e9f8c4968f0ab9a769d68cc2cd8eb5810e5ba9c000c82e55697dd25f41abfb3e8dafb741e51ad70b590895f5b0a78890dfb1fd4e7ff3c880d7278f4c3dfbd445487a3041"], 0x9f3) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0x1}, 0x4) syz_emit_ethernet(0x126e, &(0x7f0000001640)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000081002a0086dd658f240312342ffffc000000000000000000000000000000fe8000000000000000000000000000bb6c0c040601180000fe8000000000000000000000000000aafe800000000000000000000000000014fe880000000000000000000000000101ff020000000000000000000000000001fe8000000000000000000000000000bbfc0100000000000000000000000000010421880b005100020fd62bb7ee76e187b5b002de6dd1bf3d565fe4513683e41cd56e51ddcfe7f47df405524657086baa5af5888045bd70292d08fb6e195fc5b655f6d30d60e4b1c9d0f4059d63cfb658de0e0ce9840a9dfbf1e14608000800870eb7a5f7deed8ec3fff75a7e4f80eb6b8b476f1f19cf7a3d2e561568e0c6b6a24dc47a898d53e58343f1da180550d97f7bed2a53ad91c2507b85e2f2c4463690874b6b73cedb6dc2e4de80972e1215a7e7906bd8f3acf4a3314137ad21ec1b8acf6e7c9bac081363c451961c95baada1facb898a3c84994b32426b776b9c4c2d9849a410ed7d9c5ae728372985ccb2b2b782f6a3128d4d8d6857851543f67055f9c93bd0db5e02eff6d40c221f3b02650ff437e7c3992f11f393a7db60430a43ebca9d856afa921a44ebf279cf3ae0cd8ead21e43df303b02ff18e79a54ceaf7e5112d5ab726aee4c66e33b951ffaf346c628e96298addc00cf028cb067d22f5765a0225f12231df3488b549d55d9c12a94508661d28405ac24297a431ad44d668ff3260405934803ca42a2d82fbeb97631b9a589ca16e15a61b77994880c551b896e667a8ecba2127619e50ae1166d1743ef1776565929f7f2136dc56f8e5a16d37abe24f173222bf01e508018d690dec640656d0517d803552f833c97ea8c695b782378a107069c8407c58ddfc1eb0f34aa53434f0812b64add0213ba2ae686d11baebb0fc3b54c9b8a30ee73849a3fbdff2a03d5db72d46259b5b7781c2361ee461f8acdac747ec1aa2009fdba0535d6134dfecf0cebc9bcd6b9a7ef7e3cb7cbb0132f7b6ce86fb0b0b651903b074adc1a9f1d6f17e8be8a3bf5f713f7691bb21139075965b9cfe62500c1c3c0107124bc85402c10a255c298e078f2d6508bd043b90e663e6b083f04a93134b0d0a8dbef5066da13ee6490d9930cbe6caa1ef4229a74221ab0c1098fcbd4431487faf8f99656caffc8783882002279c9974891935cf65f4299296daa0855c416470e8dc56c4b1c9546178d46ac6ceb730b7d266ed94a9b5d5c172106afe83a3fd24b4c00b30c84c60eceeaa33409e148ca6fb5fbe740fa2b26509e544ff34504995f9d9e9ad98a59f6c960066c5fa03c21811777b9fa950c17c7edd4131152523bc02a86e9e7c4625fa8a58910e9cec09399c0272215d894ab536dd80204f5c8958a93ee991854fd9e17560f5c6df9a73a58585f209d629a4a84f30a53db0502780ecd2b0d0324e94db4e114fa25d426ffaf4b5dee87884ea1416a1126aefe0fd42f31bba18ad2c1c8504547dc6ea307a1a36047dd8523120e2b8fc3963023b6627bed9b1b48a879d8e301038d2f65fc4af42ba917f53f8a54eecd42e7fd133a118cd6f1a3d971ee6499106a302ecc1ba4f94d36dbf893518cb7bdce9aab37f49f4b5ba9b27b41c836e884d8dfbe15205e500e4edd724daa141328740c19af719f1b7cca4bc38c5cbc85e6d7b0967536411ae7d17ce4bf126d1f6ce77100aafbdecb87485dff9aeedafee3b06b16e0bba9cfd834236a611deb5af62b5f43193149917ac085f0f10fb9a0def818e0887a52c5389308acee30706279afb503e605daac46ae7ebb6b0f1ec9569d3a5dd8cf17ade4e0690bd221c51761b7de92055253a77afb711e02e53700f21ad7783f29072efb4c5acee9faba76ea814dd382aa60bd557170e4ee98dbce01a4c46803f3c6e3a0aa205b64b91c3eb5a9e406223c5cd6c47f52266b6df56d2dc1fc1921c41aba58b6520aa385ccc939e9fd3cdd28b5b3ed6fc1401aae124dc13d9a7eee4c7c8a34554009463180af2116e8f237deb7a6f1a19bc3c180333d80d27c51ddc5b89d99423696d02192d4033d741d71f841be4156aac7701c6e74307397594aeace2a0797fb5a8460fd99e986e4750839761985c42b64548c443bf94a7b42981dda992f195b5f8b5af67300e5546880c4abe3ecb04d0331fa4848504db2c6663841aac6cd98567fcd6ec76eefae142c9952a17e0c028ed476dd2354a116e5051ffc088eb0ecbd125728a4d9042fdd40c4b3ab0d9464bfcc8802007646ef378abd02c91c860ed38f392dced8558fd97a7bf2940eadbd4544b27dfd53bfcfc82d11eb9834b2f6da750caf5f8e4460ea2905e34c760a3124cc7be612111658a0348ecc260bbaf4f45218c99211677dbe3550c86a255f9df8732f2491a2ae365efe82d2e3401996cb5e267ef08068cf9f9bff528f9f3d1bb87534cab33e335c402916e18ee51d4f4e28fcc42c42db1edf5dda3629d3ca133d22bb497272b944f995668984585346690e78af7cbff5542ac4272957637adce7bc37d0ed5ab17bd9aec1ef93b55994fc159f19b53fd15e6db234f3d8f314cd23455abc4277d9f69ecfd6593ae5917673acbfd1c35eb3e420264ea176c904b1ddbccbf7f79cf1e4b8579399fc3e163142e04cfa7ba03b5ad54d655949678b3179e29df2745c02b358a89229d77477b99f7719c9dfb52241d52a70c95693a5c109cfac0da16a55cca0132024ee88c0d92b2f86f2c0936ee9db5aa54c21a78cafe39d3de6cb46d5cf71a20c44690445bb02b19f6dea4b96a4688b5b599752923ff23943839cb27c81e163a6a9bb45e137cf3e420df4ad3b603978eedadefeb65d59ec3b4a8559dd5a0d1bca647a8f13c3596eb35a6a996bbb7cd84d0d7b25e42707f941b6204f2c4731f08cc4b299aa01bd194f1bd42adedeedd1e08020ea5021150874134a38d73aa948806f0b60ee7f418432e4a5d95c5f0ec845efdf0f0105cafff0fbcb0dda068c4e00e7c09024643d38b34f08ecf16a757cf38776ac7b19634d38954ac962f1b10d9f001016ffe1b137515561540a26dff1fb3397e387068e16544d2e80cc1746e5268948177062d350e850e6a59a330d74d6cb2282ed70a5b32187790782a664985d6e58a7b6602f1cbafcbf20c6bf49fda4a05316c19affc52f9cb19a0b6ed17a76e39e4a597cb50ee89301e12366aae756e31fc57716043b14542f1af5eba4b84514e689f3babf72b5dd5becd79b9f5de43499ca2d0c467893550d18dfbab9ffab204d84ccbf752e683236990ecbd321431c53ffb55286f1d4025a17771f0804c37f753e399e4a11dc90561557a688838eba32c5741b91fcddb5676f1e55e46551da3832457a1443af6dabb061f4caa367685b3b6d1c10751990a9ca58db09475c973cd041772f0256edc51c27c0a3f60167f334d423270bf393dd4b5a98f6a65b36293959fab34de8279be274fc4d9586ad525cc95e2faf58efede88a428aa10ec2f938b43060e2adad37a46257f3c9e1a6d5e3d92042cd0f3f58c1d42f57dc178c14cac05102199f0f41e3ebe0894243cd87441b533c511c8a0d67adc389db0c357be09ea2358b2de4e79e04d13659f466bc6329d757ed59811431bc494d9ba24d38df752fcdd5d67d90a3cd383605494282efc4bef8b8b204f4a31af02f79cb0e5235377490d90fd8af8587b087f6ef926e3b9b938a856c61fa337f54c252f7f9394688cd8a4557485ec31a8b2e3162dcf02c594d6365f9cfbcd7f793f557682a01f54d1a256f80edbb789946ace9c78d719cf1668fa325a126ac56d11924551cc8e1a425b759f0997d299a69614c962a353a4f24faa439a33575e8f13a5e7d573d86b0f686d2fe51ccef430fcf7e28857f7452278d9987e8769a96136582da01cdd5c58a57a412709362f8b421531fbf6fabd15e676656cd800dfb22c5bfdb9be4f7a6feb424a1f32fa79abb3850963ec869513455671296fc7a34796993b85d0e72d358f412ea18b1eaf0f646e23bf563fa6a74f4ed629817ac029eb2bcf8e79cdc5c79cdd15bb3e61809c5e7866ceac3d94b3bbfb52d2ee3a5712c68cd0bc62c61f64b064052b84ec1cf0eb2a68781c35652df462d9a64612e7dc48ad951b061bcebce7bcb983058cb93dac53863bc29b757d41c0961daf53297a14b70594cbbbb3b4b785c438bc67e42df54a7ee87d23cfd3612851f58088b8f7eceb316ce5c7aa463689a11e553976ab394a1b6c892aa92c17b9063981c25ba4c472c156555c0eb8139e4874d04ae6b3a1966eadd36a208ec964b37ffbbfe0bff5a7c8948e8b99684ac4f8df2aff50a48c85c5d2de8ae45c6ae1d049fdbb9ea155c47239f777ca9c226f3044a3b5ec228335b4a9e30e7932616034242da861a48d25e6e50b0345b7c9e83ecb47bf38c9be1067a702ba82f88dada5b692b93eb8390f3cbd8cb528b80c6dd9a14bcf876b7866d33c83956394e385fd176fa0b1b0c9a54f3b051488610a52cab2b083e66b3d9c41be490267bd4872dc09cd373bbc3549046c5f1513bf8ad1bd201608ce31f982b02c778574ec5d0d4be4dbf35d305224c9117de6afa878b79dd6e1b1316ada0318016faa5c807c96259decd5b3b600b0cdbb8cdefc4c8210c8e2f10b56c67261ea9970257276b345f85adf95b7f846e6e83a3beeac7b04686e4b51946576d4be096ce7337ee9138e5f2b36888e6449735a38aa4a9a4cc999c6ed18f1eb9a99384cc9303d9a4275baeeb8ae4c17237ab1d5d0873f671faca2873d5a5d33a3babe20dddfc9192b2d2e5417cc27726524bbc925f67c296e3ad8ccd8b00b64f23e4372284422c96d0e7d974868ef161e04b3eba323b0caf2d5122788361eb0161fed64a57bacbcd7b0e17b4b2d71acd1960c2bba8b0eca039a5e2e1b6a4ed39a349b17b0aaf4c9cebadda3ac5a6d1b95beca3f12f296e925506339d0d0f8e3485bba9ce546e313a40a515de3e8c88e7917701e1f1d3e67443c35192b29a5125f0a87ec9057025b3d0d182d78351a856b7d78f5b65423da2afc777db4c2c3c3ac42c4cf655d0bc20ea4555eeed3098c5262052bef339179b472b4acb465ad34c8af65e0e4625477b106d0d348af7496b00c5a8ea2263ff5ade0be2fbf029500b8bae85fa93ba7ce30835f2182fc3a1d294a8352af69793163f0250d7e161ccbfeeaea8ea8b0dad9934f0b22ca934facb9b6b07c6a9f0ebeecdd3fc23bfe55119a53b95dceb29de22b520936553197c23d3b06d370a8c16385c0efacc20b653b6be2feb32d740e0758b04014c1d4a9070ca97059a466d2acd53c947eef7be1d993fb9207c2a7562acdab4e7aa87082a8adeeaaf6a2face451ef6d5040d66cf33cb16582e682285fbafb7193ee762656248a90ef44ba56ac1e60ecb394480044c7fed2ea56d3bc90f3737475b58a81ff415d10cd54d4c0db43ac5412b3fa0057466557b079b9a9011f54b9851998a196334797c216dc25fa1f9c1ceb2c454063b0912f7f3fec898b6a8f2d9190e55b98e479fa2229b97e722d299f2ab731762b1f1e854ef3ae2e76244f14f514307a5811571452238f34a27a32d16f93bbc7fe946f1027aada7395133a7ccf7718716788b4b298ae40e19bc8eceda4791b2653b7dfc5ce3b339c2ec90b3140678e97dca5f27ab23a9a99e7c42317d18c5cc389b454f1b989dc63040bb52d3dde7de9200de47e7352b72714900dfd2d6b1c62098c79b5350724eb6a5f6ff7120317f13a0cad74113ba77ec88960de634a93636ff97e3c0be9f406e397cc3b27893b29b990b4a2c41970425ee609a71182c508c6850d06df21c3160b1bf8b222514082f7f8cd7749a24d901d44e2b65c47b3e9c796dbc650d786f1d9cae12ef47e8dfda71b98108ad4822a2c2b2206f8edbd21866d00b6f0880a759f5c628f7e17e7da3b413f6144423cb5c9cd5f99e04b6f03b6e307a5229858c6afc2d73015fa9af5230f6a080a5a0ed9de632f2d78bf90688cf3273abd3c58bdd4a40eef05d44cccf8f86004f0c4d2c6b25ddb6c0931d94b47bb44ab554d4848332cc4d5448ac1479f251f5cc8638ac841c1efa150fdb3df02c5497a4b6e8c80c0086dd00020028c87f4539d622a709533d43a8083d642571ed43751042a2f4758b2e959d51eee9ee2ef299ae151989aef93a56fac70feceb767ea79490308ce33cfa96e506ddbca9d5b18b67694c26e0a1e4227bb1b1b2e33103aa794c33c7ec2b5a5fe72775e91132dafafa7bc836fac62e37dde1bd548d5b94bb0754378184f20a098efeb0dfb3dc51e86d4a378e080088be00000002116ad7040100000000000007080022eb000000002902a28e02000000000004670000241808006558000000019649ed2a81867569757dd37c615b372fd16c85c6e0aa47c1d5aa4b395da2916c7e18b5c1b0a08406d2d7f8c054a9326cbf719c13825de038c8e33a50f1211dadc75df1dfe5628636a48b29be790eff92756c12a719c26317ffa5cffdeeb53e1b1fde2d693fb0037ee17e29238ae1882a7c4d31c5762b49c12d4dba142f0980dc77ad430ea58e21a3de4a9bdca110"], &(0x7f0000000940)={0x1, 0x3, [0x8f2, 0xf1f, 0x794, 0xb36]}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000440)={'syztnl1\x00', 0x0, 0x2f, 0xf5, 0x7f, 0x7, 0x29, @private0, @private0, 0x10, 0x1}}) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x0, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/tcp_cdg', 0x0, 0x0) mknodat$loop(r2, &(0x7f0000000100)='./file2\x00', 0x6000, 0x0) mknodat$loop(r2, &(0x7f00000001c0)='./file2\x00', 0x2000, 0x0) syz_io_uring_setup(0x3a6b, &(0x7f0000000280), &(0x7f0000000040), &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1ff"], 0xffdd) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001300)=[{{0x0, 0xe, 0x0}}], 0x300, 0x0) 2.612511345s ago: executing program 0 (id=757): setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0xb) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r4, 0x0, 0x80, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4b564d01, 0x0, 0xaf}]}) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000300)={'#! ', '', [{0x20, 'cpuacct.usage_sys\x00'}, {}], 0xa, "744519e0e6740369edd4a809d950b12ede8a542ead518a987fc43b316baa1bbdfb1da1d666e8a30739c51b4674e5031b4eb38c3ac756e07e10ab72db35ed8ea5384f2001667906f378117868f9fd8d7615a957559f1dc89a61ccec671ee697eac5f40b34a1d35a3c2aeed0b34ca793511973f98236a02797e0b5765ba70b24de28a2923c5442614968b24b89da231b987a6f45f5fc9849"}, 0xaf) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r8, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r2, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x1475, 0x0, 0x0, 0x0) syz_emit_ethernet(0x359, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$fb(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000004, 0x4010, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) 2.313333545s ago: executing program 0 (id=758): r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) socket$pppoe(0x18, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000001000000000000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00d744b9402cbd0089ac3f4f00000000000000140012800b000100627269646765000004000280"], 0x34}}, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x80000}, 0x20) pselect6(0x40, &(0x7f0000000240)={0x3f}, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket(0x23, 0x5, 0x5) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file2/file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file2\x00') ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RELDISP(r2, 0x5605) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffb000/0x2000)=nil) r3 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000200)=ANY=[], 0x10) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019340)=ANY=[@ANYBLOB="380000005500e501000000000000000007000000", @ANYRES32=r6, @ANYBLOB="00f5c67ca6f881db795b8a02fb2e6851000000", @ANYRES32=r8, @ANYRES16=r5], 0x38}}, 0x0) 1.921954834s ago: executing program 2 (id=759): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0x541b, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) timer_create(0x0, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='ext4_lazy_itable_init\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000b00)=@newqdisc={0x110, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_STAB={0xd0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x42, 0x0, 0x0, 0x2, 0x0, 0x0, 0x25e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3}}, {0xa, 0x2, [0xffff, 0x6, 0x1]}}, {{0x1c, 0x1, {0x0, 0x80, 0xf9c, 0x0, 0x0, 0x6, 0x8758}}, {0x4}}, {{0x1c, 0x1, {0x6d, 0x3f, 0x9, 0x8001, 0x2, 0xb, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x68, 0x0, 0x0, 0x0, 0x0, 0x6}}, {0x4}}, {{0x1c, 0x1, {0x6, 0x9, 0x8, 0x3, 0x2, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x110}}, 0x0) r6 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setreuid(0xffffffffffffffff, 0xee00) ioctl$SIOCAX25ADDFWD(r6, 0x89ea, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001840)={0xffffffffffffffff, r8, 0x25, 0x0, @val=@netfilter}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000400aaaaaaaaaabb88a80000810000008848"], 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) 1.746547643s ago: executing program 0 (id=760): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000080)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$CDROMREADAUDIO(r4, 0x530e, 0x0) r5 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x190}, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x4, 0xfffffffa, 0xfffffffd, 0x0, 0x202, 0x1, 0xd, '\x00', r7, 0xffffffffffffffff, 0x4, 0x0, 0x1}, 0x48) r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@ptr={0x7}]}, {0x0, [0x5f, 0x0]}}, &(0x7f00000004c0)=""/69, 0x28, 0x45, 0x0, 0x2}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x1b, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x8}, @ldst={0x0, 0x0, 0x2, 0xb, 0x6, 0x40, 0xfffffffffffffffc}, @map_val={0x18, 0x5, 0x2, 0x0, r9, 0x0, 0x0, 0x0, 0x8000}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @exit, @call={0x85, 0x0, 0x0, 0x27}, @initr0={0x18, 0x0, 0x0, 0x0, 0xc53, 0x0, 0x0, 0x0, 0x3a}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x87}}}, &(0x7f0000000040)='GPL\x00', 0x1, 0xf3, &(0x7f0000000380)=""/243, 0x40f00, 0x68, '\x00', r7, 0x25, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x2, 0xc, 0x0, 0x5}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000006c0)=[{0x4, 0x5, 0x7, 0x7}], 0x10, 0x5}, 0x90) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 1.223609541s ago: executing program 1 (id=761): socket$nl_generic(0x10, 0x3, 0x10) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r3 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil) r4 = shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) madvise(&(0x7f00001ad000/0x4000)=nil, 0x4000, 0xe) mlock(&(0x7f0000c0f000/0x3000)=nil, 0x3000) r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0xb2) dup2(r2, 0xffffffffffffffff) sendmsg$alg(0xffffffffffffffff, 0x0, 0x20840) read(r1, &(0x7f0000000240)=""/201, 0xc9) r6 = userfaultfd(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@index_off}, {@redirect_dir={'redirect_dir', 0x3d, './file1'}}, {@default_permissions}]}) chdir(&(0x7f0000000140)='./bus\x00') r7 = creat(&(0x7f0000000240)='./bus\x00', 0x0) r8 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) write$binfmt_elf64(r7, &(0x7f0000000100)=ANY=[], 0xfe3c) r9 = dup2(r8, r7) setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYRESHEX=r9, @ANYRES16=r4], 0x2, 0x0) finit_module(r8, 0x0, 0x0) statx(r8, 0x0, 0x2000, 0x200, &(0x7f0000000540)) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)) userfaultfd(0x38890b15878e7189) 1.187440676s ago: executing program 1 (id=762): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0) splice(r3, 0x0, r2, 0x0, 0x7f, 0xe) write(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0) r5 = memfd_create(&(0x7f0000000540)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, r6, 0x0) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000040)) close_range(r7, 0xffffffffffffffff, 0x0) fcntl$setsig(r7, 0xa, 0x30) 1.168830621s ago: executing program 3 (id=763): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40) syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)}) close_range(r3, 0xffffffffffffffff, 0x0) 1.073618821s ago: executing program 3 (id=764): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x20, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16, @ANYRESDEC]) 1.073111036s ago: executing program 2 (id=765): socket$kcm(0x10, 0x3, 0x10) syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x29aa}, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r4, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000002540)={'filter\x00', 0x5, "42de391533"}, 0x0) setsockopt$inet6_int(r4, 0x29, 0x8, &(0x7f0000000380)=0x3f, 0x4) recvmmsg(r4, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186, 0xba}, {0xffffffffffffffff}], 0x2, &(0x7f0000000280)=""/239, 0xef}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18, 0x12}, {0x0}, {&(0x7f00000004c0)=""/165, 0xa5}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000000580)=""/245, 0xf5}], 0x5, &(0x7f0000000700)=""/27, 0x1b}}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180, 0xb4}}], 0x4, 0x10162, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) read$msr(r2, &(0x7f0000000240)=""/45, 0x2d) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="1b0b00000000000000001fffffff200001801c0002006261746164765f736c6176655f31"], 0x34}}, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[], 0x1c}}, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096}) chdir(&(0x7f00000002c0)='\x00') 1.008947508s ago: executing program 3 (id=766): futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = io_uring_setup(0x497c, &(0x7f00000001c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) syz_emit_ethernet(0x3bb, &(0x7f00000030c0)={@local, @multicast, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "0ea57c", 0x385, 0x21, 0x0, @private1, @remote, {[@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @routing={0x0, 0x0, 0x0, 0x4}], {{0x0, 0x0, 0x4, 0x1, 0x9, 0x0, 0x0, 0x19d108a2f2edac0, 0x0, '#BO', 0x6, "c65925"}, "971bf68a12a60a6c278344e12451b35e4bb22f79ec643677d56c25df230f11d58af80ef2621fa5284f3ac998fafda9b0b7572bb51200e513ed07af2eeee71aabad19874f43014e2e8e35b80e3125e62a3b8932169bd13a28e929d3862187d8220e8bb4cd5726a04db30172249562d11bcc507b01f596fd206389a919e243ba120023925110e807d7a9325a3dc55fc7bd1e84c3c4e664b5d2ccaaea9e1896bffdf86e6ed2c9969ea6db628ce339da443aef5ec1ee647de3c79f28561f563cf96dcacd09ab6dbfb687ad7d76578671847f9960569a7ff5f7a6ce019f292ce57112ea831200307b31f1baeef796626399d119cfe1b87199c69fdd79086a321487c8512d2e52749d773125bba7cf30bd38f69edc2974f12d16338c3e96fec4637aeaea870446dedd328c889cbefce546d4758ce5ebc2a8bd79de122bc24fd6077425bce95f1afe1ba0b28fe8b57a9f4a5875a1451f955fa3c8646342550ab1394acba86ed501ecad1a0514a68e777fbac2b3fb4ec42784b8aa35815c3c044aa5a224ce6b877911b7ff2a72f3fb9e14e757b07ebbfc55084c6499bb5ea0eae6e0e0aded9b6e16adebfe810cfb4aac4a562d65db1fd3644988edd9b137b309eb47dcb1763c5062d4660421f6ba43643546b0c33d83063f37cb1013ee98cbcd1a616dda366b9073bf0eeb6fa148c581209cb630ecd0b084d56c7df5dfd52dac78dbc92f94f999436584f3d1fa55f11356565012668403926ddc0bea3e554f69af1f8c2fa01a29dbc8f82276e07020e76d5adb11e25bca6a2c692c9657f5ab92c8e177f9926bb134d7335b14b9c74acaaf35d6b248ff38a21e8f7607895dae0ea0ba11ef9197cf323b6a0ff0e7a824795c6597957dd8e8c2652324f0713a85b28791904cab0940274629e1f96f4af53702f355597cf9219a79f6caed322221ea862e9204c9060a4056577af2ce746cd10fcc0b1c371fb10ae7e714e7aadf816b3422793cf090ed2a8bead5a0da245b496cbd62a902f13d46f9d28667ab9fd326a8f059b1e7d0d417273fa3ba4549d5902de21f8c5ef92f77d874e0b71a8be6de17df99af9e5aa3791b731358586bb86787bc15b88d56e7fec0484c92fa507448504fc41be06f3070512463b968b4acd5da349f268ff7b4a8d0c09ef078809a4dccde6dc694f55cfae55d5be7844f8c0df662b390c8732323ce"}}}}}}, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r2, &(0x7f0000000980)={0x23b, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf6\x99\xfa\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xf6\xc6\x9ai\xd0\x17\xce\xc4Y\x06\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1a'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23b) socket$netlink(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f00000001c0)={0x0, 0x0, 0x0}) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0}) shutdown(0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000003c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000080)=@framed={{}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) 712.388124ms ago: executing program 0 (id=767): socket(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x9, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xa0}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000100)=0xfffffffffffffdbc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}]}, 0x70}, 0x1, 0x7}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="380000001000050700bbc0000000010007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001800120008000100736974000c0002000800020006"], 0x38}}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast2}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}]}}}]}, 0x40}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 653.747764ms ago: executing program 1 (id=768): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) pipe2$9p(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, &(0x7f0000000040)=0x3, 0xffffffffffffffe9) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r2, &(0x7f0000000440), 0x3fffffffffffe21, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) sched_setscheduler(0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f00000000c0)={@multicast2, @loopback, 0x0, 0x1, [@loopback]}, 0x14) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORT(0xffffffffffffffff, 0x400c4807, &(0x7f00000000c0)={0x3}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 513.438558ms ago: executing program 0 (id=769): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], &(0x7f0000000840)=""/262, 0x37, 0x106, 0x1}, 0x20) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x20040000) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_CT_DREG={0x8, 0x4, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r2}, 0x38) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') r4 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) writev(r4, &(0x7f00000000c0), 0x0) socket$netlink(0x10, 0x3, 0x12) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000000140)={0x0, "42b6fba4a1a5b905ae121bd94f07083671c2469ac2e166ba03d02ba2992c3d76"}) r7 = syz_open_dev$video4linux(&(0x7f0000000040), 0x200030007, 0x0) ioctl$VIDIOC_QUERYMENU(r7, 0xc040564a, &(0x7f0000000140)={0x0, 0x0, @value}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_COALESCE(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000000200000014030000", @ANYRES32=r10, @ANYBLOB="0800020003000000"], 0x24}, 0x1, 0x6c00}, 0x0) preadv(r3, &(0x7f00000031c0)=[{&(0x7f0000005e40)=""/4102, 0x1006}], 0x1, 0x0, 0x0) 113.539961ms ago: executing program 2 (id=770): sendto$inet_nvme_of_msg(0xffffffffffffffff, &(0x7f0000000180)={@icreq, @val=&(0x7f0000000300)="e1d45f79906f4e8132590e71ba5490dda6c1e0d531d29f689c8866bd11b939d1b30795bc29da4c201d322df3f1b4d05ada80096429571bbcb4dd4497b30e0c826d88f971a7fd1eaa85bf079768a58cad7b46c770ac5de53e0e13909bb9f2cb8ae6406eb761cc9d8629a71e27d090c2fb3e6faef6f1be03495bc37419e1d9ddbc7da313f9a20ef118053e0ee013135233791a5188581f283b9f473d5bef37bd50126574fc8b4a3cc78cb7940346c40c9b0c5866ba68e92e1ffcbbdb0a280020a0034e46fd01a2ca05dc5b6cda6c8f690bace6dfbaf201e679f297ca32353ced40943b33d8b270cd0a5e489236c2ad9dc6d441bb573f5bfb9462327a9eb17344405c2f9e6ea6853dd1fc55ed315b097de88338ea8af479496301ad56c7dcffd994319716d926aa943eb88b12caba6c0b"}, 0x88, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a280000000c0a010200000000000000000100000008000440000000000900020073797a3100000000c8000000020a01"], 0x190}}, 0x0) 90.674498ms ago: executing program 2 (id=771): socket$nl_generic(0x10, 0x3, 0x10) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r3 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil) r4 = shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) madvise(&(0x7f00001ad000/0x4000)=nil, 0x4000, 0xe) mlock(&(0x7f0000c0f000/0x3000)=nil, 0x3000) r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0xb2) dup2(r2, 0xffffffffffffffff) sendmsg$alg(0xffffffffffffffff, 0x0, 0x20840) read(r1, &(0x7f0000000240)=""/201, 0xc9) r6 = userfaultfd(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@index_off}, {@redirect_dir={'redirect_dir', 0x3d, './file1'}}, {@default_permissions}]}) chdir(&(0x7f0000000140)='./bus\x00') r7 = creat(&(0x7f0000000240)='./bus\x00', 0x0) r8 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) write$binfmt_elf64(r7, &(0x7f0000000100)=ANY=[], 0xfe3c) r9 = dup2(r8, r7) setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYRESHEX=r9, @ANYRES16=r4], 0x2, 0x0) finit_module(r8, 0x0, 0x0) statx(r8, 0x0, 0x2000, 0x200, &(0x7f0000000540)) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)) userfaultfd(0x38890b15878e7189) 42.717156ms ago: executing program 3 (id=772): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40) syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=773): r0 = socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) r2 = io_uring_setup(0x4d63, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) getpid() openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0) r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote}, 0x20) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000500)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r6, 0x5}) sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="92001fdb", @ANYRES16=r3, @ANYBLOB="270e00000000fcffffff04070200"], 0x14}, 0x1, 0x40030000000000}, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) openat$vnet(0xffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) chdir(0x0) kernel console output (not intermixed with test programs): eated IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.360961][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.395384][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.397240][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.399895][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.402024][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.405892][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.413779][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.418894][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.423221][ T5337] veth1_vlan: entered promiscuous mode [ 59.434354][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.434429][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.439140][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.441920][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.445630][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.453119][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.457420][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.464466][ T5336] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.467526][ T5336] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.470990][ T5336] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.474309][ T5336] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.493140][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.496588][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.541856][ T5337] veth0_macvtap: entered promiscuous mode [ 59.555459][ T5337] veth1_macvtap: entered promiscuous mode [ 59.592262][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.595211][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.609312][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.613764][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.618228][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.622567][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.627313][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.633695][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.639979][ T5337] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.645959][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.651323][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.655922][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.660012][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.663409][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.666891][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.673568][ T5337] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.699879][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.701441][ T5337] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.703261][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.706780][ T5337] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.714539][ T5337] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.717671][ T5337] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.808873][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.812358][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.832228][ T5401] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 59.852292][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.855543][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.928244][ T66] Bluetooth: hci3: command tx timeout [ 59.929422][ T5342] Bluetooth: hci0: command tx timeout [ 59.929682][ T5335] Bluetooth: hci2: command tx timeout [ 59.929715][ T5335] Bluetooth: hci1: command tx timeout [ 59.955645][ T5411] netlink: 'syz.0.1': attribute type 2 has an invalid length. [ 59.959734][ T5411] netlink: 'syz.0.1': attribute type 1 has an invalid length. [ 59.962570][ T5411] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.1'. [ 60.029006][ T5416] 9pnet_fd: Insufficient options for proto=fd [ 60.710029][ T39] kauditd_printk_skb: 53 callbacks suppressed [ 60.710039][ T39] audit: type=1400 audit(1722528557.385:169): avc: denied { write } for pid=5442 comm="syz.1.11" name="rt_acct" dev="proc" ino=4026532989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 60.724558][ T5443] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 60.724558][ T5443] program syz.1.11 not setting count and/or reply_len properly [ 60.735382][ T39] audit: type=1400 audit(1722528557.405:170): avc: denied { read } for pid=5442 comm="syz.1.11" dev="nsfs" ino=4026532965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 60.744070][ T39] audit: type=1400 audit(1722528557.405:171): avc: denied { open } for pid=5442 comm="syz.1.11" path="net:[4026532965]" dev="nsfs" ino=4026532965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 60.756017][ T39] audit: type=1400 audit(1722528557.405:172): avc: denied { bind } for pid=5442 comm="syz.1.11" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 60.833885][ T39] audit: type=1400 audit(1722528557.505:173): avc: denied { read } for pid=5452 comm="syz.2.14" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 60.847200][ T39] audit: type=1400 audit(1722528557.505:174): avc: denied { open } for pid=5452 comm="syz.2.14" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 60.907927][ T39] audit: type=1400 audit(1722528557.575:175): avc: denied { map_create } for pid=5452 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 60.925703][ T39] audit: type=1400 audit(1722528557.575:176): avc: denied { map_read map_write } for pid=5452 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.385673][ T39] audit: type=1400 audit(1722528558.055:177): avc: denied { ioctl } for pid=5454 comm="syz.0.15" path="socket:[8462]" dev="sockfs" ino=8462 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 61.421425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 61.424904][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 61.498143][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!! [ 61.600269][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.600688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.648567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!! [ 61.651462][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!! [ 61.653996][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!! [ 61.657290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!! [ 61.667709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 61.906553][ T39] audit: type=1400 audit(1722528558.575:178): avc: denied { ioctl } for pid=5475 comm="syz.0.19" path="socket:[10295]" dev="sockfs" ino=10295 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.008179][ T5342] Bluetooth: hci0: command tx timeout [ 62.008196][ T66] Bluetooth: hci3: command tx timeout [ 62.017889][ T66] Bluetooth: hci1: command tx timeout [ 62.019336][ T5342] Bluetooth: hci2: command tx timeout [ 62.296673][ T5494] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 62.296673][ T5494] program syz.1.24 not setting count and/or reply_len properly [ 62.820342][ T5506] 9pnet_fd: Insufficient options for proto=fd [ 62.985211][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.31'. [ 63.625849][ T5541] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 63.625849][ T5541] program syz.0.36 not setting count and/or reply_len properly [ 64.088462][ T5342] Bluetooth: hci1: command tx timeout [ 64.088611][ T5341] Bluetooth: hci0: command tx timeout [ 64.091945][ T66] Bluetooth: hci3: command tx timeout [ 64.100289][ T66] Bluetooth: hci2: command tx timeout [ 65.226296][ T5572] netlink: 'syz.1.44': attribute type 2 has an invalid length. [ 65.230588][ T5572] netlink: 'syz.1.44': attribute type 1 has an invalid length. [ 65.233231][ T5572] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.44'. [ 65.681866][ T5594] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 65.681866][ T5594] program syz.0.49 not setting count and/or reply_len properly [ 65.797555][ T5597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.51'. [ 66.375954][ T5617] netlink: 'syz.0.55': attribute type 2 has an invalid length. [ 66.379566][ T5617] netlink: 'syz.0.55': attribute type 1 has an invalid length. [ 66.382423][ T5617] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.55'. [ 66.935258][ T5640] netlink: 4 bytes leftover after parsing attributes in process `syz.2.60'. [ 67.144323][ T5659] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 67.144323][ T5659] program syz.2.63 not setting count and/or reply_len properly [ 67.496906][ T5664] netlink: 'syz.1.65': attribute type 2 has an invalid length. [ 67.500329][ T5664] netlink: 'syz.1.65': attribute type 1 has an invalid length. [ 67.503362][ T5664] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.65'. [ 67.823536][ T5670] netlink: 'syz.2.67': attribute type 2 has an invalid length. [ 67.826221][ T5670] netlink: 'syz.2.67': attribute type 1 has an invalid length. [ 67.829376][ T5670] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.67'. [ 68.269371][ T5694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.72'. [ 68.327927][ T5335] Bluetooth: hci0: command 0x0406 tx timeout [ 68.366657][ T5706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.74'. [ 68.476714][ T5717] netlink: 'syz.0.76': attribute type 2 has an invalid length. [ 68.479620][ T5717] netlink: 'syz.0.76': attribute type 1 has an invalid length. [ 68.482320][ T5717] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.76'. [ 68.487401][ T5712] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 68.487401][ T5712] program syz.1.75 not setting count and/or reply_len properly [ 68.497892][ T5341] Bluetooth: hci2: command 0x0406 tx timeout [ 68.565068][ T5725] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.78'. [ 69.462467][ T5750] 9pnet_fd: Insufficient options for proto=fd [ 69.609187][ T5341] Bluetooth: hci3: command 0x0406 tx timeout [ 70.108410][ T5777] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 70.108410][ T5777] program syz.0.92 not setting count and/or reply_len properly [ 70.449887][ T5788] 9pnet_fd: Insufficient options for proto=fd [ 70.679009][ T5799] __nla_validate_parse: 2 callbacks suppressed [ 70.679025][ T5799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.96'. [ 71.059163][ T5810] validate_nla: 4 callbacks suppressed [ 71.059179][ T5810] netlink: 'syz.3.99': attribute type 2 has an invalid length. [ 71.066667][ T5810] netlink: 'syz.3.99': attribute type 1 has an invalid length. [ 71.079951][ T5810] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.99'. [ 71.794088][ T5834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.106'. [ 72.195053][ T5851] 9pnet_fd: Insufficient options for proto=fd [ 72.452618][ T5855] netlink: 'syz.1.110': attribute type 2 has an invalid length. [ 72.469508][ T5855] netlink: 'syz.1.110': attribute type 1 has an invalid length. [ 72.472840][ T5855] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.110'. [ 73.337180][ T5876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.117'. [ 73.840894][ T5889] netlink: 'syz.3.119': attribute type 2 has an invalid length. [ 73.844062][ T5889] netlink: 'syz.3.119': attribute type 1 has an invalid length. [ 73.847055][ T5889] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.119'. [ 74.361678][ T5911] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'. [ 74.651838][ T5920] netlink: 'syz.3.128': attribute type 2 has an invalid length. [ 74.655611][ T5920] netlink: 'syz.3.128': attribute type 1 has an invalid length. [ 74.659359][ T5920] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.128'. [ 75.983251][ T5956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.136'. [ 76.309539][ T5969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.140'. [ 76.442235][ T5977] netlink: 'syz.1.139': attribute type 2 has an invalid length. [ 76.445642][ T5977] netlink: 'syz.1.139': attribute type 1 has an invalid length. [ 76.450025][ T5977] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.139'. [ 77.072962][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.076624][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.810477][ T39] kauditd_printk_skb: 11 callbacks suppressed [ 77.810491][ T39] audit: type=1400 audit(1722528574.485:190): avc: denied { read write } for pid=6007 comm="syz.3.150" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 77.824774][ T39] audit: type=1400 audit(1722528574.485:191): avc: denied { open } for pid=6007 comm="syz.3.150" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 77.834718][ T39] audit: type=1400 audit(1722528574.485:192): avc: denied { mounton } for pid=6007 comm="syz.3.150" path="/32/file0" dev="tmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 77.979186][ T6012] afs: Bad value for 'flock' [ 77.980258][ T39] audit: type=1400 audit(1722528574.655:193): avc: denied { mounton } for pid=6007 comm="syz.3.150" path="/32/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 78.141261][ T6014] netlink: 'syz.0.151': attribute type 2 has an invalid length. [ 78.144275][ T6014] netlink: 'syz.0.151': attribute type 1 has an invalid length. [ 78.147194][ T6014] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.151'. [ 78.640224][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.2.156'. [ 78.645149][ T39] audit: type=1400 audit(1722528575.315:194): avc: denied { unmount } for pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 78.865127][ T39] audit: type=1400 audit(1722528575.535:195): avc: denied { bind } for pid=6038 comm="syz.2.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.875934][ T39] audit: type=1400 audit(1722528575.545:196): avc: denied { listen } for pid=6038 comm="syz.2.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.884217][ T39] audit: type=1400 audit(1722528575.555:197): avc: denied { accept } for pid=6038 comm="syz.2.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.942592][ T6046] Zero length message leads to an empty skb [ 79.011965][ T6048] netlink: 'syz.0.160': attribute type 2 has an invalid length. [ 79.015267][ T6048] netlink: 'syz.0.160': attribute type 1 has an invalid length. [ 79.018723][ T6048] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.160'. [ 79.238474][ T57] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 79.427914][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 79.435288][ T57] usb 7-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 79.440942][ T57] usb 7-1: config 1 interface 0 has no altsetting 0 [ 79.448706][ T57] usb 7-1: New USB device found, idVendor=24b8, idProduct=0020, bcdDevice= 0.40 [ 79.452699][ T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.455728][ T57] usb 7-1: Product: syz [ 79.457361][ T57] usb 7-1: Manufacturer: syz [ 79.460122][ T57] usb 7-1: SerialNumber: syz [ 79.665106][ T6061] netlink: 'syz.3.163': attribute type 29 has an invalid length. [ 79.668505][ T6061] netlink: 'syz.3.163': attribute type 37 has an invalid length. [ 79.679149][ T39] audit: type=1400 audit(1722528576.345:198): avc: denied { bind } for pid=6060 comm="syz.3.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 79.696848][ T39] audit: type=1400 audit(1722528576.365:199): avc: denied { write } for pid=6060 comm="syz.3.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 80.427976][ T35] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 80.639688][ T35] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 80.643323][ T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.645945][ T35] usb 8-1: Product: syz [ 80.650307][ T35] usb 8-1: Manufacturer: syz [ 80.651885][ T35] usb 8-1: SerialNumber: syz [ 80.655562][ T35] usb 8-1: config 0 descriptor?? [ 81.062684][ T6069] netlink: 'syz.3.166': attribute type 5 has an invalid length. [ 81.086722][ T5386] usb 8-1: USB disconnect, device number 2 [ 81.148295][ T35] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 81.343962][ T35] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 81.348260][ T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.351921][ T35] usb 5-1: Product: syz [ 81.353825][ T35] usb 5-1: Manufacturer: syz [ 81.355940][ T35] usb 5-1: SerialNumber: syz [ 81.360450][ T35] usb 5-1: config 0 descriptor?? [ 81.575855][ T35] usb 5-1: USB disconnect, device number 2 [ 81.607286][ T6080] netlink: 'syz.1.169': attribute type 2 has an invalid length. [ 81.610766][ T6080] netlink: 'syz.1.169': attribute type 1 has an invalid length. [ 81.613484][ T6080] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.169'. [ 81.776105][ T57] usbhid 7-1:1.0: can't add hid device: -71 [ 81.779514][ T57] usbhid 7-1:1.0: probe with driver usbhid failed with error -71 [ 81.787646][ T57] usb 7-1: USB disconnect, device number 2 [ 81.871631][ T6088] syz.3.172 uses obsolete (PF_INET,SOCK_PACKET) [ 82.184908][ T1290] cfg80211: failed to load regulatory.db [ 84.615308][ T6131] netlink: 'syz.0.184': attribute type 2 has an invalid length. [ 84.620625][ T6131] netlink: 'syz.0.184': attribute type 1 has an invalid length. [ 84.623825][ T6131] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.184'. [ 84.676211][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.185'. [ 84.756119][ T6137] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 84.756119][ T6137] program syz.0.186 not setting count and/or reply_len properly [ 84.847020][ T6145] netlink: 'syz.1.187': attribute type 2 has an invalid length. [ 84.850505][ T6145] netlink: 'syz.1.187': attribute type 1 has an invalid length. [ 84.854429][ T6145] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.187'. [ 85.237213][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.192'. [ 85.381341][ T6169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'. [ 86.062295][ T6194] 9pnet_fd: Insufficient options for proto=fd [ 86.130526][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 86.130541][ T39] audit: type=1400 audit(1722528582.805:201): avc: denied { create } for pid=6193 comm="syz.0.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 86.152508][ T39] audit: type=1400 audit(1722528582.825:202): avc: denied { connect } for pid=6193 comm="syz.0.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 86.256459][ T6196] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 86.343031][ T6207] netlink: 'syz.3.203': attribute type 2 has an invalid length. [ 86.346402][ T6207] netlink: 'syz.3.203': attribute type 1 has an invalid length. [ 86.350281][ T6207] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.203'. [ 86.424364][ T6210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.204'. [ 87.080188][ T6246] netlink: 'syz.3.213': attribute type 2 has an invalid length. [ 87.083200][ T6246] netlink: 'syz.3.213': attribute type 1 has an invalid length. [ 87.086254][ T6246] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.213'. [ 87.129484][ T6250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'. [ 87.838107][ T5371] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 88.066003][ T5371] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 88.069881][ T5371] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.072663][ T5371] usb 6-1: Product: syz [ 88.074496][ T5371] usb 6-1: Manufacturer: syz [ 88.076228][ T5371] usb 6-1: SerialNumber: syz [ 88.089607][ T5371] usb 6-1: config 0 descriptor?? [ 88.513470][ T6272] netlink: 'syz.1.217': attribute type 5 has an invalid length. [ 88.542358][ T5375] usb 6-1: USB disconnect, device number 2 [ 89.231675][ T6294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.223'. [ 89.231763][ T6291] netlink: 'syz.3.222': attribute type 2 has an invalid length. [ 89.241064][ T6291] netlink: 'syz.3.222': attribute type 1 has an invalid length. [ 89.244499][ T6291] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.222'. [ 89.307012][ T6300] netlink: 28 bytes leftover after parsing attributes in process `syz.2.224'. [ 89.375493][ T39] audit: type=1400 audit(1722528586.045:203): avc: denied { write } for pid=6293 comm="syz.2.224" path="socket:[10060]" dev="sockfs" ino=10060 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 89.517943][ T6308] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 89.517943][ T6308] program syz.0.226 not setting count and/or reply_len properly [ 90.207946][ T5375] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 90.394304][ T5375] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 90.405122][ T5375] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.408328][ T5375] usb 8-1: Product: syz [ 90.409964][ T5375] usb 8-1: Manufacturer: syz [ 90.412522][ T5375] usb 8-1: SerialNumber: syz [ 90.416738][ T5375] usb 8-1: config 0 descriptor?? [ 90.844052][ T6326] netlink: 'syz.3.230': attribute type 5 has an invalid length. [ 90.860503][ T35] usb 8-1: USB disconnect, device number 3 [ 90.976784][ T6344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.234'. [ 91.847684][ T6371] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 91.847684][ T6371] program syz.3.239 not setting count and/or reply_len properly [ 92.003352][ T6378] netlink: 'syz.0.240': attribute type 2 has an invalid length. [ 92.007127][ T6378] netlink: 'syz.0.240': attribute type 1 has an invalid length. [ 92.010705][ T6378] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.240'. [ 92.094474][ T6386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.243'. [ 93.486587][ T6428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.253'. [ 93.675544][ T6438] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 93.675544][ T6438] program syz.1.254 not setting count and/or reply_len properly [ 95.178125][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.262'. [ 95.227178][ T6475] netlink: 'syz.2.263': attribute type 2 has an invalid length. [ 95.230730][ T6475] netlink: 'syz.2.263': attribute type 1 has an invalid length. [ 95.234158][ T6475] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.263'. [ 95.345642][ T39] audit: type=1400 audit(1722528592.015:204): avc: denied { execute } for pid=6482 comm="syz.0.265" path="/70/blkio.bfq.io_serviced_recursive" dev="tmpfs" ino=396 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 95.356453][ T39] audit: type=1400 audit(1722528592.025:205): avc: denied { create } for pid=6482 comm="syz.0.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 95.374387][ T39] audit: type=1400 audit(1722528592.045:206): avc: denied { create } for pid=6482 comm="syz.0.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 95.674611][ T6514] FAULT_INJECTION: forcing a failure. [ 95.674611][ T6514] name failslab, interval 1, probability 0, space 0, times 1 [ 95.680704][ T6514] CPU: 3 UID: 0 PID: 6514 Comm: syz.2.271 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 95.685345][ T6514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.690025][ T6514] Call Trace: [ 95.691521][ T6514] [ 95.692864][ T6514] dump_stack_lvl+0x16c/0x1f0 [ 95.694990][ T6514] should_fail_ex+0x497/0x5b0 [ 95.697036][ T6514] ? fs_reclaim_acquire+0xae/0x160 [ 95.698494][ T39] audit: type=1400 audit(1722528592.375:207): avc: denied { read } for pid=6517 comm="syz.3.272" name="fb1" dev="devtmpfs" ino=642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 95.699275][ T6514] should_failslab+0xc2/0x120 [ 95.699349][ T6514] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 95.699373][ T6514] ? __d_alloc+0x31/0xaa0 [ 95.699391][ T6514] __d_alloc+0x31/0xaa0 [ 95.699409][ T6514] ? __pfx_mark_lock+0x10/0x10 [ 95.699430][ T6514] d_alloc+0x4a/0x1e0 [ 95.699450][ T6514] d_alloc_parallel+0xe9/0x12b0 [ 95.699476][ T6514] ? __pfx_d_alloc_parallel+0x10/0x10 [ 95.708041][ T6518] netlink: 20 bytes leftover after parsing attributes in process `syz.3.272'. [ 95.712316][ T39] audit: type=1400 audit(1722528592.375:208): avc: denied { open } for pid=6517 comm="syz.3.272" path="/dev/fb1" dev="devtmpfs" ino=642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 95.714380][ T6514] ? lockdep_init_map_type+0x16d/0x7d0 [ 95.716188][ T39] audit: type=1400 audit(1722528592.375:209): avc: denied { create } for pid=6517 comm="syz.3.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 95.717943][ T6514] ? lockdep_init_map_type+0x16d/0x7d0 [ 95.717972][ T6514] __lookup_slow+0x194/0x460 [ 95.717996][ T6514] ? __pfx___lookup_slow+0x10/0x10 [ 95.718019][ T6514] ? __pfx_lock_release+0x10/0x10 [ 95.718040][ T6514] ? __startup_64+0x120/0x2a0 [ 95.718064][ T6514] ? __startup_64+0x120/0x2a0 [ 95.718086][ T6514] ? d_lookup+0xe9/0x180 [ 95.720102][ T39] audit: type=1400 audit(1722528592.385:210): avc: denied { ioctl } for pid=6517 comm="syz.3.272" path="/dev/fb1" dev="devtmpfs" ino=642 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 95.721790][ T6514] lookup_one_len+0x181/0x1b0 [ 95.769155][ T6514] ? __pfx_lookup_one_len+0x10/0x10 [ 95.769188][ T6514] ? mntput+0x10/0x90 [ 95.769212][ T6514] start_creating.part.0+0x12f/0x3a0 [ 95.769245][ T6514] __debugfs_create_file+0xa5/0x660 [ 95.769273][ T6514] debugfs_create_x8+0x70/0xa0 [ 95.769298][ T6514] ldisc_open+0x34e/0x910 [ 95.769321][ T6514] ? __pfx_ldisc_open+0x10/0x10 [ 95.769343][ T6514] ? down_write+0x14e/0x200 [ 95.769364][ T6514] ? __pfx_ldisc_open+0x10/0x10 [ 95.769386][ T6514] tty_ldisc_open+0x9c/0x120 [ 95.769409][ T6514] tty_set_ldisc+0x318/0x720 [ 95.769432][ T6514] tty_ioctl+0xbdc/0x15f0 [ 95.769457][ T6514] ? __pfx_tty_ioctl+0x10/0x10 [ 95.769480][ T6514] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 95.769509][ T6514] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 95.769531][ T6514] ? selinux_file_ioctl+0x180/0x270 [ 95.769556][ T6514] ? selinux_file_ioctl+0xb4/0x270 [ 95.769581][ T6514] ? __pfx_tty_ioctl+0x10/0x10 [ 95.769604][ T6514] __x64_sys_ioctl+0x193/0x220 [ 95.769630][ T6514] do_syscall_64+0xcd/0x250 [ 95.769649][ T6514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.769672][ T6514] RIP: 0033:0x7fe95ad773b9 [ 95.769686][ T6514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.769704][ T6514] RSP: 002b:00007fe95bba8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.769723][ T6514] RAX: ffffffffffffffda RBX: 00007fe95af05f80 RCX: 00007fe95ad773b9 [ 95.769736][ T6514] RDX: 0000000020000040 RSI: 0000000000005423 RDI: 0000000000000004 [ 95.769747][ T6514] RBP: 00007fe95bba80a0 R08: 0000000000000000 R09: 0000000000000000 [ 95.769759][ T6514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 95.769770][ T6514] R13: 000000000000000b R14: 00007fe95af05f80 R15: 00007fff7f7f93a8 [ 95.769784][ T6514] [ 95.830209][ T6521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.273'. [ 97.295319][ T39] audit: type=1400 audit(1722528593.965:211): avc: denied { name_bind } for pid=6556 comm="syz.2.281" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 97.296707][ T6557] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 97.304762][ T39] audit: type=1400 audit(1722528593.965:212): avc: denied { node_bind } for pid=6556 comm="syz.2.281" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 97.415674][ T6563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.284'. [ 97.574492][ T6574] netlink: 'syz.0.285': attribute type 2 has an invalid length. [ 97.578056][ T6574] netlink: 'syz.0.285': attribute type 1 has an invalid length. [ 97.581481][ T6574] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.285'. [ 97.629553][ T39] audit: type=1400 audit(1722528594.295:213): avc: denied { read } for pid=6579 comm="syz.3.287" name="card1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 97.777224][ T6590] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 97.872847][ T6594] sctp: [Deprecated]: syz.2.292 (pid 6594) Use of struct sctp_assoc_value in delayed_ack socket option. [ 97.872847][ T6594] Use struct sctp_sack_info instead [ 98.136917][ T6606] netlink: 4 bytes leftover after parsing attributes in process `syz.0.295'. [ 98.717226][ T6616] netlink: 'syz.1.297': attribute type 2 has an invalid length. [ 98.717245][ T6616] netlink: 'syz.1.297': attribute type 1 has an invalid length. [ 98.717254][ T6616] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.297'. [ 98.900639][ T6624] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 99.081397][ T6633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.304'. [ 99.342587][ T6653] vivid-000: disconnect [ 99.345666][ T6653] FAULT_INJECTION: forcing a failure. [ 99.345666][ T6653] name failslab, interval 1, probability 0, space 0, times 0 [ 99.350793][ T6653] CPU: 0 UID: 0 PID: 6653 Comm: syz.3.310 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 99.355071][ T6653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.359717][ T6653] Call Trace: [ 99.361197][ T6653] [ 99.362511][ T6653] dump_stack_lvl+0x16c/0x1f0 [ 99.364279][ T6653] should_fail_ex+0x497/0x5b0 [ 99.366029][ T6653] ? fs_reclaim_acquire+0xae/0x160 [ 99.367741][ T6653] should_failslab+0xc2/0x120 [ 99.369835][ T6653] __kmalloc_noprof+0xcb/0x400 [ 99.371839][ T6653] tomoyo_encode2+0x100/0x3e0 [ 99.373672][ T6653] tomoyo_encode+0x29/0x50 [ 99.375238][ T6653] tomoyo_realpath_from_path+0x19d/0x720 [ 99.377695][ T6653] tomoyo_check_open_permission+0x2a7/0x3b0 [ 99.379754][ T6653] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 99.382316][ T6653] ? __pfx___lock_acquire+0x10/0x10 [ 99.384425][ T6653] ? __pfx_hook_file_open+0x10/0x10 [ 99.386440][ T6653] ? path_get+0x61/0x80 [ 99.388216][ T6653] tomoyo_file_open+0x71/0x90 [ 99.390216][ T6653] security_file_open+0x78/0x8b0 [ 99.392434][ T6653] do_dentry_open+0x5c7/0x15f0 [ 99.394521][ T6653] ? inode_permission+0xdd/0x5f0 [ 99.396709][ T6653] vfs_open+0x82/0x3f0 [ 99.398503][ T6653] ? may_open+0x1f2/0x400 [ 99.400305][ T6653] path_openat+0x2141/0x2d20 [ 99.402149][ T6653] ? __pfx_path_openat+0x10/0x10 [ 99.404264][ T6653] ? __pfx___lock_acquire+0x10/0x10 [ 99.406194][ T6653] ? find_held_lock+0x2d/0x110 [ 99.408203][ T6653] do_filp_open+0x1dc/0x430 [ 99.410178][ T6653] ? __pfx_do_filp_open+0x10/0x10 [ 99.412406][ T6653] ? find_held_lock+0x2d/0x110 [ 99.414382][ T6653] ? _raw_spin_unlock+0x28/0x50 [ 99.416382][ T6653] ? alloc_fd+0x2d7/0x6c0 [ 99.418122][ T6653] do_sys_openat2+0x17a/0x1e0 [ 99.420181][ T6653] ? __pfx_do_sys_openat2+0x10/0x10 [ 99.422444][ T6653] __x64_sys_openat+0x175/0x210 [ 99.424676][ T6653] ? __pfx___x64_sys_openat+0x10/0x10 [ 99.427050][ T6653] ? ksys_write+0x1ab/0x260 [ 99.428999][ T6653] do_syscall_64+0xcd/0x250 [ 99.430597][ T6653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.433220][ T6653] RIP: 0033:0x7f3917575d50 [ 99.434760][ T6653] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8e 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8e 02 00 8b 44 [ 99.441672][ T6653] RSP: 002b:00007f39183bbb80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 99.445108][ T6653] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3917575d50 [ 99.448525][ T6653] RDX: 0000000000000002 RSI: 00007f39183bbc20 RDI: 00000000ffffff9c [ 99.451941][ T6653] RBP: 00007f39183bbc20 R08: 0000000000000000 R09: 00236f656469762f [ 99.455386][ T6653] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 99.458782][ T6653] R13: 000000000000000b R14: 00007f3917705f80 R15: 00007ffdd9e19d08 [ 99.462123][ T6653] [ 99.465800][ T6653] ERROR: Out of memory at tomoyo_realpath_from_path. [ 99.469740][ T6652] vivid-000: reconnect [ 99.536456][ T6656] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 99.848710][ T6674] netlink: 28 bytes leftover after parsing attributes in process `syz.3.319'. [ 99.951792][ T6676] FAULT_INJECTION: forcing a failure. [ 99.951792][ T6676] name failslab, interval 1, probability 0, space 0, times 0 [ 99.960815][ T6676] CPU: 2 UID: 0 PID: 6676 Comm: syz.3.320 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 99.965153][ T6676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.969390][ T6676] Call Trace: [ 99.970750][ T6676] [ 99.971964][ T6676] dump_stack_lvl+0x16c/0x1f0 [ 99.973934][ T6676] should_fail_ex+0x497/0x5b0 [ 99.975841][ T6676] ? fs_reclaim_acquire+0xae/0x160 [ 99.977884][ T6676] should_failslab+0xc2/0x120 [ 99.979966][ T6676] __kmalloc_cache_noprof+0x6b/0x300 [ 99.982162][ T6676] ? ip_set_create+0x33f/0x14d0 [ 99.984151][ T6676] ip_set_create+0x33f/0x14d0 [ 99.985848][ T6676] ? __pfx_ip_set_create+0x10/0x10 [ 99.987684][ T6676] nfnetlink_rcv_msg+0x9c3/0x11e0 [ 99.989483][ T6676] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 99.991525][ T6676] ? find_held_lock+0x2d/0x110 [ 99.993402][ T6676] ? avc_has_perm_noaudit+0x143/0x3a0 [ 99.995580][ T6676] netlink_rcv_skb+0x16b/0x440 [ 99.997321][ T6676] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 99.999558][ T6676] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 100.001436][ T6676] ? security_capable+0x98/0xd0 [ 100.003028][ T6676] ? ns_capable+0xd7/0x110 [ 100.004690][ T6676] nfnetlink_rcv+0x1b4/0x430 [ 100.006366][ T6676] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 100.008209][ T6676] ? netlink_deliver_tap+0x1ae/0xd90 [ 100.010019][ T6676] netlink_unicast+0x544/0x830 [ 100.011607][ T6676] ? __pfx_netlink_unicast+0x10/0x10 [ 100.013401][ T6676] netlink_sendmsg+0x8b8/0xd70 [ 100.015112][ T6676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.017267][ T6676] ? __import_iovec+0x1fd/0x6e0 [ 100.019282][ T6676] ____sys_sendmsg+0xab5/0xc90 [ 100.021244][ T6676] ? copy_msghdr_from_user+0x10b/0x160 [ 100.023474][ T6676] ? __pfx_____sys_sendmsg+0x10/0x10 [ 100.025658][ T6676] ? find_held_lock+0x2d/0x110 [ 100.027680][ T6676] ? __pfx___lock_acquire+0x10/0x10 [ 100.029683][ T6676] ___sys_sendmsg+0x135/0x1e0 [ 100.031581][ T6676] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.033728][ T6676] ? ksys_write+0x21c/0x260 [ 100.035568][ T6676] ? __fget_light+0x173/0x210 [ 100.037581][ T6676] __sys_sendmsg+0x117/0x1f0 [ 100.039496][ T6676] ? __pfx___sys_sendmsg+0x10/0x10 [ 100.041637][ T6676] do_syscall_64+0xcd/0x250 [ 100.043527][ T6676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.046010][ T6676] RIP: 0033:0x7f39175773b9 [ 100.047902][ T6676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.055924][ T6676] RSP: 002b:00007f39183bc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.059319][ T6676] RAX: ffffffffffffffda RBX: 00007f3917705f80 RCX: 00007f39175773b9 [ 100.062592][ T6676] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 100.065830][ T6676] RBP: 00007f39183bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.069081][ T6676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.072334][ T6676] R13: 000000000000000b R14: 00007f3917705f80 R15: 00007ffdd9e19d08 [ 100.075542][ T6676] [ 100.077063][ C2] vkms_vblank_simulate: vblank timer overrun [ 100.207393][ T6678] program syz.3.321 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 100.258182][ T6681] netlink: 32 bytes leftover after parsing attributes in process `syz.2.323'. [ 100.552322][ T6690] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.015065][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 101.015075][ T39] audit: type=1400 audit(1722528597.685:224): avc: denied { create } for pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 101.179263][ T39] audit: type=1400 audit(1722528597.855:225): avc: denied { create } for pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 101.186466][ T39] audit: type=1400 audit(1722528597.855:226): avc: denied { connect } for pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 101.248683][ T39] audit: type=1400 audit(1722528597.925:227): avc: denied { read } for pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 101.312698][ T39] audit: type=1400 audit(1722528597.985:228): avc: denied { write } for pid=6703 comm="syz.1.331" path="socket:[13306]" dev="sockfs" ino=13306 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 102.041865][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.335'. [ 102.317947][ T39] audit: type=1400 audit(1722528598.975:229): avc: denied { mounton } for pid=6737 comm="syz.1.337" path="/proc/274/task" dev="proc" ino=15577 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 103.510413][ T6768] program syz.2.344 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.511070][ T6772] netlink: 'syz.0.345': attribute type 2 has an invalid length. [ 103.518381][ T6772] netlink: 'syz.0.345': attribute type 1 has an invalid length. [ 103.521751][ T6772] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.345'. [ 103.578550][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.0.346'. [ 103.747687][ T6789] netlink: 32 bytes leftover after parsing attributes in process `syz.1.349'. [ 103.900964][ T39] audit: type=1400 audit(1722528600.575:230): avc: denied { shutdown } for pid=6798 comm="syz.0.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 103.912249][ T39] audit: type=1400 audit(1722528600.585:231): avc: denied { read } for pid=6798 comm="syz.0.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 103.989025][ T39] audit: type=1400 audit(1722528600.655:232): avc: denied { ioctl } for pid=6798 comm="syz.0.352" path="socket:[16489]" dev="sockfs" ino=16489 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 104.093977][ T39] audit: type=1400 audit(1722528600.765:233): avc: denied { read } for pid=6806 comm="syz.3.354" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 104.166449][ T6812] mkiss: ax0: crc mode is auto. [ 104.208468][ T6812] netlink: 'syz.3.354': attribute type 4 has an invalid length. [ 104.216268][ T6812] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.354'. [ 105.225027][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.359'. [ 106.649044][ T6868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.369'. [ 106.679189][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 106.679203][ T39] audit: type=1400 audit(1722528603.355:241): avc: denied { sys_module } for pid=6867 comm="syz.2.369" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 108.078217][ T6926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 108.344765][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.384'. [ 108.356025][ T39] audit: type=1400 audit(1722528605.025:242): avc: denied { read write } for pid=6936 comm="syz.1.384" dev="sockfs" ino=15688 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 108.365131][ T39] audit: type=1400 audit(1722528605.025:243): avc: denied { mount } for pid=6936 comm="syz.1.384" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 108.375939][ T39] audit: type=1400 audit(1722528605.055:244): avc: denied { unlink } for pid=6936 comm="syz.1.384" name="#1" dev="tmpfs" ino=534 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 108.376925][ T6938] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 108.391558][ T6938] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 108.400555][ T39] audit: type=1400 audit(1722528605.075:245): avc: denied { mount } for pid=6936 comm="syz.1.384" name="/" dev="overlay" ino=528 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 108.523555][ T39] audit: type=1400 audit(1722528605.195:246): avc: denied { unmount } for pid=5328 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 108.671676][ T6956] netlink: 36 bytes leftover after parsing attributes in process `syz.3.389'. [ 108.725655][ T6960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.391'. [ 109.730216][ T6996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.401'. [ 109.826735][ T7002] Bluetooth: MGMT ver 1.23 [ 109.898159][ T39] audit: type=1400 audit(1722528606.575:247): avc: denied { connect } for pid=7004 comm="syz.1.403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 110.088612][ T7024] sg_write: data in/out 830110031/238 bytes for SCSI command 0x0-- guessing data in; [ 110.088612][ T7024] program syz.2.408 not setting count and/or reply_len properly [ 110.278323][ T7027] netlink: 'syz.0.409': attribute type 2 has an invalid length. [ 110.281495][ T7027] netlink: 'syz.0.409': attribute type 1 has an invalid length. [ 110.284857][ T7027] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.409'. [ 110.370255][ T7030] program syz.0.410 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.469064][ T39] audit: type=1400 audit(1722528607.145:248): avc: denied { mounton } for pid=7029 comm="syz.0.410" path="/111/file0" dev="tmpfs" ino=615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 111.283631][ T39] audit: type=1400 audit(1722528607.955:249): avc: denied { setopt } for pid=7037 comm="syz.3.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 111.849225][ T7042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.414'. [ 112.043936][ T7053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.417'. [ 112.085478][ T7053] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 112.091985][ T7053] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 112.223211][ T7058] netlink: 'syz.1.418': attribute type 2 has an invalid length. [ 112.226753][ T7058] netlink: 'syz.1.418': attribute type 1 has an invalid length. [ 112.230844][ T7058] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.418'. [ 112.342611][ T7067] sg_write: data in/out 830110031/238 bytes for SCSI command 0x0-- guessing data in; [ 112.342611][ T7067] program syz.1.419 not setting count and/or reply_len properly [ 112.987231][ T39] audit: type=1400 audit(1722528609.655:250): avc: denied { create } for pid=7072 comm="syz.1.422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 113.006020][ T39] audit: type=1400 audit(1722528609.675:251): avc: denied { write } for pid=7072 comm="syz.1.422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 113.394131][ T7082] 9pnet_fd: Insufficient options for proto=fd [ 113.871953][ T7096] netlink: 'syz.0.428': attribute type 2 has an invalid length. [ 113.875419][ T7096] netlink: 'syz.0.428': attribute type 1 has an invalid length. [ 113.878995][ T7096] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.428'. [ 113.938764][ T39] audit: type=1400 audit(1722528610.605:252): avc: denied { setopt } for pid=7098 comm="syz.0.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 113.951441][ T39] audit: type=1400 audit(1722528610.615:253): avc: denied { write } for pid=7098 comm="syz.0.429" name="/" dev="configfs" ino=3085 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 113.961568][ T1290] usb 7-1: new low-speed USB device number 3 using dummy_hcd [ 113.966461][ T39] audit: type=1400 audit(1722528610.615:254): avc: denied { add_name } for pid=7098 comm="syz.0.429" name=".pending_reads" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 113.974891][ T39] audit: type=1400 audit(1722528610.615:255): avc: denied { create } for pid=7098 comm="syz.0.429" name=".pending_reads" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:configfs_t tclass=file permissive=1 [ 113.983120][ T39] audit: type=1400 audit(1722528610.615:256): avc: denied { mount } for pid=7098 comm="syz.0.429" name="/" dev="ramfs" ino=18437 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 114.159386][ T1290] usb 7-1: Invalid ep0 maxpacket: 64 [ 114.317852][ T1290] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 114.510378][ T1290] usb 7-1: Invalid ep0 maxpacket: 64 [ 114.512377][ T1290] usb usb7-port1: attempt power cycle [ 114.904436][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.435'. [ 114.927872][ T1290] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 114.929326][ T7118] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 114.935297][ T7118] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 114.969777][ T1290] usb 7-1: Invalid ep0 maxpacket: 64 [ 114.986012][ T7120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.436'. [ 115.136729][ T39] audit: type=1400 audit(1722528611.805:257): avc: denied { mount } for pid=7129 comm="syz.3.439" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 115.145927][ T1290] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 115.188474][ T1290] usb 7-1: Invalid ep0 maxpacket: 64 [ 115.188841][ T1290] usb usb7-port1: unable to enumerate USB device [ 115.209880][ T39] audit: type=1400 audit(1722528611.885:258): avc: denied { unmount } for pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 115.409084][ T7140] futex_wake_op: syz.3.440 tries to shift op by -1; fix this program [ 115.529275][ T7148] netlink: 'syz.3.443': attribute type 2 has an invalid length. [ 115.532367][ T7148] netlink: 'syz.3.443': attribute type 1 has an invalid length. [ 115.535561][ T7148] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.443'. [ 115.806934][ T7164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.447'. [ 115.962631][ T39] audit: type=1400 audit(1722528612.635:259): avc: denied { ioctl } for pid=7171 comm="syz.0.449" path="/dev/sg0" dev="devtmpfs" ino=707 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 116.073938][ T7178] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in; [ 116.073938][ T7178] program syz.1.452 not setting count and/or reply_len properly [ 116.552587][ T7182] netlink: 'syz.3.453': attribute type 2 has an invalid length. [ 116.556069][ T7182] netlink: 'syz.3.453': attribute type 1 has an invalid length. [ 116.560048][ T7182] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.453'. [ 116.661514][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.456'. [ 116.706365][ T7187] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in; [ 116.706365][ T7187] program syz.1.455 not setting count and/or reply_len properly [ 117.350477][ T7206] 9pnet_fd: Insufficient options for proto=fd [ 117.611724][ T7209] fuse: Bad value for 'fd' [ 117.835484][ T7218] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in; [ 117.835484][ T7218] program syz.2.464 not setting count and/or reply_len properly [ 118.325689][ T7226] netlink: 'syz.1.465': attribute type 2 has an invalid length. [ 118.328833][ T7226] netlink: 'syz.1.465': attribute type 1 has an invalid length. [ 118.332119][ T7226] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.465'. [ 118.393626][ T7229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.466'. [ 118.404208][ T7232] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.408364][ T7232] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.415062][ T7232] bridge0: entered allmulticast mode [ 118.430935][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 118.430949][ T39] audit: type=1400 audit(1722528615.105:270): avc: denied { name_bind } for pid=7230 comm="syz.2.467" src=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 118.482962][ T7235] ptm ptm29: ldisc open failed (-12), clearing slot 29 [ 118.547873][ T39] audit: type=1400 audit(1722528615.215:271): avc: denied { read } for pid=7240 comm="syz.1.468" name="ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 118.555451][ T39] audit: type=1400 audit(1722528615.215:272): avc: denied { open } for pid=7240 comm="syz.1.468" path="/dev/ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 118.565912][ T39] audit: type=1400 audit(1722528615.225:273): avc: denied { read } for pid=7240 comm="syz.1.468" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 118.574635][ T39] audit: type=1400 audit(1722528615.225:274): avc: denied { open } for pid=7240 comm="syz.1.468" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 119.695541][ T39] audit: type=1400 audit(1722528616.365:275): avc: denied { read } for pid=7252 comm="syz.2.471" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 119.708086][ T39] audit: type=1400 audit(1722528616.375:276): avc: denied { open } for pid=7252 comm="syz.2.471" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 119.708353][ T7253] binder: BC_ACQUIRE_RESULT not supported [ 119.718281][ T39] audit: type=1400 audit(1722528616.385:277): avc: denied { ioctl } for pid=7252 comm="syz.2.471" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 119.720963][ T7253] binder: 7252:7253 ioctl c0306201 20000640 returned -22 [ 119.860922][ T7259] netlink: 'syz.2.474': attribute type 2 has an invalid length. [ 119.864477][ T7259] netlink: 'syz.2.474': attribute type 1 has an invalid length. [ 119.868225][ T7259] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.474'. [ 119.985274][ T7264] netlink: 'syz.2.475': attribute type 2 has an invalid length. [ 119.988873][ T7264] netlink: 'syz.2.475': attribute type 1 has an invalid length. [ 119.992247][ T7264] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.475'. [ 120.000562][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.476'. [ 120.057002][ T39] audit: type=1400 audit(1722528616.725:278): avc: denied { getopt } for pid=7271 comm="syz.2.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 120.222961][ T7289] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in; [ 120.222961][ T7289] program syz.0.479 not setting count and/or reply_len properly [ 121.154373][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.488'. [ 121.281289][ T7323] sg_write: data in/out 830110031/338 bytes for SCSI command 0x0-- guessing data in; [ 121.281289][ T7323] program syz.1.489 not setting count and/or reply_len properly [ 121.312547][ T39] audit: type=1400 audit(1722528617.985:279): avc: denied { write } for pid=7324 comm="syz.2.490" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 121.560663][ T7329] warning: `syz.2.492' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 121.952463][ T7345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.498'. [ 121.973234][ T7342] 9pnet_fd: Insufficient options for proto=fd [ 122.401252][ T7376] netlink: 'syz.3.505': attribute type 2 has an invalid length. [ 122.404343][ T7376] netlink: 'syz.3.505': attribute type 1 has an invalid length. [ 122.406957][ T7376] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.505'. [ 122.502011][ T7382] sg_write: data in/out 830110031/338 bytes for SCSI command 0x0-- guessing data in; [ 122.502011][ T7382] program syz.3.506 not setting count and/or reply_len properly [ 123.414350][ T7408] netlink: 'syz.3.514': attribute type 2 has an invalid length. [ 123.417179][ T7408] netlink: 'syz.3.514': attribute type 1 has an invalid length. [ 123.425512][ T7408] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.514'. [ 123.560860][ T7415] FAULT_INJECTION: forcing a failure. [ 123.560860][ T7415] name failslab, interval 1, probability 0, space 0, times 0 [ 123.566969][ T7415] CPU: 3 UID: 0 PID: 7415 Comm: syz.2.516 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 123.571844][ T7415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.576911][ T7415] Call Trace: [ 123.578460][ T7415] [ 123.579840][ T7415] dump_stack_lvl+0x16c/0x1f0 [ 123.582075][ T7415] should_fail_ex+0x497/0x5b0 [ 123.584220][ T7415] should_failslab+0xc2/0x120 [ 123.586329][ T7415] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 123.588793][ T7415] ? skb_clone+0x190/0x3f0 [ 123.590951][ T7415] skb_clone+0x190/0x3f0 [ 123.592964][ T7415] dev_queue_xmit_nit+0x38f/0xba0 [ 123.595427][ T7415] dev_hard_start_xmit+0x56/0x790 [ 123.597789][ T7415] ? __kasan_slab_alloc+0x89/0x90 [ 123.600196][ T7415] __dev_queue_xmit+0x7c7/0x4300 [ 123.602517][ T7415] ? __pfx___dev_queue_xmit+0x10/0x10 [ 123.605026][ T7415] ? __asan_memcpy+0x3c/0x60 [ 123.607289][ T7415] ? __asan_memcpy+0x3c/0x60 [ 123.609583][ T7415] ? __skb_clone+0x570/0x760 [ 123.611738][ T7415] netlink_deliver_tap+0xa7d/0xd90 [ 123.614058][ T7415] netlink_unicast+0x606/0x830 [ 123.616385][ T7415] ? __pfx_netlink_unicast+0x10/0x10 [ 123.618842][ T7415] netlink_sendmsg+0x8b8/0xd70 [ 123.621202][ T7415] ? __pfx_netlink_sendmsg+0x10/0x10 [ 123.623690][ T7415] ? __import_iovec+0x1fd/0x6e0 [ 123.625950][ T7415] ____sys_sendmsg+0xab5/0xc90 [ 123.628180][ T7415] ? copy_msghdr_from_user+0x10b/0x160 [ 123.630731][ T7415] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.633108][ T7415] ? __lock_acquire+0x1620/0x3cb0 [ 123.635313][ T7415] ___sys_sendmsg+0x135/0x1e0 [ 123.637487][ T7415] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.639977][ T7415] ? __pfx___might_resched+0x10/0x10 [ 123.642420][ T7415] ? __might_fault+0xe3/0x190 [ 123.644728][ T7415] __sys_sendmmsg+0x1a1/0x450 [ 123.646995][ T7415] ? __pfx___sys_sendmmsg+0x10/0x10 [ 123.649170][ T7415] ? vfs_write+0x14d/0x1140 [ 123.650818][ T7415] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 123.653582][ T7415] ? fput+0x32/0x390 [ 123.655389][ T7415] ? ksys_write+0x1ab/0x260 [ 123.657716][ T7415] ? __pfx_ksys_write+0x10/0x10 [ 123.659990][ T7415] __x64_sys_sendmmsg+0x9c/0x100 [ 123.662367][ T7415] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.664852][ T7415] do_syscall_64+0xcd/0x250 [ 123.667027][ T7415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.669992][ T7415] RIP: 0033:0x7fe95ad773b9 [ 123.672053][ T7415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.680990][ T7415] RSP: 002b:00007fe95bba8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 123.684744][ T7415] RAX: ffffffffffffffda RBX: 00007fe95af05f80 RCX: 00007fe95ad773b9 [ 123.688559][ T7415] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 123.692206][ T7415] RBP: 00007fe95bba80a0 R08: 0000000000000000 R09: 0000000000000000 [ 123.695778][ T7415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 123.699402][ T7415] R13: 000000000000000b R14: 00007fe95af05f80 R15: 00007fff7f7f93a8 [ 123.702957][ T7415] [ 124.046635][ T7435] netlink: 'syz.0.523': attribute type 2 has an invalid length. [ 124.049757][ T7435] netlink: 'syz.0.523': attribute type 1 has an invalid length. [ 124.052943][ T7435] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.523'. [ 124.103620][ T7438] netlink: 4 bytes leftover after parsing attributes in process `syz.0.524'. [ 124.704630][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 124.704644][ T39] audit: type=1400 audit(1722528621.375:284): avc: denied { read } for pid=7457 comm="syz.2.528" name="mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 124.721778][ T39] audit: type=1400 audit(1722528621.385:285): avc: denied { open } for pid=7457 comm="syz.2.528" path="/dev/input/mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 125.021442][ T7474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.533'. [ 125.597863][ T35] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 125.778023][ T35] usb 5-1: Using ep0 maxpacket: 16 [ 125.782379][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 125.787094][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 125.792255][ T35] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 125.796079][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.801816][ T35] usb 5-1: config 0 descriptor?? [ 125.806911][ T7494] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 126.222786][ T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 126.226016][ T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 126.232939][ T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 126.235983][ T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 126.239846][ T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 126.254944][ T35] cp2112 0003:10C4:EA90.0002: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 126.430694][ T35] cp2112 0003:10C4:EA90.0002: error requesting version [ 126.444730][ T35] cp2112 0003:10C4:EA90.0002: probe with driver cp2112 failed with error -5 [ 126.634910][ T7494] fuse: Unknown parameter 'ÿ' [ 126.637320][ T7495] fuse: Unknown parameter 'ÿ' [ 126.646819][ T39] audit: type=1400 audit(1722528623.315:286): avc: denied { write } for pid=7492 comm="syz.0.538" path="socket:[18086]" dev="sockfs" ino=18086 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 126.666222][ T39] audit: type=1400 audit(1722528623.315:287): avc: denied { nlmsg_read } for pid=7492 comm="syz.0.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 126.805535][ T35] usb 5-1: USB disconnect, device number 3 [ 127.278889][ T7526] sg_write: data in/out 830110031/355 bytes for SCSI command 0x0-- guessing data in; [ 127.278889][ T7526] program syz.2.548 not setting count and/or reply_len properly [ 127.843672][ T39] audit: type=1400 audit(1722528624.515:288): avc: denied { write } for pid=7544 comm="syz.2.553" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 128.987967][ T57] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 129.187904][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 129.192076][ T57] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 129.194900][ T57] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 129.209587][ T57] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 129.212574][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 129.215753][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 129.221019][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 129.226346][ T57] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 129.242765][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.251500][ T57] usb 6-1: config 0 descriptor?? [ 129.267879][ T39] audit: type=1400 audit(1722528625.935:289): avc: denied { rename } for pid=4807 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 129.275339][ T39] audit: type=1400 audit(1722528625.935:290): avc: denied { unlink } for pid=4807 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 129.285623][ T39] audit: type=1400 audit(1722528625.935:291): avc: denied { create } for pid=4807 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 129.421420][ T7573] sg_write: data in/out 830110031/363 bytes for SCSI command 0x0-- guessing data in; [ 129.421420][ T7573] program syz.3.562 not setting count and/or reply_len properly [ 129.480116][ T57] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 129.498742][ T57] usb 6-1: USB disconnect, device number 3 [ 129.518854][ T5329] udevd[5329]: setting owner of /dev/usb/lp0 to uid=0, gid=7 failed: No such file or directory [ 129.518974][ T57] usblp0: removed [ 129.796475][ T7585] netlink: 'syz.0.565': attribute type 2 has an invalid length. [ 129.799505][ T7585] netlink: 'syz.0.565': attribute type 1 has an invalid length. [ 129.802301][ T7585] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.565'. [ 129.813149][ T7588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.566'. [ 130.057931][ T57] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 130.248013][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 130.251754][ T57] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 130.254598][ T57] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 130.257461][ T57] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 130.260512][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 130.263715][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 130.266987][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 130.271925][ T57] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 130.274954][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.279367][ T57] usb 6-1: config 0 descriptor?? [ 130.489673][ T57] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 130.704438][ T39] audit: type=1400 audit(1722528627.375:292): avc: denied { read write } for pid=7560 comm="syz.1.559" name="lp0" dev="devtmpfs" ino=2451 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 130.712422][ T39] audit: type=1400 audit(1722528627.375:293): avc: denied { open } for pid=7560 comm="syz.1.559" path="/dev/usb/lp0" dev="devtmpfs" ino=2451 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 130.957429][ T39] audit: type=1400 audit(1722528627.625:294): avc: denied { listen } for pid=7609 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 130.964118][ T39] audit: type=1400 audit(1722528627.625:295): avc: denied { read } for pid=7609 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 130.970812][ T7561] netlink: 28 bytes leftover after parsing attributes in process `syz.1.559'. [ 130.973422][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.559'. [ 130.981173][ T5375] usb 6-1: USB disconnect, device number 4 [ 130.987415][ T5375] usblp0: removed [ 131.025077][ T39] audit: type=1400 audit(1722528627.695:296): avc: denied { block_suspend } for pid=7609 comm="syz.3.571" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 131.205674][ T7625] netlink: 'syz.0.575': attribute type 2 has an invalid length. [ 131.209483][ T7625] netlink: 'syz.0.575': attribute type 1 has an invalid length. [ 131.213187][ T7625] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.575'. [ 131.253738][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.576'. [ 131.292997][ T7630] sg_write: data in/out 830110031/363 bytes for SCSI command 0x0-- guessing data in; [ 131.292997][ T7630] program syz.0.577 not setting count and/or reply_len properly [ 131.378922][ T39] audit: type=1400 audit(1722528628.055:297): avc: denied { create } for pid=7638 comm="syz.2.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 131.409246][ T7639] xt_policy: output policy not valid in PREROUTING and INPUT [ 132.521804][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 132.585950][ T7673] netlink: 'syz.3.588': attribute type 2 has an invalid length. [ 132.589434][ T7673] netlink: 'syz.3.588': attribute type 1 has an invalid length. [ 132.592044][ T7673] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.588'. [ 132.741389][ T7682] sg_write: data in/out 830110031/363 bytes for SCSI command 0x0-- guessing data in; [ 132.741389][ T7682] program syz.1.591 not setting count and/or reply_len properly [ 133.179633][ T7695] FAULT_INJECTION: forcing a failure. [ 133.179633][ T7695] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 133.184986][ T7695] CPU: 0 UID: 0 PID: 7695 Comm: syz.0.594 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 133.188811][ T7695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.193085][ T7695] Call Trace: [ 133.194419][ T7695] [ 133.194529][ T7691] kvm: pic: non byte write [ 133.195588][ T7695] dump_stack_lvl+0x16c/0x1f0 [ 133.199482][ T7695] should_fail_ex+0x497/0x5b0 [ 133.201322][ T7695] _copy_to_user+0x30/0xc0 [ 133.203069][ T7695] vivid_radio_rx_read+0x7db/0xba0 [ 133.205083][ T7695] ? __pfx_vivid_radio_rx_read+0x10/0x10 [ 133.207279][ T7695] ? inode_security+0x101/0x130 [ 133.209191][ T7695] ? avc_policy_seqno+0x9/0x20 [ 133.211054][ T7695] vivid_radio_read+0x86/0xc0 [ 133.212911][ T7695] v4l2_read+0x22c/0x360 [ 133.214564][ T7695] ? __pfx_v4l2_read+0x10/0x10 [ 133.216434][ T7695] vfs_read+0x1d4/0xbd0 [ 133.218104][ T7695] ? __pfx_vfs_read+0x10/0x10 [ 133.219968][ T7695] ? __fget_files+0x256/0x400 [ 133.221811][ T7695] ? __fget_light+0x173/0x210 [ 133.223667][ T7695] ksys_read+0x12f/0x260 [ 133.225317][ T7695] ? __pfx_ksys_read+0x10/0x10 [ 133.227174][ T7695] do_syscall_64+0xcd/0x250 [ 133.229001][ T7695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.231301][ T7695] RIP: 0033:0x7f01b03773b9 [ 133.233082][ T7695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.240478][ T7695] RSP: 002b:00007f01b11e1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 133.243708][ T7695] RAX: ffffffffffffffda RBX: 00007f01b0505f80 RCX: 00007f01b03773b9 [ 133.246752][ T7695] RDX: 0000000000002020 RSI: 00000000200003c0 RDI: 0000000000000003 [ 133.249820][ T7695] RBP: 00007f01b11e10a0 R08: 0000000000000000 R09: 0000000000000000 [ 133.252903][ T7695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 133.255955][ T7695] R13: 000000000000000b R14: 00007f01b0505f80 R15: 00007ffef4ed9a98 [ 133.259010][ T7695] [ 133.421880][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.597'. [ 133.433742][ T7706] netlink: 12 bytes leftover after parsing attributes in process `syz.0.597'. [ 133.484646][ T5342] Bluetooth: hci2: unexpected event for opcode 0x2024 [ 133.514756][ T7711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.599'. [ 133.639196][ T39] audit: type=1400 audit(1722528630.305:298): avc: denied { connect } for pid=7725 comm="syz.3.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 133.646616][ T39] audit: type=1400 audit(1722528630.315:299): avc: denied { create } for pid=7725 comm="syz.3.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 133.682494][ T39] audit: type=1400 audit(1722528630.355:300): avc: denied { connect } for pid=7728 comm="syz.3.604" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 133.784028][ T7729] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 134.059654][ T7734] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in; [ 134.059654][ T7734] program syz.1.605 not setting count and/or reply_len properly [ 134.545402][ T39] audit: type=1400 audit(1722528631.215:301): avc: denied { execute } for pid=7742 comm="syz.3.608" name="file1" dev="tmpfs" ino=860 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 134.545490][ T7743] process 'syz.3.608' launched './file1' with NULL argv: empty string added [ 135.036532][ T7770] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in; [ 135.036532][ T7770] program syz.1.617 not setting count and/or reply_len properly [ 135.049318][ T7774] FAULT_INJECTION: forcing a failure. [ 135.049318][ T7774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.054134][ T7774] CPU: 1 UID: 0 PID: 7774 Comm: syz.3.618 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 135.057879][ T7774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.062586][ T7774] Call Trace: [ 135.063742][ T7774] [ 135.064769][ T7774] dump_stack_lvl+0x16c/0x1f0 [ 135.066512][ T7774] should_fail_ex+0x497/0x5b0 [ 135.068363][ T7774] _copy_from_user+0x30/0xf0 [ 135.069918][ T7774] io_uring_setup+0xa2/0x36c0 [ 135.071512][ T7774] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 135.073528][ T7774] ? __pfx_io_uring_setup+0x10/0x10 [ 135.075305][ T7774] ? ksys_write+0x1ab/0x260 [ 135.076840][ T7774] ? __pfx_ksys_write+0x10/0x10 [ 135.078528][ T7774] __x64_sys_io_uring_setup+0x98/0x140 [ 135.080681][ T7774] do_syscall_64+0xcd/0x250 [ 135.082471][ T7774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.084614][ T7774] RIP: 0033:0x7f39175773b9 [ 135.086143][ T7774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.093181][ T7774] RSP: 002b:00007f39183bc048 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 135.096042][ T7774] RAX: ffffffffffffffda RBX: 00007f3917705f80 RCX: 00007f39175773b9 [ 135.098767][ T7774] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 00000000000021b6 [ 135.101617][ T7774] RBP: 00007f39183bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 135.104382][ T7774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.107120][ T7774] R13: 000000000000000b R14: 00007f3917705f80 R15: 00007ffdd9e19d08 [ 135.110454][ T7774] [ 136.080117][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 136.080132][ T39] audit: type=1400 audit(1722528632.755:306): avc: denied { create } for pid=7809 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 136.089522][ T39] audit: type=1400 audit(1722528632.755:307): avc: denied { getopt } for pid=7809 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 136.106145][ T39] audit: type=1400 audit(1722528632.775:308): avc: denied { create } for pid=7809 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 136.717930][ T5375] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 136.897983][ T5375] usb 7-1: Using ep0 maxpacket: 32 [ 136.908348][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 136.912002][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 136.915878][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 136.920062][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 136.927910][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 136.931264][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 136.935593][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 136.943657][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.948642][ T5375] usb 7-1: config 0 descriptor?? [ 137.164862][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 137.178426][ T5375] usb 7-1: USB disconnect, device number 7 [ 137.186016][ T5375] usblp0: removed [ 137.464523][ T7828] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in; [ 137.464523][ T7828] program syz.1.633 not setting count and/or reply_len properly [ 137.532110][ T5342] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 137.535955][ T5342] Bluetooth: hci2: Injecting HCI hardware error event [ 137.539143][ T5342] Bluetooth: hci2: hardware error 0x00 [ 137.737924][ T5375] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 137.790863][ T39] audit: type=1400 audit(1722528634.465:309): avc: denied { watch_reads } for pid=7831 comm="syz.0.634" path="/163" dev="tmpfs" ino=897 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 137.918105][ T5375] usb 7-1: Using ep0 maxpacket: 32 [ 137.921177][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 137.923709][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 137.926229][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 137.929078][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 137.931965][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 137.934816][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 137.938680][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 137.941326][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.945264][ T5375] usb 7-1: config 0 descriptor?? [ 138.158448][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 138.257854][ T57] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 138.369492][ T39] audit: type=1400 audit(1722528635.045:310): avc: denied { listen } for pid=7842 comm="syz.3.638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 138.438005][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 138.442257][ T57] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 138.445890][ T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 138.450307][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 138.454660][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 138.459353][ T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.464968][ T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 138.469114][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.490400][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.493146][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.619793][ T7823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.631'. [ 138.623700][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.631'. [ 138.636787][ T830] usb 7-1: USB disconnect, device number 8 [ 138.642446][ T830] usblp0: removed [ 138.690238][ T39] audit: type=1400 audit(1722528635.365:311): avc: denied { wake_alarm } for pid=7834 comm="syz.0.635" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 138.703654][ T57] usb 5-1: usb_control_msg returned -32 [ 138.705550][ T57] usbtmc 5-1:16.0: can't read capabilities [ 138.707930][ T39] audit: type=1400 audit(1722528635.365:312): avc: denied { read write } for pid=7849 comm="syz.1.640" name="uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 138.717427][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 138.721414][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 138.724298][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 138.727133][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 138.727821][ T39] audit: type=1400 audit(1722528635.365:313): avc: denied { open } for pid=7849 comm="syz.1.640" path="/dev/uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 138.735869][ T5386] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 139.260494][ T57] usb 5-1: USB disconnect, device number 4 [ 139.608207][ T5342] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 139.800803][ T7864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.802627][ T39] audit: type=1400 audit(1722528636.465:314): avc: denied { ioctl } for pid=7863 comm="syz.0.644" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 139.804719][ T7864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.822131][ T39] audit: type=1400 audit(1722528636.465:315): avc: denied { ioctl } for pid=7863 comm="syz.0.644" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 139.890910][ T7868] sg_write: data in/out 830110031/369 bytes for SCSI command 0x0-- guessing data in; [ 139.890910][ T7868] program syz.1.645 not setting count and/or reply_len properly [ 140.067947][ T57] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 140.247855][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 140.254119][ T57] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 140.257343][ T57] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 140.260898][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 140.264305][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 140.270230][ T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 140.274330][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 140.280127][ T57] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 140.283632][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.289489][ T57] usb 5-1: config 0 descriptor?? [ 140.505538][ T57] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 140.531748][ T57] usb 5-1: USB disconnect, device number 5 [ 140.556981][ T57] usblp0: removed [ 140.878626][ T5372] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 141.067830][ T5372] usb 6-1: Using ep0 maxpacket: 32 [ 141.067849][ T57] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 141.073732][ T5372] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 141.076793][ T5372] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 141.080445][ T5372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 141.084396][ T5372] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 141.088672][ T5372] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 141.092090][ T5372] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 141.097494][ T5372] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 141.100862][ T5372] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.105049][ T5372] usb 6-1: config 0 descriptor?? [ 141.257847][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 141.270574][ T57] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 141.274388][ T57] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 141.279120][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 141.283676][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 141.289170][ T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 141.293477][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 141.299153][ T57] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 141.302788][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.314871][ T57] usb 5-1: config 0 descriptor?? [ 141.329947][ T5372] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 141.357857][ T5372] usb 6-1: USB disconnect, device number 5 [ 141.387822][ T5372] usblp0: removed [ 141.623827][ T57] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 141.841638][ T57] usb 5-1: USB disconnect, device number 6 [ 141.849779][ T57] usblp0: removed [ 141.943988][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 141.944224][ T39] audit: type=1400 audit(1722528638.615:317): avc: denied { remount } for pid=7900 comm="syz.0.655" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 141.955234][ T5372] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 142.104473][ T39] audit: type=1400 audit(1722528638.775:318): avc: denied { read } for pid=7894 comm="syz.2.654" name="ptp0" dev="devtmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 142.113963][ T39] audit: type=1400 audit(1722528638.775:319): avc: denied { open } for pid=7894 comm="syz.2.654" path="/dev/ptp0" dev="devtmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 142.148004][ T7913] FAULT_INJECTION: forcing a failure. [ 142.148004][ T7913] name failslab, interval 1, probability 0, space 0, times 0 [ 142.153830][ T7913] CPU: 2 UID: 0 PID: 7913 Comm: syz.0.657 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 142.158482][ T7913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.163197][ T7913] Call Trace: [ 142.164700][ T7913] [ 142.166027][ T7913] dump_stack_lvl+0x16c/0x1f0 [ 142.168190][ T7913] should_fail_ex+0x497/0x5b0 [ 142.170587][ T7913] ? fs_reclaim_acquire+0xae/0x160 [ 142.172869][ T7913] should_failslab+0xc2/0x120 [ 142.174958][ T7913] __kmalloc_noprof+0xcb/0x400 [ 142.177080][ T7913] tomoyo_encode2+0x100/0x3e0 [ 142.179159][ T7913] tomoyo_encode+0x29/0x50 [ 142.181167][ T7913] tomoyo_realpath_from_path+0x19d/0x720 [ 142.183721][ T7913] tomoyo_check_open_permission+0x2a7/0x3b0 [ 142.186345][ T7913] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 142.189134][ T7913] ? __pfx___lock_acquire+0x10/0x10 [ 142.191448][ T7913] ? __pfx_hook_file_open+0x10/0x10 [ 142.193763][ T7913] ? path_get+0x61/0x80 [ 142.195618][ T7913] tomoyo_file_open+0x71/0x90 [ 142.197687][ T7913] security_file_open+0x78/0x8b0 [ 142.199875][ T7913] do_dentry_open+0x5c7/0x15f0 [ 142.200919][ T5372] usb 6-1: Using ep0 maxpacket: 32 [ 142.202029][ T7913] ? inode_permission+0xdd/0x5f0 [ 142.202078][ T7913] vfs_open+0x82/0x3f0 [ 142.208236][ T7913] ? may_open+0x1f2/0x400 [ 142.210146][ T7913] path_openat+0x2141/0x2d20 [ 142.212245][ T7913] ? __pfx_path_openat+0x10/0x10 [ 142.212725][ T5372] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 142.214468][ T7913] ? __pfx___lock_acquire+0x10/0x10 [ 142.214491][ T7913] ? find_held_lock+0x2d/0x110 [ 142.214520][ T7913] do_filp_open+0x1dc/0x430 [ 142.214536][ T7913] ? __pfx_do_filp_open+0x10/0x10 [ 142.221709][ T5372] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 142.222407][ T7913] ? find_held_lock+0x2d/0x110 [ 142.222441][ T7913] ? _raw_spin_unlock+0x28/0x50 [ 142.224325][ T5372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 142.226506][ T7913] ? alloc_fd+0x2d7/0x6c0 [ 142.226535][ T7913] do_sys_openat2+0x17a/0x1e0 [ 142.226559][ T7913] ? __pfx_do_sys_openat2+0x10/0x10 [ 142.226584][ T7913] __x64_sys_openat+0x175/0x210 [ 142.230584][ T5372] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 142.232128][ T7913] ? __pfx___x64_sys_openat+0x10/0x10 [ 142.232154][ T7913] ? ksys_write+0x1ab/0x260 [ 142.237825][ T5372] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 142.239358][ T7913] do_syscall_64+0xcd/0x250 [ 142.239382][ T7913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.239405][ T7913] RIP: 0033:0x7f01b03773b9 [ 142.241112][ T5372] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 142.243359][ T7913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.243380][ T7913] RSP: 002b:00007f01b11e1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 142.243400][ T7913] RAX: ffffffffffffffda RBX: 00007f01b0505f80 RCX: 00007f01b03773b9 [ 142.245231][ T5372] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 142.249336][ T7913] RDX: 0000000000000002 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 142.249352][ T7913] RBP: 00007f01b11e10a0 R08: 0000000000000000 R09: 0000000000000000 [ 142.249363][ T7913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.249374][ T7913] R13: 000000000000000b R14: 00007f01b0505f80 R15: 00007ffef4ed9a98 [ 142.249389][ T7913] [ 142.257004][ T7913] ERROR: Out of memory at tomoyo_realpath_from_path. [ 142.258045][ T5372] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.361097][ T5372] usb 6-1: config 0 descriptor?? [ 142.533949][ T7920] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in; [ 142.533949][ T7920] program syz.0.659 not setting count and/or reply_len properly [ 142.544372][ T5342] Bluetooth: hci1: SCO packet for unknown connection handle 1 [ 142.579877][ T5372] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 142.812406][ T39] audit: type=1400 audit(1722528639.485:320): avc: denied { read } for pid=7926 comm="syz.3.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 143.036730][ T7890] netlink: 28 bytes leftover after parsing attributes in process `syz.1.652'. [ 143.040698][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.652'. [ 143.052194][ T25] usb 6-1: USB disconnect, device number 6 [ 143.056905][ T25] usblp0: removed [ 143.799252][ T7943] netlink: 'syz.0.665': attribute type 4 has an invalid length. [ 143.894970][ T7944] netlink: 'syz.0.665': attribute type 4 has an invalid length. [ 144.038091][ T39] audit: type=1400 audit(1722528640.695:321): avc: denied { create } for pid=7947 comm="syz.3.667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 144.217522][ T7944] syz.0.665 (7944) used greatest stack depth: 21280 bytes left [ 144.262217][ T7964] FAULT_INJECTION: forcing a failure. [ 144.262217][ T7964] name failslab, interval 1, probability 0, space 0, times 0 [ 144.277099][ T7964] CPU: 3 UID: 0 PID: 7964 Comm: syz.3.669 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 144.281258][ T7964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.285661][ T7964] Call Trace: [ 144.287162][ T7964] [ 144.288456][ T7964] dump_stack_lvl+0x16c/0x1f0 [ 144.290383][ T7964] should_fail_ex+0x497/0x5b0 [ 144.292475][ T7964] ? fs_reclaim_acquire+0xae/0x160 [ 144.294586][ T7964] should_failslab+0xc2/0x120 [ 144.296740][ T7964] kmem_cache_alloc_bulk_noprof+0xa7/0x930 [ 144.299332][ T7964] ? rcu_is_watching+0x12/0xc0 [ 144.301450][ T7964] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 144.303709][ T7964] ? kmem_cache_alloc_noprof+0x174/0x2f0 [ 144.305882][ T7964] ? mas_alloc_nodes+0x39b/0x860 [ 144.307556][ T7964] mas_alloc_nodes+0x39b/0x860 [ 144.309642][ T7964] mas_node_count_gfp+0x105/0x130 [ 144.311908][ T7964] mas_preallocate+0x3bb/0x1020 [ 144.314116][ T7964] ? __pfx_mas_preallocate+0x10/0x10 [ 144.316482][ T7964] ? anon_vma_name+0x75/0x100 [ 144.318575][ T7964] __split_vma+0x474/0x11c0 [ 144.320607][ T7964] ? __pfx___split_vma+0x10/0x10 [ 144.322802][ T7964] vma_modify+0x2b9/0x360 [ 144.324668][ T7964] mlock_fixup+0x2ef/0x1080 [ 144.326582][ T7964] apply_vma_lock_flags+0x24e/0x370 [ 144.328806][ T7964] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 144.331229][ T7964] ? vfs_write+0x14d/0x1140 [ 144.333288][ T7964] ? __pfx_down_write_killable+0x10/0x10 [ 144.335800][ T7964] do_mlock+0x25e/0x7c0 [ 144.337675][ T7964] ? __pfx_do_mlock+0x10/0x10 [ 144.339997][ T7964] ? fput+0x32/0x390 [ 144.341733][ T7964] ? ksys_write+0x1ab/0x260 [ 144.343669][ T7964] ? __pfx_ksys_write+0x10/0x10 [ 144.345769][ T7964] __x64_sys_mlock+0x59/0x80 [ 144.347567][ T7964] do_syscall_64+0xcd/0x250 [ 144.349552][ T7964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.352189][ T7964] RIP: 0033:0x7f39175773b9 [ 144.354158][ T7964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.361466][ T7964] RSP: 002b:00007f391839b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 144.365150][ T7964] RAX: ffffffffffffffda RBX: 00007f3917706058 RCX: 00007f39175773b9 [ 144.368658][ T7964] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020000000 [ 144.372144][ T7964] RBP: 00007f391839b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 144.375656][ T7964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.379129][ T7964] R13: 000000000000006e R14: 00007f3917706058 R15: 00007ffdd9e19d08 [ 144.382620][ T7964] [ 144.541117][ T7971] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in; [ 144.541117][ T7971] program syz.2.672 not setting count and/or reply_len properly [ 145.427887][ T5375] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 145.617858][ T5375] usb 7-1: Using ep0 maxpacket: 32 [ 145.630637][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 145.637890][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 145.641185][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 145.645741][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 145.656026][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 145.664812][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 145.675894][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 145.681677][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.691736][ T5375] usb 7-1: config 0 descriptor?? [ 145.934073][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 145.941294][ T5375] usb 7-1: USB disconnect, device number 9 [ 145.946782][ T5375] usblp0: removed [ 146.527938][ T5375] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 146.731504][ T5375] usb 7-1: Using ep0 maxpacket: 32 [ 146.735419][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 146.738863][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 146.742415][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 146.745864][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 146.751393][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 146.755368][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 146.762151][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 146.766132][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.774180][ T5375] usb 7-1: config 0 descriptor?? [ 146.789399][ T7998] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 146.878402][ T8003] 9pnet_fd: Insufficient options for proto=fd [ 146.997540][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 147.167923][ T39] audit: type=1400 audit(1722528643.835:322): avc: denied { ioctl } for pid=8007 comm="syz.0.682" path="/dev/usb/lp0" dev="devtmpfs" ino=2495 ioctlcmd=0xc002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 147.178155][ T8008] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in; [ 147.178155][ T8008] program syz.0.682 not setting count and/or reply_len properly [ 147.390665][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'. [ 147.456614][ T7982] netlink: 28 bytes leftover after parsing attributes in process `syz.2.675'. [ 147.460797][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.675'. [ 147.468752][ T5371] usb 7-1: USB disconnect, device number 10 [ 147.473101][ T5371] usblp0: removed [ 147.536320][ T39] audit: type=1400 audit(1722528644.205:323): avc: denied { bind } for pid=8019 comm="syz.1.684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 147.543604][ T39] audit: type=1400 audit(1722528644.205:324): avc: denied { name_bind } for pid=8019 comm="syz.1.684" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 147.552997][ T39] audit: type=1400 audit(1722528644.205:325): avc: denied { node_bind } for pid=8019 comm="syz.1.684" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 147.570888][ T5342] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 147.572450][ T39] audit: type=1400 audit(1722528644.245:326): avc: denied { create } for pid=8019 comm="syz.1.684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 147.579981][ T8020] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 147.584278][ T5342] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 147.733071][ T8027] netlink: 'syz.0.686': attribute type 2 has an invalid length. [ 147.735913][ T8027] netlink: 'syz.0.686': attribute type 1 has an invalid length. [ 147.741090][ T8027] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.686'. [ 147.857323][ T8033] netlink: 'syz.0.688': attribute type 1 has an invalid length. [ 148.292908][ T39] audit: type=1400 audit(1722528644.965:327): avc: denied { write } for pid=8044 comm="syz.0.691" name="loop-control" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 148.303602][ T830] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 148.307073][ T39] audit: type=1400 audit(1722528644.965:328): avc: denied { open } for pid=8044 comm="syz.0.691" path="/dev/loop-control" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 148.316717][ T39] audit: type=1400 audit(1722528644.975:329): avc: denied { mount } for pid=8044 comm="syz.0.691" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 148.326513][ T39] audit: type=1400 audit(1722528644.975:330): avc: denied { mounton } for pid=8044 comm="syz.0.691" path="/181/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 148.336952][ T39] audit: type=1400 audit(1722528644.975:331): avc: denied { ioctl } for pid=8044 comm="syz.0.691" path="/newroot/dev/loop-control" dev="devtmpfs" ino=659 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 148.478463][ T830] usb 7-1: Using ep0 maxpacket: 8 [ 148.482049][ T830] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 148.485904][ T830] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 148.495218][ T830] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 148.499890][ T830] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 148.504001][ T830] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.510026][ T830] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 148.513956][ T830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.645011][ T1103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.776871][ T830] usb 7-1: usb_control_msg returned -32 [ 148.780927][ T830] usbtmc 7-1:16.0: can't read capabilities [ 148.788395][ T1103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.792936][ T5342] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 148.802374][ T8058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.697'. [ 148.803748][ T35] usb 7-1: USB disconnect, device number 11 [ 148.873789][ T1103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.950572][ T5341] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 148.954807][ T5341] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 148.959149][ T5341] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 148.965850][ T5341] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 148.975575][ T5341] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 148.978948][ T5341] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 148.979713][ T1103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.990334][ T8063] netlink: 16 bytes leftover after parsing attributes in process `syz.3.698'. [ 149.161144][ T1103] bridge_slave_1: left allmulticast mode [ 149.163295][ T1103] bridge_slave_1: left promiscuous mode [ 149.166084][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.175821][ T1103] bridge_slave_0: left allmulticast mode [ 149.179322][ T1103] bridge_slave_0: left promiscuous mode [ 149.181625][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.574494][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.589272][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.596285][ T1103] bond0 (unregistering): Released all slaves [ 149.647668][ T8061] chnl_net:caif_netlink_parms(): no params data found [ 149.822958][ T8061] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.826847][ T8061] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.832315][ T8061] bridge_slave_0: entered allmulticast mode [ 149.835277][ T8061] bridge_slave_0: entered promiscuous mode [ 149.840401][ T8061] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.843667][ T8061] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.846763][ T8061] bridge_slave_1: entered allmulticast mode [ 149.852021][ T8061] bridge_slave_1: entered promiscuous mode [ 149.973512][ T8061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.988984][ T8061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.099172][ T8109] 9pnet_fd: Insufficient options for proto=fd [ 150.131329][ T8110] 9pnet_fd: Insufficient options for proto=fd [ 150.142192][ T8061] team0: Port device team_slave_0 added [ 150.148470][ T8103] 9pnet_fd: Insufficient options for proto=fd [ 150.148986][ T8061] team0: Port device team_slave_1 added [ 150.215750][ T8061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.222835][ T8061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.245113][ T8061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.267586][ T1103] hsr_slave_0: left promiscuous mode [ 150.271653][ T1103] hsr_slave_1: left promiscuous mode [ 150.275265][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.279653][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.285408][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.288950][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.350840][ T1103] veth1_macvtap: left promiscuous mode [ 150.362043][ T1103] veth0_macvtap: left promiscuous mode [ 150.364602][ T1103] veth1_vlan: left promiscuous mode [ 150.366727][ T1103] veth0_vlan: left promiscuous mode [ 151.047957][ T5341] Bluetooth: hci3: command tx timeout [ 151.333832][ T1103] team0 (unregistering): Port device team_slave_1 removed [ 151.413213][ T1103] team0 (unregistering): Port device team_slave_0 removed [ 152.126229][ T8061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.130098][ T8061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.146693][ T8061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.197332][ T8126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.706'. [ 152.274547][ T8061] hsr_slave_0: entered promiscuous mode [ 152.295316][ T8061] hsr_slave_1: entered promiscuous mode [ 152.302944][ T8061] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 152.306356][ T8061] Cannot create hsr debugfs directory [ 152.972212][ T8182] 9pnet_fd: Insufficient options for proto=fd [ 153.009006][ T8061] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 153.016506][ T8061] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 153.027147][ T8061] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 153.033433][ T8061] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 153.126899][ T8061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.127897][ T5341] Bluetooth: hci3: command tx timeout [ 153.151468][ T8061] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.162161][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.164949][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.180274][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.183140][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.370944][ T8061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.430560][ T8061] veth0_vlan: entered promiscuous mode [ 153.443392][ T8061] veth1_vlan: entered promiscuous mode [ 153.485038][ T8061] veth0_macvtap: entered promiscuous mode [ 153.493695][ T8061] veth1_macvtap: entered promiscuous mode [ 153.533931][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.540310][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.545319][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.550364][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.554670][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.560161][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.566123][ T8061] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.584395][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.588979][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.592908][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.597268][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.601225][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.607501][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.614497][ T8061] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.620741][ T8061] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.624519][ T8061] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.628182][ T8061] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.632299][ T8061] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.700381][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.707550][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.733085][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.737131][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.542989][ T8232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'. [ 154.546737][ T8232] (unnamed net_device) (uninitialized): (slave veth1): Device is not bonding slave [ 154.551016][ T8232] (unnamed net_device) (uninitialized): option active_slave: invalid value (veth1) [ 154.582450][ T39] kauditd_printk_skb: 20 callbacks suppressed [ 154.582460][ T39] audit: type=1400 audit(1722528651.255:352): avc: denied { create } for pid=8231 comm="syz.2.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 154.598715][ T39] audit: type=1400 audit(1722528651.275:353): avc: denied { ioctl } for pid=8231 comm="syz.2.719" path="socket:[23143]" dev="sockfs" ino=23143 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 155.208048][ T5341] Bluetooth: hci3: command tx timeout [ 155.213030][ T39] audit: type=1400 audit(1722528651.885:354): avc: denied { ioctl } for pid=8250 comm="syz.0.724" path="/dev/nullb0" dev="devtmpfs" ino=693 ioctlcmd=0x1267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 155.803891][ T8257] bond0: option arp_interval: invalid value (18446744073709551615) [ 155.807543][ T8257] bond0: option arp_interval: allowed values 0 - 2147483647 [ 155.832052][ T8259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.727'. [ 155.863653][ T39] audit: type=1400 audit(1722528652.535:355): avc: denied { setattr } for pid=8261 comm="syz.2.728" path="socket:[22343]" dev="sockfs" ino=22343 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 155.874800][ T39] audit: type=1400 audit(1722528652.535:356): avc: denied { bind } for pid=8261 comm="syz.2.728" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 155.883847][ T39] audit: type=1400 audit(1722528652.535:357): avc: denied { read } for pid=8261 comm="syz.2.728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 155.913707][ T39] audit: type=1400 audit(1722528652.585:358): avc: denied { setopt } for pid=8270 comm="syz.2.729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 156.205406][ T8287] netlink: 'syz.0.735': attribute type 3 has an invalid length. [ 156.210024][ T8287] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.735'. [ 156.222479][ T39] audit: type=1400 audit(1722528652.895:359): avc: denied { write } for pid=8288 comm="syz.1.734" name="net" dev="proc" ino=21315 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 156.228484][ T8283] ptrace attach of "/syz-executor exec"[8288] was attempted by "/syz-executor exec"[8283] [ 156.238009][ T39] audit: type=1400 audit(1722528652.905:360): avc: denied { add_name } for pid=8288 comm="syz.1.734" name="core" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 156.259483][ T39] audit: type=1400 audit(1722528652.905:361): avc: denied { create } for pid=8288 comm="syz.1.734" name="core" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 156.526773][ T8293] FAULT_INJECTION: forcing a failure. [ 156.526773][ T8293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.534861][ T8293] CPU: 2 UID: 0 PID: 8293 Comm: syz.1.737 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 156.539181][ T8293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.543673][ T8293] Call Trace: [ 156.545131][ T8293] [ 156.546468][ T8293] dump_stack_lvl+0x16c/0x1f0 [ 156.548627][ T8293] should_fail_ex+0x497/0x5b0 [ 156.550563][ T8293] _copy_to_user+0x30/0xc0 [ 156.552477][ T8293] simple_read_from_buffer+0xd0/0x160 [ 156.554880][ T8293] proc_fail_nth_read+0x1b0/0x290 [ 156.557118][ T8293] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.559310][ T8293] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.561499][ T8293] vfs_read+0x1d4/0xbd0 [ 156.563024][ T8293] ? __fdget_pos+0xeb/0x180 [ 156.564631][ T8293] ? __pfx_vfs_read+0x10/0x10 [ 156.566435][ T8293] ? __pfx___mutex_lock+0x10/0x10 [ 156.568225][ T8293] ? __fget_files+0x256/0x400 [ 156.570453][ T8293] ksys_read+0x12f/0x260 [ 156.572178][ T8293] ? __pfx_ksys_read+0x10/0x10 [ 156.573879][ T8293] do_syscall_64+0xcd/0x250 [ 156.575872][ T8293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.577926][ T8293] RIP: 0033:0x7fa43a775dfc [ 156.579599][ T8293] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 156.587075][ T8293] RSP: 002b:00007fa43b478040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 156.590208][ T8293] RAX: ffffffffffffffda RBX: 00007fa43a905f80 RCX: 00007fa43a775dfc [ 156.593441][ T8293] RDX: 000000000000000f RSI: 00007fa43b4780b0 RDI: 0000000000000008 [ 156.596522][ T8293] RBP: 00007fa43b4780a0 R08: 0000000000000000 R09: 0000000000000000 [ 156.599653][ T8293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.602741][ T8293] R13: 000000000000000b R14: 00007fa43a905f80 R15: 00007ffcc9f43598 [ 156.605733][ T8293] [ 156.831288][ T8303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.740'. [ 157.287933][ T5341] Bluetooth: hci3: command tx timeout [ 157.806089][ T8337] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 159.102654][ T8364] vivid-000: ================= START STATUS ================= [ 159.105791][ T8364] vivid-000: Test Pattern: 75% Colorbar [ 159.110429][ T8364] vivid-000: Fill Percentage of Frame: 100 [ 159.112849][ T8364] vivid-000: Horizontal Movement: No Movement [ 159.115315][ T8364] vivid-000: Vertical Movement: No Movement [ 159.119241][ T8364] vivid-000: OSD Text Mode: All [ 159.121446][ T8364] vivid-000: Show Border: false [ 159.123506][ T8364] vivid-000: Show Square: false [ 159.125525][ T8364] vivid-000: Sensor Flipped Horizontally: false [ 159.128178][ T8364] vivid-000: Sensor Flipped Vertically: false [ 159.130791][ T8364] vivid-000: Insert SAV Code in Image: false [ 159.135658][ T8364] vivid-000: Insert EAV Code in Image: false [ 159.140252][ T8364] vivid-000: Insert Video Guard Band: false [ 159.142729][ T8364] vivid-000: Reduced Framerate: false [ 159.145030][ T8364] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 159.148286][ T8364] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 159.151484][ T8364] vivid-000: Enable Capture Cropping: true grabbed [ 159.156443][ T8364] vivid-000: Enable Capture Composing: true grabbed [ 159.160399][ T8364] vivid-000: Enable Capture Scaler: true grabbed [ 159.162662][ T8364] vivid-000: Timestamp Source: End of Frame [ 159.165024][ T8364] vivid-000: Colorspace: sRGB [ 159.167430][ T8364] vivid-000: Transfer Function: Default [ 159.171927][ T8364] vivid-000: Y'CbCr Encoding: Default [ 159.174323][ T8364] vivid-000: HSV Encoding: Hue 0-179 [ 159.176507][ T8364] vivid-000: Quantization: Default [ 159.180338][ T8364] vivid-000: Apply Alpha To Red Only: false [ 159.182656][ T8364] vivid-000: Standard Aspect Ratio: 4x3 [ 159.184921][ T8364] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 159.189697][ T8364] vivid-000: DV Timings: 640x480p59 inactive [ 159.191997][ T8364] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 159.194655][ T8364] vivid-000: Maximum EDID Blocks: 2 [ 159.196474][ T8364] vivid-000: Limited RGB Range (16-235): false [ 159.202676][ T8364] vivid-000: Rx RGB Quantization Range: Automatic [ 159.205293][ T8364] vivid-000: Power Present: 0x00000001 [ 159.207203][ T8364] tpg source WxH: 640x360 (Y'CbCr) [ 159.210086][ T8364] tpg field: 1 [ 159.211373][ T8364] tpg crop: 640x360@0x0 [ 159.212913][ T8364] tpg compose: 640x360@0x0 [ 159.214413][ T8364] tpg colorspace: 8 [ 159.215773][ T8364] tpg transfer function: 0/2 [ 159.217370][ T8364] tpg Y'CbCr encoding: 0/1 [ 159.223764][ T8364] tpg quantization: 0/2 [ 159.225553][ T8364] tpg RGB range: 0/2 [ 159.227105][ T8364] vivid-000: ================== END STATUS ================== [ 159.349330][ T8364] vivid-000: ================= START STATUS ================= [ 159.352195][ T8364] vivid-000: Test Pattern: 75% Colorbar [ 159.354642][ T8364] vivid-000: Fill Percentage of Frame: 100 [ 159.357252][ T8364] vivid-000: Horizontal Movement: No Movement [ 159.360639][ T8364] vivid-000: Vertical Movement: No Movement [ 159.371611][ T8364] vivid-000: OSD Text Mode: All [ 159.373778][ T8364] vivid-000: Show Border: false [ 159.375875][ T8364] vivid-000: Show Square: false [ 159.382788][ T8364] vivid-000: Sensor Flipped Horizontally: false [ 159.385463][ T8364] vivid-000: Sensor Flipped Vertically: false [ 159.389738][ T8364] vivid-000: Insert SAV Code in Image: false [ 159.395076][ T8364] vivid-000: Insert EAV Code in Image: false [ 159.397649][ T8364] vivid-000: Insert Video Guard Band: false [ 159.403352][ T8364] vivid-000: Reduced Framerate: false [ 159.406878][ T8364] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 159.415142][ T8364] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 159.422296][ T8364] vivid-000: Enable Capture Cropping: true grabbed [ 159.427037][ T8364] vivid-000: Enable Capture Composing: true grabbed [ 159.434909][ T8364] vivid-000: Enable Capture Scaler: true grabbed [ 159.446756][ T8364] vivid-000: Timestamp Source: End of Frame [ 159.452376][ T8364] vivid-000: Colorspace: sRGB [ 159.454531][ T8364] vivid-000: Transfer Function: Default [ 159.457014][ T8364] vivid-000: Y'CbCr Encoding: Default [ 159.462789][ T8364] vivid-000: HSV Encoding: Hue 0-179 [ 159.463511][ T8366] netlink: 32 bytes leftover after parsing attributes in process `syz.0.758'. [ 159.467940][ T8364] vivid-000: Quantization: Default [ 159.471386][ T8364] vivid-000: Apply Alpha To Red Only: false [ 159.473989][ T8364] vivid-000: Standard Aspect Ratio: 4x3 [ 159.476412][ T8364] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 159.483101][ T8364] vivid-000: DV Timings: 640x480p59 inactive [ 159.485766][ T8364] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 159.489464][ T8364] vivid-000: Maximum EDID Blocks: 2 [ 159.492077][ T8364] vivid-000: Limited RGB Range (16-235): false [ 159.497023][ T8364] vivid-000: Rx RGB Quantization Range: Automatic [ 159.503229][ T8364] vivid-000: Power Present: 0x00000001 [ 159.507879][ T8364] tpg source WxH: 640x360 (Y'CbCr) [ 159.510161][ T8364] tpg field: 1 [ 159.513319][ T8364] tpg crop: 640x360@0x0 [ 159.515749][ T8364] tpg compose: 640x360@0x0 [ 159.521740][ T8364] tpg colorspace: 8 [ 159.524312][ T8364] tpg transfer function: 0/2 [ 159.526905][ T8364] tpg Y'CbCr encoding: 0/1 [ 159.531254][ T8364] tpg quantization: 0/2 [ 159.533782][ T8364] tpg RGB range: 0/2 [ 159.536078][ T8364] vivid-000: ================== END STATUS ================== [ 160.136943][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 160.136954][ T39] audit: type=1800 audit(1722528656.805:370): pid=8379 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.761" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 160.564455][ T39] audit: type=1400 audit(1722528657.235:371): avc: denied { mounton } for pid=8391 comm="syz.3.766" path="/syzcgroup/unified/syz3/cgroup.procs" dev="cgroup2" ino=72 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 160.575133][ T39] audit: type=1400 audit(1722528657.235:372): avc: denied { mount } for pid=8391 comm="syz.3.766" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 160.936424][ T8410] netlink: 16 bytes leftover after parsing attributes in process `syz.0.769'. [ 160.941163][ T8409] netlink: 'syz.1.768': attribute type 4 has an invalid length. [ 160.993442][ T8409] netlink: 'syz.1.768': attribute type 4 has an invalid length. [ 161.239053][ T8412] netlink: 180 bytes leftover after parsing attributes in process `syz.2.770'. [ 161.303491][ T39] audit: type=1800 audit(1722528657.975:373): pid=8414 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.771" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 161.378621][ C1] ================================================================== [ 161.382156][ C1] BUG: KASAN: stack-out-of-bounds in bq_xmit_all+0xbd8/0xdd0 [ 161.385376][ C1] Read of size 8 at addr ffffc9000351fae0 by task syz.3.772/8416 [ 161.390889][ C1] [ 161.392133][ C1] CPU: 1 UID: 0 PID: 8416 Comm: syz.3.772 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 161.397129][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.401719][ C1] Call Trace: [ 161.403094][ C1] [ 161.404234][ C1] dump_stack_lvl+0x116/0x1f0 [ 161.406088][ C1] print_report+0xc3/0x620 [ 161.407995][ C1] ? __virt_addr_valid+0x5e/0x590 [ 161.410469][ C1] kasan_report+0xd9/0x110 [ 161.412629][ C1] ? bq_xmit_all+0xbd8/0xdd0 [ 161.414843][ C1] ? bq_xmit_all+0xbd8/0xdd0 [ 161.416973][ C1] bq_xmit_all+0xbd8/0xdd0 [ 161.419311][ C1] ? __pfx_napi_complete_done+0x10/0x10 [ 161.422401][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 161.425083][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 161.427694][ C1] ? e1000_clean+0x1141/0x2690 [ 161.429856][ C1] ? __pfx_bq_xmit_all+0x10/0x10 [ 161.432137][ C1] ? __pfx_mark_lock+0x10/0x10 [ 161.434327][ C1] __dev_flush+0x85/0x1e0 [ 161.436187][ C1] xdp_do_check_flushed+0x40a/0x4e0 [ 161.438915][ C1] __napi_poll.constprop.0+0xd1/0x550 [ 161.441288][ C1] net_rx_action+0xa92/0x1010 [ 161.443322][ C1] ? tmigr_handle_remote+0x153/0xdd0 [ 161.445576][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 161.447816][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 161.450207][ C1] ? run_timer_base+0x119/0x190 [ 161.452334][ C1] ? run_timer_base+0x11e/0x190 [ 161.454446][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 161.456759][ C1] handle_softirqs+0x216/0x8f0 [ 161.458879][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 161.461290][ C1] irq_exit_rcu+0xbb/0x120 [ 161.463257][ C1] common_interrupt+0xb0/0xd0 [ 161.465346][ C1] [ 161.466661][ C1] [ 161.467985][ C1] asm_common_interrupt+0x26/0x40 [ 161.470111][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0xc/0x60 [ 161.472774][ C1] Code: c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 15 c4 5f 79 7e <65> 8b 05 c5 5f 79 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 [ 161.481167][ C1] RSP: 0018:ffffc9000351f9d8 EFLAGS: 00000293 [ 161.483794][ C1] RAX: 0000000000000000 RBX: ffff88804a575800 RCX: ffffffff8b000aee [ 161.487189][ C1] RDX: ffff88802af44880 RSI: ffffffff8b000f41 RDI: 0000000000000005 [ 161.490458][ C1] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000003 [ 161.493805][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804a575880 [ 161.497217][ C1] R13: 00007f3916601fff R14: ffffc9000351fb40 R15: ffffc9000351fb7d [ 161.500729][ C1] ? mas_next_slot+0x36e/0x21d0 [ 161.502858][ C1] ? mas_next_slot+0x7c1/0x21d0 [ 161.504499][ C1] mas_next_slot+0x390/0x21d0 [ 161.506060][ C1] mas_find+0x2c6/0x530 [ 161.507458][ C1] acct_collect+0x671/0x8e0 [ 161.509205][ C1] ? __pfx_acct_collect+0x10/0x10 [ 161.511496][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 161.513826][ C1] ? exit_itimers+0x407/0x560 [ 161.515951][ C1] ? acct_update_integrals+0x2d6/0x4b0 [ 161.518368][ C1] ? hrtimer_active+0x1d8/0x250 [ 161.520010][ C1] ? hrtimer_try_to_cancel+0x3a/0x500 [ 161.521798][ C1] do_exit+0x1a20/0x2bb0 [ 161.523232][ C1] ? get_signal+0x8f2/0x2770 [ 161.524868][ C1] ? __pfx_do_exit+0x10/0x10 [ 161.526821][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 161.529014][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 161.531156][ C1] do_group_exit+0xd3/0x2a0 [ 161.533007][ C1] get_signal+0x25fd/0x2770 [ 161.534830][ C1] ? lock_acquire+0x1b1/0x560 [ 161.536662][ C1] ? __pfx_get_signal+0x10/0x10 [ 161.538446][ C1] ? __pfx_do_futex+0x10/0x10 [ 161.540397][ C1] arch_do_signal_or_restart+0x90/0x7e0 [ 161.542699][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 161.545296][ C1] syscall_exit_to_user_mode+0x150/0x2a0 [ 161.547342][ C1] do_syscall_64+0xda/0x250 [ 161.549195][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.551440][ C1] RIP: 0033:0x7f39175773b9 [ 161.553347][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.561323][ C1] RSP: 002b:00007f39183bc0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 161.564834][ C1] RAX: fffffffffffffe00 RBX: 00007f3917705f88 RCX: 00007f39175773b9 [ 161.568123][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3917705f88 [ 161.570911][ C1] RBP: 00007f3917705f80 R08: 00007f39183bc6c0 R09: 00007f39183bc6c0 [ 161.574049][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3917705f8c [ 161.577354][ C1] R13: 000000000000000b R14: 00007ffdd9e19c20 R15: 00007ffdd9e19d08 [ 161.580400][ C1] [ 161.581527][ C1] [ 161.582451][ C1] The buggy address belongs to stack of task syz.3.772/8416 [ 161.585740][ C1] and is located at offset 0 in frame: [ 161.588086][ C1] acct_collect+0x0/0x8e0 [ 161.590304][ C1] [ 161.591392][ C1] This frame has 3 objects: [ 161.593385][ C1] [32, 40) 'utime' [ 161.593397][ C1] [64, 72) 'stime' [ 161.594991][ C1] [96, 160) 'vmi' [ 161.596674][ C1] [ 161.599327][ C1] The buggy address belongs to the virtual mapping at [ 161.599327][ C1] [ffffc90003518000, ffffc90003521000) created by: [ 161.599327][ C1] kernel_clone+0xfd/0x980 [ 161.606138][ C1] [ 161.607139][ C1] The buggy address belongs to the physical page: [ 161.609907][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888012e838b8 pfn:0x12e83 [ 161.614194][ C1] memcg:ffff888044da1682 [ 161.615833][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 161.618839][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 161.622451][ C1] raw: ffff888012e838b8 0000000000000000 00000001ffffffff ffff888044da1682 [ 161.625824][ C1] page dumped because: kasan: bad access detected [ 161.628066][ C1] page_owner tracks the page as allocated [ 161.630186][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 8415, tgid 8415 (syz.3.772), ts 161352592631, free_ts 161312476348 [ 161.637593][ C1] post_alloc_hook+0x2d1/0x350 [ 161.639625][ C1] get_page_from_freelist+0x1351/0x2e50 [ 161.642001][ C1] __alloc_pages_noprof+0x22b/0x2460 [ 161.644200][ C1] alloc_pages_mpol_noprof+0x275/0x610 [ 161.646479][ C1] __vmalloc_node_range_noprof+0xa6a/0x1520 [ 161.648860][ C1] copy_process+0x2f3b/0x8de0 [ 161.650465][ C1] kernel_clone+0xfd/0x980 [ 161.651982][ C1] __do_sys_clone3+0x1f5/0x270 [ 161.653621][ C1] do_syscall_64+0xcd/0x250 [ 161.655174][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.657202][ C1] page last free pid 39 tgid 39 stack trace: [ 161.659246][ C1] free_unref_page+0x64a/0xe40 [ 161.660943][ C1] __folio_put+0x31c/0x3e0 [ 161.662422][ C1] free_page_and_swap_cache+0x249/0x2c0 [ 161.664274][ C1] tlb_remove_table_rcu+0x89/0xe0 [ 161.665961][ C1] rcu_core+0x828/0x16b0 [ 161.667400][ C1] handle_softirqs+0x216/0x8f0 [ 161.669124][ C1] irq_exit_rcu+0xbb/0x120 [ 161.671009][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 161.673359][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 161.675852][ C1] [ 161.676852][ C1] Memory state around the buggy address: [ 161.679167][ C1] ffffc9000351f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 161.682091][ C1] ffffc9000351fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 161.685459][ C1] >ffffc9000351fa80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 161.688774][ C1] ^ [ 161.691780][ C1] ffffc9000351fb00: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 [ 161.695128][ C1] ffffc9000351fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 161.698430][ C1] ================================================================== [ 161.701949][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 161.704924][ C1] CPU: 1 UID: 0 PID: 8416 Comm: syz.3.772 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0 [ 161.709219][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.712788][ C1] Call Trace: [ 161.713928][ C1] [ 161.714899][ C1] dump_stack_lvl+0x3d/0x1f0 [ 161.716478][ C1] panic+0x6f5/0x7a0 [ 161.717790][ C1] ? mark_held_locks+0x9f/0xe0 [ 161.719494][ C1] ? __pfx_panic+0x10/0x10 [ 161.721130][ C1] ? irqentry_exit+0x3b/0x90 [ 161.722715][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 161.724469][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 161.726176][ C1] check_panic_on_warn+0xab/0xb0 [ 161.727849][ C1] end_report+0x117/0x180 [ 161.729399][ C1] kasan_report+0xe9/0x110 [ 161.731260][ C1] ? bq_xmit_all+0xbd8/0xdd0 [ 161.733086][ C1] ? bq_xmit_all+0xbd8/0xdd0 [ 161.734634][ C1] bq_xmit_all+0xbd8/0xdd0 [ 161.736148][ C1] ? __pfx_napi_complete_done+0x10/0x10 [ 161.738000][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 161.739978][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 161.741960][ C1] ? e1000_clean+0x1141/0x2690 [ 161.743832][ C1] ? __pfx_bq_xmit_all+0x10/0x10 [ 161.745854][ C1] ? __pfx_mark_lock+0x10/0x10 [ 161.747864][ C1] __dev_flush+0x85/0x1e0 [ 161.749367][ C1] xdp_do_check_flushed+0x40a/0x4e0 [ 161.751263][ C1] __napi_poll.constprop.0+0xd1/0x550 [ 161.753459][ C1] net_rx_action+0xa92/0x1010 [ 161.755361][ C1] ? tmigr_handle_remote+0x153/0xdd0 [ 161.757231][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 161.759145][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 161.761471][ C1] ? run_timer_base+0x119/0x190 [ 161.763383][ C1] ? run_timer_base+0x11e/0x190 [ 161.765010][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 161.766910][ C1] handle_softirqs+0x216/0x8f0 [ 161.768906][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 161.770734][ C1] irq_exit_rcu+0xbb/0x120 [ 161.772258][ C1] common_interrupt+0xb0/0xd0 [ 161.773847][ C1] [ 161.774844][ C1] [ 161.775838][ C1] asm_common_interrupt+0x26/0x40 [ 161.777502][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0xc/0x60 [ 161.779536][ C1] Code: c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 15 c4 5f 79 7e <65> 8b 05 c5 5f 79 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 [ 161.785946][ C1] RSP: 0018:ffffc9000351f9d8 EFLAGS: 00000293 [ 161.787954][ C1] RAX: 0000000000000000 RBX: ffff88804a575800 RCX: ffffffff8b000aee [ 161.790617][ C1] RDX: ffff88802af44880 RSI: ffffffff8b000f41 RDI: 0000000000000005 [ 161.793516][ C1] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000003 [ 161.796959][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804a575880 [ 161.800374][ C1] R13: 00007f3916601fff R14: ffffc9000351fb40 R15: ffffc9000351fb7d [ 161.803590][ C1] ? mas_next_slot+0x36e/0x21d0 [ 161.805509][ C1] ? mas_next_slot+0x7c1/0x21d0 [ 161.807461][ C1] mas_next_slot+0x390/0x21d0 [ 161.809547][ C1] mas_find+0x2c6/0x530 [ 161.811372][ C1] acct_collect+0x671/0x8e0 [ 161.813383][ C1] ? __pfx_acct_collect+0x10/0x10 [ 161.815612][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 161.817413][ C1] ? exit_itimers+0x407/0x560 [ 161.818998][ C1] ? acct_update_integrals+0x2d6/0x4b0 [ 161.820824][ C1] ? hrtimer_active+0x1d8/0x250 [ 161.822447][ C1] ? hrtimer_try_to_cancel+0x3a/0x500 [ 161.824492][ C1] do_exit+0x1a20/0x2bb0 [ 161.826303][ C1] ? get_signal+0x8f2/0x2770 [ 161.828034][ C1] ? __pfx_do_exit+0x10/0x10 [ 161.829779][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 161.831478][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 161.833412][ C1] do_group_exit+0xd3/0x2a0 [ 161.835353][ C1] get_signal+0x25fd/0x2770 [ 161.837184][ C1] ? lock_acquire+0x1b1/0x560 [ 161.839046][ C1] ? __pfx_get_signal+0x10/0x10 [ 161.841012][ C1] ? __pfx_do_futex+0x10/0x10 [ 161.842914][ C1] arch_do_signal_or_restart+0x90/0x7e0 [ 161.845103][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 161.847534][ C1] syscall_exit_to_user_mode+0x150/0x2a0 [ 161.849867][ C1] do_syscall_64+0xda/0x250 [ 161.851642][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.854055][ C1] RIP: 0033:0x7f39175773b9 [ 161.855967][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.863516][ C1] RSP: 002b:00007f39183bc0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 161.867060][ C1] RAX: fffffffffffffe00 RBX: 00007f3917705f88 RCX: 00007f39175773b9 [ 161.870386][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3917705f88 [ 161.873776][ C1] RBP: 00007f3917705f80 R08: 00007f39183bc6c0 R09: 00007f39183bc6c0 [ 161.877142][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3917705f8c [ 161.880522][ C1] R13: 000000000000000b R14: 00007ffdd9e19c20 R15: 00007ffdd9e19d08 [ 161.883770][ C1] [ 161.885591][ C1] Kernel Offset: disabled [ 161.887151][ C1] Rebooting in 86400 seconds.. VM DIAGNOSIS: 16:10:58 Registers: info registers vcpu 0 CPU#0 RAX=0000000000571363 RBX=0000000000000000 RCX=ffffffff8b11a529 RDX=0000000000000000 RSI=ffffffff8b4cc580 RDI=ffffffff8bb08480 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000001 R9 =ffffed100d606fd9 R10=ffff88806b037ecb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff9012b0d8 R15=0000000000000000 RIP=ffffffff8b11b91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020058000 CR3=000000001bd3a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd9e1a090 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fe2745 RDI=ffffffff9519a720 RBP=ffffffff9519a6e0 RSP=ffffc900008b05a0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000062 R14=ffffffff84fe26e0 R15=0000000000000000 RIP=ffffffff84fe276f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f39183bc6c0 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b30edeff8 CR3=00000000326cc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813075fd ffffffff81307633 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307633 ffffffff813075fd ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff813075fd ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff819b3f18 ffffffff819b3ea2 ffffffff819b3e67 ffffffff819b1010 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff819c3fb1 ffffffff819c3f45 ffffffff00040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff819b3e67 ffffffff819b1010 ffffffff819b0fdc ffffffff819b0faf ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000001000008fd RBX=ffff888024680000 RCX=0000000000000830 RDX=0000000000000001 RSI=00000000000000fd RDI=0000000000000001 RBP=0000000000000000 RSP=ffffc90000858c18 R8 =0000000000000000 R9 =fffffbfff202561b R10=ffffffff9012b0df R11=ffff88806b028a40 R12=1ffff9200010b184 R13=ffffc90000858c40 R14=ffffffff8d7a1ee8 R15=ffffffff9012e1b8 RIP=ffffffff813b8108 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555571f3a500 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b30a20000 CR3=00000000463ee000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffefff0 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff7f7f9730 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2e006a64615f65 726f63735f6d6f6f 2f666c65732f636f 72702f0030303031 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0b004f41445f40 574a46565f484a4a 0a434940560a464a 57550a0015151514 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000015c2dd RBX=0000000000000003 RCX=ffffffff8b11a529 RDX=0000000000000000 RSI=ffffffff8b4cc580 RDI=ffffffff8bb08480 RBP=ffffed10030db488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d666fd9 R10=ffff88806b337ecb R11=0000000000000000 R12=0000000000000003 R13=ffff8880186da440 R14=ffffffff9012b0d8 R15=0000000000000000 RIP=ffffffff8b11b91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555571f3a808 CR3=000000004424c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd9e1a090 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000