last executing test programs: 12.539610654s ago: executing program 0 (id=108): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_cmd={0x4f, 0x6, 0x8, 0x4fec, 0x4, 0x8, 0x1, 0x4, 0x2, 0x3, 0x95, 0x400, 0xfff7, 0x8, 0x6, 0xc3, [0x1, 0x9]}}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES8=0x0], 0x14}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x40400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x9, 0x0, 0x1, 0x0, {0xa, 0x1, 0x0, @rand_addr=' \x01\x00', 0xfffffffe}}}, 0x32) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000300)={0x70001, 0x0, [0x40000000000, 0x64f, 0x6, 0x6, 0xfffffffffffffffc, 0x4ffff, 0x29]}) ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r1, 0x4068aea3, &(0x7f0000000380)) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}, 0x1c) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x5b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12.379672767s ago: executing program 0 (id=109): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x700, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x7, 0x0, 0x0, @multicast2, @private}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000340)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x0, 0xfffffffffffffd37, 0x0, 0x0, 0x0, 0x29, 0x0, @local, @empty}}}}) mkdir(&(0x7f0000000080)='./file1\x00', 0x18) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) kexec_load(0xf5, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 12.374035274s ago: executing program 0 (id=111): r0 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000f3710000000000cf0200000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff8b04"]) 12.259046192s ago: executing program 0 (id=112): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfd}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)="1c38970ca3e808d389a28282d0c6d5d7556e07fe13693067d6a529850ac4f4f4160c5307071bc52729452c4d854d4031c4e700fab891441f56ab063e4eac6f6c1f0704d553ff1d259b7c56eb63e59147de87402ea5842b8e25f201e6c13592afb14b372418d5c7e46ddef14a2126b51e483cd61ff235f4f572b2e95d37cb9072d1e950e89a1b8c01b78dac0af4214bd556ac7dc1442a1c3b27c5b516682e1819b7b6484910f6e4bc88878c4f23a23aac3c0bc47abaa3df56940c9234f41b8a99550087c90f953d6457ef3cca1f5da00115b4c88621653f6fd56571cddfdaf5cc9bd84abe10fdb83e277c3d6b6ed6ccfd6987bc840a1d2a1cd278ca92f1764826a5041e3394bbbc10724e432c067b6d5dcf9a820d25c803cf80f5a34b8efe2f8627f9a750281425560a71bee3546c396a0a404567b7b86a73c37f63f04ba551cfe0d0b5a75edbd5e74c71be8e29ceb149f76214ab64e9294e5a1bdde805fd6793e40f3f2ab085aee3a08b54d1deb8458f5e2480380ec43cc639734b7e08473275622feb977290ce40cacc3c4a113661755996e61a756e8854ebfd5dd71a336423b5875df15576861989e63187a213b57e50852869b613b1cad83989a1ccc02a5908d937fb14b6750385a9b4028e1008ce0dddb403d689524276b0150c22e068166a98f045886bc9f20db4fccdbe714eea664aaa9aaa29d70c67c62441ba976fa9b4a9a5016c43c270df77e91730bcfcd25e2323516af7d03c0e8bfb0ba7095b31c9673076b6bae829648bb2367bbc0fe6eec00369f65c5307fd3304c8db18f6f80fd8a84eccdef2a2c98a9d711607e1be948438449ba31f8cec46666395d8cfcd818e6fb8946cbdb3f1dc9daeafdad4bd02ec0e5293e0ec8488ca115e96d3ad5c9cb22c8754d4ec650b65c1d1cb4879f65d6329a429b7b024ecd00a8bf680a2817d5e6c3a19939423d041e8c0bcab7a43abf5b502758005ab0b8bcdf2bd35c267c988a9413f7df71ea9c984abc781df7296dff82a3109abe8b56f06ebcd1e82dab85dc64e1f628b0acf22ba092e6db5bec3e859346fa5a7f0b8c3cb65fcd78b06a0af94ba908ee56094f41548e4f444acb479245fa54b99567d71abde33bb5552d3e6ec33e7a85c272b4a551a68470b71e591ee52dbf629be8ed65891117088aabe387f1466af9a7a843a9e739ea8165f80cb5cb36cf6fac41b931c8ee75e2e87c2b3b8cd0057b392da30726dde03369e68039c9480973c3ea994282baddf61fbb7a93c3667b837f7f547ae66cad03db89de21ae340be48b0e56e560d761d175ac7120a8880ff9efd95aa5f335aa7c99ae4910ad02443e2ee3fae2aedbd233f5f52ea1f65872463a637605dacab03c4218c4ac0b8067b433192f5488cf2f9f742a181776bbaff4975b4f2b918212e94dc719e773cbda7b776072df9d43d92916b4621d9aeaaf6bf31d7e94b6d79b255dc8bc9194acd4259bd9a1d95e2080e4e4d85ec7539161a4f1fff317339ee3c8a622f87e9c3bc3aead2d7415777fad15e7609d6d777bda4e837738ba31703605beff568d3293d3dbb0241a97c590b0e51cb0925cdc8f72e67d93b04ab4d4be4318daae50523c4d094c11dd53c19773a3400069979524e69c0a0c95bcba3e8bcc54fbcba133392bac0342afa0f8a7ec1c84d904530e6c13361113b83df6d1558dbacde0057a52b9f8b8b43fc0df50c29754b2853499e3de1f6d3cadc5ddac892e1424c603cb34674a8ec7148bef37f596061d4b8d1148cf2e14e9753c614d56cf054a5cb26a0226b243546be7eb099c4b0113bddd891cf51cb88b7efedb680b7d53c60fb244f2fafa1cbbca5db09a33b191e65340a58c7c56103871fc85d64e880e42d7e16a742c202058e061c4158711742c0f5d608254744baf5924b85e5b090225e630a471d6595a1fb3ef09fef8e66fc9e892364b8229e4ff657f1604d4fba06452e8572149084e44be7e3df08a03604739719edcb21f7c00c73f0a46183ac1a92f5eb554878284f7622eddc13716684883cce79e32c35456ec96dae3295204819ecf99cddbcf77ca55711c7cb43df9d6097cd57fddf3266bcb569ecf843c8de4fc4e8c93579209f68f2080ab9298e98ec8897a46c7d6c9e341fae89c4bd11fd43ee9b12d3d5a3c6bcee613c31edc7b767b053a69fc168b9e0a5f2d858635e94a345aefdd4b23f0a36e2ddabdac01727268061ac739356d92b1a51870c675da66826ed10d30bf6f3f8cfabbb565b2a2266a4e9d1a78c38b7f8481e3e70ec4d88e0383194b0ddbe4be7ef668817771bd6443712b43ddc966d8a47ab6951446af1c6b7d4f1a611e0386d8b39fa6f9b9d3ff2bb679b8d64af8416bf21d11c9303668c5d5ad527b6f4cf0163ebeb76c0f9b5f0696ca9f931b09bdb1a39f03d6f605ced5b650bb79e2f76eeea2278bc84612a6de7b5f0cb4595338150a55dabfdd08a8365ba922791a1503cf8cfe0272c43ce77c9173733f61ae9fa3496f1c67f794b53ffbc295e2db1969943a92d4a8c0ba14374d55d4534e6de499c5b76950c9aa5b8be557f462b4cacb6ed9afe01cdae86e7ede3ebdfcb860ae793bca53dbb0263886334a8211b80c721ea0dd0e06cc9315e3a3b7903b45a8e47bee4812847b0d0ed8c440b3dcbc27e7676f8b80220fe8866b9c901e67b65753bd5a5e63fecb37cd168864164dfa7531266504ea56b63cf26d00f9cb60714675736e89de2f080cabd0962aa5d90693e8a3200794233d5c35c6266801d6c70e9614ce9d19c06e25719fbb0890e8fd2acd9cbb9297fa36bffe510c01d2e55ee25cedf4b70c8768aa658f359ca814f2ae11b6430aefde20144219c5386b31f51adc32d9d3063d347d5c3631e5fb05b46910ce810aa622d04018721799f569472205f06f1dcc26bd5248e3c11b2193db08c365b6327b974aafa3c8515535e789109621fda9241caabfe4bd0b71865ff6aeefdf09d76cfcc54efec1f07a0258dbab4e6cf74d18ef26a0c1ffa4d0e4fa67b177ca8fb156fefff17804033e4cda685a224684e501b60b4a2cd15b79eb426859c5818807fa65714dafd3314f9d5bab8d36d63ed5cb60311ccf513e1e3a7adfb0d3703f23ff90c12e66ea6db093696476286a970716690bcb6fb8ef7165ddbb858d9c8d40048b8dc268f2bb0ee65a5fd5cf385350b6de99532b7b902662f0e8d5bb107dabb0c65b67d61bf8ee72e30d340a13c354c4100488da17c727a3ca7ef5311af1813f15d89383f300c189060f621ab46d84e19c389f15dec2d303e850b610b827fae602395430b442cdcf7af7132dcdcb80f248afe2d60f7183de4ffc8cd01310001bf859923c76208ea0f80e9652293e164f54917a7eea84966ced72353f890fcbe5e9994ad80f55793433585c5b3d71e90220995b7d6d5c07a0f1a523b90bf67501ec9e69c8fb00096693a306d3014bebe3ba9ba9d3e31db36155681d9bd7b34cec97f346f07308de598013b42cb1b851a87aadd0072b3b218d5f815bdd87f6173916518226fc590dd91c251f32d7fae14edfc35ae8f166d14cd0df80fc243d4db77d1b9bc02c655b86e4476e5919aa5bcac8c2f7387c469ec78986f5e73a2b6787f16c4a5f007fc8fe7ad91519ffa80b519d3b4a233f0b91ba7630cd0ed656f57f185c36f021e0a5c852cabd94157f24725ebcaee36650ead2b22918c960c8ab6f125cf20cab37dcb5c36ac8cfa9e6264d5075b5c86e6c1b8455512f54d333d4491f94b9ec967489ffb40f8835aea6cbf2a33be22ea91a771d1f4c2bc2017ffd805cc04d23dec291ef2a023b45b6a52a91acac8316d46c96695d4282e5dce8a8e8b8f98a6bc45d201c3d00a68a9314cc2c1348c546a553fdc8c1418b8ebc731f40a86c15d40a6977fbe5a9a392627cf7dd34507e63726644403175fa90caeff546b01d632e1a41042cf85e06573b0a08bdf889eafd0e4aafd656951ade883d99fc9be729e1a62cea082bffbf608e4131c083bccc033e71d5a6b9f056b1974fac86df5fa44cde3df1fc0a5c0ff552371dd4187b77a2804843a6b13885ce01b12feacdb692caec54c3ddeff6232c9cb59cbb73ab3709c3c2eba734c89be3b13b153c15e3f9b8d93fe52193c77be3b268157081aeba98bf798862506a20305d998cde3bf76c966176d9f2142269f98d927236303fa65ca55290d1ebb6e24e65c6c122fb3ed8f947531d9e77f394bc23e3280d7a237874e05aca0d9e62402f9a6f0ab5c55e20c49c2e9821212d9cc90095753fea03d97330120a79911962bf98e78ee47b9e2969738bdcd7e34848fbecb6d3bfe269e1563bdda2599515f9de0a77f6a0b14f8a5e05dca43ffa1ac1dc96d9e6149a6bee551cd7ba398987dd3756a57a481215e3c86c4c4af1dbc9333eac789e7c5a2a3895a3bf8ac2db8b4824329ffe8aefb43ba417ebdf37ee1f81af686d7bf8adc4ff0f017b1c4d64e5ed5d47f44d8e27be0a47799cc1567049d29b8bbc8ca277601738c47aea6b5250c6423ab7e73dccb89eec796531db2d0dfe35bf720beb9adaead2f75c599c1b2cfbcab228f19493224c51947218643cb4869c349c142198a107475552d762ff975877e0082c37a234101ef96a5a7e1d16a7eec66651adf1a78cc9ef133ba76d4cefae48fe25d2003737a845c1f1348bcc6f2964b3793b80feb4fdd619f53a1a762e15d4859f8ca96cc5b5a35be9df6a3ba08cf2d6a409e976862fb203a5657185997e4fa62a9e70a03ff8be94c3afe33d1a4fb45e72aea89079663ea08c8c77c669fe2ea1cf5e99cd5852d6a7ec7320d1d2733e4b5de714caa139feb7c225dcf8fe09ed025a17dfd7b6a53bfb83484d14466bae89b4c14af3c148c95f337b56d6fb69eb38436c021bace566b666e4b752562889588bffa9445b2f24cd0bf313a2cc0fe6ef6cd9923da5c727bb3a49924e5988805ee4654fda3c101480294d2cd89837c749d82a159259e0774a846b3a6b7b0ad00578ade66cccdf8871ccaad83d56f57853348da55e4dfe30c9155fd9c7366d30bb345601a693dcfad693dceb6e1ad4e035e6747a69f7fc40e3a86d2dbf325208fc9319b021d1a6107d697841aa6b3aebfd8c69680a4b225e4a24d6831e4e9a13c4e604924a23601ac90e64b955ecb3274332ee4cd209ece20b887fc4c0b246a4f251b1b88b138420790171991abfecfb34ec0f26af28b71692f7bc409ec594e3c316e473ce2cc37cf6350cc02a4b9d1118d1d6d72ebc2d8514510f348a15a7e279b4ad864ab150a4f17932700f8698b877d36ba3d4e8631af3f4fa129542346d62d81aae914cb73244089f2f7faba17ccddd0c234a11a5bcd5e69996ff6413f453fc5f9a2cdb2e5b51a5d6cbf0bdb5c2c733455685493644ca5cf9a8d6630677843edf688031355a9a65308cc591f896324fd7885df8284f133ad081720a4f60f4577f1581a14d5f285698047637125a2534354dd030db106aeb769ee99931913d9b7e10e4d42a4589e1922362bc97984996e64bc9f269320bfd8a31187f5166a07ec3ed01cfdff6e735a2e5e2e686dc448f0b1e7e30c6e01a487bad3997a2b39f4ed575bcdeeabacbf86931ea1d154b0e618794b3c6eb6840961849ea7a0feb83c77a674084fade0190d8d5ae883449b1d84e6ade9d87f881749a145272c4d4166ee836551ed72add29c1f310af2f46c77aa7e2553678a2c58c55a365eb4a2b318f27fff482eb04f0413d7082694f4c47b00e7b371231d4c2465d392219470e4eb6ec99b1b46df340bd609c74d649e5d45dd10d1e475", 0x1000}, 0x1, 0x0, 0x0, 0x801}, 0x24000000) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8d, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0x4, 0xb, 0x0, 0x3, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x0, {0x45, 0x80}, 0xcd, 0x3}}) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) setfsgid(0xee00) r3 = syz_clone(0x1000000, 0x0, 0xfffffd11, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x488100, 0x10) fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = syz_open_procfs(r3, &(0x7f0000000040)='statm\x00') pread64(r5, &(0x7f0000000140)=""/15, 0xf, 0x4) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 11.250342472s ago: executing program 0 (id=122): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x3, @none, 0xfffd}, 0xe) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1) 9.90926919s ago: executing program 0 (id=136): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9.876133756s ago: executing program 32 (id=136): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.938113723s ago: executing program 4 (id=276): r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x101000, 0x12) ioctl$I2C_PEC(r0, 0x708, 0x100000000) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x29, 0x80, 0xd, 0x2, 0x10, @ipv4={'\x00', '\xff\xff', @broadcast}, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7800, 0x10, 0x14853, 0x400000}}) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006"], 0x68}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) 1.858445238s ago: executing program 4 (id=277): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r3, 0x0, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) dup3(r3, r4, 0x80000) syz_usb_disconnect(r2) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000040)='cpuacct.usage_all\x00', 0x0, 0x0) 1.666056175s ago: executing program 1 (id=283): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x3b6, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00', r1}, 0x10) r2 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x100, 0x2, 0x10, {0x2, 0x4000, @empty}}, 0x24) sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000002d40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x1a, r4, 0x1, 0xf, 0x6, @multicast}, 0x14) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r4}, 0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x84, 0x30, 0xb, 0x0, 0xfffffffe, {}, [{0x70, 0x1, [@m_ct={0x6c, 0x1, 0x0, 0x0, {{0x7}, {0x44, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x1, 0x8fa}}, @TCA_CT_LABELS_MASK={0x14, 0x8, "90fb570f4eab9cde90df76e92c847861"}, @TCA_CT_LABELS={0x14, 0x7, "e3ccd1c5b8fbe60833617f2f4a63b45b"}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x10000000) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000200)=@req={0xd196, 0x8b0, 0x5, 0x4}, 0x10) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000180)) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c900910000", 0x48}], 0x1) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000000200000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012880b004c85697036746e6c070000000000000000000074b7f7205e37090089000000"], 0x3c}, 0x1, 0x0, 0x0, 0x81}, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x6000) 1.298808337s ago: executing program 3 (id=288): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000050000000100000007"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 4) 1.107118535s ago: executing program 2 (id=292): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) write$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1, @link_key_neg_reply={{0x40c, 0x6}}}, 0xa) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) recvmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x81}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000000340)=""/83, 0x53}], 0x100000000000019f, 0x0, 0x46}, 0x5}], 0x2, 0x40, 0x0) sendto$inet6(r1, 0x0, 0x62, 0x0, 0x0, 0x0) 1.106971274s ago: executing program 2 (id=293): r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x6, @remote, 0xb}, 0x1c) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) syz_emit_ethernet(0xfef3, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0) 1.040250071s ago: executing program 2 (id=294): r0 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000f3710000000000cf02000000000000ff"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff"]) 857.93086ms ago: executing program 3 (id=295): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000300)='GPL\x00', 0x4}, 0x94) (fail_nth: 4) 857.741786ms ago: executing program 2 (id=296): syz_kvm_add_vcpu$x86(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 857.569257ms ago: executing program 1 (id=297): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01"], 0x40}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="1c0000f5"], 0xfdef) (fail_nth: 4) 857.444728ms ago: executing program 2 (id=298): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r2, r1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00') readlinkat(r3, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4112, 0x1010) setreuid(0xffffffffffffffff, 0xee00) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x10b, 0x1}) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x58, 0x0, 0x9, 0x401, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x16}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @local}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x97d}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000040}, 0x40040) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@lld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0x28, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 810.272775ms ago: executing program 2 (id=299): ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$l2tp6(0xa, 0x2, 0x73) recvmsg(r2, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) bind$l2tp6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 540.316074ms ago: executing program 3 (id=300): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 540.128989ms ago: executing program 1 (id=301): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x2, 0x0, 0x80, {0x0, 0xeeee8000}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3e9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="0f01c30fc7390f01cbb9080b00000f320fc72d1454d4980fc7682bc4c2999aaddd8bceb38fe8eca2a80100000037c4e14ddee2660f38810b", 0x38}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 410.026778ms ago: executing program 3 (id=302): r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x6, @remote, 0xb}, 0x1c) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) syz_emit_ethernet(0xfef3, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0) 409.554181ms ago: executing program 3 (id=303): r0 = socket(0x10, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="02"]) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) ioctl$PTP_PEROUT_REQUEST2(r6, 0x40383d0c, &(0x7f0000000040)={{0x0, 0x4003}, {0x0, 0x3ff}, 0x0, 0x3}) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r7, 0x4048aecb, &(0x7f0000000080)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_XCRS(r6, 0x4188aea7, &(0x7f0000000140)={0x7, 0x2, [{0x2, 0x0, 0x1}, {0x40, 0x0, 0xa7}, {0xc, 0x0, 0x5}, {0x8, 0x0, 0x413}, {0x8, 0x0, 0x2}, {0x4, 0x0, 0xdd}, {0x2, 0x0, 0x3018}]}) r8 = socket(0x40000000015, 0x805, 0x0) getsockopt(r8, 0x114, 0x271b, &(0x7f0000000440)=""/102400, &(0x7f0000000000)=0x19000) ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x5000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 409.372527ms ago: executing program 1 (id=304): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0xe0b, 0x3, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_CORR={0x10, 0x1, {0x5, 0x3, 0x2}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x78}}, 0x0) sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c286dd", 0xe, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000600)=ANY=[], 0xfdef) 329.985082ms ago: executing program 1 (id=305): r0 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000f3710000000000cf02000000000000ff"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff"]) 217.933642ms ago: executing program 1 (id=306): bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x1000000, 0x0, 0x0, 0xfd}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x21, 0x0) r3 = socket(0xa, 0x1, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x5) r6 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r7, 0x8910, &(0x7f00000000c0)={'bond_slave_1\x00', @ifru_addrs=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}}) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r8, &(0x7f0000003980)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r8, &(0x7f0000000240)={0x78, 0x0, r9, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0x55, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x1ff, 0xa000}}}, 0x78) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x15, 0x0, 'lblcr\x00'}, 0x2c) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x4031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x0, 0x0) pread64(r10, &(0x7f0000000300)=""/215, 0xd7, 0x433) madvise(&(0x7f0000000000/0x600000)=nil, 0x600013, 0x15) r11 = socket$netlink(0x10, 0x3, 0x4) write(r11, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 141.06031ms ago: executing program 4 (id=307): mkdir(&(0x7f0000000080)='./file1\x00', 0x18) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 128.286782ms ago: executing program 3 (id=308): syz_usb_connect(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0xff, 0x71, 0x20, 0x9c4, 0x11, 0xb01c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x7e, 0x10, 0x2, 0x26, 0xd5, 0x18, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x18, 0x3a, 0xb, 0x0, 0x0, {0x4}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 4) 56.466647ms ago: executing program 4 (id=309): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x2) write$qrtrtun(r0, &(0x7f0000000300)="1b6ac0506313b3e8", 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x3f000000, 0x1}}, 0x40) 56.1781ms ago: executing program 4 (id=310): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x58, 0x10, 0x403, 0x300, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x16, 0xf}}, @IFLA_VLAN_ID={0x6, 0x1, 0xffe}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x58}}, 0x8000) 0s ago: executing program 4 (id=311): r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x8000, 0x0, 0x0, 0x4, 0x65f40}) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000180)={0x1}) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000000)={0x1, 0x1}) kernel console output (not intermixed with test programs): [ 38.209762][ T40] audit: type=1400 audit(1750795842.894:61): avc: denied { siginh } for pid=5842 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:28749' (ED25519) to the list of known hosts. [ 39.482048][ T40] audit: type=1400 audit(1750795844.194:62): avc: denied { name_bind } for pid=5873 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.511248][ T40] audit: type=1400 audit(1750795844.224:63): avc: denied { write } for pid=5874 comm="sh" path="pipe:[5843]" dev="pipefs" ino=5843 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 39.530457][ T40] audit: type=1400 audit(1750795844.244:64): avc: denied { execute } for pid=5874 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 39.537146][ T40] audit: type=1400 audit(1750795844.244:65): avc: denied { execute_no_trans } for pid=5874 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 41.373450][ T40] audit: type=1400 audit(1750795846.084:66): avc: denied { mounton } for pid=5874 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 41.375949][ T5874] cgroup: Unknown subsys name 'net' [ 41.572539][ T5874] cgroup: Unknown subsys name 'cpuset' [ 41.577142][ T5874] cgroup: Unknown subsys name 'rlimit' [ 41.784553][ T5924] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.520721][ T5874] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.577834][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 45.577850][ T40] audit: type=1400 audit(1750795850.284:80): avc: denied { execmem } for pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.769959][ T40] audit: type=1400 audit(1750795850.474:81): avc: denied { create } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.776504][ T40] audit: type=1400 audit(1750795850.484:82): avc: denied { read write } for pid=5934 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.785089][ T40] audit: type=1400 audit(1750795850.484:83): avc: denied { read write } for pid=5935 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.792804][ T40] audit: type=1400 audit(1750795850.484:84): avc: denied { open } for pid=5934 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.801318][ T5942] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.804026][ T40] audit: type=1400 audit(1750795850.484:85): avc: denied { open } for pid=5935 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.808688][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.811810][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.814203][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.814449][ T40] audit: type=1400 audit(1750795850.484:86): avc: denied { ioctl } for pid=5935 comm="syz-executor" path="socket:[3860]" dev="sockfs" ino=3860 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.817918][ T5946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.818971][ T5948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.826195][ T5946] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.826855][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.827301][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.827799][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.828271][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.828857][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.829385][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.829921][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.837560][ T40] audit: type=1400 audit(1750795850.544:87): avc: denied { read } for pid=5934 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.842540][ T5939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.844354][ T40] audit: type=1400 audit(1750795850.544:88): avc: denied { open } for pid=5934 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.847542][ T5939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.849061][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.851050][ T40] audit: type=1400 audit(1750795850.544:89): avc: denied { mounton } for pid=5934 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.855879][ T5939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.858888][ T5946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.865205][ T5939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.066626][ T5936] chnl_net:caif_netlink_parms(): no params data found [ 46.138483][ T5934] chnl_net:caif_netlink_parms(): no params data found [ 46.217069][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.219726][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.222066][ T5936] bridge_slave_0: entered allmulticast mode [ 46.224729][ T5936] bridge_slave_0: entered promiscuous mode [ 46.232302][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 46.268684][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.270929][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.273057][ T5936] bridge_slave_1: entered allmulticast mode [ 46.276156][ T5936] bridge_slave_1: entered promiscuous mode [ 46.334388][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.341444][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.344582][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.346857][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.349210][ T5934] bridge_slave_0: entered allmulticast mode [ 46.352288][ T5934] bridge_slave_0: entered promiscuous mode [ 46.406793][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.409125][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.411628][ T5934] bridge_slave_1: entered allmulticast mode [ 46.414219][ T5934] bridge_slave_1: entered promiscuous mode [ 46.433096][ T5936] team0: Port device team_slave_0 added [ 46.469205][ T5936] team0: Port device team_slave_1 added [ 46.487162][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.492645][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.523638][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.525949][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.528225][ T5935] bridge_slave_0: entered allmulticast mode [ 46.531542][ T5935] bridge_slave_0: entered promiscuous mode [ 46.550217][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.552506][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.561278][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.610605][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 46.619140][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.622776][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.625532][ T5935] bridge_slave_1: entered allmulticast mode [ 46.629067][ T5935] bridge_slave_1: entered promiscuous mode [ 46.632501][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.634929][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.643893][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.651021][ T5934] team0: Port device team_slave_0 added [ 46.698489][ T5934] team0: Port device team_slave_1 added [ 46.741932][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.759777][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.761938][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.770853][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.785999][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.790069][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.792186][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.799893][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.876935][ T5936] hsr_slave_0: entered promiscuous mode [ 46.879288][ T5936] hsr_slave_1: entered promiscuous mode [ 46.897000][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.899301][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.901651][ T5949] bridge_slave_0: entered allmulticast mode [ 46.904215][ T5949] bridge_slave_0: entered promiscuous mode [ 46.909550][ T5935] team0: Port device team_slave_0 added [ 46.912919][ T5935] team0: Port device team_slave_1 added [ 46.916772][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.919012][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.923254][ T5949] bridge_slave_1: entered allmulticast mode [ 46.925938][ T5949] bridge_slave_1: entered promiscuous mode [ 47.066115][ T5934] hsr_slave_0: entered promiscuous mode [ 47.068340][ T5934] hsr_slave_1: entered promiscuous mode [ 47.070492][ T5934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.072962][ T5934] Cannot create hsr debugfs directory [ 47.077253][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.081560][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.083664][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.092950][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.100419][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.103153][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.111900][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.135732][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.234015][ T5949] team0: Port device team_slave_0 added [ 47.238071][ T5949] team0: Port device team_slave_1 added [ 47.336246][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.338419][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.346518][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.353717][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.355826][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.363734][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.369831][ T5935] hsr_slave_0: entered promiscuous mode [ 47.372121][ T5935] hsr_slave_1: entered promiscuous mode [ 47.374732][ T5935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.377501][ T5935] Cannot create hsr debugfs directory [ 47.485305][ T5949] hsr_slave_0: entered promiscuous mode [ 47.487478][ T5949] hsr_slave_1: entered promiscuous mode [ 47.489517][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.491886][ T5949] Cannot create hsr debugfs directory [ 47.692167][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.703092][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.716457][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.722702][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.761519][ T5935] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.767571][ T5935] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.774342][ T5935] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.780585][ T5935] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.829369][ T5934] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.838502][ T5934] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.842793][ T5934] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.847084][ T5934] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.880892][ T5944] Bluetooth: hci0: command tx timeout [ 47.880897][ T5939] Bluetooth: hci2: command tx timeout [ 47.881154][ T5939] Bluetooth: hci1: command tx timeout [ 47.898517][ T5949] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.910036][ T5949] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.915191][ T5949] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.922890][ T5949] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.933412][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.964413][ T5936] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.969957][ T5939] Bluetooth: hci3: command tx timeout [ 47.988554][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.991014][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.005854][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.008097][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.015191][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.040367][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.047842][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.061600][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.064537][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.074427][ T5934] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.083407][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.087395][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.090523][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.106932][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.110073][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.130455][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.138933][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.141373][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.147328][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.149750][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.168155][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.170824][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.263738][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.285308][ T5936] veth0_vlan: entered promiscuous mode [ 48.291661][ T5936] veth1_vlan: entered promiscuous mode [ 48.308330][ T5936] veth0_macvtap: entered promiscuous mode [ 48.317363][ T5936] veth1_macvtap: entered promiscuous mode [ 48.331088][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.339473][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.347795][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.357937][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.366621][ T5936] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.369335][ T5936] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.372388][ T5936] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.375186][ T5936] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.383219][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.430984][ T5934] veth0_vlan: entered promiscuous mode [ 48.438674][ T5935] veth0_vlan: entered promiscuous mode [ 48.441460][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.443443][ T5935] veth1_vlan: entered promiscuous mode [ 48.443640][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.454887][ T5934] veth1_vlan: entered promiscuous mode [ 48.470411][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.471892][ T5949] veth0_vlan: entered promiscuous mode [ 48.472654][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.479474][ T5949] veth1_vlan: entered promiscuous mode [ 48.494279][ T5935] veth0_macvtap: entered promiscuous mode [ 48.497713][ T5935] veth1_macvtap: entered promiscuous mode [ 48.513198][ T5949] veth0_macvtap: entered promiscuous mode [ 48.513949][ T5936] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.517908][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.523811][ T5934] veth0_macvtap: entered promiscuous mode [ 48.531201][ T5949] veth1_macvtap: entered promiscuous mode [ 48.535391][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.542037][ T5934] veth1_macvtap: entered promiscuous mode [ 48.545844][ T5935] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.548547][ T5935] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.552390][ T5935] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.554801][ T5935] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.567882][ T6021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 48.570351][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.578743][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.585376][ T6021] bridge_slave_0: left allmulticast mode [ 48.587187][ T6021] bridge_slave_0: left promiscuous mode [ 48.589471][ T6021] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.596961][ T6021] bridge_slave_1: left allmulticast mode [ 48.599473][ T6021] bridge_slave_1: left promiscuous mode [ 48.602703][ T6021] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.607736][ T6021] bond0: (slave bond_slave_0): Releasing backup interface [ 48.614019][ T6021] bond0: (slave bond_slave_1): Releasing backup interface [ 48.623351][ T6021] team0: Port device team_slave_0 removed [ 48.627560][ T6021] team0: Port device team_slave_1 removed [ 48.630680][ T6021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.633123][ T6021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.636298][ T6021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.638863][ T6021] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.657319][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.661679][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.675115][ T5934] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.678038][ T5934] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.681602][ T5934] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.684225][ T5934] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.691048][ T5949] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.694041][ T5949] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.696629][ T5949] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.699942][ T5949] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.712860][ T6025] pim6reg: entered allmulticast mode [ 48.725165][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.728088][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.771899][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.773218][ T6028] warning: `syz.0.6' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 48.774354][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.781988][ T6027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6'. [ 48.785126][ T6027] netlink: 'syz.0.6': attribute type 7 has an invalid length. [ 48.787899][ T6027] netlink: 'syz.0.6': attribute type 8 has an invalid length. [ 48.790560][ T6027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6'. [ 48.793345][ T97] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.795642][ T6027] bridge0: entered promiscuous mode [ 48.796297][ T97] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.798550][ T6027] ip6gretap0: entered promiscuous mode [ 48.803213][ T6027] gretap0: entered promiscuous mode [ 48.807333][ T6027] netlink: 180 bytes leftover after parsing attributes in process `syz.0.6'. [ 48.810617][ T6027] netlink: 180 bytes leftover after parsing attributes in process `syz.0.6'. [ 48.821802][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.824221][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.865711][ T6030] pim6reg: entered allmulticast mode [ 48.868140][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.872199][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.878705][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.886091][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.906196][ T6034] FAULT_INJECTION: forcing a failure. [ 48.906196][ T6034] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 48.911472][ T6034] CPU: 2 UID: 0 PID: 6034 Comm: syz.3.8 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 48.911487][ T6034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.911493][ T6034] Call Trace: [ 48.911497][ T6034] [ 48.911501][ T6034] dump_stack_lvl+0x16c/0x1f0 [ 48.911519][ T6034] should_fail_ex+0x512/0x640 [ 48.911535][ T6034] _copy_to_user+0x32/0xd0 [ 48.911550][ T6034] simple_read_from_buffer+0xcb/0x170 [ 48.911565][ T6034] proc_fail_nth_read+0x197/0x270 [ 48.911578][ T6034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 48.911592][ T6034] ? rw_verify_area+0xcf/0x680 [ 48.911603][ T6034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 48.911615][ T6034] vfs_read+0x1e1/0xc60 [ 48.911629][ T6034] ? __pfx___mutex_lock+0x10/0x10 [ 48.911644][ T6034] ? __pfx_vfs_read+0x10/0x10 [ 48.911660][ T6034] ? __fget_files+0x20e/0x3c0 [ 48.911678][ T6034] ksys_read+0x12a/0x250 [ 48.911690][ T6034] ? __pfx_ksys_read+0x10/0x10 [ 48.911706][ T6034] do_syscall_64+0xcd/0x4c0 [ 48.911737][ T6034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.911749][ T6034] RIP: 0033:0x7f43ec18d33c [ 48.911757][ T6034] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 48.911767][ T6034] RSP: 002b:00007f43ed0c8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 48.911777][ T6034] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18d33c [ 48.911783][ T6034] RDX: 000000000000000f RSI: 00007f43ed0c80a0 RDI: 0000000000000003 [ 48.911789][ T6034] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 48.911795][ T6034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 48.911800][ T6034] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 48.911813][ T6034] [ 48.929298][ T6035] usb usb8: usbfs: process 6035 (syz.0.7) did not claim interface 0 before use [ 48.965712][ T6039] Zero length message leads to an empty skb [ 49.219802][ T9] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 49.593253][ T9] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 49.596497][ T9] usb 7-1: config 0 has no interface number 0 [ 49.598976][ T9] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 49.604861][ T9] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 49.609082][ T9] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 49.613687][ T9] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 49.618512][ T9] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 49.622543][ T9] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 49.627740][ T9] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 49.631350][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.638825][ T9] usb 7-1: config 0 descriptor?? [ 49.642603][ T6041] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 49.648010][ T9] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 49.847024][ T6041] ldusb 7-1:0.55: Couldn't submit interrupt_in_urb -90 [ 49.912418][ T9] usb 7-1: USB disconnect, device number 2 [ 49.925226][ T9] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 49.960342][ T5939] Bluetooth: hci1: command tx timeout [ 49.960493][ T63] Bluetooth: hci2: command tx timeout [ 49.964579][ T5946] Bluetooth: hci0: command tx timeout [ 49.991997][ T6072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20'. [ 49.998448][ T6072] bridge_slave_0: left allmulticast mode [ 50.000465][ T6072] bridge_slave_0: left promiscuous mode [ 50.002699][ T6072] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.007458][ T6072] bridge_slave_1: left allmulticast mode [ 50.009060][ T6073] netlink: 76 bytes leftover after parsing attributes in process `syz.1.19'. [ 50.009256][ T6072] bridge_slave_1: left promiscuous mode [ 50.009353][ T6072] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.011110][ T6066] FAULT_INJECTION: forcing a failure. [ 50.011110][ T6066] name failslab, interval 1, probability 0, space 0, times 1 [ 50.011137][ T6066] CPU: 2 UID: 0 PID: 6066 Comm: syz.0.18 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 50.011158][ T6066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.011167][ T6066] Call Trace: [ 50.011173][ T6066] [ 50.011179][ T6066] dump_stack_lvl+0x16c/0x1f0 [ 50.011206][ T6066] should_fail_ex+0x512/0x640 [ 50.011227][ T6066] ? fs_reclaim_acquire+0xae/0x150 [ 50.011245][ T6066] ? tomoyo_encode2+0x100/0x3e0 [ 50.011275][ T6066] should_failslab+0xc2/0x120 [ 50.011299][ T6066] __kmalloc_noprof+0xd2/0x510 [ 50.011326][ T6066] tomoyo_encode2+0x100/0x3e0 [ 50.011351][ T6066] tomoyo_encode+0x29/0x50 [ 50.011372][ T6066] tomoyo_realpath_from_path+0x18f/0x6e0 [ 50.011397][ T6066] ? tomoyo_profile+0x47/0x60 [ 50.011425][ T6066] tomoyo_path_number_perm+0x245/0x580 [ 50.011443][ T6066] ? tomoyo_path_number_perm+0x237/0x580 [ 50.011464][ T6066] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 50.011485][ T6066] ? find_held_lock+0x2b/0x80 [ 50.011525][ T6066] ? find_held_lock+0x2b/0x80 [ 50.011544][ T6066] ? hook_file_ioctl_common+0x145/0x410 [ 50.011575][ T6066] ? __fget_files+0x20e/0x3c0 [ 50.011601][ T6066] security_file_ioctl+0x9b/0x240 [ 50.011624][ T6066] __x64_sys_ioctl+0xb7/0x210 [ 50.011646][ T6066] do_syscall_64+0xcd/0x4c0 [ 50.011672][ T6066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.011689][ T6066] RIP: 0033:0x7f836178e929 [ 50.011701][ T6066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.011717][ T6066] RSP: 002b:00007f836253e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.011732][ T6066] RAX: ffffffffffffffda RBX: 00007f83619b5fa0 RCX: 00007f836178e929 [ 50.011743][ T6066] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 50.011752][ T6066] RBP: 00007f836253e090 R08: 0000000000000000 R09: 0000000000000000 [ 50.011762][ T6066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.011770][ T6066] R13: 0000000000000000 R14: 00007f83619b5fa0 R15: 00007ffeaad74ca8 [ 50.011791][ T6066] [ 50.011806][ T6066] ERROR: Out of memory at tomoyo_realpath_from_path. [ 50.040213][ T5946] Bluetooth: hci3: command tx timeout [ 50.109533][ T6072] bond0: (slave bond_slave_0): Releasing backup interface [ 50.114764][ T6072] bond0: (slave bond_slave_1): Releasing backup interface [ 50.122879][ T6072] team0: Port device team_slave_0 removed [ 50.129185][ T6072] team0: Port device team_slave_1 removed [ 50.132012][ T6072] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 50.135050][ T6072] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 50.138707][ T6072] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 50.142152][ T6072] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 50.271040][ T6083] FAULT_INJECTION: forcing a failure. [ 50.271040][ T6083] name failslab, interval 1, probability 0, space 0, times 0 [ 50.275281][ T6083] CPU: 2 UID: 0 PID: 6083 Comm: syz.0.23 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 50.275297][ T6083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.275303][ T6083] Call Trace: [ 50.275307][ T6083] [ 50.275311][ T6083] dump_stack_lvl+0x16c/0x1f0 [ 50.275330][ T6083] should_fail_ex+0x512/0x640 [ 50.275343][ T6083] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 50.275357][ T6083] should_failslab+0xc2/0x120 [ 50.275372][ T6083] __kmalloc_cache_noprof+0x6a/0x3e0 [ 50.275383][ T6083] ? __pfx___might_resched+0x10/0x10 [ 50.275397][ T6083] ? vhost_task_create+0xe5/0x2e0 [ 50.275407][ T6083] ? rcu_is_watching+0x12/0xc0 [ 50.275420][ T6083] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 50.275436][ T6083] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 50.275454][ T6083] vhost_task_create+0xe5/0x2e0 [ 50.275463][ T6083] ? __pfx_vhost_task_create+0x10/0x10 [ 50.275476][ T6083] ? __pfx_vhost_task_fn+0x10/0x10 [ 50.275491][ T6083] kvm_mmu_post_init_vm+0x1b7/0x370 [ 50.275505][ T6083] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 50.275518][ T6083] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 50.275532][ T6083] kvm_vcpu_ioctl+0x5eb/0x1690 [ 50.275546][ T6083] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 50.275561][ T6083] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 50.275577][ T6083] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 50.275595][ T6083] ? hook_file_ioctl_common+0x145/0x410 [ 50.275615][ T6083] ? selinux_file_ioctl+0x180/0x270 [ 50.275628][ T6083] ? selinux_file_ioctl+0xb4/0x270 [ 50.275642][ T6083] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 50.275654][ T6083] __x64_sys_ioctl+0x18e/0x210 [ 50.275667][ T6083] do_syscall_64+0xcd/0x4c0 [ 50.275683][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.275693][ T6083] RIP: 0033:0x7f836178e929 [ 50.275702][ T6083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.275712][ T6083] RSP: 002b:00007f836253e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.275722][ T6083] RAX: ffffffffffffffda RBX: 00007f83619b5fa0 RCX: 00007f836178e929 [ 50.275728][ T6083] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 50.275734][ T6083] RBP: 00007f836253e090 R08: 0000000000000000 R09: 0000000000000000 [ 50.275739][ T6083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.275745][ T6083] R13: 0000000000000000 R14: 00007f83619b5fa0 R15: 00007ffeaad74ca8 [ 50.275757][ T6083] [ 50.856466][ T40] kauditd_printk_skb: 80 callbacks suppressed [ 50.856477][ T40] audit: type=1400 audit(1750795855.564:168): avc: denied { read write } for pid=6102 comm="syz.1.30" name="renderD128" dev="devtmpfs" ino=634 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 50.869804][ T6103] usb usb8: usbfs: process 6103 (syz.1.30) did not claim interface 0 before use [ 50.873841][ T40] audit: type=1400 audit(1750795855.564:169): avc: denied { open } for pid=6102 comm="syz.1.30" path="/dev/dri/renderD128" dev="devtmpfs" ino=634 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 50.883506][ T40] audit: type=1400 audit(1750795855.574:170): avc: denied { ioctl } for pid=6102 comm="syz.1.30" path="/dev/dri/renderD128" dev="devtmpfs" ino=634 ioctlcmd=0x6409 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 51.329221][ T6112] FAULT_INJECTION: forcing a failure. [ 51.329221][ T6112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.333810][ T6112] CPU: 3 UID: 0 PID: 6112 Comm: syz.0.32 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 51.333825][ T6112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.333831][ T6112] Call Trace: [ 51.333835][ T6112] [ 51.333839][ T6112] dump_stack_lvl+0x16c/0x1f0 [ 51.333857][ T6112] should_fail_ex+0x512/0x640 [ 51.333873][ T6112] _copy_from_user+0x2e/0xd0 [ 51.333888][ T6112] do_procmap_query+0x110/0x1090 [ 51.333902][ T6112] ? do_vfs_ioctl+0x523/0x1a60 [ 51.333914][ T6112] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 51.333925][ T6112] ? __pfx_do_procmap_query+0x10/0x10 [ 51.333941][ T6112] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 51.333956][ T6112] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 51.333971][ T6112] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 51.333993][ T6112] ? selinux_file_ioctl+0x180/0x270 [ 51.334006][ T6112] ? selinux_file_ioctl+0xb4/0x270 [ 51.334021][ T6112] procfs_procmap_ioctl+0x7d/0xb0 [ 51.334034][ T6112] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 51.334048][ T6112] __x64_sys_ioctl+0x18e/0x210 [ 51.334060][ T6112] do_syscall_64+0xcd/0x4c0 [ 51.334075][ T6112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.334086][ T6112] RIP: 0033:0x7f836178e929 [ 51.334094][ T6112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.334114][ T6112] RSP: 002b:00007f836253e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.334126][ T6112] RAX: ffffffffffffffda RBX: 00007f83619b5fa0 RCX: 00007f836178e929 [ 51.334132][ T6112] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000006 [ 51.334138][ T6112] RBP: 00007f836253e090 R08: 0000000000000000 R09: 0000000000000000 [ 51.334144][ T6112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 51.334149][ T6112] R13: 0000000000000000 R14: 00007f83619b5fa0 R15: 00007ffeaad74ca8 [ 51.334163][ T6112] [ 51.439669][ T40] audit: type=1400 audit(1750795856.144:171): avc: denied { mounton } for pid=6116 comm="syz.0.34" path="/11/file0" dev="tmpfs" ino=76 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 51.473764][ T40] audit: type=1400 audit(1750795856.184:172): avc: denied { name_bind 0x1000000 } for pid=6118 comm="syz.0.35" path="socket:[7943]" dev="sockfs" ino=7943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 51.474395][ T6119] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 51.484986][ T6118] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 51.501088][ T40] audit: type=1400 audit(1750795856.214:173): avc: denied { create } for pid=6120 comm="syz.2.36" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.517927][ T40] audit: type=1400 audit(1750795856.224:174): avc: denied { ioctl } for pid=6120 comm="syz.2.36" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9814 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.604937][ T6130] trusted_key: encrypted_key: master key parameter 'ZëL„9©Í:«Æ§yû‚–x«Î5æœ?÷V<Oeu¬¦.Žˆ®YÂJ!^»jZM6嫶y}(O™‚—Â=&z¿ê\&ègÆe?ºÂÝQÙÞŒpìÔÚm”þâk|GR5·“q7*' is invalid [ 51.632504][ T40] audit: type=1400 audit(1750795856.344:175): avc: denied { allowed } for pid=6131 comm="syz.0.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 51.639301][ T40] audit: type=1400 audit(1750795856.344:176): avc: denied { map } for pid=6131 comm="syz.0.40" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=6903 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.642323][ T6132] netlink: 'syz.0.40': attribute type 2 has an invalid length. [ 51.647011][ T40] audit: type=1400 audit(1750795856.344:177): avc: denied { read write } for pid=6131 comm="syz.0.40" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=6903 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.649420][ T6132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.40'. [ 51.749019][ T6137] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.753512][ T6137] netlink: 'syz.2.41': attribute type 12 has an invalid length. [ 51.756106][ T6137] netlink: 'syz.2.41': attribute type 29 has an invalid length. [ 51.758544][ T6137] netlink: 148 bytes leftover after parsing attributes in process `syz.2.41'. [ 51.762341][ T6137] netlink: 'syz.2.41': attribute type 1 has an invalid length. [ 51.764807][ T6137] netlink: 'syz.2.41': attribute type 2 has an invalid length. [ 51.767265][ T6137] netlink: 39 bytes leftover after parsing attributes in process `syz.2.41'. [ 51.890149][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 52.040264][ T5946] Bluetooth: hci0: command tx timeout [ 52.040337][ T63] Bluetooth: hci1: command 0x040f tx timeout [ 52.040367][ T5939] Bluetooth: hci2: command tx timeout [ 52.046092][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 52.241345][ T6163] FAULT_INJECTION: forcing a failure. [ 52.241345][ T6163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.247040][ T6163] CPU: 2 UID: 0 PID: 6163 Comm: syz.3.50 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 52.247063][ T6163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.247074][ T6163] Call Trace: [ 52.247081][ T6163] [ 52.247088][ T6163] dump_stack_lvl+0x16c/0x1f0 [ 52.247119][ T6163] should_fail_ex+0x512/0x640 [ 52.247151][ T6163] _copy_to_user+0x32/0xd0 [ 52.247177][ T6163] simple_read_from_buffer+0xcb/0x170 [ 52.247201][ T6163] proc_fail_nth_read+0x197/0x270 [ 52.247224][ T6163] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 52.247247][ T6163] ? rw_verify_area+0xcf/0x680 [ 52.247265][ T6163] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 52.247287][ T6163] vfs_read+0x1e1/0xc60 [ 52.247312][ T6163] ? __pfx___mutex_lock+0x10/0x10 [ 52.247336][ T6163] ? __pfx_vfs_read+0x10/0x10 [ 52.247365][ T6163] ? __fget_files+0x20e/0x3c0 [ 52.247397][ T6163] ksys_read+0x12a/0x250 [ 52.247417][ T6163] ? __pfx_ksys_read+0x10/0x10 [ 52.247444][ T6163] do_syscall_64+0xcd/0x4c0 [ 52.247472][ T6163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.247491][ T6163] RIP: 0033:0x7f43ec18d33c [ 52.247508][ T6163] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 52.247524][ T6163] RSP: 002b:00007f43ed0c8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 52.247540][ T6163] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18d33c [ 52.247552][ T6163] RDX: 000000000000000f RSI: 00007f43ed0c80a0 RDI: 0000000000000004 [ 52.247562][ T6163] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 52.247573][ T6163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.247584][ T6163] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 52.247608][ T6163] [ 52.354272][ T6165] xt_hashlimit: overflow, rate too high: 0 [ 52.504139][ T6181] syz.1.57 uses obsolete (PF_INET,SOCK_PACKET) [ 52.597334][ T6185] netlink: 'syz.3.59': attribute type 2 has an invalid length. [ 52.611006][ T6189] Failed to get privilege flags for destination (handle=0x2:0x0) [ 52.644202][ T6191] ip6tnl1: entered allmulticast mode [ 52.729575][ T1141] bond0 (unregistering): Released all slaves [ 52.844151][ T6198] FAULT_INJECTION: forcing a failure. [ 52.844151][ T6198] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.853629][ T6198] CPU: 0 UID: 0 PID: 6198 Comm: syz.0.64 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 52.853650][ T6198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.853658][ T6198] Call Trace: [ 52.853664][ T6198] [ 52.853669][ T6198] dump_stack_lvl+0x16c/0x1f0 [ 52.853693][ T6198] should_fail_ex+0x512/0x640 [ 52.853714][ T6198] _copy_to_user+0x32/0xd0 [ 52.853735][ T6198] simple_read_from_buffer+0xcb/0x170 [ 52.853754][ T6198] proc_fail_nth_read+0x197/0x270 [ 52.853771][ T6198] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 52.853789][ T6198] ? rw_verify_area+0xcf/0x680 [ 52.853803][ T6198] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 52.853819][ T6198] vfs_read+0x1e1/0xc60 [ 52.853839][ T6198] ? __pfx___mutex_lock+0x10/0x10 [ 52.853857][ T6198] ? __pfx_vfs_read+0x10/0x10 [ 52.853879][ T6198] ? __fget_files+0x20e/0x3c0 [ 52.853903][ T6198] ksys_read+0x12a/0x250 [ 52.853918][ T6198] ? __pfx_ksys_read+0x10/0x10 [ 52.853940][ T6198] do_syscall_64+0xcd/0x4c0 [ 52.853961][ T6198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.853975][ T6198] RIP: 0033:0x7f836178d33c [ 52.853987][ T6198] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 52.854000][ T6198] RSP: 002b:00007f836253e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 52.854016][ T6198] RAX: ffffffffffffffda RBX: 00007f83619b5fa0 RCX: 00007f836178d33c [ 52.854026][ T6198] RDX: 000000000000000f RSI: 00007f836253e0a0 RDI: 0000000000000006 [ 52.854036][ T6198] RBP: 00007f836253e090 R08: 0000000000000000 R09: 0000000000000000 [ 52.854045][ T6198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.854054][ T6198] R13: 0000000000000000 R14: 00007f83619b5fa0 R15: 00007ffeaad74ca8 [ 52.854075][ T6198] [ 52.937105][ T6215] netlink: 'syz.2.70': attribute type 14 has an invalid length. [ 52.947795][ T6214] syz.2.70: attempt to access beyond end of device [ 52.947795][ T6214] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 52.952570][ T6214] EXT4-fs (nbd2): unable to read superblock [ 53.126170][ T63] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 53.127999][ T5940] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 53.242858][ T6232] Cannot find add_set index 0 as target [ 53.245547][ T6229] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 53.309670][ T5940] usb 8-1: Using ep0 maxpacket: 8 [ 53.312461][ T5940] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 53.315445][ T5940] usb 8-1: config 0 has no interface number 0 [ 53.317460][ T5940] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 53.321235][ T5940] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 53.324763][ T5940] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 32, changing to 9 [ 53.328112][ T5940] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 1912, setting to 1024 [ 53.331428][ T5940] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 53.335315][ T5940] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 53.338016][ T5940] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.342200][ T5940] usb 8-1: config 0 descriptor?? [ 53.346700][ T6210] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 53.358993][ T5940] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 53.550707][ T5940] usb 8-1: USB disconnect, device number 2 [ 53.568204][ T5940] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 53.813730][ T6231] all: renamed from lo (while UP) [ 53.894663][ T6240] __nla_validate_parse: 4 callbacks suppressed [ 53.894673][ T6240] netlink: 4 bytes leftover after parsing attributes in process `syz.2.78'. [ 53.938718][ T6245] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.992234][ T6250] FAULT_INJECTION: forcing a failure. [ 53.992234][ T6250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.996006][ T6250] CPU: 1 UID: 0 PID: 6250 Comm: syz.1.83 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 53.996023][ T6250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.996030][ T6250] Call Trace: [ 53.996038][ T6250] [ 53.996042][ T6250] dump_stack_lvl+0x16c/0x1f0 [ 53.996061][ T6250] should_fail_ex+0x512/0x640 [ 53.996077][ T6250] _copy_from_user+0x2e/0xd0 [ 53.996092][ T6250] memdup_user+0x6b/0xe0 [ 53.996107][ T6250] strndup_user+0x78/0xe0 [ 53.996121][ T6250] __x64_sys_mount+0x180/0x310 [ 53.996137][ T6250] ? __pfx___x64_sys_mount+0x10/0x10 [ 53.996156][ T6250] do_syscall_64+0xcd/0x4c0 [ 53.996172][ T6250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.996183][ T6250] RIP: 0033:0x7f00e6f8e929 [ 53.996197][ T6250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.996206][ T6250] RSP: 002b:00007f00e7d40038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 53.996216][ T6250] RAX: ffffffffffffffda RBX: 00007f00e71b5fa0 RCX: 00007f00e6f8e929 [ 53.996222][ T6250] RDX: 0000200000000100 RSI: 0000200000002480 RDI: 0000200000002440 [ 53.996228][ T6250] RBP: 00007f00e7d40090 R08: 0000200000000140 R09: 0000000000000000 [ 53.996234][ T6250] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001 [ 53.996240][ T6250] R13: 0000000000000000 R14: 00007f00e71b5fa0 R15: 00007ffdc7a18218 [ 53.996252][ T6250] [ 54.069025][ T6257] netlink: 'syz.1.86': attribute type 12 has an invalid length. [ 54.120264][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 54.310225][ T6267] tipc: Started in network mode [ 54.311993][ T6267] tipc: Node identity 96c3e65e8827, cluster identity 4711 [ 54.314339][ T6267] tipc: Enabled bearer , priority 0 [ 54.317005][ T6266] tipc: Enabling of bearer rejected, already enabled [ 54.331964][ T6265] tipc: Disabling bearer [ 54.681519][ T63] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 55.382093][ T6319] xt_hashlimit: size too large, truncated to 1048576 [ 55.433805][ T6321] netlink: 24 bytes leftover after parsing attributes in process `syz.1.106'. [ 55.436718][ T6321] netlink: 264 bytes leftover after parsing attributes in process `syz.1.106'. [ 55.439502][ T6321] netlink: 56 bytes leftover after parsing attributes in process `syz.1.106'. [ 55.488944][ T6323] IPv6: syztnl0: Disabled Multicast RS [ 55.617948][ T6333] FAULT_INJECTION: forcing a failure. [ 55.617948][ T6333] name failslab, interval 1, probability 0, space 0, times 0 [ 55.622354][ T6333] CPU: 1 UID: 0 PID: 6333 Comm: syz.3.113 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 55.622370][ T6333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.622376][ T6333] Call Trace: [ 55.622380][ T6333] [ 55.622384][ T6333] dump_stack_lvl+0x16c/0x1f0 [ 55.622421][ T6333] should_fail_ex+0x512/0x640 [ 55.622439][ T6333] ? trace_contention_end+0xdd/0x130 [ 55.622458][ T6333] should_failslab+0xc2/0x120 [ 55.622474][ T6333] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 55.622488][ T6333] ? hci_sock_sendmsg+0xde2/0x25f0 [ 55.622503][ T6333] ? __alloc_skb+0x2b2/0x380 [ 55.622517][ T6333] ? __pfx___mutex_lock+0x10/0x10 [ 55.622534][ T6333] __alloc_skb+0x2b2/0x380 [ 55.622547][ T6333] ? __pfx___alloc_skb+0x10/0x10 [ 55.622565][ T6333] hci_sock_sendmsg+0x1a6f/0x25f0 [ 55.622583][ T6333] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 55.622603][ T6333] sock_write_iter+0x4ff/0x5b0 [ 55.622614][ T6333] ? __pfx_sock_write_iter+0x10/0x10 [ 55.622630][ T6333] ? bpf_lsm_file_permission+0x9/0x10 [ 55.622646][ T6333] ? security_file_permission+0x71/0x210 [ 55.622663][ T6333] ? rw_verify_area+0xcf/0x680 [ 55.622677][ T6333] vfs_write+0x6c7/0x1150 [ 55.622690][ T6333] ? __pfx_sock_write_iter+0x10/0x10 [ 55.622702][ T6333] ? __pfx_vfs_write+0x10/0x10 [ 55.622714][ T6333] ? find_held_lock+0x2b/0x80 [ 55.622735][ T6333] ksys_write+0x1f8/0x250 [ 55.622748][ T6333] ? __pfx_ksys_write+0x10/0x10 [ 55.622764][ T6333] do_syscall_64+0xcd/0x4c0 [ 55.622781][ T6333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.622792][ T6333] RIP: 0033:0x7f43ec18e929 [ 55.622801][ T6333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.622811][ T6333] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.622821][ T6333] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 55.622828][ T6333] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000004 [ 55.622834][ T6333] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 55.622840][ T6333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.622846][ T6333] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 55.622859][ T6333] [ 55.622871][ T6333] Bluetooth: MGMT ver 1.23 [ 55.882069][ T5946] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 55.885181][ T5946] Bluetooth: hci3: Injecting HCI hardware error event [ 55.887888][ T5946] Bluetooth: hci3: hardware error 0x00 [ 56.199788][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 56.502009][ T40] kauditd_printk_skb: 74 callbacks suppressed [ 56.502019][ T40] audit: type=1400 audit(1750795861.214:252): avc: denied { read write } for pid=6353 comm="syz.1.121" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 56.511208][ T40] audit: type=1400 audit(1750795861.214:253): avc: denied { open } for pid=6353 comm="syz.1.121" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 56.518050][ T40] audit: type=1400 audit(1750795861.214:254): avc: denied { ioctl } for pid=6353 comm="syz.1.121" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 56.519759][ T5939] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 56.527793][ T5939] Bluetooth: hci2: Injecting HCI hardware error event [ 56.530722][ T5939] Bluetooth: hci2: hardware error 0x00 [ 56.697186][ T40] audit: type=1400 audit(1750795861.404:255): avc: denied { create } for pid=6358 comm="syz.3.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 56.703536][ T40] audit: type=1400 audit(1750795861.414:256): avc: denied { bind } for pid=6358 comm="syz.3.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 56.736337][ T6362] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 56.748695][ T6362] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 56.816912][ T40] audit: type=1400 audit(1750795861.524:257): avc: denied { read } for pid=6363 comm="syz.3.125" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 56.829686][ T40] audit: type=1400 audit(1750795861.524:258): avc: denied { open } for pid=6363 comm="syz.3.125" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 56.838535][ T40] audit: type=1400 audit(1750795861.524:259): avc: denied { ioctl } for pid=6363 comm="syz.3.125" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 57.105295][ T6374] binder: 6373:6374 ioctl c0306201 200000000540 returned -22 [ 57.138628][ T6376] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.130'. [ 57.160377][ T5942] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 57.163992][ T5942] Bluetooth: hci1: Injecting HCI hardware error event [ 57.193383][ T6379] netlink: 12 bytes leftover after parsing attributes in process `syz.2.131'. [ 57.332351][ T40] audit: type=1400 audit(1750795862.044:260): avc: denied { mount } for pid=6382 comm="syz.2.133" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 57.339057][ T40] audit: type=1400 audit(1750795862.044:261): avc: denied { remount } for pid=6382 comm="syz.2.133" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 57.673827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.677942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.688595][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.699740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 57.705133][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.708622][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.729780][ T63] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 57.740172][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.875827][ T6391] netlink: 244 bytes leftover after parsing attributes in process `syz.2.135'. [ 57.962396][ T5946] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 57.967427][ T97] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.009053][ T97] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.040432][ T6396] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 58.080648][ T97] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.140760][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.143499][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.146131][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.149430][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.153679][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.166916][ T97] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.175905][ T63] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 58.236476][ T63] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 58.280321][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 58.313460][ T6401] chnl_net:caif_netlink_parms(): no params data found [ 58.314005][ T6417] netlink: 16 bytes leftover after parsing attributes in process `syz.1.145'. [ 58.318712][ T6417] netlink: 20 bytes leftover after parsing attributes in process `syz.1.145'. [ 58.337315][ T6419] binder: 6418:6419 ioctl c0306201 200000000540 returned -22 [ 58.344741][ T6417] geneve2: entered allmulticast mode [ 58.451576][ T97] ip6gretap0 (unregistering): left promiscuous mode [ 58.488086][ T97] gretap0 (unregistering): left promiscuous mode [ 58.522665][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.524631][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.526693][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.527036][ T97] bridge0 (unregistering): left promiscuous mode [ 58.528423][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.532627][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.534832][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.537119][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.538973][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.540868][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.542906][ T6430] ip6t_srh: unknown srh match flags 4000 [ 58.602354][ T5939] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 58.642660][ T97] bond0 (unregistering): Released all slaves [ 58.712996][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.715695][ T6401] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.718235][ T6401] bridge_slave_0: entered allmulticast mode [ 58.721359][ T6401] bridge_slave_0: entered promiscuous mode [ 58.727478][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.729792][ T6401] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.733758][ T6401] bridge_slave_1: entered allmulticast mode [ 58.737700][ T6401] bridge_slave_1: entered promiscuous mode [ 58.741423][ T97] tipc: Left network mode [ 58.777923][ T5939] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 58.827444][ T6401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.836240][ T6401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.905836][ T6457] FAULT_INJECTION: forcing a failure. [ 58.905836][ T6457] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.911543][ T6457] CPU: 1 UID: 0 PID: 6457 Comm: syz.2.157 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 58.911558][ T6457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.911565][ T6457] Call Trace: [ 58.911568][ T6457] [ 58.911572][ T6457] dump_stack_lvl+0x16c/0x1f0 [ 58.911591][ T6457] should_fail_ex+0x512/0x640 [ 58.911606][ T6457] _copy_from_user+0x2e/0xd0 [ 58.911621][ T6457] get_user_ifreq+0xf1/0x250 [ 58.911638][ T6457] sock_ioctl+0x586/0x6b0 [ 58.911649][ T6457] ? __pfx_sock_ioctl+0x10/0x10 [ 58.911674][ T6457] ? hook_file_ioctl_common+0x145/0x410 [ 58.911694][ T6457] ? selinux_file_ioctl+0x180/0x270 [ 58.911708][ T6457] ? selinux_file_ioctl+0xb4/0x270 [ 58.911722][ T6457] ? __pfx_sock_ioctl+0x10/0x10 [ 58.911733][ T6457] __x64_sys_ioctl+0x18e/0x210 [ 58.911746][ T6457] do_syscall_64+0xcd/0x4c0 [ 58.911761][ T6457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.911772][ T6457] RIP: 0033:0x7f735cb8e929 [ 58.911781][ T6457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.911790][ T6457] RSP: 002b:00007f735da5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.911800][ T6457] RAX: ffffffffffffffda RBX: 00007f735cdb5fa0 RCX: 00007f735cb8e929 [ 58.911806][ T6457] RDX: 0000200000000000 RSI: 00000000000089f1 RDI: 0000000000000004 [ 58.911812][ T6457] RBP: 00007f735da5e090 R08: 0000000000000000 R09: 0000000000000000 [ 58.911818][ T6457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.911823][ T6457] R13: 0000000000000000 R14: 00007f735cdb5fa0 R15: 00007fffb286fb48 [ 58.911835][ T6457] [ 58.935572][ T6459] FAULT_INJECTION: forcing a failure. [ 58.935572][ T6459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.936758][ T6401] team0: Port device team_slave_0 added [ 58.991852][ T6459] CPU: 2 UID: 0 PID: 6459 Comm: syz.1.158 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 58.991881][ T6459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.991891][ T6459] Call Trace: [ 58.991897][ T6459] [ 58.991903][ T6459] dump_stack_lvl+0x16c/0x1f0 [ 58.991933][ T6459] should_fail_ex+0x512/0x640 [ 58.991959][ T6459] _copy_to_user+0x32/0xd0 [ 58.991984][ T6459] simple_read_from_buffer+0xcb/0x170 [ 58.992008][ T6459] proc_fail_nth_read+0x197/0x270 [ 58.992029][ T6459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 58.992051][ T6459] ? rw_verify_area+0xcf/0x680 [ 58.992070][ T6459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 58.992091][ T6459] vfs_read+0x1e1/0xc60 [ 58.992113][ T6459] ? __pfx___mutex_lock+0x10/0x10 [ 58.992137][ T6459] ? __pfx_vfs_read+0x10/0x10 [ 58.992163][ T6459] ? __fget_files+0x20e/0x3c0 [ 58.992193][ T6459] ksys_read+0x12a/0x250 [ 58.992213][ T6459] ? __pfx_ksys_read+0x10/0x10 [ 58.992240][ T6459] do_syscall_64+0xcd/0x4c0 [ 58.992264][ T6459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.992281][ T6459] RIP: 0033:0x7f00e6f8d33c [ 58.992295][ T6459] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 58.992310][ T6459] RSP: 002b:00007f00e7d40030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 58.992326][ T6459] RAX: ffffffffffffffda RBX: 00007f00e71b5fa0 RCX: 00007f00e6f8d33c [ 58.992338][ T6459] RDX: 000000000000000f RSI: 00007f00e7d400a0 RDI: 0000000000000004 [ 58.992347][ T6459] RBP: 00007f00e7d40090 R08: 0000000000000000 R09: 0000000000000000 [ 58.992355][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.992366][ T6459] R13: 0000000000000000 R14: 00007f00e71b5fa0 R15: 00007ffdc7a18218 [ 58.992386][ T6459] [ 59.092119][ T6401] team0: Port device team_slave_1 added [ 59.145520][ T6465] netlink: 16 bytes leftover after parsing attributes in process `syz.1.160'. [ 59.149119][ T6465] netlink: 20 bytes leftover after parsing attributes in process `syz.1.160'. [ 59.179697][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 59.181694][ T6401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.185104][ T6401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.194557][ T6401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.205433][ T97] hsr_slave_0: left promiscuous mode [ 59.208324][ T97] hsr_slave_1: left promiscuous mode [ 59.209769][ T6146] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 59.223086][ T97] veth1_macvtap: left promiscuous mode [ 59.224980][ T97] veth0_macvtap: left promiscuous mode [ 59.227382][ T97] veth1_vlan: left promiscuous mode [ 59.229212][ T97] veth0_vlan: left promiscuous mode [ 59.274597][ T6472] netlink: 276 bytes leftover after parsing attributes in process `syz.3.163'. [ 59.278108][ T97] pim6reg (unregistering): left allmulticast mode [ 59.369817][ T6146] usb 7-1: Using ep0 maxpacket: 8 [ 59.372814][ T6146] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 59.375772][ T6146] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 59.378762][ T6146] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 59.381739][ T6146] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 59.384830][ T6146] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 59.389204][ T6146] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 59.392771][ T6146] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.603439][ T6146] usb 7-1: GET_CAPABILITIES returned 0 [ 59.605895][ T6146] usbtmc 7-1:16.0: can't read capabilities [ 59.816726][ T6461] FAULT_INJECTION: forcing a failure. [ 59.816726][ T6461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 59.822015][ T6461] CPU: 2 UID: 0 PID: 6461 Comm: syz.2.159 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 59.822035][ T6461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.822046][ T6461] Call Trace: [ 59.822052][ T6461] [ 59.822058][ T6461] dump_stack_lvl+0x16c/0x1f0 [ 59.822091][ T6461] should_fail_ex+0x512/0x640 [ 59.822116][ T6461] _copy_to_user+0x32/0xd0 [ 59.822140][ T6461] simple_read_from_buffer+0xcb/0x170 [ 59.822162][ T6461] proc_fail_nth_read+0x197/0x270 [ 59.822184][ T6461] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 59.822205][ T6461] ? rw_verify_area+0xcf/0x680 [ 59.822223][ T6461] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 59.822243][ T6461] vfs_read+0x1e1/0xc60 [ 59.822266][ T6461] ? __pfx___mutex_lock+0x10/0x10 [ 59.822288][ T6461] ? __pfx_vfs_read+0x10/0x10 [ 59.822313][ T6461] ? __fget_files+0x20e/0x3c0 [ 59.822342][ T6461] ksys_read+0x12a/0x250 [ 59.822361][ T6461] ? __pfx_ksys_read+0x10/0x10 [ 59.822386][ T6461] do_syscall_64+0xcd/0x4c0 [ 59.822411][ T6461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.822429][ T6461] RIP: 0033:0x7f735cb8d33c [ 59.822441][ T6461] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 59.822457][ T6461] RSP: 002b:00007f735da5e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 59.822471][ T6461] RAX: ffffffffffffffda RBX: 00007f735cdb5fa0 RCX: 00007f735cb8d33c [ 59.822480][ T6461] RDX: 000000000000000f RSI: 00007f735da5e0a0 RDI: 0000000000000005 [ 59.822491][ T6461] RBP: 00007f735da5e090 R08: 0000000000000000 R09: 0000000000000000 [ 59.822499][ T6461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.822508][ T6461] R13: 0000000000000000 R14: 00007f735cdb5fa0 R15: 00007fffb286fb48 [ 59.822530][ T6461] [ 59.906412][ T6146] usb 7-1: USB disconnect, device number 3 [ 60.211662][ T5939] Bluetooth: hci0: command tx timeout [ 60.285737][ T6401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.288504][ T6401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.289914][ T6146] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 60.298503][ T6401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.359872][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 60.405732][ T6401] hsr_slave_0: entered promiscuous mode [ 60.408914][ T6401] hsr_slave_1: entered promiscuous mode [ 60.462438][ T6146] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 60.465305][ T6146] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 60.468381][ T6146] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 60.471479][ T6146] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 60.474968][ T6146] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 60.488739][ T6146] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 60.491594][ T6146] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 60.494048][ T6146] usb 7-1: Product: syz [ 60.495380][ T6146] usb 7-1: Manufacturer: syz [ 60.505799][ T6146] cdc_wdm 7-1:1.0: skipping garbage [ 60.507418][ T6146] cdc_wdm 7-1:1.0: skipping garbage [ 60.512619][ T6146] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 60.516246][ T6146] cdc_wdm 7-1:1.0: Unknown control protocol [ 60.620046][ T6401] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 60.624468][ T6401] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 60.633125][ T6401] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 60.637027][ T6401] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 60.656535][ T6491] IPv6: syztnl0: Disabled Multicast RS [ 60.709776][ T6498] netlink: 8 bytes leftover after parsing attributes in process `syz.3.167'. [ 60.709794][ T6401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.731947][ T6401] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.738669][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.740984][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.765992][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 60.766520][ T1338] usb 7-1: USB disconnect, device number 4 [ 60.768151][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 60.769847][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.769907][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.775903][ T6507] binder: 6504:6507 ioctl c0306201 200000000540 returned -22 [ 60.776024][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 60.781720][ C2] dummy_hcd dummy_hcd.2: timer fired with no URBs pending? [ 60.805101][ T6511] FAULT_INJECTION: forcing a failure. [ 60.805101][ T6511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.809026][ T6511] CPU: 3 UID: 0 PID: 6511 Comm: syz.3.170 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 60.809040][ T6511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.809047][ T6511] Call Trace: [ 60.809051][ T6511] [ 60.809054][ T6511] dump_stack_lvl+0x16c/0x1f0 [ 60.809073][ T6511] should_fail_ex+0x512/0x640 [ 60.809089][ T6511] _copy_from_iter+0x29f/0x16f0 [ 60.809104][ T6511] ? __alloc_skb+0x200/0x380 [ 60.809118][ T6511] ? __pfx__copy_from_iter+0x10/0x10 [ 60.809133][ T6511] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 60.809155][ T6511] netlink_sendmsg+0x829/0xdd0 [ 60.809167][ T6511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 60.809181][ T6511] ____sys_sendmsg+0xa95/0xc70 [ 60.809195][ T6511] ? copy_msghdr_from_user+0x10a/0x160 [ 60.809209][ T6511] ? __pfx_____sys_sendmsg+0x10/0x10 [ 60.809225][ T6511] ___sys_sendmsg+0x134/0x1d0 [ 60.809239][ T6511] ? __pfx____sys_sendmsg+0x10/0x10 [ 60.809252][ T6511] ? __lock_acquire+0x622/0x1c90 [ 60.809282][ T6511] __sys_sendmsg+0x16d/0x220 [ 60.809296][ T6511] ? __pfx___sys_sendmsg+0x10/0x10 [ 60.809318][ T6511] do_syscall_64+0xcd/0x4c0 [ 60.809333][ T6511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.809344][ T6511] RIP: 0033:0x7f43ec18e929 [ 60.809353][ T6511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.809362][ T6511] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.809372][ T6511] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 60.809378][ T6511] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 60.809384][ T6511] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 60.809390][ T6511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.809396][ T6511] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 60.809408][ T6511] [ 60.970997][ T6401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.128995][ T6401] veth0_vlan: entered promiscuous mode [ 61.136821][ T6401] veth1_vlan: entered promiscuous mode [ 61.156256][ T6401] veth0_macvtap: entered promiscuous mode [ 61.164833][ T6401] veth1_macvtap: entered promiscuous mode [ 61.177179][ T6401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.182149][ T6542] FAULT_INJECTION: forcing a failure. [ 61.182149][ T6542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.186535][ T6401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.187100][ T6542] CPU: 1 UID: 0 PID: 6542 Comm: syz.3.173 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 61.187119][ T6542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.187127][ T6542] Call Trace: [ 61.187133][ T6542] [ 61.187139][ T6542] dump_stack_lvl+0x16c/0x1f0 [ 61.187167][ T6542] should_fail_ex+0x512/0x640 [ 61.187190][ T6542] _copy_from_iter+0x29f/0x16f0 [ 61.187213][ T6542] ? __alloc_skb+0x200/0x380 [ 61.187230][ T6542] ? __pfx__copy_from_iter+0x10/0x10 [ 61.187253][ T6542] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 61.187284][ T6542] netlink_sendmsg+0x829/0xdd0 [ 61.187303][ T6542] ? __pfx_netlink_sendmsg+0x10/0x10 [ 61.187321][ T6542] ____sys_sendmsg+0xa95/0xc70 [ 61.187337][ T6542] ? copy_msghdr_from_user+0x10a/0x160 [ 61.187357][ T6542] ? __pfx_____sys_sendmsg+0x10/0x10 [ 61.187383][ T6542] ___sys_sendmsg+0x134/0x1d0 [ 61.187404][ T6542] ? __pfx____sys_sendmsg+0x10/0x10 [ 61.187419][ T6542] ? __lock_acquire+0x622/0x1c90 [ 61.187468][ T6542] __sys_sendmsg+0x16d/0x220 [ 61.187489][ T6542] ? __pfx___sys_sendmsg+0x10/0x10 [ 61.187518][ T6542] do_syscall_64+0xcd/0x4c0 [ 61.187541][ T6542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.187557][ T6542] RIP: 0033:0x7f43ec18e929 [ 61.187569][ T6542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.187583][ T6542] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.187596][ T6542] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 61.187603][ T6542] RDX: 0000000020000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 61.187612][ T6542] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 61.187622][ T6542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.187630][ T6542] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 61.187651][ T6542] [ 61.257934][ T6546] block nbd3: NBD_DISCONNECT [ 61.266821][ T6401] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.269507][ T6401] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.272553][ T6401] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.275283][ T6401] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.675764][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 61.675780][ T40] audit: type=1400 audit(1750795866.384:292): avc: denied { create } for pid=6552 comm="syz.2.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 61.685114][ T40] audit: type=1400 audit(1750795866.384:293): avc: denied { listen } for pid=6552 comm="syz.2.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 62.161385][ T97] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.163780][ T97] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.204968][ T97] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.208073][ T97] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.216599][ T40] audit: type=1400 audit(1750795866.924:294): avc: denied { mounton } for pid=6401 comm="syz-executor" path="/syzkaller.70Tak7/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 62.241860][ T6569] netlink: 36 bytes leftover after parsing attributes in process `syz.3.178'. [ 62.245924][ T40] audit: type=1400 audit(1750795866.954:295): avc: denied { write } for pid=6567 comm="syz.3.178" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 62.270769][ T40] audit: type=1400 audit(1750795866.954:296): avc: denied { map } for pid=6567 comm="syz.3.178" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 62.279957][ T5939] Bluetooth: hci0: command tx timeout [ 62.282076][ T5939] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 62.285343][ T5939] Bluetooth: hci1: Injecting HCI hardware error event [ 62.292420][ T40] audit: type=1400 audit(1750795866.954:297): avc: denied { call } for pid=6567 comm="syz.3.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 62.302106][ T6572] netlink: 52 bytes leftover after parsing attributes in process `syz.4.138'. [ 62.304868][ T6572] netlink: 8 bytes leftover after parsing attributes in process `syz.4.138'. [ 62.309536][ T40] audit: type=1400 audit(1750795866.994:298): avc: denied { bind } for pid=6570 comm="syz.4.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 62.330537][ T40] audit: type=1400 audit(1750795866.994:299): avc: denied { name_bind } for pid=6570 comm="syz.4.138" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 62.337086][ T40] audit: type=1400 audit(1750795866.994:300): avc: denied { node_bind } for pid=6570 comm="syz.4.138" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 62.351856][ T40] audit: type=1400 audit(1750795867.004:301): avc: denied { read } for pid=6570 comm="syz.4.138" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 62.437600][ T6592] netlink: 36 bytes leftover after parsing attributes in process `syz.2.186'. [ 62.440604][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 62.483327][ T6598] xt_hashlimit: size too large, truncated to 1048576 [ 62.493765][ T6596] netlink: 244 bytes leftover after parsing attributes in process `syz.2.188'. [ 63.419912][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 63.509005][ T6648] capability: warning: `syz.1.201' uses 32-bit capabilities (legacy support in use) [ 63.574251][ T6657] netlink: 16 bytes leftover after parsing attributes in process `syz.2.203'. [ 63.832034][ T6683] process 'syz.1.211' launched '/dev/fd/3' with NULL argv: empty string added [ 63.866455][ T6685] FAULT_INJECTION: forcing a failure. [ 63.866455][ T6685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.873273][ T6685] CPU: 3 UID: 0 PID: 6685 Comm: syz.1.212 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 63.873288][ T6685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.873294][ T6685] Call Trace: [ 63.873297][ T6685] [ 63.873302][ T6685] dump_stack_lvl+0x16c/0x1f0 [ 63.873321][ T6685] should_fail_ex+0x512/0x640 [ 63.873337][ T6685] _copy_from_iter+0x29f/0x16f0 [ 63.873353][ T6685] ? __alloc_skb+0x200/0x380 [ 63.873367][ T6685] ? __pfx__copy_from_iter+0x10/0x10 [ 63.873380][ T6685] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 63.873393][ T6685] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 63.873411][ T6685] netlink_sendmsg+0x829/0xdd0 [ 63.873424][ T6685] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.873439][ T6685] ____sys_sendmsg+0xa95/0xc70 [ 63.873449][ T6685] ? copy_msghdr_from_user+0x10a/0x160 [ 63.873463][ T6685] ? __pfx_____sys_sendmsg+0x10/0x10 [ 63.873479][ T6685] ___sys_sendmsg+0x134/0x1d0 [ 63.873493][ T6685] ? __pfx____sys_sendmsg+0x10/0x10 [ 63.873506][ T6685] ? __lock_acquire+0x622/0x1c90 [ 63.873537][ T6685] __sys_sendmsg+0x16d/0x220 [ 63.873551][ T6685] ? __pfx___sys_sendmsg+0x10/0x10 [ 63.873574][ T6685] do_syscall_64+0xcd/0x4c0 [ 63.873589][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.873600][ T6685] RIP: 0033:0x7f00e6f8e929 [ 63.873609][ T6685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.873618][ T6685] RSP: 002b:00007f00e7d40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.873629][ T6685] RAX: ffffffffffffffda RBX: 00007f00e71b5fa0 RCX: 00007f00e6f8e929 [ 63.873635][ T6685] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000003 [ 63.873641][ T6685] RBP: 00007f00e7d40090 R08: 0000000000000000 R09: 0000000000000000 [ 63.873646][ T6685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.873652][ T6685] R13: 0000000000000000 R14: 00007f00e71b5fa0 R15: 00007ffdc7a18218 [ 63.873664][ T6685] [ 63.972448][ T6689] IPv6: syztnl0: Disabled Multicast RS [ 64.192719][ T6705] binder: 6704:6705 ioctl c0306201 200000000540 returned -22 [ 64.321778][ T6711] FAULT_INJECTION: forcing a failure. [ 64.321778][ T6711] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.325760][ T6711] CPU: 0 UID: 0 PID: 6711 Comm: syz.4.222 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 64.325774][ T6711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.325780][ T6711] Call Trace: [ 64.325788][ T6711] [ 64.325792][ T6711] dump_stack_lvl+0x16c/0x1f0 [ 64.325823][ T6711] should_fail_ex+0x512/0x640 [ 64.325843][ T6711] _copy_from_iter+0x29f/0x16f0 [ 64.325859][ T6711] ? __alloc_skb+0x200/0x380 [ 64.325873][ T6711] ? __pfx__copy_from_iter+0x10/0x10 [ 64.325886][ T6711] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 64.325899][ T6711] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 64.325917][ T6711] netlink_sendmsg+0x829/0xdd0 [ 64.325930][ T6711] ? __pfx_netlink_sendmsg+0x10/0x10 [ 64.325944][ T6711] ____sys_sendmsg+0xa95/0xc70 [ 64.325955][ T6711] ? copy_msghdr_from_user+0x10a/0x160 [ 64.325969][ T6711] ? __pfx_____sys_sendmsg+0x10/0x10 [ 64.325984][ T6711] ___sys_sendmsg+0x134/0x1d0 [ 64.325999][ T6711] ? __pfx____sys_sendmsg+0x10/0x10 [ 64.326011][ T6711] ? __lock_acquire+0x622/0x1c90 [ 64.326043][ T6711] __sys_sendmsg+0x16d/0x220 [ 64.326057][ T6711] ? __pfx___sys_sendmsg+0x10/0x10 [ 64.326082][ T6711] do_syscall_64+0xcd/0x4c0 [ 64.326098][ T6711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.326109][ T6711] RIP: 0033:0x7fd84e38e929 [ 64.326117][ T6711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.326129][ T6711] RSP: 002b:00007fd84f2da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.326144][ T6711] RAX: ffffffffffffffda RBX: 00007fd84e5b5fa0 RCX: 00007fd84e38e929 [ 64.326154][ T6711] RDX: 0000000000000000 RSI: 0000200000000d80 RDI: 0000000000000008 [ 64.326163][ T6711] RBP: 00007fd84f2da090 R08: 0000000000000000 R09: 0000000000000000 [ 64.326174][ T6711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.326183][ T6711] R13: 0000000000000000 R14: 00007fd84e5b5fa0 R15: 00007ffdb117b278 [ 64.326204][ T6711] [ 64.359986][ T5939] Bluetooth: hci0: command tx timeout [ 64.459371][ T6720] __nla_validate_parse: 1 callbacks suppressed [ 64.459382][ T6720] netlink: 12 bytes leftover after parsing attributes in process `syz.3.226'. [ 64.519752][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 64.542689][ T6731] netlink: 36 bytes leftover after parsing attributes in process `syz.4.230'. [ 64.584467][ T6737] netlink: 'syz.4.233': attribute type 1 has an invalid length. [ 64.626086][ T6741] 9p: Unknown Cache mode or invalid value fs [ 64.696941][ T6744] IPv6: syztnl0: Disabled Multicast RS [ 64.752176][ T6750] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.755433][ T6750] batadv_slave_1: entered promiscuous mode [ 64.810388][ T6752] ALSA: mixer_oss: invalid OSS volume '' [ 64.949745][ T6774] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6774 comm=syz.3.247 [ 65.026901][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz.2.248'. [ 65.030690][ T6780] IPVS: Error joining to the multicast group [ 65.051687][ T6782] FAULT_INJECTION: forcing a failure. [ 65.051687][ T6782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.055598][ T6782] CPU: 1 UID: 0 PID: 6782 Comm: syz.1.250 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 65.055612][ T6782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.055618][ T6782] Call Trace: [ 65.055622][ T6782] [ 65.055626][ T6782] dump_stack_lvl+0x16c/0x1f0 [ 65.055660][ T6782] should_fail_ex+0x512/0x640 [ 65.055680][ T6782] _copy_from_iter+0x29f/0x16f0 [ 65.055696][ T6782] ? __alloc_skb+0x200/0x380 [ 65.055710][ T6782] ? __pfx__copy_from_iter+0x10/0x10 [ 65.055725][ T6782] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 65.055746][ T6782] netlink_sendmsg+0x829/0xdd0 [ 65.055758][ T6782] ? __pfx_netlink_sendmsg+0x10/0x10 [ 65.055772][ T6782] ____sys_sendmsg+0xa95/0xc70 [ 65.055783][ T6782] ? copy_msghdr_from_user+0x10a/0x160 [ 65.055797][ T6782] ? __pfx_____sys_sendmsg+0x10/0x10 [ 65.055813][ T6782] ___sys_sendmsg+0x134/0x1d0 [ 65.055827][ T6782] ? __pfx____sys_sendmsg+0x10/0x10 [ 65.055840][ T6782] ? __lock_acquire+0x622/0x1c90 [ 65.055870][ T6782] __sys_sendmsg+0x16d/0x220 [ 65.055884][ T6782] ? __pfx___sys_sendmsg+0x10/0x10 [ 65.055906][ T6782] do_syscall_64+0xcd/0x4c0 [ 65.055922][ T6782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.055933][ T6782] RIP: 0033:0x7f00e6f8e929 [ 65.055941][ T6782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.055951][ T6782] RSP: 002b:00007f00e7d40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.055961][ T6782] RAX: ffffffffffffffda RBX: 00007f00e71b5fa0 RCX: 00007f00e6f8e929 [ 65.055967][ T6782] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 65.055973][ T6782] RBP: 00007f00e7d40090 R08: 0000000000000000 R09: 0000000000000000 [ 65.055978][ T6782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.055984][ T6782] R13: 0000000000000000 R14: 00007f00e71b5fa0 R15: 00007ffdc7a18218 [ 65.055995][ T6782] [ 65.057615][ T6784] No such timeout policy "syz1" [ 65.087847][ T6786] FAULT_INJECTION: forcing a failure. [ 65.087847][ T6786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.128254][ T6786] CPU: 3 UID: 0 PID: 6786 Comm: syz.3.249 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 65.128270][ T6786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.128277][ T6786] Call Trace: [ 65.128280][ T6786] [ 65.128284][ T6786] dump_stack_lvl+0x16c/0x1f0 [ 65.128303][ T6786] should_fail_ex+0x512/0x640 [ 65.128322][ T6786] _copy_from_user+0x2e/0xd0 [ 65.128338][ T6786] generic_map_update_batch+0x380/0x610 [ 65.128358][ T6786] ? __pfx_generic_map_update_batch+0x10/0x10 [ 65.128374][ T6786] ? __pfx_generic_map_update_batch+0x10/0x10 [ 65.128389][ T6786] bpf_map_do_batch+0x5b1/0x680 [ 65.128402][ T6786] __sys_bpf+0x15f3/0x4d80 [ 65.128417][ T6786] ? __pfx___sys_bpf+0x10/0x10 [ 65.128431][ T6786] ? ksys_write+0x190/0x250 [ 65.128447][ T6786] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 65.128470][ T6786] ? fput+0x70/0xf0 [ 65.128485][ T6786] ? ksys_write+0x1ac/0x250 [ 65.128498][ T6786] ? __pfx_ksys_write+0x10/0x10 [ 65.128512][ T6786] __x64_sys_bpf+0x78/0xc0 [ 65.128526][ T6786] ? lockdep_hardirqs_on+0x7c/0x110 [ 65.128540][ T6786] do_syscall_64+0xcd/0x4c0 [ 65.128557][ T6786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.128568][ T6786] RIP: 0033:0x7f43ec18e929 [ 65.128577][ T6786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.128604][ T6786] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 65.128615][ T6786] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 65.128622][ T6786] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 65.128627][ T6786] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 65.128633][ T6786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.128639][ T6786] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 65.128652][ T6786] [ 65.230976][ T6800] FAULT_INJECTION: forcing a failure. [ 65.230976][ T6800] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.235068][ T6800] CPU: 3 UID: 0 PID: 6800 Comm: syz.3.257 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 65.235083][ T6800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.235089][ T6800] Call Trace: [ 65.235093][ T6800] [ 65.235098][ T6800] dump_stack_lvl+0x16c/0x1f0 [ 65.235116][ T6800] should_fail_ex+0x512/0x640 [ 65.235133][ T6800] _copy_from_user+0x2e/0xd0 [ 65.235147][ T6800] ioctl_standard_iw_point+0x247/0xca0 [ 65.235165][ T6800] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 65.235181][ T6800] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 65.235199][ T6800] ? __pfx___mutex_lock+0x10/0x10 [ 65.235216][ T6800] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 65.235230][ T6800] ioctl_standard_call+0x166/0x1d0 [ 65.235245][ T6800] ? __pfx_ioctl_standard_call+0x10/0x10 [ 65.235260][ T6800] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 65.235273][ T6800] wireless_process_ioctl.constprop.0+0x28e/0x3d0 [ 65.235292][ T6800] wext_handle_ioctl+0x226/0x2a0 [ 65.235308][ T6800] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 65.235326][ T6800] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 65.235341][ T6800] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 65.235358][ T6800] sock_ioctl+0x3a1/0x6b0 [ 65.235370][ T6800] ? __pfx_sock_ioctl+0x10/0x10 [ 65.235379][ T6800] ? hook_file_ioctl_common+0x145/0x410 [ 65.235399][ T6800] ? selinux_file_ioctl+0x180/0x270 [ 65.235412][ T6800] ? selinux_file_ioctl+0xb4/0x270 [ 65.235426][ T6800] ? __pfx_sock_ioctl+0x10/0x10 [ 65.235436][ T6800] __x64_sys_ioctl+0x18e/0x210 [ 65.235449][ T6800] do_syscall_64+0xcd/0x4c0 [ 65.235466][ T6800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.235477][ T6800] RIP: 0033:0x7f43ec18e929 [ 65.235489][ T6800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.235502][ T6800] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.235516][ T6800] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 65.235525][ T6800] RDX: 0000200000000000 RSI: 0000000000008b1a RDI: 0000000000000003 [ 65.235533][ T6800] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 65.235541][ T6800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.235549][ T6800] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 65.235571][ T6800] [ 65.372574][ T6803] random: crng reseeded on system resumption [ 65.381039][ T6803] FAULT_INJECTION: forcing a failure. [ 65.381039][ T6803] name failslab, interval 1, probability 0, space 0, times 0 [ 65.384816][ T6803] CPU: 3 UID: 0 PID: 6803 Comm: syz.2.258 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 65.384834][ T6803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.384840][ T6803] Call Trace: [ 65.384844][ T6803] [ 65.384848][ T6803] dump_stack_lvl+0x16c/0x1f0 [ 65.384866][ T6803] should_fail_ex+0x512/0x640 [ 65.384880][ T6803] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 65.384893][ T6803] should_failslab+0xc2/0x120 [ 65.384908][ T6803] __kmalloc_cache_noprof+0x6a/0x3e0 [ 65.384920][ T6803] ? drm_atomic_state_alloc+0xb8/0x120 [ 65.384932][ T6803] drm_atomic_state_alloc+0xb8/0x120 [ 65.384942][ T6803] drm_mode_atomic_ioctl+0x393/0x25f0 [ 65.384955][ T6803] ? avc_has_extended_perms+0x33a/0x1090 [ 65.384973][ T6803] ? avc_has_extended_perms+0x47c/0x1090 [ 65.384991][ T6803] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 65.385002][ T6803] ? __lock_acquire+0xb8a/0x1c90 [ 65.385025][ T6803] ? drm_is_current_master+0x2c/0x40 [ 65.385036][ T6803] ? do_raw_spin_unlock+0x172/0x230 [ 65.385048][ T6803] drm_ioctl_kernel+0x1f4/0x3e0 [ 65.385062][ T6803] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 65.385073][ T6803] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 65.385090][ T6803] drm_ioctl+0x5c9/0xc30 [ 65.385106][ T6803] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 65.385117][ T6803] ? __pfx_drm_ioctl+0x10/0x10 [ 65.385135][ T6803] ? selinux_file_ioctl+0x180/0x270 [ 65.385149][ T6803] ? selinux_file_ioctl+0xb4/0x270 [ 65.385163][ T6803] ? __pfx_drm_ioctl+0x10/0x10 [ 65.385177][ T6803] __x64_sys_ioctl+0x18e/0x210 [ 65.385189][ T6803] do_syscall_64+0xcd/0x4c0 [ 65.385205][ T6803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.385216][ T6803] RIP: 0033:0x7f735cb8e929 [ 65.385224][ T6803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.385234][ T6803] RSP: 002b:00007f735da5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.385243][ T6803] RAX: ffffffffffffffda RBX: 00007f735cdb5fa0 RCX: 00007f735cb8e929 [ 65.385250][ T6803] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 0000000000000013 [ 65.385255][ T6803] RBP: 00007f735da5e090 R08: 0000000000000000 R09: 0000000000000000 [ 65.385261][ T6803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.385267][ T6803] R13: 0000000000000000 R14: 00007f735cdb5fa0 R15: 00007fffb286fb48 [ 65.385278][ T6803] [ 65.429571][ T6813] tipc: Started in network mode [ 65.468361][ T6813] tipc: Node identity ac14140f, cluster identity 4711 [ 65.471489][ T6813] tipc: New replicast peer: 255.255.255.255 [ 65.474118][ T6813] tipc: Enabled bearer , priority 10 [ 65.476332][ T6813] FAULT_INJECTION: forcing a failure. [ 65.476332][ T6813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.481447][ T6813] CPU: 1 UID: 0 PID: 6813 Comm: syz.1.262 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 65.481471][ T6813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.481481][ T6813] Call Trace: [ 65.481488][ T6813] [ 65.481507][ T6813] dump_stack_lvl+0x16c/0x1f0 [ 65.481539][ T6813] should_fail_ex+0x512/0x640 [ 65.481564][ T6813] _copy_from_iter+0x29f/0x16f0 [ 65.481590][ T6813] ? __alloc_skb+0x200/0x380 [ 65.481612][ T6813] ? __pfx__copy_from_iter+0x10/0x10 [ 65.481633][ T6813] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 65.481655][ T6813] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 65.481686][ T6813] netlink_sendmsg+0x829/0xdd0 [ 65.481708][ T6813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 65.481733][ T6813] ____sys_sendmsg+0xa95/0xc70 [ 65.481752][ T6813] ? copy_msghdr_from_user+0x10a/0x160 [ 65.481780][ T6813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 65.481808][ T6813] ___sys_sendmsg+0x134/0x1d0 [ 65.481832][ T6813] ? __pfx____sys_sendmsg+0x10/0x10 [ 65.481853][ T6813] ? __lock_acquire+0x622/0x1c90 [ 65.481907][ T6813] __sys_sendmsg+0x16d/0x220 [ 65.481930][ T6813] ? __pfx___sys_sendmsg+0x10/0x10 [ 65.481968][ T6813] do_syscall_64+0xcd/0x4c0 [ 65.481994][ T6813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.482011][ T6813] RIP: 0033:0x7f00e6f8e929 [ 65.482025][ T6813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.482041][ T6813] RSP: 002b:00007f00e7d40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.482058][ T6813] RAX: ffffffffffffffda RBX: 00007f00e71b5fa0 RCX: 00007f00e6f8e929 [ 65.482069][ T6813] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 65.482080][ T6813] RBP: 00007f00e7d40090 R08: 0000000000000000 R09: 0000000000000000 [ 65.482090][ T6813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.482100][ T6813] R13: 0000000000000000 R14: 00007f00e71b5fa0 R15: 00007ffdc7a18218 [ 65.482122][ T6813] [ 65.559515][ C1] vkms_vblank_simulate: vblank timer overrun [ 65.585248][ T6820] netlink: 12 bytes leftover after parsing attributes in process `syz.1.266'. [ 65.656816][ T6822] xt_hashlimit: size too large, truncated to 1048576 [ 65.735106][ T6830] netlink: 124 bytes leftover after parsing attributes in process `syz.1.269'. [ 65.848422][ T6837] ipvlan2: entered promiscuous mode [ 65.851956][ T6837] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 65.854342][ T6837] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 65.926295][ T6848] ipvlan2: entered promiscuous mode [ 65.928485][ T6848] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 65.931459][ T6848] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 65.974784][ T6850] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.276'. [ 66.024136][ T6854] netlink: 12 bytes leftover after parsing attributes in process `syz.2.278'. [ 66.153430][ T6867] FAULT_INJECTION: forcing a failure. [ 66.153430][ T6867] name failslab, interval 1, probability 0, space 0, times 0 [ 66.157390][ T6867] CPU: 3 UID: 0 PID: 6867 Comm: syz.2.284 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 66.157405][ T6867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.157412][ T6867] Call Trace: [ 66.157416][ T6867] [ 66.157420][ T6867] dump_stack_lvl+0x16c/0x1f0 [ 66.157439][ T6867] should_fail_ex+0x512/0x640 [ 66.157454][ T6867] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 66.157467][ T6867] should_failslab+0xc2/0x120 [ 66.157483][ T6867] __kmalloc_cache_noprof+0x6a/0x3e0 [ 66.157494][ T6867] ? cap_capable+0xb3/0x250 [ 66.157505][ T6867] ? rfcomm_dlc_alloc+0x96/0x290 [ 66.157521][ T6867] rfcomm_dlc_alloc+0x96/0x290 [ 66.157535][ T6867] rfcomm_dev_ioctl+0xa27/0x1ca0 [ 66.157548][ T6867] ? __pfx_bt_sock_ioctl+0x10/0x10 [ 66.157563][ T6867] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 66.157577][ T6867] ? tomoyo_path_number_perm+0x18d/0x580 [ 66.157592][ T6867] rfcomm_sock_ioctl+0xaa/0xd0 [ 66.157608][ T6867] sock_do_ioctl+0x115/0x280 [ 66.157619][ T6867] ? __pfx_sock_do_ioctl+0x10/0x10 [ 66.157632][ T6867] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 66.157646][ T6867] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 66.157662][ T6867] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 66.157678][ T6867] sock_ioctl+0x227/0x6b0 [ 66.157689][ T6867] ? __pfx_sock_ioctl+0x10/0x10 [ 66.157698][ T6867] ? hook_file_ioctl_common+0x145/0x410 [ 66.157718][ T6867] ? selinux_file_ioctl+0x180/0x270 [ 66.157731][ T6867] ? selinux_file_ioctl+0xb4/0x270 [ 66.157745][ T6867] ? __pfx_sock_ioctl+0x10/0x10 [ 66.157756][ T6867] __x64_sys_ioctl+0x18e/0x210 [ 66.157769][ T6867] do_syscall_64+0xcd/0x4c0 [ 66.157785][ T6867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.157796][ T6867] RIP: 0033:0x7f735cb8e929 [ 66.157805][ T6867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.157815][ T6867] RSP: 002b:00007f735da5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.157830][ T6867] RAX: ffffffffffffffda RBX: 00007f735cdb5fa0 RCX: 00007f735cb8e929 [ 66.157836][ T6867] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 000000000000000b [ 66.157842][ T6867] RBP: 00007f735da5e090 R08: 0000000000000000 R09: 0000000000000000 [ 66.157848][ T6867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.157854][ T6867] R13: 0000000000000000 R14: 00007f735cdb5fa0 R15: 00007fffb286fb48 [ 66.157866][ T6867] [ 66.259754][ T59] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 66.439740][ T63] Bluetooth: hci0: command tx timeout [ 66.445281][ T59] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 66.447840][ T59] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 66.452512][ T59] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 66.455235][ T59] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 66.458505][ T59] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 66.463657][ T59] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 66.466348][ T59] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 66.468781][ T59] usb 9-1: Product: syz [ 66.471461][ T59] usb 9-1: Manufacturer: syz [ 66.476164][ T59] cdc_wdm 9-1:1.0: skipping garbage [ 66.477782][ T59] cdc_wdm 9-1:1.0: skipping garbage [ 66.480663][ T59] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 66.482428][ T59] cdc_wdm 9-1:1.0: Unknown control protocol [ 66.579520][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.2.289'. [ 66.590967][ T6074] tipc: Node number set to 2886997007 [ 66.601822][ T5944] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 66.627752][ T6882] FAULT_INJECTION: forcing a failure. [ 66.627752][ T6882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.631829][ T6882] CPU: 2 UID: 0 PID: 6882 Comm: syz.2.290 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 66.631843][ T6882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.631850][ T6882] Call Trace: [ 66.631853][ T6882] [ 66.631857][ T6882] dump_stack_lvl+0x16c/0x1f0 [ 66.631875][ T6882] should_fail_ex+0x512/0x640 [ 66.631891][ T6882] _copy_from_iter+0x29f/0x16f0 [ 66.631907][ T6882] ? __alloc_skb+0x200/0x380 [ 66.631921][ T6882] ? __pfx__copy_from_iter+0x10/0x10 [ 66.631936][ T6882] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 66.631957][ T6882] netlink_sendmsg+0x829/0xdd0 [ 66.631971][ T6882] ? __pfx_netlink_sendmsg+0x10/0x10 [ 66.631985][ T6882] ____sys_sendmsg+0xa95/0xc70 [ 66.631996][ T6882] ? copy_msghdr_from_user+0x10a/0x160 [ 66.632010][ T6882] ? __pfx_____sys_sendmsg+0x10/0x10 [ 66.632026][ T6882] ___sys_sendmsg+0x134/0x1d0 [ 66.632041][ T6882] ? __pfx____sys_sendmsg+0x10/0x10 [ 66.632054][ T6882] ? __lock_acquire+0x622/0x1c90 [ 66.632085][ T6882] __sys_sendmsg+0x16d/0x220 [ 66.632100][ T6882] ? __pfx___sys_sendmsg+0x10/0x10 [ 66.632122][ T6882] do_syscall_64+0xcd/0x4c0 [ 66.632138][ T6882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.632149][ T6882] RIP: 0033:0x7f735cb8e929 [ 66.632157][ T6882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.632167][ T6882] RSP: 002b:00007f735da5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.632177][ T6882] RAX: ffffffffffffffda RBX: 00007f735cdb5fa0 RCX: 00007f735cb8e929 [ 66.632184][ T6882] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 66.632190][ T6882] RBP: 00007f735da5e090 R08: 0000000000000000 R09: 0000000000000000 [ 66.632195][ T6882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.632202][ T6882] R13: 0000000000000000 R14: 00007f735cdb5fa0 R15: 00007fffb286fb48 [ 66.632214][ T6882] [ 66.731565][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.732554][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 66.735979][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 66.738298][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 66.740415][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 66.742606][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 66.744664][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 66.747066][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 66.749067][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 66.751064][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 66.753018][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 66.754887][ T6074] usb 9-1: USB disconnect, device number 2 [ 66.756661][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 66.756670][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 66.756677][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 66.767375][ T40] kauditd_printk_skb: 65 callbacks suppressed [ 66.767386][ T40] audit: type=1400 audit(1750795871.474:365): avc: denied { read } for pid=6888 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 66.803759][ T6890] FAULT_INJECTION: forcing a failure. [ 66.803759][ T6890] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.807994][ T6890] CPU: 2 UID: 0 PID: 6890 Comm: syz.3.288 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 66.808010][ T6890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.808017][ T6890] Call Trace: [ 66.808020][ T6890] [ 66.808025][ T6890] dump_stack_lvl+0x16c/0x1f0 [ 66.808043][ T6890] should_fail_ex+0x512/0x640 [ 66.808059][ T6890] _copy_to_user+0x32/0xd0 [ 66.808076][ T6890] bpf_test_finish.isra.0+0x4b4/0x6e0 [ 66.808093][ T6890] ? find_held_lock+0x2b/0x80 [ 66.808107][ T6890] ? __pfx_bpf_test_finish.isra.0+0x10/0x10 [ 66.808124][ T6890] ? find_held_lock+0x2b/0x80 [ 66.808137][ T6890] ? bpf_test_timer_leave+0xb3/0x170 [ 66.808153][ T6890] bpf_prog_test_run_flow_dissector+0x51f/0x700 [ 66.808175][ T6890] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 66.808193][ T6890] ? find_held_lock+0x2b/0x80 [ 66.808205][ T6890] ? __fget_files+0x204/0x3c0 [ 66.808221][ T6890] ? __fget_files+0x20e/0x3c0 [ 66.808234][ T6890] ? __might_fault+0x30/0x190 [ 66.808250][ T6890] ? fput+0x70/0xf0 [ 66.808265][ T6890] ? __bpf_prog_get+0x97/0x2a0 [ 66.808277][ T6890] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 66.808295][ T6890] __sys_bpf+0x1488/0x4d80 [ 66.808310][ T6890] ? __pfx___sys_bpf+0x10/0x10 [ 66.808339][ T6890] ? ksys_write+0x190/0x250 [ 66.808354][ T6890] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 66.808377][ T6890] ? fput+0x70/0xf0 [ 66.808392][ T6890] ? ksys_write+0x1ac/0x250 [ 66.808404][ T6890] ? __pfx_ksys_write+0x10/0x10 [ 66.808419][ T6890] __x64_sys_bpf+0x78/0xc0 [ 66.808433][ T6890] ? lockdep_hardirqs_on+0x7c/0x110 [ 66.808447][ T6890] do_syscall_64+0xcd/0x4c0 [ 66.808463][ T6890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.808473][ T6890] RIP: 0033:0x7f43ec18e929 [ 66.808482][ T6890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.808492][ T6890] RSP: 002b:00007f43ed0a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 66.808502][ T6890] RAX: ffffffffffffffda RBX: 00007f43ec3b6080 RCX: 00007f43ec18e929 [ 66.808508][ T6890] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a [ 66.808514][ T6890] RBP: 00007f43ed0a7090 R08: 0000000000000000 R09: 0000000000000000 [ 66.808519][ T6890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.808525][ T6890] R13: 0000000000000000 R14: 00007f43ec3b6080 R15: 00007ffcdd1ecb58 [ 66.808538][ T6890] [ 67.001634][ T6896] FAULT_INJECTION: forcing a failure. [ 67.001634][ T6896] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 67.005508][ T6896] CPU: 0 UID: 0 PID: 6896 Comm: syz.3.295 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 67.005522][ T6896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.005530][ T6896] Call Trace: [ 67.005533][ T6896] [ 67.005538][ T6896] dump_stack_lvl+0x16c/0x1f0 [ 67.005557][ T6896] should_fail_ex+0x512/0x640 [ 67.005573][ T6896] should_fail_alloc_page+0xe7/0x130 [ 67.005591][ T6896] prepare_alloc_pages+0x3c2/0x610 [ 67.005604][ T6896] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 67.005620][ T6896] ? rcu_is_watching+0x12/0xc0 [ 67.005633][ T6896] ? trace_mm_page_alloc+0x11f/0x1a0 [ 67.005643][ T6896] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 67.005658][ T6896] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 67.005673][ T6896] ? is_bpf_text_address+0x8a/0x1a0 [ 67.005685][ T6896] ? bpf_ksym_find+0x127/0x1c0 [ 67.005700][ T6896] ? is_bpf_text_address+0x94/0x1a0 [ 67.005713][ T6896] ? __kernel_text_address+0xd/0x40 [ 67.005724][ T6896] ? unwind_get_return_address+0x59/0xa0 [ 67.005750][ T6896] alloc_pages_bulk_noprof+0x71c/0x1410 [ 67.005763][ T6896] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.005777][ T6896] ? policy_nodemask+0xea/0x4e0 [ 67.005793][ T6896] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 67.005807][ T6896] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 67.005827][ T6896] kasan_populate_vmalloc+0xf1/0x1f0 [ 67.005842][ T6896] alloc_vmap_area+0x959/0x29c0 [ 67.005864][ T6896] ? __pfx_alloc_vmap_area+0x10/0x10 [ 67.005884][ T6896] __get_vm_area_node+0x1ca/0x330 [ 67.005896][ T6896] __vmalloc_node_range_noprof+0x271/0x14b0 [ 67.005907][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.005920][ T6896] ? find_held_lock+0x2b/0x80 [ 67.005933][ T6896] ? avc_has_perm_noaudit+0x117/0x3b0 [ 67.005950][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.005965][ T6896] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 67.005976][ T6896] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 67.005994][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.006005][ T6896] __vmalloc_node_noprof+0xad/0xf0 [ 67.006015][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.006028][ T6896] bpf_prog_alloc_no_stats+0x54/0x630 [ 67.006039][ T6896] ? security_capable+0x7e/0x260 [ 67.006051][ T6896] bpf_prog_alloc+0x3b/0x230 [ 67.006061][ T6896] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.006073][ T6896] bpf_prog_load+0x1a04/0x2490 [ 67.006090][ T6896] ? __pfx_bpf_prog_load+0x10/0x10 [ 67.006102][ T6896] ? avc_has_perm_noaudit+0x149/0x3b0 [ 67.006127][ T6896] ? selinux_bpf+0xde/0x130 [ 67.006136][ T6896] ? bpf_lsm_bpf+0x9/0x10 [ 67.006148][ T6896] __sys_bpf+0x433c/0x4d80 [ 67.006163][ T6896] ? __pfx___sys_bpf+0x10/0x10 [ 67.006178][ T6896] ? ksys_write+0x190/0x250 [ 67.006193][ T6896] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 67.006215][ T6896] ? fput+0x70/0xf0 [ 67.006249][ T6896] ? ksys_write+0x1ac/0x250 [ 67.006261][ T6896] ? __pfx_ksys_write+0x10/0x10 [ 67.006276][ T6896] __x64_sys_bpf+0x78/0xc0 [ 67.006290][ T6896] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.006305][ T6896] do_syscall_64+0xcd/0x4c0 [ 67.006322][ T6896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.006333][ T6896] RIP: 0033:0x7f43ec18e929 [ 67.006341][ T6896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.006351][ T6896] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 67.006361][ T6896] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 67.006367][ T6896] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 67.006373][ T6896] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 67.006379][ T6896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.006385][ T6896] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 67.006397][ T6896] [ 67.006538][ T6896] syz.3.295: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 67.037722][ T6902] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 67.040657][ T6896] ,cpuset= [ 67.043708][ T6902] binder: 6901:6902 ioctl 4018620d 2000000001c0 returned -1 [ 67.044588][ T6896] /,mems_allowed=0-1 [ 67.134911][ T6896] CPU: 1 UID: 0 PID: 6896 Comm: syz.3.295 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 67.134925][ T6896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.134932][ T6896] Call Trace: [ 67.134936][ T6896] [ 67.134940][ T6896] dump_stack_lvl+0x16c/0x1f0 [ 67.134958][ T6896] warn_alloc+0x248/0x3a0 [ 67.134973][ T6896] ? __pfx_warn_alloc+0x10/0x10 [ 67.134987][ T6896] ? kfree+0x2b4/0x4d0 [ 67.135001][ T6896] ? __get_vm_area_node+0x208/0x330 [ 67.135014][ T6896] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 67.135027][ T6896] ? find_held_lock+0x2b/0x80 [ 67.135040][ T6896] ? avc_has_perm_noaudit+0x117/0x3b0 [ 67.135058][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.135077][ T6896] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 67.135089][ T6896] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 67.135106][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.135117][ T6896] __vmalloc_node_noprof+0xad/0xf0 [ 67.135128][ T6896] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 67.135141][ T6896] bpf_prog_alloc_no_stats+0x54/0x630 [ 67.135151][ T6896] ? security_capable+0x7e/0x260 [ 67.135164][ T6896] bpf_prog_alloc+0x3b/0x230 [ 67.135174][ T6896] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.135186][ T6896] bpf_prog_load+0x1a04/0x2490 [ 67.135203][ T6896] ? __pfx_bpf_prog_load+0x10/0x10 [ 67.135216][ T6896] ? avc_has_perm_noaudit+0x149/0x3b0 [ 67.135241][ T6896] ? selinux_bpf+0xde/0x130 [ 67.135250][ T6896] ? bpf_lsm_bpf+0x9/0x10 [ 67.135261][ T6896] __sys_bpf+0x433c/0x4d80 [ 67.135276][ T6896] ? __pfx___sys_bpf+0x10/0x10 [ 67.135291][ T6896] ? ksys_write+0x190/0x250 [ 67.135306][ T6896] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 67.135328][ T6896] ? fput+0x70/0xf0 [ 67.135344][ T6896] ? ksys_write+0x1ac/0x250 [ 67.135356][ T6896] ? __pfx_ksys_write+0x10/0x10 [ 67.135370][ T6896] __x64_sys_bpf+0x78/0xc0 [ 67.135385][ T6896] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.135398][ T6896] do_syscall_64+0xcd/0x4c0 [ 67.135414][ T6896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.135425][ T6896] RIP: 0033:0x7f43ec18e929 [ 67.135434][ T6896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.135444][ T6896] RSP: 002b:00007f43ed0c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 67.135453][ T6896] RAX: ffffffffffffffda RBX: 00007f43ec3b5fa0 RCX: 00007f43ec18e929 [ 67.135460][ T6896] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 67.135466][ T6896] RBP: 00007f43ed0c8090 R08: 0000000000000000 R09: 0000000000000000 [ 67.135472][ T6896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.135477][ T6896] R13: 0000000000000000 R14: 00007f43ec3b5fa0 R15: 00007ffcdd1ecb58 [ 67.135490][ T6896] [ 67.135494][ T6896] Mem-Info: [ 67.222350][ T6896] active_anon:8906 inactive_anon:0 isolated_anon:0 [ 67.222350][ T6896] active_file:3084 inactive_file:50824 isolated_file:0 [ 67.222350][ T6896] unevictable:1768 dirty:1775 writeback:0 [ 67.222350][ T6896] slab_reclaimable:11596 slab_unreclaimable:71175 [ 67.222350][ T6896] mapped:24508 shmem:2410 pagetables:1252 [ 67.222350][ T6896] sec_pagetables:298 bounce:0 [ 67.222350][ T6896] kernel_misc_reclaimable:0 [ 67.222350][ T6896] free:436021 free_pcp:35706 free_cma:0 [ 67.235798][ T6896] Node 0 active_anon:35624kB inactive_anon:0kB active_file:12336kB inactive_file:203092kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:98032kB dirty:7096kB writeback:0kB shmem:6104kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12880kB pagetables:4804kB sec_pagetables:1192kB all_unreclaimable? no Balloon:0kB [ 67.246591][ T6896] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:204kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 67.256046][ T6896] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 67.264455][ T6896] lowmem_reserve[]: 0 1235 1235 1235 1235 [ 67.266203][ T6896] Node 0 DMA32 free:124428kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35624kB inactive_anon:0kB active_file:12336kB inactive_file:203092kB unevictable:3536kB writepending:7096kB present:2080628kB managed:1264708kB mlocked:0kB bounce:0kB free_pcp:126004kB local_pcp:30540kB free_cma:0kB [ 67.275666][ T6896] lowmem_reserve[]: 0 0 0 0 0 [ 67.277172][ T6896] Node 1 Normal free:1604296kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:4kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:16520kB local_pcp:2392kB free_cma:0kB [ 67.286155][ T6896] lowmem_reserve[]: 0 0 0 0 0 [ 67.287589][ T6896] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 67.291413][ T6896] Node 0 DMA32: 159*4kB (UME) 618*8kB (UME) 302*16kB (UM) 65*32kB (UM) 49*64kB (UM) 43*128kB (UM) 26*256kB (UM) 27*512kB (UM) 17*1024kB (UM) 14*2048kB (UME) 9*4096kB (M) = 124556kB [ 67.296765][ T6896] Node 1 Normal: 6*4kB (UME) 36*8kB (UME) 21*16kB (UME) 18*32kB (UME) 10*64kB (UME) 7*128kB (UME) 2*256kB (UE) 5*512kB (UME) 1*1024kB (U) 2*2048kB (UM) 389*4096kB (M) = 1604296kB [ 67.302174][ T6896] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 67.305022][ T6896] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 67.307871][ T6896] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 67.310792][ T6896] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 67.313627][ T6896] 56314 total pagecache pages [ 67.315177][ T6896] 0 pages in swap cache [ 67.316542][ T6896] Free swap = 124996kB [ 67.317858][ T6896] Total swap = 124996kB [ 67.319204][ T6896] 1048443 pages RAM [ 67.322548][ T6896] 0 pages HighMem/MovableOnly [ 67.324027][ T6896] 282937 pages reserved [ 67.325467][ T6896] 0 pages cma reserved [ 67.500479][ T6917] netlink: 12 bytes leftover after parsing attributes in process `syz.1.304'. [ 67.536011][ T40] audit: type=1400 audit(1750795872.244:366): avc: denied { ioctl } for pid=6916 comm="syz.3.303" path="/dev/ptp0" dev="devtmpfs" ino=729 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 67.544216][ T40] audit: type=1400 audit(1750795872.254:367): avc: denied { getopt } for pid=6916 comm="syz.3.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 67.640859][ T40] audit: type=1400 audit(1750795872.354:368): avc: denied { bind } for pid=6924 comm="syz.1.306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 67.647414][ T40] audit: type=1400 audit(1750795872.354:369): avc: denied { connect } for pid=6924 comm="syz.1.306" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 67.710567][ T6926] CUSE: unknown device info "ÿ" [ 67.712677][ T6926] CUSE: zero length info key specified [ 67.718812][ T59] IPVS: starting estimator thread 0... [ 67.779143][ T6929] No control pipe specified [ 67.811724][ T6927] IPVS: using max 45 ests per chain, 108000 per kthread [ 67.877718][ T40] audit: type=1400 audit(1750795872.584:370): avc: denied { read } for pid=6936 comm="syz.4.311" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 67.902563][ T6937] ================================================================== [ 67.902576][ T6937] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 67.902603][ T6937] Write of size 8 at addr ffffc900053ba3e0 by task syz.4.311/6937 [ 67.902618][ T6937] [ 67.902626][ T6937] CPU: 1 UID: 0 PID: 6937 Comm: syz.4.311 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 67.902644][ T6937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.902656][ T6937] Call Trace: [ 67.902662][ T6937] [ 67.902669][ T6937] dump_stack_lvl+0x116/0x1f0 [ 67.902695][ T6937] print_report+0xcd/0x680 [ 67.902719][ T6937] ? __virt_addr_valid+0x81/0x610 [ 67.902741][ T6937] ? sys_imageblit+0x1a6f/0x1e60 [ 67.902755][ T6937] kasan_report+0xe0/0x110 [ 67.902776][ T6937] ? sys_imageblit+0x1a6f/0x1e60 [ 67.902798][ T6937] sys_imageblit+0x1a6f/0x1e60 [ 67.902825][ T6937] ? __pfx_sys_imageblit+0x10/0x10 [ 67.902843][ T6937] ? prep_compound_page+0x265/0x4e0 [ 67.902864][ T6937] ? get_page_from_freelist+0x1b2a/0x3890 [ 67.902885][ T6937] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 67.902907][ T6937] bit_putcs+0x90f/0xde0 [ 67.902937][ T6937] ? __pfx_bit_putcs+0x10/0x10 [ 67.902963][ T6937] ? fb_get_color_depth+0x120/0x250 [ 67.902980][ T6937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.903002][ T6937] ? __pfx_bit_putcs+0x10/0x10 [ 67.903025][ T6937] fbcon_putcs+0x383/0x4a0 [ 67.903048][ T6937] do_update_region+0x2e6/0x3f0 [ 67.903063][ T6937] invert_screen+0x1e4/0x590 [ 67.903085][ T6937] ? __pfx_invert_screen+0x10/0x10 [ 67.903107][ T6937] ? __pfx_complement_pos+0x10/0x10 [ 67.903129][ T6937] ? trace_kmalloc+0x2b/0xd0 [ 67.903149][ T6937] ? __kmalloc_noprof.cold+0x5c/0x61 [ 67.903172][ T6937] ? find_held_lock+0x2b/0x80 [ 67.903194][ T6937] clear_selection+0x59/0x70 [ 67.903213][ T6937] vc_do_resize+0xd9b/0x10e0 [ 67.903237][ T6937] ? __pfx_vc_do_resize+0x10/0x10 [ 67.903259][ T6937] fbcon_set_disp+0x7ad/0xe40 [ 67.903282][ T6937] set_con2fb_map+0x703/0x1060 [ 67.903306][ T6937] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 67.903326][ T6937] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 67.903351][ T6937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.903371][ T6937] do_fb_ioctl+0x328/0x7e0 [ 67.903386][ T6937] ? __pfx_do_fb_ioctl+0x10/0x10 [ 67.903403][ T6937] ? do_vfs_ioctl+0x523/0x1a60 [ 67.903428][ T6937] ? selinux_file_ioctl+0x180/0x270 [ 67.903453][ T6937] fb_ioctl+0xe5/0x150 [ 67.903467][ T6937] ? __pfx_fb_ioctl+0x10/0x10 [ 67.903482][ T6937] __x64_sys_ioctl+0x18e/0x210 [ 67.903499][ T6937] do_syscall_64+0xcd/0x4c0 [ 67.903521][ T6937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.903539][ T6937] RIP: 0033:0x7fd84e38e929 [ 67.903553][ T6937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.903569][ T6937] RSP: 002b:00007fd84f2da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.903587][ T6937] RAX: ffffffffffffffda RBX: 00007fd84e5b5fa0 RCX: 00007fd84e38e929 [ 67.903594][ T6937] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000003 [ 67.903603][ T6937] RBP: 00007fd84e410b39 R08: 0000000000000000 R09: 0000000000000000 [ 67.903613][ T6937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.903623][ T6937] R13: 0000000000000000 R14: 00007fd84e5b5fa0 R15: 00007ffdb117b278 [ 67.903640][ T6937] [ 67.903646][ T6937] [ 67.903661][ T6937] The buggy address ffffc900053ba3e0 belongs to a vmalloc virtual mapping [ 67.903670][ T6937] Memory state around the buggy address: [ 67.903676][ T6937] ffffc900053ba280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 67.903686][ T6937] ffffc900053ba300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 67.903698][ T6937] >ffffc900053ba380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 67.903708][ T6937] ^ [ 67.903718][ T6937] ffffc900053ba400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 67.903731][ T6937] ffffc900053ba480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 67.903742][ T6937] ================================================================== [ 67.903752][ T6937] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 67.903763][ T6937] CPU: 1 UID: 0 PID: 6937 Comm: syz.4.311 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 67.903779][ T6937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.903790][ T6937] Call Trace: [ 67.903795][ T6937] [ 67.903801][ T6937] dump_stack_lvl+0x3d/0x1f0 [ 67.903831][ T6937] panic+0x71c/0x800 [ 67.903854][ T6937] ? __pfx_panic+0x10/0x10 [ 67.903872][ T6937] ? __pfx__printk+0x10/0x10 [ 67.903882][ T6937] ? rcu_is_watching+0x12/0xc0 [ 67.903899][ T6937] ? sys_imageblit+0x1a6f/0x1e60 [ 67.903914][ T6937] check_panic_on_warn+0xab/0xb0 [ 67.903939][ T6937] end_report+0x107/0x170 [ 67.903963][ T6937] kasan_report+0xee/0x110 [ 67.903984][ T6937] ? sys_imageblit+0x1a6f/0x1e60 [ 67.904003][ T6937] sys_imageblit+0x1a6f/0x1e60 [ 67.904024][ T6937] ? __pfx_sys_imageblit+0x10/0x10 [ 67.904041][ T6937] ? prep_compound_page+0x265/0x4e0 [ 67.904063][ T6937] ? get_page_from_freelist+0x1b2a/0x3890 [ 67.904089][ T6937] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 67.904102][ T6937] bit_putcs+0x90f/0xde0 [ 67.904130][ T6937] ? __pfx_bit_putcs+0x10/0x10 [ 67.904156][ T6937] ? fb_get_color_depth+0x120/0x250 [ 67.904176][ T6937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.904191][ T6937] ? __pfx_bit_putcs+0x10/0x10 [ 67.904212][ T6937] fbcon_putcs+0x383/0x4a0 [ 67.904234][ T6937] do_update_region+0x2e6/0x3f0 [ 67.904252][ T6937] invert_screen+0x1e4/0x590 [ 67.904272][ T6937] ? __pfx_invert_screen+0x10/0x10 [ 67.904289][ T6937] ? __pfx_complement_pos+0x10/0x10 [ 67.904309][ T6937] ? trace_kmalloc+0x2b/0xd0 [ 67.904333][ T6937] ? __kmalloc_noprof.cold+0x5c/0x61 [ 67.904354][ T6937] ? find_held_lock+0x2b/0x80 [ 67.904370][ T6937] clear_selection+0x59/0x70 [ 67.904388][ T6937] vc_do_resize+0xd9b/0x10e0 [ 67.904413][ T6937] ? __pfx_vc_do_resize+0x10/0x10 [ 67.904437][ T6937] fbcon_set_disp+0x7ad/0xe40 [ 67.904453][ T6937] set_con2fb_map+0x703/0x1060 [ 67.904476][ T6937] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 67.904500][ T6937] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 67.904525][ T6937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.904538][ T6937] do_fb_ioctl+0x328/0x7e0 [ 67.904553][ T6937] ? __pfx_do_fb_ioctl+0x10/0x10 [ 67.904596][ T6937] ? do_vfs_ioctl+0x523/0x1a60 [ 67.904628][ T6937] ? selinux_file_ioctl+0x180/0x270 [ 67.904648][ T6937] fb_ioctl+0xe5/0x150 [ 67.904662][ T6937] ? __pfx_fb_ioctl+0x10/0x10 [ 67.904678][ T6937] __x64_sys_ioctl+0x18e/0x210 [ 67.904697][ T6937] do_syscall_64+0xcd/0x4c0 [ 67.904720][ T6937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.904731][ T6937] RIP: 0033:0x7fd84e38e929 [ 67.904744][ T6937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.904760][ T6937] RSP: 002b:00007fd84f2da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.904776][ T6937] RAX: ffffffffffffffda RBX: 00007fd84e5b5fa0 RCX: 00007fd84e38e929 [ 67.904786][ T6937] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000003 [ 67.904797][ T6937] RBP: 00007fd84e410b39 R08: 0000000000000000 R09: 0000000000000000 [ 67.904807][ T6937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.904822][ T6937] R13: 0000000000000000 R14: 00007fd84e5b5fa0 R15: 00007ffdb117b278 [ 67.904834][ T6937] [ 67.905541][ T6937] Kernel Offset: disabled VM DIAGNOSIS: 20:11:12 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffffffff8e297780 RSI=ffffffff81607d78 RDI=ffffffff93d1f080 RBP=0000000000000000 RSP=ffffc90000007fd0 R8 =0000000000000001 R9 =fffffbfff27a3e10 R10=ffffffff93d1f087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6753000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fd84e3726e0 CR3=00000000506ec000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc7a185a0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000c0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855b9fd5 RDI=ffffffff9b087320 RBP=ffffffff9b0872e0 RSP=ffffc900036a6f88 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=0000000000000064 R14=ffffffff9b0872e0 R15=ffffffff855b9f70 RIP=ffffffff855b9fff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fd84f2da6c0 ffffffff 00c00000 GS =0000 ffff8880d6853000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fd84f2d9f98 CR3=000000005b9e9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 06041df600100005 b882080001000000 080606021df80004 0001808008000280 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000001000000 00000000013a0809 800302100005b982 0800010000020806 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80c5baa008000100 0004080606011ee2 ff00000000000002 cf000000000071f3 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c5ba920800010000 04080606011efc8b fffd000000000001 1208000309800408 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100040880 c5ba920800010000 04080606011efc8b fffd000000000001 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1208000309800408 80c5baa008000100 0004080606011ee2 ff00000000000002 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cf000000000071f3 0000000001000000 00000000013a0809 800302100005b982 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0800010000020806 06041df600100005 b882080001000000 080606021df80004 ZMM25=f5823c95f5823c95 f5823c95f5823c95 f5823c95f5823c95 f5823c95f5823c95 f5823c95f5823c95 f5823c95f5823c95 f5823c95f5823c95 f5823c95f5823c95 ZMM26=2ba4c4932ba4c493 2ba4c4932ba4c493 2ba4c4932ba4c493 2ba4c4932ba4c493 2ba4c4932ba4c493 2ba4c4932ba4c493 2ba4c4932ba4c493 2ba4c4932ba4c493 ZMM27=878148ef878148ef 878148ef878148ef 878148ef878148ef 878148ef878148ef 878148ef878148ef 878148ef878148ef 878148ef878148ef 878148ef878148ef ZMM28=000000a00000009f 0000009e0000009d 0000009c0000009b 0000009a00000099 0000009800000097 0000009600000095 0000009400000093 0000009200000091 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8304000083040000 8304000083040000 8304000083040000 8304000083040000 8304000083040000 8304000083040000 8304000083040000 8304000083040000 info registers vcpu 2 CPU#2 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff88801e29c880 RSI=ffffffff81607d78 RDI=ffffffff93d1f080 RBP=0000000000000002 RSP=ffffc90000648fd0 R8 =0000000000000001 R9 =fffffbfff27a3e10 R10=ffffffff93d1f087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6953000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2e4186 CR3=00000000481b9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cc11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cc11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cc11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cc11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cc11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cc11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000aa000000 0000000000000000 000080febb000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735d8ed100 00007f735cd84440 00007f735cd80004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f735cd84498 00007f735cd84490 00007f735cd84488 00007f735cd84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff88801e2b0000 RSI=ffffffff81607d78 RDI=ffffffff93d1f080 RBP=0000000000000003 RSP=ffffc900006f8fd0 R8 =0000000000000001 R9 =fffffbfff27a3e10 R10=ffffffff93d1f087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a53000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055555e17f808 CR3=000000004c5a3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0073726573752d79 656b2f636f72702f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7011c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 390008751f158a00 000000ff12b12f9d 00fef50001001100 0a0f1200000e0307 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7ced100 00007f00e7184440 00007f00e7180004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00e7184498 00007f00e7184490 00007f00e7184488 00007f00e7184480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000c0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000