last executing test programs: 6.49035036s ago: executing program 3 (id=1346): r0 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet(0x2, 0x3, 0x5) getsockopt$MRT(r3, 0x0, 0xcf, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000040)=""/249, 0x46, 0xf9, 0x6}, 0x20) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x800000000000009, 0x0) read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time}], 0x38) readv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1) r8 = socket$netlink(0x10, 0x3, 0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x1}, @IFLA_MACSEC_INC_SCI={0x5, 0x9, 0x1}]}}}]}, 0x44}}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) clock_gettime(0x0, &(0x7f000001fb00)) ppoll(&(0x7f000001fa40)=[{}, {0xffffffffffffffff, 0x14}], 0x2, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x10004, 0x2, 0xd000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) close(r2) 5.641779764s ago: executing program 2 (id=1348): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$clear(0x11, 0xfffffffffffffffd) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x0, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r2, &(0x7f000000a400)="4e5350994ebf71ce3049a58c5d050078bf16b0757a4c27b455e2a547739587dd3380b5df8f40a0696c5bd6cdb672cffe4d870c5c90ca92095b9ebf3e92fe31d8cd74275d857d34a74f7eecc7fac15e2f148d4e9d47bb45b858bbf078999970d180f28d7b2cefd92635d45a563d9229c9fd770efdc0848e52fa5efd9a7e5c94a1ba94b4b7c7507f8b0819bb20910f9f50a83a010abbe126dd9f6a7b84eab6b0d5ce78d2ade77a5f7e4e997df1d03ffab4b4c945d803e4457909013127a98769c938c237f37263bc509a42bc56ff2dbf80e847e2c407009eef94f18e1e59069d62298fdbadae007ffbdf403c5049a4530ac0abecceb5608da02754c9a575af52c0b7e41226e2d642a814861c4310c935bcbae413516dde2132652b39c7aa0218a6ce65dabb4494965209ce879ba7e7e59039db5c1d36d6a7f86d72dd59954fd6f46124a2506b245a0db11aa89d2feb312a6596ea2fecaa7b6021f37a255f628da7ff6b6c36b514d3b6be34e505f9dac6acfb888198004699fb350ac93431533554658c4957df36703591438d6488bc03dd8290a75ebb367a481a50e79a46b04d005649cabd79e5c6326c066bc2b6fc5febb87ef66d832ef31a16c2a450a0b990fb549a5d810c928d1a81fa1dc795db2607ac7d46cb5716b68acdeb00987e429fe6a394632c83b43336e7b51d9cfdb50e83d8c6ba1784d9f74c16b476e048e65e7ac0af683b347d7377ac1795422e00e5bd8da9b313af83abb3348861116de7a99959169b7dff9f7d9b7a6d107f2e76670a6214a419bf8298f80eb570fa29264ba57a383c5ec5836ce33104ecaf1aec76e311280a1d2c8bd7abff3a5a242e6a637f7db63038ef5d78aca9c680d72b60da4dbeb0e1e683ddc82898647c589a81b8f92db06711d8a0af05560cd77fa7005283db71e8da21713fccd450822062b994d152aaed2cdcf0dec9c60617e15ba4df628da4e71279bf9d1eee5c7f055c27cddfdd45f9225d5d5529ef7119e2e3c9838e7362971e069be487797e949b24297de19c61340d1cd7a2bfa3880b91a71e934720a59e1e0ea992d2a1633a0852ad8addfcab73a291e35745e694a6471f429b124305886c1f79f67c78de3f3ec998c91e7fc59d26766cd446f6f0de603f2c6892e13cdaa37d9e8e118d098b6986ccd991993ec152193e7d77394b05b99e7d310c506707f1be52249438fba9615f6dad2ec7244fedf36e34ec311b7d6bee64271d6491079e161190ded7e28e2ada4307a9b2986c267b1a30d2f720ff23408011f1d589ce9ee77f981c7833656ccf7df5b3a87ec253ff7c7ef1e67ceeb10c93e3fa683cdadad65850ffbc402b7744e94cdecef9db9d264c755c53d36278df23d4c9685fdefa69f7588a33b8a64b35191ee81abcb9765577d175cb06e31c582807ff7243bfef44961fbc0f8a235242f51ee991ea621803d4dcfed90d26f004b299425bf219f6d185fe6e088ae44601b03defada18794feac93787696a5d419f09f769bc590f43d2df6a131f6895da2de120c2644685e57b1d476c6aba5881e954fb2575356452b118b942cb02b4ea0fcf8f1bbb9a23b6e32c9d0accd3dd861452a3ad77b38fe709e216974932deb5397fd8033ff0e073d93ac0b4be762bca0424d69bd57b22ba914133f87671a29498b268c2911e793215463ca2164e38059456107dcb29beedfd6277e2b41a11d1c6f1361b19875c9384f04f9c53c1856d71f360a8fafe05f7aef750ec0cf2bfcfa971c017ad071b69a18fdaf970b384d4c889cfa5a0397dbe89543a5c64e2645d6edf959aa60709ce0225fe6c3266c7ef62157ac8e78fddcd8a1f2ca5b58128218d19276885515775326aeeee0226cc810843eb05144bf8e2fe3340cf60b32cafd96d23cd7d0d3adcbdfec9a2a3d88307c362633b1c5637608ea8476d900b3f836a9734b5ecaf5e82983577128d3f74b903b0e3bf64326c1b564ae42aeeb0c07702b63a9ff74a2af6b45e5185a53f36c17bc29dfbc0ea28ca5cca43a15d751e9887ad3e6a87faacb6a278c4c8a8d21b9a77b9776f33102a6e645e99cc5cbc543ed0674282c2b9f8e5d14c2599aa9ac8f81438c77f2b9368bdac82edcdc5366f39adec9e9a3fbd55b79abc16d2ebff26b7d0c88f18b486e5836333575e3fc7808cb423b44781c57965767862922b4ff32d9bae76296843a46f430211c27ef9db168430026a5691623284dfd459dbdd1f1a6ec9bfad666507e6eacb1e2a7866da2e12e6d596d0bbb150500590013d9288af20596447f97bf1744eb9cfb244d8fca269b1fb71e14de664be4e95d83fff1b8abcfebcf3e78c1c66d28f260fb0c19f9fbcd2abbdd7dd7246e49dc25d954bf25f810a2ff6f9069dfdc62e7170fe3b0964b2ac95024256dfa3e7a426be5bb5f707fd82c2b3afec5d5dcf5bbb8fcb6dbc1b59f6c5330966c70d8b016956903a4278817414ba3652a102d7e7e37ecc79400267fc3bf7601c0731f87d479c33f100735e748874155267f708cea49d549e93cf7a398b20373dc90ad9afd56d9c77cd24e2c4a18f7130b366c7fe5b26bc4d11ca1ed1b98fa0b4d7396f82ae6593f4575d19f4d8fd586c991129e5cbe15c8bacc89c3ee15ca471dea966b5c48ede0d3ba2a7e28c75c04e6a4aa49a61f4e391ffe78eb5e40a5ef349f3aa4d15f2291cc86ec7e47ae301bf0b6083dae44b695820a893d46732553ef15ed1c16d28268d52a7e3a7e7c009d0c0708a356d3310c1ebcbcca4d7acf433e34bfc9fc115498142dcc725e7a16879c75e4c2f01c6c98b39619f3248bf530e6ee593467e38cf4026cfdc4db6296565722d587f3c580750b1453ecc141c0461495551297d88ae034acbd4f5e80ce198e6640c4c1e9501529988109cef006eb2090a6fcd974d7f60290b78f1a8ce3051ac2d69636c3219f0a6ad8c254764396a1684b2fd9805b1853525f2e640e513197283cc4d4073ac033e0539a88f08aabe1423cd40b8a7e073437d812b57a5d39a0531dcbe13f4466e89efc66c2a1e4b39a3e0b3073c9d44e6cf9b85f4df5c4e03628d05bc0f94ec04234c9eca4ed17463f190406834b02888728f625371cda75d15ec19efebd59f00ab659eb94eb88bcb2110862a369ad599610c1530fcc118f5b82205bc5215fe3623ac8ec297d8ff4eee75ace20731c5d505e6605c26203b7f754164c9463f0a6eefe3a2880b8e06e7bc66bb2adcc1a3f9b0325f5ec31d12a25f1f73c2aa6bb3a7680d786a082a63b13cce1822fa6a4b085a871ae3409eecbc1fd8661b5d52bb2b8b72f23e24a225075f272ed2ba0c6c5c693811a0ef8db6da7cfe7c966c647f0187ad223eedb1012a5b7af103e98464ac768c79b21ca45b12a52cf261de0d367442cda71c4b8ee39c94ded1b22ba06c13836cb467ebab4efea07bdf1e3de8da56a0ee6d4f848011253cc21fa421a39943513d3167b7a73e0d752b861c49814bc5410ebe53a0264f76068c91ee6ec9e2daa343482b2f0f06e605c5aaf81f2a3cd570efc2094b4bc452f9526f1bbe7b22b694fb8109a5a987fabf6250912d6099e67da9cac79e8b6f2cce4702d1f17cbc5d06c38b8a48155ec758369c185ded839fb58cd736fbb74105fe5baf44e7e3ed06843f23601b60a43b1f88fd29e9b3f58479f9b95392a39d5ba1a31ee4441ca2d1fb57c0a8678a07a724b7a65b2ab16d1da197f435bce3ef003fce27fa2f0a67c9dd6c930a4bcf59e79e57b70fa8eae6fe34972958c28b56642d14ea89bf4d7d6f7fcbcf4fda8bd08fc9fe424de4359112b11f81fbdc1505658363697713ff6e1f8ca3c4be34a79993a9091f6017cda6c7489ae5c07062555231427c3eb42a049f42d22a060983b044a7d34ab5d2b5386cca79af72396a48aad6b8dcd7855410fc6106e4a165994f26efff1e7ea0aa8f560333b5dfdb2a0d899b0fda955155f90c75effd3c9535d88508e836feb7807d57b2a57cca42d3d08fe7de60d2a33376f49bdacdd3f814bd0927f417f15ad62a10b302f1cb390aaf82b0bc6af46bbf990b6ada45ef83ce13029d167c65134e7b82b59ddfdc367e61c40defd2732ccebb1d4000f6c742df964e1fb390c255d2b1dfc745c6ab34af8096b5b67aa179e3f341854f7a69f7bf47664c832037ec7a78f8e27209e3f20f833fb6e8c0fc4a40920a5ad2b0618982ff72540009d5db82f0f5bcaed2a27f35d1e50eaa0cf8e48c7a2d43c25d0264db750a7f33b44a4bfaae576cf9ee7594ed204513899566564ed8bbc97ed18b1d8868f926a5c70ac06fbac1eade46792186be7bf8ffa3301239edd093449b7d77192782b5111c14169d2b4a1b3443ad62e4abdf11aac6a5b89a5b20ab0ad0abd949b9d64582c67ffce018e7e46de4091fcc77a65b971fc67c8d9cbf0c341ca764b1056ee5014d9865059616a525a1d46ae2fad159afe86dd1df9b8246411827e19535ca0aa9f83050b06e70aa2737f27e93d584a9cef878a642e9361efaa5d20bd8da901fa2e064656f686d3b3ea31d1d850ae9196b7764548f5c6450a32a717e09b6b7e75d43fbbda76e43a24f186d5578933f408bfa28e0435cde525fb91e71d92d704cc5a9b5e3db7aaec46d2b1f8dcb3f921f69bd7397c96a1e132c39c8f1656cea4365c779abf76199cb5b6aada022edec5c901cdafa2e7f3765af9c8b20cb1a6785085fcb0dc901367b89051bdfdc6b68c5215fd04e2b3c7e1c454a4d21132953b25c50995af0f7159a5a8d0a1621f4808f126a5bd40ddc79fed90f49925ee367a57a05c070fbe39fe2c213e7c1724a907ecfa69efe6e021c06a262471a4377f3c9809e9fee4f375e27c31b6afbb2151da86b7cab63c7b4fa4b77fb30172b9d0d78b1c0535ec0639c4910b5eeecbb5b8b5c8aa74c140e7ad347812e36db3097a7ff85c09ab2c0020202307f50efefcdb497b9c060ca68c4be54a9165b4cebc6b2e2e14e5ffb9213142418faedcdf26fd326b7672399e71cfffe3ed712ced5317c254f9199ee10c24c802d102bd8749513d3145201ca4e01bc7c8bbcf430afa541ec5665f86dfb143be648521bb0f2b029018201444787f644f8c88b79e754e6ea9c797babdaec72a9680abadf3a41684cdd57c2b6e833acc0846be5aa927f1b1b36562d2acb9ecfb758455230d050daec6748ba280a5edc86d48e3f8af0f8f4ffb18ae3cd3c19a82d504a4fd52bb62289ae8026572a497fe268f87ef4b4b5886aa07eeb698b7cbf99683f710afc9ed1f8a488883ce0eb8f7fd055b82a9fe21a409caa231c41ba151008e9658919c611e157d7f3926a5e4248532a6860e615b9c86e9fea212128d96ed58c9b84ef22706071eb69f492e4d8321ed9faf6c6a8928f86172bdc930244583ea15be497d9ce4ae79cb3e6293a8512ffaa9e8e358f3c7c7117001fb92891a40b84f9126cc3def5cde67f463bbac9668b9f56c3e4ee72fceebb47e52fc226bab213d8193516e7064459fd1365350a95c5a1c3ac44a73bbba2a4c17ebe49dd781bff1995cd706b77bb533117594ad63566f4c0730beab85ff4c713b7f10b95480fe99a0f676c51ca11116b21e87887b462aa9770e85509e4e60f198148115f0a3ce6028516a946178d1acacf7767f6be7277891369eff67762aa58f928d48b7231e44d899cea8289003349117a53d61bc27b207fdc91c9db61e677d1e1a1bc6a1b6e8564130b335233db4b5de8d62324e6d0ccb2b08c2ff922324eb8c506711142d4b8d7a21223ef0a3d534fdb0de58be95cd827152f71bdd0a82766b62b4c87536f0b7e7df343c4263187da887de6e65d11d0360e2376c1d71c367ae85edeed8f767d24c644b1a9b455ded1dc3cc224f99936a6ee66931c45e5e3db2427719ab2d5cd9c20d9bb0ec004b69bccb00649f3d8e34a3572c257de114b9f027d76bc7db9007175cc03b9e2061b6b3fe7409e009b5371544e56fe438cbd361e5b11efbf2d79d1c250a1e73ca8c601c4f4d1e3761290950421c48c7daa45965e472f5ef3c4b8597444dc5dc01cd25358055b5000617f3e7291da3413e3f0853b1271366612405c35ff1b785b984d921b518425628a533a29ab65d3c11f44c6daa86f8b6457ebb9419274c481aa6f3fa4547641670aff58b9cc62c0993d49a509f02dee755ee5f1fd2710c995c43a91c4f873afa1bbdff19427cba2641052a8f361ecbc72e8a6cf587e83f8bd3110c95fb080edc77a6d43cd58c447b0e02261e4109500c6458dce70acb17aa8f9dc1d15b94a61354164031b5d563c25d0246fc45e6401cefceb501e1468903e5d677759dbe3f24bd48ce55ff8b8f26529fb3b2d669202a1e8a498984b449b4830a0126b18f0e78182c9ce78fe0c448c0e27845b926cfde28fa85e156fa98fefaeb19ed1247c9643b447b4342c94c114d3c4c35eed4d5b49aa70e6aad45bfb557f15e8fdb2d6e3d10d8338a13fe3f187751985b37a5bb10b750f79e36fc2e2ee9bdecc3ed156e202ed7b45a94809d77edaa398042fc6a825a4848c334c557303d24eb3f8e01be06995ceb283c70272b00da61c3381628f0e372fe2fcc779ff7daf7e4b7f2686c39d3fab674b8867b62b0bf9d5cfd0c1d3b270521f55f147de75142ffd7fc9ac7e5dae7ca2fdf26a9222d060823852409dd040cfd1f66f218c6dbdaaacddab34b123af22f97384d64fac64d84fd638c96378c8f9532a11927d48440bc777ff8b8b9be88f930f3b579a713c0bc449dca3a3bd5f2efa98240ccc594299e44451dc60c6c5c9edd0d7b777912b3dc40c57e0ea5f4425cd7047e686c7304f04ba9f7b5de6ad2bd524f1d29f8802a524441fa286015adf4589431710aa4d76de8a956dc1d39c0a13abb7fc309d24222d036e204ab6bb46ef8a7595d9e4512e0b9d5f8fd719a4e3072e1d806967045789c67a1681f2a9f1f4b19f4f5e1afdafc17db7a6d5196161499e62ab4b0ec27648f3eeb1fb2b78f8ecf9b05cf9509a3b9e2a361238deb1c91bdbc8b1d11bbeb939fd9da811cd439069da0ecc00665d72357aac01f259a0325409b201859cc0569e0eba67a7a9ca7e8b78078d9370bd3e37f0571680ede60cb6bbfe69435d6ab5efd80cf051d119a7004fc0b600844d49218d844de8f521524a47ee50229c7da25e42a8639b5db225e7f23967f5d4f8a297aff04a3cbedc2985b6393a5ba0b26b6c7b4ca22d369b35b410799d1ad02825104d34f73408db1948438597931ed1c1c260e78340517bfa2f734537dbdf5ec303518ff4640efe7f7b1c2f46babdb9247ce8eabad9718a8b9ddb7a18d5e87ced554c9d6de78f85d293349590c6c32483534bc968b24a28eb54b9515589d6dd8eb51a5ad0b4d896ce92250397cbc404323fcdf0ee47ed634e0c58213bc5b35a72b21a098e11b79c061430dc817c1e0c79a5b6ed3b002979933f1b83a17f250b1bd5c4958df4d75531ca03efbda89f6a92fe08c23ad9014ff562a7f3dcde578d6825b9847b5df04dbca4f2aa52d8e0f4cf8183ce121e39b50358a9796acde0372a8ff97769874a80ab997cd889145aad4888c06963c2f5b82f53a748a6729fbc79d35c06d84e05c62e44ff78040e56ebfc6efcf0d8b49337d5a17c4041f0d5a8b616244d585a162b69db073accd9071d12df5b326a43b834bbffc2f2a60deafcbddf1c6438a1769d6fb09fbe1990e89da12164ef237f326edb5be64bb64b143a030de8a99b3c5e543c871cb581e2be090a92134aa587701f864907cadd7c1ce20fcf8f5dc7f7ecd06a6c19d89a92ca0ad4393c208b80bba990c7a3702a9c79bddde75d5db244719ac32191b6ceb041ab541fb47680a97dc0422b8a50d91e32cb08cd341b0b099aca5bd12b69d4f89d10b755b351a6489180b786a3bebac926532a4a2d85b07bce6c090d1aaaff079e36d5394a612f1351b90c13a0fa6bf9d188d548dfe6fa51a9026edb52009c03ed45ac51d05c58a957bcc67e05a588985ba00d79f33ae9cdd5f5721d9fdc72ee6e880708be87e8a60c3c035c146f2091d1b9a4c2cfa56f292fe1ba62290d4e56c05669291bbe917f3cac51802a2cc8e9c90dadfe666c233c5a5bb71ee17deec51ce60c73f57bf9ecb84873afcc44815131810c6c1217bea485ef9aa2785e859b25315ef8aa3a274982786e45d622ae831fb76010d69a181b069e4cc55d4436edb10d1119b0c6000c6d5cff7c72f740a59dc0507e7a952b69403c62673f122c9d1264fac6ce2262e86cd8d6a402672f88530fc2d16f31736dd497a4e853253ac8d5aff8d1376895e9f5519b2490cc2a2412ba0c99cec855f668837310035e92fb646486de1b0acffb91ae7516df3eeef381456b55e65baa58e71461c928687e699d2b21814805591382e95e1b970aaa53259917f070281f2336b7d570249d838b3f1a32753c336864e15f4561badf8fee034a29c52ff3fca7456ae140f83e3b2fd5b57c9aef3f20c664200d235f236ec47dd2fc20b14dc6000812237aea992d987e5460679e8c5b76d931ef6d951e6c7087e3106b6ce2db9de6f228fdf3ffc38710c0e8d5000a195a79d1fa2301038f5b27c40b09c34c025e5099d40c2204ea0eae985263c9101cab88d6857a320c9e497f22348a24861a5fb8d734e08cad09f9933748ff01eab22f17756f58688dc1b486a397563ee9ad0784b8833cdb5f7c6bcf76d9c1105f71c3c6aabefd70dc6cd5c66d31caf916145ac5ed7fa070b4277c0448ab1eb78c943be9aeab0587d321a4bcb7754f070881178f8be668b686124899fac252519f4b60ec42db766a908755040463125c26850177402a977246d36d23afac0a11889d54640bd8f6f670d686cfd33f6fc5d90cf6cbd63d9d0fd201dd4c74dbbab899f3c23c0b7e37ea0b2aff421327200d0da58b5893a4186ae3652cc6e11c2c2a0e52184a3872532acce98c94cebf4f31333663a620f0dba0ffd89c3124380075bd28caa6d449a050b3661b8fbaf4747b77c4928b1378fdc8c7a7b38ade1aeec44bdfacc8271d0b132b2029b0f3582f9919f5c8cd543abc9caf6b82b197cd482c3ef61a64743506342bf50a3c1ff544563bb8b2002911ee1fad698f4ac133ffed5bfe81239c918207a03c7a8bd71a0a502aea78d38e970e3ab2abf754b598acb79cf276792aa08724d0ba24f2a694912ab795b3f45f52dec50d9bfbc99ae27e1d2c2216afec6709d6513a64b29ef58255bbe18478c5d4f15f74ea63a1e15487752eec8fd019f1d4a7aa25277664754bd2d7cd3a7a018b92c56d965a1974885363757286da9e055ef7fac17876f0a64c1026a597733b897a9155ecbf420159ae8e5209aa83a3544fff1fb4566f2d54f95e3bbd30dcca5f24397e4bd47ff01292f0d6fe9dd47a810e0c25382fa69b4987d1afd9b69ef125110ad6b240eaa9c85829a2646f9ab7874bc02bfa8346cc9190943e9d46b44880670b1e2aa3a29e83be5472d7418885a353faade6e8b18f4b588607bbb758588d1e2f11a9dfa1c4d61be50249f1ee32e6ff8c0c7722aaec1bc79654a4772efc578bd6a14c79abcc77a4e09c8b6c6ea35cd3ab31e35268fb55db843176f8042f8ce7be0ddd4ead6dbdad0ef9e7cb2323db5cc48119a72b27306b8ff6366c0bc682a85ab9e2cf2238b6d6eb2e38a97d5577e6334cb2aa6e7c86e489e876f9d7053577a5cb57f52812fab7c4bd7b19a34c228ffb67dcac9281612f778b58c580c140542200fd00cb3ad81d93420df93c5af2493f646d8de797102fa0a65247317882fbf171520f00b2c7638623b823ff11444fdde453570f99f9099b60061a908b83383ba8b82bb78edd074dccf9342afdf8d11a6129ba6ea7030f3629056264f1736c2b926171b6dc7e1fa455a473de656390495f3b6ad2f9f46f35eacb075628ff739ef78f28ba683448068c7f18fb63f28ba7dbbb78999100dde0a94e8b8570817c7114c13e139ceb333782b29a84a5b19497fa785915c7680dd7f972cb59ba22161f60886e5cb3c3e808726cbf96bc4da78914eee565c6d9d18e70d22cf8c0244cf3cf488c3550eaa400bc0f26d64e0f1bc8d0301a841d954073a641f3ef883d81f4d5db8e9df708e64e640b38df7295f7fe573863653086bae5507c880ab7fdb7a6c5ce77027ffa7395233d3ce536d77ae6c2e9c8ffb6fee78a3bcb3b5f888bd595caa3a5586948776b950a89cde4db8247ffff27491c882b430afdd60e7a22324f6635a9aa7139f3e624c6d9ece60f7f8153b2080cf0544fbf8e1c436503766e670b902604ab521e11aa5a65cedd64cfaf898ac5f55c08c87693c323517bcb0d99c28f5e072d4f6540c7ead70138d47c1a67fd72bd6ef5613af33a0af311c3d0a631ca2a2dfbe35d1021eb610e40b9be128683235a788b5a4cacf99babee382458d59e8aa1dd7bba7e09dd30c055a3df8ed721a1778b2c6ed587a403566325cd19962edd7831caa44a6b716517bad502130e7cf6a5ce5288dc84c0170f622ae0b1e1166a9c2c0771d91df9f9dd82ae210469602ce38964746c1c1d04321aae7d464eb801dbea7ec39505457e778208774d72673626c998b002c46a9b4b1e390d9344f0ca62212a1b6d41043a2100b35196bce42d40caa0ea9a486bf8526fd1f0f0d362c2cac463ea7377a20b54b9435442ca529fc00da4fd7e27c4eaf14215a06857b54254c26346956fd7fe215a5ce57ec38cedf50a3c759e563a4fd87494f00e7bd9b44f3b7e99c6ef67187056a21d2fe1ac9d24125b1947eb293189fdc448b591af4d9b8eb091d6bbb5e50fae79d000044e282bb2ab6c63cc9562b151c214e45015354e62be63e1881238b907f7bdb791ff44a4e03fa29dbd26db2f49d0f4729b7cd9ba69a65b0b493466d35d09b3f590c67c31660d95e2ab4af2c9f1df91f04ce5a57dde2d75206b42e3423126774d76593c2f713ae279d7092506b513fd5d18f0f52d3fafd7141dfd4a0de1063754dba865faf8dc0f6be9d90ef21ec86a275533f6ad4b4e360dc775413f29eab8b3daac6279b9abfe163ea2f183e09ed91ef67fbb090875109288a182cfdcc46d90678efe5edceda6518335e678438cac4bb47d376f3f0e12aa55301735d7f42653c073d6a4a37b2e17d332dc1be6b50918c007b14886307cc39250e81efecd63d24067a49994572725a9df1760caac13a28f5255556b27ec245e93969b85cdec7cd1c2d2a433d3f9572b93054a7ce8adff81bc1d30884d5fc4791e251bd907e37af5bec74235c3e2f804e4e0450b715289942b7859ad207bafcfec1b586dc15e7911fe6d20aa3d02fcd47e9956780e300d7c53c17dfa15754deb4c20efebc7270bda0fa6b37fc88c6be4250cac38c1b8186b364482026ab52d65d3a691903fccc39772277011bfaa421adba76bed9731077bec885ce88d40f36bbd2a839c67dc4b862c968491b877d4fd13fc90f8da57a29121e12f78e85af765cd66e72ba513593fe1cdf20019985b065d828707d8e509c6834eab188deea5c9ee97955f4b07d37b6fc7beed73be94887d423a349f35bb8782bc670ceaec870d97f061bda02ae73f6d575f81e0b6326eae6c1b3085cc584686120e12dd9ad8ce44036bec8a189f9", 0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90}, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r2, &(0x7f0000004300)={0x50, 0x0, r5, {0x7, 0x26}}, 0x50) syz_fuse_handle_req(r2, &(0x7f0000008400)="44ea07862a07eefa4de37092cf4356f54454db90301c4d373d57166f794f169d63344840a37048638ffd5e30beade3fd768b18191001eb890277fad8bdfe3742686deeb34395963bcf7a870addd76c80aba9f771ebdf410c7d7542fc2b6ae9a458d79457755d94ba8a3248b01a2293d8a70e60815b90297002652966a6b836065bcae0b44f4b26be93dec3cd4cdcbbc84c5b916a1b0d8313340675d67fb0c785d0307f95e426546c9a4d0161a8f52b02b95f4da53ced705a658722091864d74ac0a3a5f3853a0ad71ddb29835680ca9ff30531f8df0f0ac66f7f1433c33d75fa8f0f022b175df093648a81af5ed701b2e7a14199c83b539e763dbe7228f2e184a02becd41bae305d3f34c72e8db93dd214ec203eee6e6dab26b41848c95fe1ece8ca157a90bb7a990dac5f3c64cf49c5c5aa8414b9153f82eca9df88d90a8d6c0e72eacd52f82939d46d41e0f5ccf708c03fccecea467f33f5a49888514787e42c0a12255bca89e82344ab01ac3b6c6158e3c1b34ad953eaf55f3a2c487efd9423a542e41dbd0058aa021cb6fdc5df88f807033edd31abaf5ff7e6a9578d2be6a2d925d98108fda2a7e56a0bbcdce0689fa9e2111b0be8f3e2807f7f3728489917a031f2187ad98a744f19851687adf59a4b4c328ad5c4f2eaa0d112041369319f6d3f928c22d05f9fd68b5c268da5e2f433d651bc602a65ee83752c0c92f7e29002faf9475fbb57788d725f6f8fd495a58d88d55ab8467a85d1f41db5964a19bdd45377c7c8c792de5e76e87da9296ff90e7fa9e57f09358d998c8779bb2348d651808e969e960763c5231c65a06ee16979f4d990dbe7e10b3a2392dfd6483bf2c7c5f6f3d941cc17663668cca83dcc38089b4342a801c74039b32550c2d9cf95a0236523933ce3e7538ff9da2b7b741f3cbf53e6084702d0a5dadab4350848f6e7ba46d4736c7a2ae702c480c30dd78f994a10b9c3157a17e9e29576a68139403300586eb0c673252a319aa1cb01efa777228d8242ebdbef9db5c03e4c8e09bf7a009b7eb19357d1ad6d1defc0dbb58c31d85b9f1035056615ad0b0ded12751273c8bb7810ccc5b2efe51d223894b141dda837e6b7ba21de9a978ac447d995394b800e1065906455af544b9d7f353d1eefcd3387d18e3611f3913926f3a4b87efb3a9707d6136dc00e49ea5e7a6d0bea17eb49cae93c0c4422374b0f46250e0d554e1087c1392716d368b04b1da85d271206b465608468802fae00c7ad9425974d822cffbc420e739f7617f59a879f791ab5dd7a6215298cc7dc6904679889e60a09114b0f421b6f1286d0a6ab3dc887c2d3a48d53a7611ec270530b07a83ae1a2bfa6da42ab38bec3eb8ed1e207d91c02e74a31c29abbd25f5779189f5f2494ea5c3f4b829b96de0c54b3851dd58610c2b9ddcc2960f34fb857c5ab1aa67e8eb10a59639db2ddebd0206ae7ee56b21ef484e3c66003af46326f1c456ad2ab5273d0c0b2bf412f71f820ae12723c74e1857e0ae3d5587a0427c1595e06b1d5ab5e815a5558302e0d9c50b8c6cbd599eb554df6f7323b01f1353b557c565dfe0de51032a88541b49ab682a7dbe4dccb9b952ba9c9ce3bbff80af01e47953666327b8acd7d2cf363c6f7172caaf01d8e3417f768ab08f2cfa7ff26efd219e25ef0f9a84c7b116978eeafe3410972490203dbe49aec33f14d5592a466a6efe630904db9c77ece20bec7552b3dfb48d4e0427ce5024fdc0aec7271e93c51aab19d7a40670add6ea5820f625831a593137f60543e424892856b3bb9e608e88e65cc6dca098d5139a38ada517cd788b9f13618d9c2c31d7918cac6cd669710692797e61f4df3938dd429d977cc11e7465a7a23740052039d9b31cd26b95efba17bfcefe121fcbb762d29287145b11a3abb3e0683b9216a8b5d9744baa75da5d840e70cb310c507c4f7eef1d6535d8e11079edcb51df7ea63a7204e314147eeb57916171ca33c0f5932916e4d568d9e7dd3555500ae119f0c63045658303e1f4ea99c896eaeff3ebf76b2def0ea856a3f24cd76dc437236b71dad9a26fbf3882e81565851eb6c5b265a0721be43f0844f4d0e4296011e280236a0ed7656f2eb906e6b2ec4a8e5bf91eb7e8be889ded6d8492bb72f1de26cf3973249ebcb5c993d1dfa896a658a528aadf57dc28a8db32656ed8e416f96e1f89ac24d4ba587df31f3d2d8d7809d06c8b2d68eb15b377918424499cd6a7fb62e49a78831f0e4b1476bef657fb34bd59e34793d21da3f7bd0278bbea8beed261c697ce17f36f1cbc1b94aef11dd1dbf1c68496765258f4cfc8b5fdc9197d7260b733d2061f399c861bc5912ac76cfb62b9218196fe054b92a295a9b9526871167d436b830a7b4944f527fb4d75a036acf3a71a1a710f609f4e794f1d764a5317ac067e8194666dbc73e32b2870eecf8776bb7641dcdd6d764f91dec83fbb53a97e6531211dd8b86bbb57f8acd637f4b1b66fd9705a200e3081ea382262d54edb161927eb1d85cf7b9373a24607c99f3d66b85e22d2cd5cfe24020d56e0552bd43d803882128317d9a56e63a4808ed6401b662187888a0d0b311364fbddad07911b5244877eeace22ab5bd8501d748ed5cb05809e1639678c4c6cc43a3c2fcdd5b0970332429c3cde09d9556c8360f26caa744ce5e57bfaabcf7d124b2d4fa97d7e72f16cdfc35f87493717e2a852b64fa344db5ec72dbdf22dbdfcd12ff796d515d5f3fd3cddbf53426183bbd92e2fd3e91fca8fee1c1ef4f8d59036df9c48fc7677f2c4905b6cf4adcf448029c6c6a2968b13e3b77d578e2661ae7d07ef84fa098bae9a564bc8c507a103990c00a0e6d2854a1689f7b095a100b7f38df028baf20bd56c843c24f8ca4a81130256b13636440836837429c1c86ae1668d3b250108406acdd21b40450399872c1da6178184bf9c2cc11ad80caa9997d3c6631f09ba2a4d96e6b74313f1e40fbf8a29962648f400dd256c4852c556deca2e3443b858efa43d53efcd496bf5037a82e14868b508632bdb2dde924ce2cd6c65f1708c18cf49073e536f09e8fcfa9a44fdbc349ae75e17205754d3bb82d3ee8a93c59aea1bd7ea6d124224b11405f815ed518a1cb9a80191249ac1cc0e5c1f9aab8fe67bb737cdfefac82a89a7d6ae08bb9e1f710cee451d851b35ba9b886dfd9c277dd67891331d43f36353c78c65e9f3524e1b9b229c9f91de7b5ab16a66017d171e2a4e185481d33cb5bd9c5e3d93c49d2c620c16467bf4db73621957f76d656e6d4cb4d59cacf1209da4e39352554cc2abcc8e82379b4f819fd6d261c6d7615f85f6c5d0b9f57976836493367e1bbb14c57983aa97c6e4e7c4fe2a166284c904ac4f70ef2e52e4e7dbd677ace683cd61aa60b702770aa0ddf14b694bf3cfaeb585f8fd8a85bee2f78400a0874dfb4c319be24a46d1914b6e902d5de8d8375c9ec786ef6eccf1ee7a003f83d2e163097980a06ab9fe23c4ae8e91755e4217d3c302111febfa9dce02a49b217aef709d183a5ab8ad1d39e9a697a79be303fdb2290c827279ce187d1c647cc28e20c0b3ebcab2b1c75850db46211150a8bc5d80d868141f885f7a5ef520ecee6d33842141003df4ce066090c8359b5dc32dd9ecb1039454d0b691d8f97932b69981be240804e860a88d1a047f46ff43609b41ea36dc276b28e87364049940ea7b6dc78848221b30dc6aa1b60f17942c96c46e347606d14ef02ed3ebddb20f7f4d28b9460f4af047b772927ca6a046b7de2a21b8ce79eadb74e4825af5e19ac2955999d7304a35851a4b9086ff922da8845da10a55fbb62fd13d98d45f60842d0d6301cd72e7cb97bc84393a414f671e5e0115a6c1c26054a80ddde10e0a83a4ffd123504c881a844bb7187c604f87588dd0d0f11930f9a3cfeb7098f38f84923637f1a9f6b3e3d0899a156d50d7e740b118c4865ec5e69aac247a930007452748bea9af0af511cc1129740510b13f48fe07ef1417ccc765b2cd0138cb51dd71fbdbe967fc321082a9ee4bbd1ea404cb24971de5a1ee7d7993b5d11d67d30e8ba94a9e943852675a07b88a51df6f4abb507cdaee96726023855e4dee6bccb3e26a2a88fb60d812e7856c13af5f4fcb6776ba8e27a35bffc5e46473b31a4b83ea1a3376f4549af87d03102413faccc3fc897ccae95d2700163f1fc5170a643554169018c5cfcf8f50c7981270995d8aaa9f923c0679b258aab60f79111627b71404e1ce8751228972cbb2bebbe25973cf98bf8fe8e63575950a0aaa1ff060f01e96791d128d0b7b40855126ef3910ed7d7a6d9490618da352ad7b889f7d905bca2214224e170f30a088cff91921917c937950926cb11c04fdc6bee776b9abd2aa286ea5074e72756482fcb6a7d072edc075f99e02747ea49a40b26b58118b6692fbe55b09b054a044d1f481173e8923a74806cb770c4c61ffa982077f82bc4db7fee4ae2beed4673e39f5ff0614072a771034174a0f052ce39e27450d18920664e924ee963c9bbc9852fe68f30a199ee4856c1dadc08c061165867438bd3bb73f5a50f5131b7867dc80e0c5d43eae80cc2874d48edc910e7f8f9b73e032a8ccd7c348e84b4179fa101d488c2fc16cdf953e269a9cf13c0dfe575e0da49d7d2c09293296c0232bca9fe0aa8199b21e19746c4783630e432b5c7e1e25864fcd4deae07c2b07782d155fe6e6b5d9eed4beb9db47bae4007753d8be56b10723b5467c64acb0eee4cb9050b4ef2b57b630f4608af96fbe484816454ff385aa3765051408779384c6585f2e24662fcc3008dc17abb07ba9cf96ff4c795c97811e73b06c65e1b5c66c2e1873191d972830b1f53bbfedf8b5e8a64a29fb3b3eca67f1791652f9ac037c2f87c6d1d9d453b12d5d2b0c070a8084aa15505e240bd0c61895383f23f0460027d60dd9efd8539807f717bc353f9b858b9bfd2acecf2190e280faf6a1603566ff8893dba33ad3300e10438241709ba7413fde84810b966b4556f9c8a51aef27f9b9010e7b6208715169a585e42bf3f7333209afb5b19c0de7722004850d53329d93e2e4909eced3da67dd7d2c82a4c9d0d7cb6f5ff7dbf195e8b39ba9cf0c1699ea1f8b6d1293509774ef3bf48597146a60aa5b6eff2bc8a64f9ae9a81becb9c398ab9676d2cecb14d28f819d08050269bb0ca9bcf59d5c9bd2fe2bcdfe82a8f037781c6275c9229b0729cd085e66e2712bdf22009440c4136c2daa54e547386e1acd16a1d30f3d55c1ef0fe10c108210b9d8894d31e5ef17b049106700bae524eef744ef4b3a69e9cfed4efa9b0c9262177f9fe16f5b1fe5bfe5fc6a611e6ffcb9c5f329d4e328cb69912f0dfb7f4a83d326cb20b053653663096870e7ad2753e992dced7405a00a39dc55e652eb6b2e1b1e9782b42f443890c4067b07376c6f0fb2ea6589e04a8eb39a94d913d9f4410d238e6880c167a0a23b266577c41ec3e0f513eb7fc948c12b26ea2646c0481488417d9911a0107ca0ae11c2c4b8c2eefa5144ecf8b149d22abbd26d1b2a3fe51016b9bbfd229c090fc2fbbca4803217c991e36f86d4720b45ae45e6b20f09fcd8e5decd79997e79177bd67de7433282c1d0be5d585a71c873e7171a133d9f5ea35ac0ac5c1a643279ca66a365d278d14eee3ea90961eebb3f6c098c00d051d4716853ec7069be2a4625cef4c0f72abae5309d2709901d05217fc3e52049c4aa16b50121e43ce491d1bc9adb01679ec25ab5009f746170c2517f0072f16c574cb447c6d8ce4a2e45426900463c5303413bf4fe7fd64c273b404cf936068cb3085c3a81b9872ad2cb79aa4c051e7ad97cd4e8c6b94bb0df87e4347ca6f11f155ea265762f81eb0e9fbaf3dc05157eb9f12596ccdf9193018a2226824db6bbebf4e89a070688f698bbf23f30dfb04db7c3d804a7587ad0fd03e68cff7e516e5109e328e1eb3b887a6aced15804f2c898f41c5452e160ca30e35843705c150bad932d2d3fbd791100b1535d9f3306dcf127fa49c1a36b172f46b1fb676ea8783c23edf89b2446560dc1b95b39f80eb9d0994c8dcac9a5a304c554133e1d6ba368468a17312167cda37932cbd4b93c58b7ef772d56d4311182a680e19da6fb938848aad40242856379310b61d6113de6814644092712133823ee2281639b52cec52ab0dbd65ddae631e7113ca75a5476797cde5f5456acbfe63c6ca8b83774690eaca3a019771ca0e742815ca5645418730ee17f52fa2531e5487c10da3ee080acd50fbd19710ed5cb924e28a18985132afbb7d2ff90f6c3855c56970854b9a48ec4f7566d2829e271af3f0ce26742602241fef70461a484499591a9079ed53aed113589fd74918146e1917a063514d7eaa7f4720a386eb2f32b6d35baaa5d36c2013eb405cec607202f19bda80bfeda8005c5d1582208b861437fff41ec0708a6a98f2b4b4463141c1c312a8115509e363a274864898be996176049d5f7e6cba76b3a37c9b2ee9553fc70f79503797464d736d97d0bb4741ea8ad14fde6f18fbb02ae97e5a77bc1527a13f18624927d79aa5b4df2dffde7fb5356e521c7a419209031df8138838151c7e90783c9af133b6961b44f8de89d6348b191cfa6c0ab652746b8582134537727b18c670691f3c1e8ca0e3cefcd26111bef476eb816482b7726399c86cbc98f0f06929c26cf831163bdbe1fa8d8f96a65d3bbb3d37657cec4b77516864cb32404996dae1d0d9f3c12b7f2698f07930b791813b7ccf0f0dcd3320b78833f077ee55aae156af804fa9a15e60c709fb30b06ac092bf97a4fe4732ea7bc93aa73232024c80434b4900cc30de20cbc1ea407746fb186a610fe31635766f5edaa8c9ae974ff8cecc4e7e391a50bdb34ca1dec15e7e8664d7bb59852cfc1fdb361b235c803d70cfc90c229078079619b4a8086a68d420ee1d7fac403b18c7f6aad91612e2f2b9e5e206bf897bd98a3b24a0637e2b986ae7f5d376bd63d63f6c4f151ce7eaa97a30d9d51f1a9207dca6b596831a9b92517b9d5571e72b4a06c07d5ff0d325896a1b32e9fb4f9d67a903946b205fba7beda108fde3fc503c7352c59c03bebc2891007fbe966a0441a7f4bc8320b901563ac8eadba643bdfc1636864d33549a1b9ad3ce01bec94b631ac6f46c453c57c62f2cf0f76d9f1e0731e266311624a138e607e699c91e37a33096117f418b4c92c66d96fa1b1324cfb569e3d558598ee65e69b8e0b9625d551af54a09db8082f2fa9da1386f92245aadaa13bfa3cf5c39fe455180bbb5e2427e4067bd2f5a5c755c31405477ba832dbbdd4af66acc7c11e576f700e24fb4c26160b4443b8c17805238519c7c732df774b92579e02a8da5e9a17e3c20e92afba7fab49000a7b83987ea48d5854a0411615462cabd245ab3f49ba375ef179c0a78059ffc14264177a6e45dc5f2fe6c957a313ba9889fef33b788933bb37a17943551db9cd08fd8d823fd0b35110ad589c3bb3af4f69bd1c7c7a3e726f933e4a0cb1209e75ff14910061c3750b9312de42c86838d5c35a681899c25220ea87aff02bf72fdd8745f5d751e6d62861496890c956143c08a222774974789bb46924b68a6e3138ce9dbca622e78c5aeed8215de4ee5c1f8312b6349a91ef1e210f18522b7a644700e90eff995e950c8eda05d0bb8e799ef32a7ddb8a87b4120a798a3f87cc78b6db0c7947b4786db1618c523203c097ef3d3dc0f4e1e87d0d597c4eaaac05a033a3fa91309c05cd8c14de649d7dd16d8ed81e5290950f66b66fd519a2a16fc6b3526f97aa1121b4fb52b30640122dfb50ff619fb5c88eb1c4e6ed7f6d09fd29e27b3375a1aad5b09f8175157018467f883ba385208fcd32a50a311b22f7951bd0e912d234364f8590e247dea604872f9bb847bb32b3906339f5698d6e7c0f2a3ed17b194239299091f5ee4ed51c75b76bc949cf05df5dd03cd8a553e7ec81881fdc1e15cef5e72eecd7843a981eff417682604769e302f378ff9519cdbd3ba2bfe50f85a903aa08b900118226889e9bc68124777f6e02fb26fff91d1f31d3828243cc46d4b4fa2965445774e0ddc521fe5fc9626fe3428403e746de0196a45e4ff75c5d6acef57f662faf27294be80fed39778a7585b41178ea38f64893f9a46334af6425a4aa46e25e92b0d77750c6737b237dff19913fd9e69ed92c4b6671b4226776b34ae2468907c654bb0f619b2c9b55920fb99e97bf32212f852b615689f3cf4c03d51d1587455b5720692430fe2684522bfe6dae871aa2ff5f00045861ffcfc219888fef8320bec1307236a7a42dd4a691cb6cd4d8436f31a3f2d642b05946dbfee692aee0da31419f9b8bc0e1dcf89a8ffd7856b21b1180ebc8ad75308b1370b93d680e968bcde7d235f601760a5d181f7b55daf330a001ae1da86c130c76fbd956442b6c705889d665560f8b34663390592d85ddde790e0f4f1f0df09c1c6f95477f9d72dc0894b2efe2c3d162ad80f80cae03a06548014293a02f00d6386723d42ab09052f019a1d71d88a78db27afead58bc516be8d23893f007a17ff47b32777752a15648d0ececd345aee1f36c58abb7efaff5567100c0bfa54f172c862e15872abc9d96cead6688f02ea8466fe1134bd3756c6f0df8903fe7935dbe3e635da368f13a10e3018cfb5557d38f859a983a54d660a02bdb3dac2922e7a37651677bfc664d58df59ea625e8e63ee776bcc2937b921f5544924b75cba04bf3cd0df831938f9e9c79572e8492d884646244990920400192c63e15024e2e1239f41390bf7c0e18f852e23d514256ccb8ccb2726710401c4306657fd75eba94a353987780a6d6219012cfe80858060e37652a84ae89d07f5d651fe82a2a8d0e8568492156713b1f76e89e12f76a0254da7d526df51a089600f5b7559afdc63d4872fe8d6ce00a8d0c9b00db5ee676ae2545e74fb7b39f8345a67913b234cfb4f6e3b4e2b1e1f4f1c7fcce8c09cdeb6a1a21bd2370004e583ef62971aec24ce0c6c049b6a2e22081d36854956a362b6cbad48049d7d5f90134d3e77febf87bf4a32c07cdeb36c9cc56b2b3cc8c8b47879a32ff00f3b2e977cee0acb30fc424dbfe24c88d1a08d047925cd7d65a5834e56db2b3e7e0a23dbf948c799db5a48fd4a5fdea43913b2b2c149ae9a98f452b797b55abe1dd44b30232387f466856d6c38ca735dd6175b455363dbf228ef52e443da22a1ee3a158ee304d9ca63c110a3d19ca3bab6d1745affd81c480ff8bcf5f8f7c1ea6d08a7b3c3958c324d42732711170e19523bd209134674b184d4d442a774e04d6eb4ac89a6d018cf0bb68a73da87abce127e57428cf73a5a551c85ea8c376ae951cb8357506f037d17d163172dc5764682c753050f35c6802fb269d7490b196d57bb8a1ada55da7550f82357320e14cf573ed39860f02a11bdad917b2ba2de885c7ea8b30dd62bdad207dfe10e97c8b71abbc8c5661a4483bb6f9488ada0f5885c471cfc1271b60d54f903317cca28ce977f4444cefac5c2ff233dc872d4e809091f8452de9c774ab3bbebf62de92cd6aa7421a41f7d1dea42e4f94bd3a4869c958f3940a99c88835ed2f4021114b9a5bb17240f468887b213814956f9f5e6344cbae19d8753b97c7ce2e9d0954a30dde23dea2748e1c9514672bf4ea3ec3e348a563d9649899e7227708e2e77d0fc5847dc16b59ac3dea9449c176dea2d2ff6b6af764d28dee5ccfd0dfd6e3100d97040657d7ac5da4032e3b7f6b0cef2ec55a83350c3045abb10200c264e6e68e3e03b68546ae48a538063b86315bb8073103a812717f2d8816534fa98d0e956e0f9a67bcdc522cacefc77b0be71832a69ffb72fa15ca4d8b15f7fe03da0f4b24c5fb68e5f3a2297bb0cb0b7bfdeeec4deb64bf71f57820d62c47276e2780b4341b6bc65ac49be09c94013783455a95de92c11d91b9e921a484ed69532b92e202d684d2293a2666709ee38d2114add4c5337bfeef31d481e12530c5c7e83a6c8aa2f580f6da2d735ee5260cf9a7185eff84eb22d6e0d5ac0e63fe6a3def819274a144be5ab90fa157bb7517a54c208aa82da926d5b09ba649e326a654fe8fa9dd7e6d83b0a66253526e5b5aa03e665f2eb4678e8293110420c9d7556df07c7dd1c3e817a4c7409890c4ff5044ecdb34eb652a4d7e20b4b0d596f46ee3c3dad675e958e91c3b40f2d22e671bae51518443042c529c31e343647d6ddeac7ec370970fcc71a24a0826b58d111e9b776ac0e2fa40b3099298ffd0d1c04d41ee1dd039425f52f9f8057ac1f206203f20e1ae9cbae356518ba2fe9e49b47e36942ed7204f3d7da9e71b8d69df3ae7b2de05a13a879af6a1ea6241c645ed73c139e15060aeab6f423c2180dd101863a24f1688ec1a33edc624c3f5e80a20e4cc5c86ab2c692c2d3d17d8a68bb3924efffb29c9fc3df937526452d82a8ca9a558c75d6b2504df1b66c91823216a1c3b3bc39dee0d22491b9c891b9eea193c8af8a992096d0cd74630f7222e9a3530034a582f40601a694cf1085fda7fb33b07332c6aebfa70e2ebb8d7ccf19a69dfb5e4c166add5e153504eeec92f4ea2fe47f291625e1c470b832a488f884692b8ec49b96df235f193027ed38fb4d8b88ed382825df8ffe5b0c6fab8db3e38d60d467f9da725023deb72c378258e911442afae4db650be3621a033a3b84eee65c4c0664ec6d5771cc138937434a6a361de3dc1c12a2a6735f080e94314ddf291516971af252e3cc56e1c65ba5cf8ac2538878b22034ba458e08db26205608ae941a42a27f2643ded87bde626387c2b791ce57991dd2ba08010237279cac2760e19cab9059b229ea002ce4d3b4afa495230e424752f289003a240f5cafc7a83112636321107918d582fad2606a4319199a06ef2cbeaa3e1a4d8c30501aab796f5cbe15453b61218a396b79c547d15d5c11033b3746b432b426404f7b0421b9daafd9e8558f1901283d58e173c4db0511ee826ddc6363eb51e0837c9be6b2078d808d2c05db7495d29322ee6af68b0d52c45f00a59731c0e5b2608ae046af8bcf830f001ffd2f955ea89bed216e71ccb5b44713e2abf5ee5438d63829c9aea34b57f7ab52b820c24a7e9fa138243e4afb2df93588e805e719c1767146a351debb34678a86dd19f0587af31195460a3aa3e68773859fe13b47b6b31a501b4a25c6660cfc47f3318b33b77b10ed4ba91086482db039a56fbd1490f440a6fbb280b62b6d2333afe1c42c3f16865b9c0e484a4f6f393b8bc34fbba856cc5ffad2fe423e79f691b95e7e0dbdb2b2757d9d4443f9a23a8b1bfdb16f8bffd81b4789f80f1fc4bf751627965755d008d134e2c35da34f54718615e9deaca0685396ae7e58121327e0c0696591f6af93f2999ebd3b4e03cfe2a48b2b94015eb06b2a1031ab5e129b2700648fd62ab75f77734b89abb402282635eee41606eb306619e2dae84488e2aac1df54f78460b36115072a2c28801fc122482f1d46de4b2eec07bbbbcf85f30ffb3829c5d0fdbdf3af8c6322d62f4c55ebe8fd52728e2d5d1a24f096fffcec6ff2e752f75", 0x2000, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0xee01}}}}, 0x0}) openat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0/file0\x00', 0x80041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 5.429946536s ago: executing program 3 (id=1350): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0)={0x0, 0x0, "a2938c728558"}, &(0x7f0000000040)=0xe) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x69f1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r6], 0x24}}, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x39000, 0x0) r7 = gettid() r8 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e030023000b02d25a806f8c6394f97324fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f00000000c0)=0x0) timer_gettime(r9, &(0x7f0000000180)) timer_settime(0x0, 0x0, 0x0, 0x0) r10 = socket$tipc(0x1e, 0x5, 0x0) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r11, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r11, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r10, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) 5.156535292s ago: executing program 3 (id=1351): creat(&(0x7f0000000000)='./bus\x00', 0x0) mount$9p_rdma(0x0, &(0x7f0000003640)='./bus\x00', &(0x7f0000003680), 0x0, &(0x7f00000036c0)=ANY=[@ANYBLOB='trans=']) 5.092329465s ago: executing program 3 (id=1352): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x80000003) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) r1 = dup2(r0, r0) read$FUSE(r1, &(0x7f0000004380)={0x2020}, 0x2020) read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x2020) recvmsg$unix(r1, &(0x7f0000000040)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000003540)=[{&(0x7f00000021c0)=""/155, 0x9b}, {&(0x7f0000002280)=""/93, 0x5d}, {&(0x7f0000002300)=""/231, 0xe7}, {&(0x7f0000002400)=""/133, 0x85}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/4096, 0x1000}], 0x6}, 0x10022) 3.916036137s ago: executing program 2 (id=1356): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x10, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="6e0c9b6b38d8854d85727d43ce556eb22c5cb5fc81ee9f9941ba0c6c60c1ab528285e82284ed3c1478e8aea7dc02172e3a9755e16789af43f35444c503b905f0f48c295eead1cb90085023fb1d3546e33e6107011b1d3963eff1de242c4d51df88ffa9ef6dded54bd702fc891616a60466b0771476907653531caff22970069d23a621056e995789b2d6982d03f9c70ccf029dbb31868224a803744fe50b1497de47c94a58b49784ac42a2a16cb020fe53504bef26a4bc09df87bd132ff20d29544352f2ccc6ab2fb5ab1bbf820fec0af6b091e26d0f4af751a4cec7c5ec739b29aba620d4854355ad12b4177e4792b90c005f7b4fba056e5211236d95be73f601c5186ac23f672db56762cf54bcb034f8d485103661412189d5919fe63b0179465a5026cac8a590f6b49d35e2bce1876cef5625e99d3d5dbda46431f10a1e772465704e64d919ed70c0f085e74d9a9acb92dd0e85c66d1ef0681205b9b09ebec13b243bc18a0a912f3a511ada1d78030f8437f97674b02f3181b33d43cba3004bf9aa25d02bbbacec283716fd18773e3b75e431f340d11313c8689283501b78087f848ca54a3016ea180443e3e08c7fee7b1222bf36713d9468508086c8f6bef47fab5603321739203565512ff0c4d247673b6b7cb0a6644e13003fad2b8dd5db73676dd6864fe8fedbbe88ce48a52565cf476404238f4798c3464f45107a8ea93bf0c8b29bbe8c9ed55eb98891fadd2eece5c8e604472ea44a578aece6876980f880d431e5783a476ffbcadc4658f4761357333668ff890d8b33a583f61fe774cb05c93bc223742046832ac9de4f7e2f3dec915f1092174c7e1908bd155d08a666fd16e60b14f2906eace05a2763cb1b7638a52a60234c4c3ca6b2dc866ffa89f8a7bce7b3882918e028903f5bfadd98a1da11ae806faf0031ee3bcf02086bca65d3ce02bed0d96437c386c7ca345ad91080a0aadeae1f08c83c319134bf157f986a7f019581493f91f267972ccc5c6f6c9422e679866b56cf278ec2358ee779696caa04d439583be641043874375dd7782e98f359aaf7eb722aa393e3e0846c2f199f189ca83c8a3a64b3ff650fcedef52b366c6fa49e135ce98eac96ba4e2081dfb28e9234fdd9c00ad99ad9f07e1912dbede37cdccade1536c1b64f62321b40648faab1e282a01c342cb879bead9cc1a2b1ec15af2be7d34755834030768643b318e83cd4514448a8aed0c73e477eae4d6dc46e4a56e52c773377282c9dc7210e921b5ca0aa256c9d026ed0f11a00ea72896ebe0ddceae01d915a251045cd7c111a9a5ed31e4309ef3febc86ddf70f1b6d588699cd4fea874599570ddc142773c7c376688f696fd4c412bb570de5959e3174e0938cf99b791e1f4b1c5b3caf3ce36333a2d18561992644da22673938ee524a73974ca5d5d9b5fead6e84d20a479c45454ec40dc5c05d4e3236f950ff0b50d842062cfff7f51d9d68ad93ca5dbbbeb7bf624044d8a4b2e4a83a9c4d378ae187f706802b55ced5c6334f78210daffb70527aeccf1807fb2743264daa59d9e040a5c744851e880395048c15670e311e7c267a45966d89cf9f042cccf4be4fd3ca9e21a033d2a108fb318f5e392d5393a544cd7ca4e6500a819f062740cc3ecead9745116be7c9fd46b6e5afea5348ff5808ea582a8efa958537d99318c50a6dbf9eadd035c309a4f4f7ddfb95e89fa73eae672423bfbbe5b64a9626d30ee5797a49b31a46dcea377a24e02bc1a000bc09ebe03c1c7417379957cdadd93f3830e912d18c6ba302a41e5bc5127a482c9b426afa53f30302b9e1ebbaf4c85e42b418f89afc5515cfcb0b29143785e4c2146424335e16769ff526e57d419ce9742521748539371e1ac32a7d0eeff94fb07704e0d58e26c2206f1309c8d326952de382b3d8485442019730b1e2a504dd04131e7eae0e1776b8799d5f8844c90d596104dd235834e92ef086995e0e02b3472a9d264313a851ddc9f21e715cea39cafd31345caf1dc2a53e425f5bb41894285a339bcf6f233f2a9584e291bf6c047e57c0b2fba8d56f0452c9984f31f743f688e18cd3b214b890acf53a7a7e1497e4454792cde12fdf5c8856c4ade74ad49d74082f4795cdd00699e7e3b0b84cbf3955183168c92d34a68cdb7b2b032b4cbdd20d5eabbd55d2efafab0eae62c8f2f073240ffe4b165a63a42ed8cd847eca9134add6f5c16cdc6be77b4b5c8c5b477ff5163d44abfb4cadb97f36b8756b13d249c76b1b029570487aa739bda945ebcff4ea2ffb5e68b9334623e0f7466cc34288df9ed86ee5cf218ce33c5e6d91f07463b2963b9b2f228f33588124f2b57d52b288a51462c309d2823b46d5aeab356960ec766679dd391e3ef0dba9286", 0x6a0, 0xffffffffffffffff) 3.348004586s ago: executing program 1 (id=1357): r0 = gettid() r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r1, 0x0) accept4$x25(r1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) mount$9p_rdma(0x0, &(0x7f0000003640)='./bus\x00', &(0x7f0000003680), 0x0, &(0x7f00000036c0)=ANY=[@ANYBLOB='trans=']) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f0000000040)=0x5) 3.098723269s ago: executing program 2 (id=1358): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0)={0x0, 0x0, "a2938c728558"}, &(0x7f0000000040)=0xe) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x69f1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r6], 0x24}}, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x39000, 0x0) r7 = gettid() r8 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e030023000b02d25a806f8c6394f97324fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f00000000c0)=0x0) timer_gettime(r9, &(0x7f0000000180)) timer_settime(0x0, 0x0, 0x0, 0x0) r10 = socket$tipc(0x1e, 0x5, 0x0) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r11, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r11, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r10, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) 2.979148484s ago: executing program 2 (id=1360): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000001480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68"], 0x0}, 0x90) syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001018b75000905"], 0x0) syz_open_dev$evdev(&(0x7f0000000100), 0x4000000, 0x0) (fail_nth: 3) 2.917267243s ago: executing program 0 (id=1361): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000001c80), 0x8) (fail_nth: 3) 2.748982776s ago: executing program 0 (id=1362): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) dup(r0) socket$l2tp6(0xa, 0x2, 0x73) socket(0x1, 0x3, 0x0) socket$inet(0xa, 0x801, 0x0) socket(0x840000000002, 0x3, 0x100) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 2.695169104s ago: executing program 0 (id=1363): pipe(0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000780)="86", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000280)='\a', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x2) 2.638976735s ago: executing program 0 (id=1364): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0)={0x0, 0x0, "a2938c728558"}, &(0x7f0000000040)=0xe) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x69f1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r6], 0x24}}, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x39000, 0x0) r7 = gettid() r8 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e030023000b02d25a806f8c6394f97324fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f00000000c0)=0x0) timer_gettime(r9, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) r10 = socket$tipc(0x1e, 0x5, 0x0) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r11, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r11, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r10, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) 2.415985324s ago: executing program 1 (id=1365): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0)={0x0, 0x0, "a2938c728558"}, &(0x7f0000000040)=0xe) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x69f1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32], 0x24}}, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x39000, 0x0) r6 = gettid() r7 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e030023000b02d25a806f8c6394f97324fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f00000000c0)=0x0) timer_gettime(r8, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) r9 = socket$tipc(0x1e, 0x5, 0x0) r10 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r10, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r10, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r9, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) 2.415639325s ago: executing program 3 (id=1366): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x10, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="6e0c9b6b38d8854d85727d43ce556eb22c5cb5fc81ee9f9941ba0c6c60c1ab528285e82284ed3c1478e8aea7dc02172e3a9755e16789af43f35444c503b905f0f48c295eead1cb90085023fb1d3546e33e6107011b1d3963eff1de242c4d51df88ffa9ef6dded54bd702fc891616a60466b0771476907653531caff22970069d23a621056e995789b2d6982d03f9c70ccf029dbb31868224a803744fe50b1497de47c94a58b49784ac42a2a16cb020fe53504bef26a4bc09df87bd132ff20d29544352f2ccc6ab2fb5ab1bbf820fec0af6b091e26d0f4af751a4cec7c5ec739b29aba620d4854355ad12b4177e4792b90c005f7b4fba056e5211236d95be73f601c5186ac23f672db56762cf54bcb034f8d485103661412189d5919fe63b0179465a5026cac8a590f6b49d35e2bce1876cef5625e99d3d5dbda46431f10a1e772465704e64d919ed70c0f085e74d9a9acb92dd0e85c66d1ef0681205b9b09ebec13b243bc18a0a912f3a511ada1d78030f8437f97674b02f3181b33d43cba3004bf9aa25d02bbbacec283716fd18773e3b75e431f340d11313c8689283501b78087f848ca54a3016ea180443e3e08c7fee7b1222bf36713d9468508086c8f6bef47fab5603321739203565512ff0c4d247673b6b7cb0a6644e13003fad2b8dd5db73676dd6864fe8fedbbe88ce48a52565cf476404238f4798c3464f45107a8ea93bf0c8b29bbe8c9ed55eb98891fadd2eece5c8e604472ea44a578aece6876980f880d431e5783a476ffbcadc4658f4761357333668ff890d8b33a583f61fe774cb05c93bc223742046832ac9de4f7e2f3dec915f1092174c7e1908bd155d08a666fd16e60b14f2906eace05a2763cb1b7638a52a60234c4c3ca6b2dc866ffa89f8a7bce7b3882918e028903f5bfadd98a1da11ae806faf0031ee3bcf02086bca65d3ce02bed0d96437c386c7ca345ad91080a0aadeae1f08c83c319134bf157f986a7f019581493f91f267972ccc5c6f6c9422e679866b56cf278ec2358ee779696caa04d439583be641043874375dd7782e98f359aaf7eb722aa393e3e0846c2f199f189ca83c8a3a64b3ff650fcedef52b366c6fa49e135ce98eac96ba4e2081dfb28e9234fdd9c00ad99ad9f07e1912dbede37cdccade1536c1b64f62321b40648faab1e282a01c342cb879bead9cc1a2b1ec15af2be7d34755834030768643b318e83cd4514448a8aed0c73e477eae4d6dc46e4a56e52c773377282c9dc7210e921b5ca0aa256c9d026ed0f11a00ea72896ebe0ddceae01d915a251045cd7c111a9a5ed31e4309ef3febc86ddf70f1b6d588699cd4fea874599570ddc142773c7c376688f696fd4c412bb570de5959e3174e0938cf99b791e1f4b1c5b3caf3ce36333a2d18561992644da22673938ee524a73974ca5d5d9b5fead6e84d20a479c45454ec40dc5c05d4e3236f950ff0b50d842062cfff7f51d9d68ad93ca5dbbbeb7bf624044d8a4b2e4a83a9c4d378ae187f706802b55ced5c6334f78210daffb70527aeccf1807fb2743264daa59d9e040a5c744851e880395048c15670e311e7c267a45966d89cf9f042cccf4be4fd3ca9e21a033d2a108fb318f5e392d5393a544cd7ca4e6500a819f062740cc3ecead9745116be7c9fd46b6e5afea5348ff5808ea582a8efa958537d99318c50a6dbf9eadd035c309a4f4f7ddfb95e89fa73eae672423bfbbe5b64a9626d30ee5797a49b31a46dcea377a24e02bc1a000bc09ebe03c1c7417379957cdadd93f3830e912d18c6ba302a41e5bc5127a482c9b426afa53f30302b9e1ebbaf4c85e42b418f89afc5515cfcb0b29143785e4c2146424335e16769ff526e57d419ce9742521748539371e1ac32a7d0eeff94fb07704e0d58e26c2206f1309c8d326952de382b3d8485442019730b1e2a504dd04131e7eae0e1776b8799d5f8844c90d596104dd235834e92ef086995e0e02b3472a9d264313a851ddc9f21e715cea39cafd31345caf1dc2a53e425f5bb41894285a339bcf6f233f2a9584e291bf6c047e57c0b2fba8d56f0452c9984f31f743f688e18cd3b214b890acf53a7a7e1497e4454792cde12fdf5c8856c4ade74ad49d74082f4795cdd00699e7e3b0b84cbf3955183168c92d34a68cdb7b2b032b4cbdd20d5eabbd55d2efafab0eae62c8f2f073240ffe4b165a63a42ed8cd847eca9134add6f5c16cdc6be77b4b5c8c5b477ff5163d44abfb4cadb97f36b8756b13d249c76b1b029570487aa739bda945ebcff4ea2ffb5e68b9334623e0f7466cc34288df9ed86ee5cf218ce33c5e6d91f07463b2963b9b2f228f33588124f2b57d52b288a51462c309d2823b46d5aeab356960ec766679dd391e3ef0dba9286", 0x6a0, 0xffffffffffffffff) 1.78740425s ago: executing program 3 (id=1367): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff1200000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36cd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151a8cc245cc5a4de925ca2a730a00c87c493dbfa60e63fda97a29682881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c75e0cf2f94b13ecb66d20e48d192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d8740e5787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc97204b767dd969721a26aa74"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a40800", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000005900)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x4) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x32) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000070000000e0001006e657464657673696d0000000f000200"/46], 0x34}}, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="e0000000", @ANYRES16=r5, @ANYBLOB="020028bd7000fddbdf254d00000008000300020000000e0001006e657464657673696d0000000f0002006e657464657673696d300000a100a80046d680cf5dedfde3c68c8a4717734ab6305543353d0cd35a90a4d0f641dc97ad70865bbcbf9e86993140854d922a49e3c3dba26672cb61bb2da1900eef86cc438db0be0e2e33b7e8da35db4bede9577dc1605a717427429c74b862c9740e8209d6faf49e6981b5d8ca1b183ff9edb650f8fa3b862deaf358d9eda3e59853b05d52bc078f8a51c54a067b1af03d376022f2120c3b824e0f3c9a6ffb2cfa000000"], 0xe0}}, 0x80) creat(&(0x7f00000002c0)='./file0\x00', 0x40) 1.715614564s ago: executing program 0 (id=1368): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)=@mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "edafd7d2"}}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f00000000c0)="1a00000082000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r4, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc) r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x100000000002, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '|^b!'}, 0x0, 0x1, {0x0}}) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "186856f3"}, 0x0, 0x1, {}, 0x0, 0x0, 0xffffffffffffffff}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000000c0)="0b1c6840a936a0e377c392a7a3b38e1d", 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r8, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r8, 0x0) r9 = accept$alg(r7, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r9) setsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, &(0x7f0000000200), 0x4) splice(r1, 0x0, r3, 0x0, 0x4ffe2, 0x0) r10 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000004800010000000040000000000a000000", @ANYRES32=0x0, @ANYBLOB="0000000008000200000000001400010000000000000000000000ffffac1e0001"], 0x38}}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x0) connect$nfc_raw(r10, &(0x7f0000000080)={0x27, r11, 0x0, 0x7}, 0x10) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc058565d, &(0x7f0000000140)=@multiplanar_mmap={0x8000, 0x1, 0x4, 0x20, 0x4f92, {0x0, 0xea60}, {0x3, 0x8, 0x2, 0x8, 0x2, 0x6, "4cafb4f3"}, 0x2, 0x1, {&(0x7f0000000240)=[{0x51, 0x10000, {0xfffffffffffffffe}, 0x40}, {0x214, 0x5, {}, 0x5}]}, 0x1, 0x0, r6}) 1.543706631s ago: executing program 1 (id=1369): syz_open_dev$sg(&(0x7f0000000380), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x8, 0x4, 0x4, 0x675, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x303}, "4c649c02ce55033e", "8e398f5b97364adf5ffe73a1932848fc", "cca73fdc", "1d1c444b0a2eb27d"}, 0x28) setsockopt$inet6_tcp_int(r0, 0x11a, 0x4, &(0x7f0000000100), 0x2) 1.541850412s ago: executing program 2 (id=1370): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xf8cf5356) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r1, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$snapshot(r2, &(0x7f0000000080)=""/167, 0xa7) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r3, 0x40096100, &(0x7f00000002c0)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x3, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) r5 = io_uring_setup(0x4d63, &(0x7f0000000380)={0x0, 0x0, 0x2000}) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) getpid() openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@loopback, @multicast1}, 0xc) 1.502600828s ago: executing program 1 (id=1371): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0x541b, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) timer_create(0x0, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000b00)=@newqdisc={0x120, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xa}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_STAB={0xe0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x42, 0x0, 0xfa, 0x2, 0x2, 0x0, 0x25e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x5, 0x3}}, {0xa, 0x2, [0xffff, 0x6, 0x1]}}, {{0x1c, 0x1, {0x0, 0x80, 0xf9c, 0x0, 0x0, 0x6, 0x8758, 0x8}}, {0x14, 0x2, [0x9, 0x7966, 0x0, 0x4d3, 0x4, 0x0, 0x67e, 0x6]}}, {{0x1c, 0x1, {0x6d, 0x3f, 0x9, 0x8001, 0x2, 0xb, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x68, 0x0, 0x0, 0x0, 0x0, 0x6}}, {0x4}}, {{0x1c, 0x1, {0x6, 0x9, 0x3ff, 0x3, 0x2, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}]}, 0x120}}, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001840)={0xffffffffffffffff, r7, 0x25, 0x0, @val=@netfilter}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000400aaaaaaaaaabb88a80000810000008848"], 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 653.949713ms ago: executing program 0 (id=1372): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r4}, 0x40) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_ethernet(0x11dc0, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r3, 0x1) 558.753946ms ago: executing program 1 (id=1373): syz_open_dev$MSR(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000200)=@overlay={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "12848098"}}) read$FUSE(r2, &(0x7f0000003800)={0x2020}, 0x2020) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000a000100b93a59cc5aa90000140035006d616373656352000000000000000000"], 0x40}}, 0x0) r3 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b\xba\xdf//\xdc/\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.872282][ T8689] RSP: 002b:00007f1708063048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.872300][ T8689] RAX: ffffffffffffffda RBX: 00007f1707506058 RCX: 00007f1707377299 [ 237.872308][ T8689] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 237.872316][ T8689] RBP: 00007f17080630a0 R08: 0000000000000000 R09: 0000000000000000 [ 237.872327][ T8689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.872336][ T8689] R13: 000000000000006e R14: 00007f1707506058 R15: 00007fff7da13d38 [ 237.872350][ T8689] [ 238.511052][ T39] audit: type=1400 audit(1722139557.626:566): avc: denied { setopt } for pid=8698 comm="syz.2.986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 238.656292][ T8703] XFS (nullb0): Invalid superblock magic number [ 238.690256][ T8710] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 238.693405][ T8710] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 238.703617][ T8710] vhci_hcd vhci_hcd.0: Device attached [ 238.709052][ T8711] usbip_core: unknown command [ 238.711187][ T8711] vhci_hcd: unknown pdu 3020988904 [ 238.749241][ T8711] usbip_core: unknown command [ 238.755484][ T1106] vhci_hcd: stop threads [ 238.757343][ T1106] vhci_hcd: release socket [ 238.759330][ T1106] vhci_hcd: disconnect device [ 238.824907][ T39] audit: type=1400 audit(1722139557.936:567): avc: denied { mount } for pid=8702 comm="syz.0.988" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 238.916841][ T8718] netlink: 24 bytes leftover after parsing attributes in process `syz.1.991'. [ 239.683338][ T8729] FAULT_INJECTION: forcing a failure. [ 239.683338][ T8729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.683408][ T8729] CPU: 2 UID: 0 PID: 8729 Comm: syz.2.993 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 239.683429][ T8729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 239.683447][ T8729] Call Trace: [ 239.683454][ T8729] [ 239.683467][ T8729] dump_stack_lvl+0x16c/0x1f0 [ 239.683499][ T8729] should_fail_ex+0x497/0x5b0 [ 239.683523][ T8729] _copy_to_user+0x30/0xc0 [ 239.683543][ T8729] simple_read_from_buffer+0xd0/0x160 [ 239.683568][ T8729] proc_fail_nth_read+0x1b0/0x290 [ 239.683589][ T8729] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.683606][ T8729] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.683625][ T8729] vfs_read+0x1d4/0xbd0 [ 239.683642][ T8729] ? __fdget_pos+0xeb/0x180 [ 239.683659][ T8729] ? __pfx_vfs_read+0x10/0x10 [ 239.683675][ T8729] ? __pfx___mutex_lock+0x10/0x10 [ 239.683692][ T8729] ? __fget_files+0x256/0x400 [ 239.683721][ T8729] ksys_read+0x12f/0x260 [ 239.683737][ T8729] ? __pfx_ksys_read+0x10/0x10 [ 239.683756][ T8729] do_syscall_64+0xcd/0x250 [ 239.683795][ T8729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.683817][ T8729] RIP: 0033:0x7f1707375d7c [ 239.683830][ T8729] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 239.683847][ T8729] RSP: 002b:00007f1708084040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 239.683867][ T8729] RAX: ffffffffffffffda RBX: 00007f1707505f80 RCX: 00007f1707375d7c [ 239.683880][ T8729] RDX: 000000000000000f RSI: 00007f17080840b0 RDI: 0000000000000005 [ 239.683892][ T8729] RBP: 00007f17080840a0 R08: 0000000000000000 R09: 0000000000000000 [ 239.683904][ T8729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.683915][ T8729] R13: 000000000000000b R14: 00007f1707505f80 R15: 00007fff7da13d38 [ 239.683930][ T8729] [ 239.824934][ T8734] netlink: 32 bytes leftover after parsing attributes in process `syz.2.995'. [ 239.825410][ T8734] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 242.069954][ T8751] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 242.259681][ T39] audit: type=1400 audit(1722139561.376:568): avc: denied { read } for pid=8753 comm="syz.3.1000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 242.274207][ T39] audit: type=1400 audit(1722139561.386:569): avc: denied { write } for pid=8753 comm="syz.3.1000" name="uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 242.287450][ T8757] netlink: 'syz.3.1000': attribute type 10 has an invalid length. [ 242.318775][ T8757] batman_adv: batadv0: Adding interface: team0 [ 242.322155][ T8757] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.335610][ T8757] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 242.400027][ T8752] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(128140777736043) <= P.seqno(0) <= S.SWH(128140777736117)) and (P.ackno exists or LAWL(39881893549962) <= P.ackno(39881893549963) <= S.AWH(39881893549963), sending SYNC... [ 242.858039][ T39] audit: type=1326 audit(1722139561.976:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8763 comm="syz.3.1004" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75b9977299 code=0x0 [ 243.549739][ T8776] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1008'. [ 243.557243][ T8776] netlink: 'syz.3.1008': attribute type 3 has an invalid length. [ 243.561763][ T8776] netlink: 196520 bytes leftover after parsing attributes in process `syz.3.1008'. [ 243.611497][ T39] audit: type=1400 audit(1722139562.726:571): avc: denied { create } for pid=8773 comm="syz.1.1007" name="#f" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 243.623342][ T39] audit: type=1400 audit(1722139562.726:572): avc: denied { link } for pid=8773 comm="syz.1.1007" name="#f" dev="tmpfs" ino=1360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 243.649094][ T5343] Bluetooth: hci2: unexpected event for opcode 0x2003 [ 243.655250][ T39] audit: type=1400 audit(1722139562.726:573): avc: denied { rename } for pid=8773 comm="syz.1.1007" name="#10" dev="tmpfs" ino=1360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 243.748245][ T8784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1011'. [ 243.757129][ T8784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1011'. [ 243.760842][ T8784] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1011'. [ 243.779573][ T8781] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1009'. [ 244.338735][ T8792] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 244.857848][ T8805] tc_dump_action: action bad kind [ 244.866876][ T8805] input: syz0 as /devices/virtual/input/input13 [ 245.107943][ T5378] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 245.284897][ T5378] usb 7-1: Using ep0 maxpacket: 8 [ 245.289575][ T5378] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 245.292962][ T5378] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 245.297866][ T5378] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 245.302225][ T5378] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 245.306245][ T5378] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 245.311019][ T5378] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 245.315200][ T5378] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.526963][ T5378] usb 7-1: GET_CAPABILITIES returned 0 [ 245.529518][ T5378] usbtmc 7-1:16.0: can't read capabilities [ 245.733902][ T831] usb 7-1: USB disconnect, device number 8 [ 246.660624][ T5343] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 246.665386][ T39] audit: type=1400 audit(1722139565.776:574): avc: denied { setopt } for pid=8836 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 246.879598][ T8843] netlink: 'syz.1.1028': attribute type 10 has an invalid length. [ 246.932532][ T8843] batman_adv: batadv0: Adding interface: team0 [ 246.962119][ T8843] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.980219][ T8843] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 247.317910][ T8858] syz.1.1032: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 247.318721][ T8858] CPU: 0 UID: 0 PID: 8858 Comm: syz.1.1032 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 247.318745][ T8858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 247.318756][ T8858] Call Trace: [ 247.318765][ T8858] [ 247.318773][ T8858] dump_stack_lvl+0x16c/0x1f0 [ 247.318802][ T8858] warn_alloc+0x24d/0x3a0 [ 247.318830][ T8858] ? __pfx_warn_alloc+0x10/0x10 [ 247.318851][ T8858] ? hlock_class+0x4e/0x130 [ 247.318867][ T8858] ? stack_depot_save_flags+0x28/0x8f0 [ 247.318895][ T8858] ? kasan_save_stack+0x42/0x60 [ 247.318914][ T8858] ? kasan_save_stack+0x33/0x60 [ 247.318933][ T8858] ? kasan_save_track+0x14/0x30 [ 247.318952][ T8858] ? __kasan_kmalloc+0xaa/0xb0 [ 247.318972][ T8858] ? xskq_create+0x52/0x1d0 [ 247.318992][ T8858] ? xsk_setsockopt+0x757/0xa10 [ 247.319007][ T8858] ? __sys_setsockopt+0x1a4/0x270 [ 247.319022][ T8858] ? __x64_sys_setsockopt+0xbd/0x160 [ 247.319035][ T8858] ? do_syscall_64+0xcd/0x250 [ 247.319046][ T8858] __vmalloc_node_range_noprof+0x10b8/0x1520 [ 247.319066][ T8858] ? xskq_create+0xfb/0x1d0 [ 247.319077][ T8858] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 247.319092][ T8858] ? xskq_create+0xfb/0x1d0 [ 247.319103][ T8858] vmalloc_user_noprof+0x6b/0x90 [ 247.319117][ T8858] ? xskq_create+0xfb/0x1d0 [ 247.319128][ T8858] xskq_create+0xfb/0x1d0 [ 247.319140][ T8858] xsk_setsockopt+0x757/0xa10 [ 247.319155][ T8858] ? __pfx_xsk_setsockopt+0x10/0x10 [ 247.319172][ T8858] ? find_held_lock+0x2d/0x110 [ 247.319197][ T8858] ? selinux_socket_setsockopt+0x6a/0x80 [ 247.319216][ T8858] ? __pfx_xsk_setsockopt+0x10/0x10 [ 247.319235][ T8858] do_sock_setsockopt+0x222/0x480 [ 247.319261][ T8858] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 247.319287][ T8858] ? __fget_light+0x173/0x210 [ 247.319314][ T8858] __sys_setsockopt+0x1a4/0x270 [ 247.319334][ T8858] ? __pfx___sys_setsockopt+0x10/0x10 [ 247.319355][ T8858] __x64_sys_setsockopt+0xbd/0x160 [ 247.319374][ T8858] ? do_syscall_64+0x91/0x250 [ 247.319390][ T8858] ? lockdep_hardirqs_on+0x7c/0x110 [ 247.319429][ T8858] do_syscall_64+0xcd/0x250 [ 247.319446][ T8858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.319470][ T8858] RIP: 0033:0x7fe431b77299 [ 247.319484][ T8858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.319499][ T8858] RSP: 002b:00007fe43297c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 247.319510][ T8858] RAX: ffffffffffffffda RBX: 00007fe431d06058 RCX: 00007fe431b77299 [ 247.319518][ T8858] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 247.319526][ T8858] RBP: 00007fe431be48e6 R08: 0000000000000020 R09: 0000000000000000 [ 247.319534][ T8858] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 247.319541][ T8858] R13: 000000000000006e R14: 00007fe431d06058 R15: 00007ffdc7141f58 [ 247.319550][ T8858] [ 247.319555][ T8858] Mem-Info: [ 247.319560][ T8858] active_anon:5526 inactive_anon:0 isolated_anon:0 [ 247.319560][ T8858] active_file:5743 inactive_file:51611 isolated_file:0 [ 247.319560][ T8858] unevictable:1768 dirty:341 writeback:0 [ 247.319560][ T8858] slab_reclaimable:10301 slab_unreclaimable:71680 [ 247.319560][ T8858] mapped:20646 shmem:2305 pagetables:779 [ 247.319560][ T8858] sec_pagetables:322 bounce:0 [ 247.319560][ T8858] kernel_misc_reclaimable:0 [ 247.319560][ T8858] free:512307 free_pcp:3288 free_cma:0 [ 247.319585][ T8858] Node 0 active_anon:22104kB inactive_anon:0kB active_file:22972kB inactive_file:206376kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:82584kB dirty:1364kB writeback:0kB shmem:5684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11344kB pagetables:3116kB sec_pagetables:1288kB all_unreclaimable? no [ 247.319610][ T8858] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 247.319634][ T8858] Node 0 DMA free:15360kB boost:0kB min:328kB low:408kB high:488kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 247.319666][ T8858] lowmem_reserve[]: 0 1313 0 0 0 [ 247.319686][ T8858] Node 0 DMA32 free:403360kB boost:0kB min:28924kB low:36152kB high:43380kB reserved_highatomic:0KB active_anon:22104kB inactive_anon:0kB active_file:22972kB inactive_file:206376kB unevictable:3536kB writepending:1364kB present:2080628kB managed:1372148kB mlocked:0kB bounce:0kB free_pcp:3504kB local_pcp:1024kB free_cma:0kB [ 247.319725][ T8858] lowmem_reserve[]: 0 0 0 0 0 [ 247.319756][ T8858] Node 1 Normal free:1630508kB boost:0kB min:38324kB low:47904kB high:57484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:9648kB local_pcp:2048kB free_cma:0kB [ 247.319802][ T8858] lowmem_reserve[]: 0 0 0 0 0 [ 247.319835][ T8858] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 247.320012][ T8858] Node 0 DMA32: 382*4kB (UME) 477*8kB (UME) 430*16kB (UME) 468*32kB (UME) 221*64kB (UME) 98*128kB (UME) 47*256kB (UME) 31*512kB (UME) 12*1024kB (UME) 1*2048kB (M) 75*4096kB (UM) = 403328kB [ 247.320157][ T8858] Node 1 Normal: 5*4kB (UM) 5*8kB (UM) 7*16kB (UM) 16*32kB (UM) 12*64kB (UM) 5*128kB (UM) 3*256kB (U) 3*512kB (M) 6*1024kB (U) 3*2048kB (UM) 394*4096kB (M) = 1630508kB [ 247.320298][ T8858] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 247.320313][ T8858] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 247.320327][ T8858] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 247.320342][ T8858] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 247.320354][ T8858] 59657 total pagecache pages [ 247.320361][ T8858] 0 pages in swap cache [ 247.320367][ T8858] Free swap = 123956kB [ 247.320374][ T8858] Total swap = 124996kB [ 247.320381][ T8858] 1048443 pages RAM [ 247.320387][ T8858] 0 pages HighMem/MovableOnly [ 247.320392][ T8858] 256085 pages reserved [ 247.320399][ T8858] 0 pages cma reserved [ 247.385901][ T8860] FAULT_INJECTION: forcing a failure. [ 247.385901][ T8860] name failslab, interval 1, probability 0, space 0, times 0 [ 247.385930][ T8860] CPU: 2 UID: 0 PID: 8860 Comm: syz.0.1033 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 247.385951][ T8860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 247.385962][ T8860] Call Trace: [ 247.385968][ T8860] [ 247.385975][ T8860] dump_stack_lvl+0x16c/0x1f0 [ 247.386001][ T8860] should_fail_ex+0x497/0x5b0 [ 247.386025][ T8860] should_failslab+0xc2/0x120 [ 247.386048][ T8860] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 247.386069][ T8860] ? skb_clone+0x190/0x3f0 [ 247.386091][ T8860] skb_clone+0x190/0x3f0 [ 247.386112][ T8860] netlink_deliver_tap+0xab3/0xd90 [ 247.386137][ T8860] netlink_unicast+0x6c2/0x830 [ 247.386162][ T8860] ? __pfx_netlink_unicast+0x10/0x10 [ 247.386187][ T8860] netlink_ack+0x6a8/0xb90 [ 247.386212][ T8860] netlink_rcv_skb+0x348/0x440 [ 247.386235][ T8860] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 247.386257][ T8860] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 247.386283][ T8860] ? security_capable+0x98/0xd0 [ 247.386303][ T8860] ? ns_capable+0xd7/0x110 [ 247.386325][ T8860] nfnetlink_rcv+0x1b4/0x430 [ 247.386347][ T8860] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 247.386369][ T8860] ? netlink_deliver_tap+0x1ae/0xd90 [ 247.386394][ T8860] netlink_unicast+0x544/0x830 [ 247.386418][ T8860] ? __pfx_netlink_unicast+0x10/0x10 [ 247.386445][ T8860] netlink_sendmsg+0x8b8/0xd70 [ 247.386478][ T8860] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.386502][ T8860] ? __import_iovec+0x1fd/0x6e0 [ 247.386525][ T8860] ____sys_sendmsg+0xab5/0xc90 [ 247.386542][ T8860] ? copy_msghdr_from_user+0x10b/0x160 [ 247.386564][ T8860] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.386581][ T8860] ? find_held_lock+0x2d/0x110 [ 247.386607][ T8860] ? __pfx___lock_acquire+0x10/0x10 [ 247.386627][ T8860] ___sys_sendmsg+0x135/0x1e0 [ 247.386650][ T8860] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.386674][ T8860] ? ksys_write+0x21c/0x260 [ 247.386693][ T8860] ? __fget_light+0x173/0x210 [ 247.386717][ T8860] __sys_sendmsg+0x117/0x1f0 [ 247.386739][ T8860] ? __pfx___sys_sendmsg+0x10/0x10 [ 247.386764][ T8860] do_syscall_64+0xcd/0x250 [ 247.386780][ T8860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.386800][ T8860] RIP: 0033:0x7f0f45b77299 [ 247.386813][ T8860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.386829][ T8860] RSP: 002b:00007f0f468a3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.386844][ T8860] RAX: ffffffffffffffda RBX: 00007f0f45d05f80 RCX: 00007f0f45b77299 [ 247.386851][ T8860] RDX: 0000000000000000 RSI: 0000000020001240 RDI: 0000000000000003 [ 247.386858][ T8860] RBP: 00007f0f468a30a0 R08: 0000000000000000 R09: 0000000000000000 [ 247.386864][ T8860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.386870][ T8860] R13: 000000000000000b R14: 00007f0f45d05f80 R15: 00007ffc92603f58 [ 247.386878][ T8860] [ 247.442567][ T39] audit: type=1400 audit(1722139566.556:575): avc: denied { setopt } for pid=8855 comm="syz.1.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 247.449488][ T5379] IPVS: starting estimator thread 0... [ 247.476995][ T39] audit: type=1400 audit(1722139566.596:576): avc: denied { append } for pid=8861 comm="syz.2.1034" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 247.575024][ T8866] IPVS: using max 23 ests per chain, 55200 per kthread [ 247.697108][ T5343] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 247.697202][ T5343] Bluetooth: hci2: Injecting HCI hardware error event [ 247.699463][ T5345] Bluetooth: hci2: hardware error 0x00 [ 247.884876][ T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 248.027415][ T39] audit: type=1400 audit(1722139567.146:577): avc: denied { getattr } for pid=8871 comm="syz.3.1036" path="net:[4026533795]" dev="nsfs" ino=4026533795 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 248.164185][ T8875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1037'. [ 248.172690][ T8875] netlink: 'syz.3.1037': attribute type 3 has an invalid length. [ 248.177201][ T8875] netlink: 196520 bytes leftover after parsing attributes in process `syz.3.1037'. [ 248.405658][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 248.409771][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 248.420433][ T10] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 248.424368][ T10] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 248.438120][ T10] usb 7-1: Product: syz [ 248.444947][ T10] usb 7-1: Manufacturer: syz [ 248.447165][ T10] usb 7-1: SerialNumber: syz [ 248.471649][ T10] usb 7-1: config 0 descriptor?? [ 248.475192][ T8865] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 249.162645][ T39] audit: type=1400 audit(1722139568.276:578): avc: denied { connect } for pid=8885 comm="syz.3.1041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 249.428166][ T39] audit: type=1400 audit(1722139568.546:579): avc: denied { mount } for pid=8876 comm="syz.1.1038" name="/" dev="configfs" ino=2151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 249.429558][ T8878] overlayfs: failed to resolve './file1': -2 [ 249.586467][ T8890] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1042'. [ 249.590426][ T8890] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1042'. [ 249.647331][ T832] usb 7-1: USB disconnect, device number 9 [ 249.861909][ T39] audit: type=1400 audit(1722139568.976:580): avc: denied { unmount } for pid=5338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 249.922468][ T8899] sctp: [Deprecated]: syz.1.1045 (pid 8899) Use of struct sctp_assoc_value in delayed_ack socket option. [ 249.922468][ T8899] Use struct sctp_sack_info instead [ 249.932411][ T39] audit: type=1400 audit(1722139569.046:581): avc: denied { setopt } for pid=8898 comm="syz.1.1045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 249.950074][ T39] audit: type=1400 audit(1722139569.066:582): avc: denied { watch } for pid=8898 comm="syz.1.1045" path="/269/file0" dev="9p" ino=36701658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 249.962191][ T39] audit: type=1400 audit(1722139569.076:583): avc: denied { watch_reads } for pid=8898 comm="syz.1.1045" path="/269/file0" dev="9p" ino=36701658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 249.973181][ T39] audit: type=1400 audit(1722139569.076:584): avc: denied { associate } for pid=8898 comm="syz.1.1045" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 249.992708][ T8901] FAULT_INJECTION: forcing a failure. [ 249.992708][ T8901] name failslab, interval 1, probability 0, space 0, times 0 [ 250.013579][ T8901] CPU: 1 UID: 0 PID: 8901 Comm: syz.3.1046 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 250.017592][ T8901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 250.021752][ T8901] Call Trace: [ 250.023089][ T8901] [ 250.024476][ T8901] dump_stack_lvl+0x16c/0x1f0 [ 250.026577][ T8901] should_fail_ex+0x497/0x5b0 [ 250.028545][ T8901] ? fs_reclaim_acquire+0xae/0x160 [ 250.030843][ T8901] should_failslab+0xc2/0x120 [ 250.033001][ T8901] __kmalloc_cache_noprof+0x6b/0x300 [ 250.035388][ T8901] ? alloc_pipe_info+0x10e/0x590 [ 250.037598][ T8901] alloc_pipe_info+0x10e/0x590 [ 250.039733][ T8901] ? __pfx___lock_acquire+0x10/0x10 [ 250.042073][ T8901] splice_direct_to_actor+0x79c/0xa40 [ 250.044497][ T8901] ? __pfx_direct_splice_actor+0x10/0x10 [ 250.046961][ T8901] ? inode_has_perm+0x16f/0x1d0 [ 250.049114][ T8901] ? file_has_perm+0x286/0x360 [ 250.051070][ T8901] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 250.053401][ T8901] ? __pfx_file_has_perm+0x10/0x10 [ 250.055502][ T8901] do_splice_direct+0x17e/0x250 [ 250.057720][ T8901] ? __pfx_do_splice_direct+0x10/0x10 [ 250.060128][ T8901] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 250.062740][ T8901] ? security_file_permission+0x98/0xc0 [ 250.065261][ T8901] do_sendfile+0xb1e/0xe50 [ 250.067240][ T8901] ? __pfx_do_sendfile+0x10/0x10 [ 250.069487][ T8901] __x64_sys_sendfile64+0x1da/0x220 [ 250.071794][ T8901] ? ksys_write+0x1ab/0x260 [ 250.073810][ T8901] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 250.076372][ T8901] do_syscall_64+0xcd/0x250 [ 250.078339][ T8901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.080754][ T8901] RIP: 0033:0x7f75b9977299 [ 250.082594][ T8901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.090687][ T8901] RSP: 002b:00007f75ba7f8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 250.094015][ T8901] RAX: ffffffffffffffda RBX: 00007f75b9b05f80 RCX: 00007f75b9977299 [ 250.095054][ T5345] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 250.097445][ T8901] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 250.097462][ T8901] RBP: 00007f75ba7f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 250.097475][ T8901] R10: 000000008000fb00 R11: 0000000000000246 R12: 0000000000000001 [ 250.097486][ T8901] R13: 000000000000000b R14: 00007f75b9b05f80 R15: 00007ffc733350a8 [ 250.097502][ T8901] [ 250.171297][ T8905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1047'. [ 250.176749][ T8905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1047'. [ 250.182372][ T8905] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1047'. [ 250.318171][ T8909] netlink: 'syz.0.1049': attribute type 2 has an invalid length. [ 250.321704][ T8909] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1049'. [ 250.325749][ T8910] binder: 8906:8910 ioctl c018620b 0 returned -14 [ 250.656268][ T5345] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 250.681526][ T5345] Bluetooth: hci1: Injecting HCI hardware error event [ 250.687534][ T5343] Bluetooth: hci1: hardware error 0x00 [ 251.722534][ T8919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1053'. [ 252.055979][ T8935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1056'. [ 253.310609][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 253.310623][ T39] audit: type=1400 audit(1722139572.426:586): avc: denied { getopt } for pid=8943 comm="syz.0.1059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 253.329153][ T39] audit: type=1400 audit(1722139572.436:587): avc: denied { accept } for pid=8943 comm="syz.0.1059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 253.438004][ T8947] binder: 8945:8947 ioctl c018620b 0 returned -14 [ 253.614956][ T5343] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 253.843488][ T8951] FAULT_INJECTION: forcing a failure. [ 253.843488][ T8951] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.857232][ T8951] CPU: 0 UID: 0 PID: 8951 Comm: syz.1.1062 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 253.861946][ T8951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 253.866733][ T8951] Call Trace: [ 253.868279][ T8951] [ 253.869639][ T8951] dump_stack_lvl+0x16c/0x1f0 [ 253.871789][ T8951] should_fail_ex+0x497/0x5b0 [ 253.873923][ T8951] _copy_to_user+0x30/0xc0 [ 253.875949][ T8951] simple_read_from_buffer+0xd0/0x160 [ 253.878366][ T8951] proc_fail_nth_read+0x1b0/0x290 [ 253.880646][ T8951] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 253.883135][ T8951] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 253.885600][ T8951] vfs_read+0x1d4/0xbd0 [ 253.887480][ T8951] ? __fdget_pos+0xeb/0x180 [ 253.889533][ T8951] ? __pfx_vfs_read+0x10/0x10 [ 253.891672][ T8951] ? __pfx___mutex_lock+0x10/0x10 [ 253.893956][ T8951] ? __fget_files+0x256/0x400 [ 253.896108][ T8951] ksys_read+0x12f/0x260 [ 253.898041][ T8951] ? __pfx_ksys_read+0x10/0x10 [ 253.900214][ T8951] do_syscall_64+0xcd/0x250 [ 253.902284][ T8951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.904943][ T8951] RIP: 0033:0x7fe431b75d7c [ 253.906917][ T8951] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 253.915485][ T8951] RSP: 002b:00007fe43299d040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 253.919239][ T8951] RAX: ffffffffffffffda RBX: 00007fe431d05f80 RCX: 00007fe431b75d7c [ 253.922609][ T8951] RDX: 000000000000000f RSI: 00007fe43299d0b0 RDI: 0000000000000004 [ 253.925731][ T8951] RBP: 00007fe43299d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 253.928999][ T8951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.932470][ T8951] R13: 000000000000000b R14: 00007fe431d05f80 R15: 00007ffdc7141f58 [ 253.935740][ T8951] [ 253.937158][ C0] vkms_vblank_simulate: vblank timer overrun [ 254.328189][ T39] audit: type=1326 audit(1722139573.446:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.366985][ T39] audit: type=1326 audit(1722139573.446:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.394011][ T39] audit: type=1326 audit(1722139573.446:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.417500][ T39] audit: type=1326 audit(1722139573.446:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.444134][ T39] audit: type=1326 audit(1722139573.456:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.467347][ T39] audit: type=1326 audit(1722139573.456:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.488024][ T39] audit: type=1326 audit(1722139573.456:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 254.509990][ T39] audit: type=1326 audit(1722139573.456:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8952 comm="syz.1.1063" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x7ffc0000 [ 255.096509][ T8975] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 255.547189][ T8989] syz.2.1072[8989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 255.547330][ T8989] syz.2.1072[8989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 255.568746][ T8989] xt_l2tp: invalid flags combination: c [ 255.580576][ T8990] ªªªªªª: renamed from vlan0 (while UP) [ 255.645423][ T8993] FAULT_INJECTION: forcing a failure. [ 255.645423][ T8993] name failslab, interval 1, probability 0, space 0, times 0 [ 255.650351][ T8993] CPU: 2 UID: 0 PID: 8993 Comm: syz.2.1073 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 255.665388][ T8993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 255.670923][ T8993] Call Trace: [ 255.672239][ T8993] [ 255.673319][ T8993] dump_stack_lvl+0x16c/0x1f0 [ 255.675260][ T8993] should_fail_ex+0x497/0x5b0 [ 255.677673][ T8993] ? fs_reclaim_acquire+0xae/0x160 [ 255.679932][ T8993] should_failslab+0xc2/0x120 [ 255.682016][ T8993] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 255.684430][ T8993] ? alloc_empty_file+0x73/0x1e0 [ 255.686202][ T8993] alloc_empty_file+0x73/0x1e0 [ 255.688193][ T8993] path_openat+0xe0/0x2d20 [ 255.690325][ T8993] ? hlock_class+0x4e/0x130 [ 255.692677][ T8993] ? __lock_acquire+0x1620/0x3cb0 [ 255.695023][ T8993] ? __pfx_path_openat+0x10/0x10 [ 255.697563][ T8993] ? handle_mm_fault+0x4c9/0x7b0 [ 255.700222][ T8993] ? __pfx___lock_acquire+0x10/0x10 [ 255.703544][ T8993] do_filp_open+0x1dc/0x430 [ 255.705760][ T8993] ? __pfx_do_filp_open+0x10/0x10 [ 255.708073][ T8993] ? find_held_lock+0x2d/0x110 [ 255.710268][ T8993] ? _raw_spin_unlock+0x28/0x50 [ 255.712371][ T8993] ? alloc_fd+0x2d7/0x6c0 [ 255.714237][ T8993] do_sys_openat2+0x17a/0x1e0 [ 255.716253][ T8993] ? __pfx_do_sys_openat2+0x10/0x10 [ 255.718776][ T8993] __x64_sys_openat+0x175/0x210 [ 255.720948][ T8993] ? __pfx___x64_sys_openat+0x10/0x10 [ 255.723455][ T8993] ? ksys_write+0x1ab/0x260 [ 255.725581][ T8993] do_syscall_64+0xcd/0x250 [ 255.727819][ T8993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.730569][ T8993] RIP: 0033:0x7f1707377299 [ 255.732656][ T8993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.741482][ T8993] RSP: 002b:00007f1708084048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 255.745114][ T8993] RAX: ffffffffffffffda RBX: 00007f1707505f80 RCX: 00007f1707377299 [ 255.749072][ T8993] RDX: 0000000000000002 RSI: 0000000020000000 RDI: 0000000000000003 [ 255.752471][ T8993] RBP: 00007f17080840a0 R08: 0000000000000000 R09: 0000000000000000 [ 255.755928][ T8993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.759385][ T8993] R13: 000000000000000b R14: 00007f1707505f80 R15: 00007fff7da13d38 [ 255.763021][ T8993] [ 256.071127][ T9007] __nla_validate_parse: 2 callbacks suppressed [ 256.071144][ T9007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1081'. [ 256.079844][ T9007] netlink: 'syz.2.1081': attribute type 3 has an invalid length. [ 256.083544][ T9007] netlink: 196520 bytes leftover after parsing attributes in process `syz.2.1081'. [ 256.194089][ T9020] lo speed is unknown, defaulting to 1000 [ 256.201212][ T9020] lo speed is unknown, defaulting to 1000 [ 256.217040][ T9020] lo speed is unknown, defaulting to 1000 [ 256.244979][ T9027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1084'. [ 256.330351][ T9037] FAULT_INJECTION: forcing a failure. [ 256.330351][ T9037] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 256.340378][ T9037] CPU: 3 UID: 0 PID: 9037 Comm: syz.3.1090 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 256.344717][ T9037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 256.349178][ T9037] Call Trace: [ 256.350596][ T9037] [ 256.351855][ T9037] dump_stack_lvl+0x16c/0x1f0 [ 256.353887][ T9037] should_fail_ex+0x497/0x5b0 [ 256.355934][ T9037] _copy_from_user+0x30/0xf0 [ 256.357976][ T9037] get_user_ifreq+0xf1/0x250 [ 256.359929][ T9037] sock_do_ioctl+0x16c/0x280 [ 256.361907][ T9037] ? __pfx_sock_do_ioctl+0x10/0x10 [ 256.364064][ T9037] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 256.366857][ T9037] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 256.369708][ T9037] sock_ioctl+0x22e/0x6c0 [ 256.371521][ T9037] ? __pfx_sock_ioctl+0x10/0x10 [ 256.373796][ T9037] ? selinux_file_ioctl+0x180/0x270 [ 256.376015][ T9037] ? selinux_file_ioctl+0xb4/0x270 [ 256.378202][ T9037] ? __pfx_sock_ioctl+0x10/0x10 [ 256.380163][ T9037] __x64_sys_ioctl+0x193/0x220 [ 256.381960][ T9037] do_syscall_64+0xcd/0x250 [ 256.383650][ T9037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.385834][ T9037] RIP: 0033:0x7f75b9977299 [ 256.387492][ T9037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.395460][ T9037] RSP: 002b:00007f75ba7f8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.398771][ T9037] RAX: ffffffffffffffda RBX: 00007f75b9b05f80 RCX: 00007f75b9977299 [ 256.402155][ T9037] RDX: 0000000020000100 RSI: 0000000000008946 RDI: 0000000000000003 [ 256.402430][ T832] lo speed is unknown, defaulting to 1000 [ 256.405324][ T9037] RBP: 00007f75ba7f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 256.405339][ T9037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.405349][ T9037] R13: 000000000000000b R14: 00007f75b9b05f80 R15: 00007ffc733350a8 [ 256.405363][ T9037] [ 256.421385][ T9020] infiniband syz1: set active [ 256.423857][ T9020] infiniband syz1: added lo [ 256.501220][ T9020] RDS/IB: syz1: added [ 256.515457][ T9020] smc: adding ib device syz1 with port count 1 [ 256.520186][ T9020] smc: ib device syz1 port 1 has pnetid [ 256.528408][ T832] lo speed is unknown, defaulting to 1000 [ 256.537762][ T9020] lo speed is unknown, defaulting to 1000 [ 256.553593][ T9042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1091'. [ 256.562986][ T9042] netlink: 'syz.3.1091': attribute type 3 has an invalid length. [ 256.567432][ T9042] netlink: 196520 bytes leftover after parsing attributes in process `syz.3.1091'. [ 256.571980][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 256.662366][ T9045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1092'. [ 256.766006][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 256.774582][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.784894][ T10] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 256.798506][ T10] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 256.808114][ T10] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 256.825145][ T9020] lo speed is unknown, defaulting to 1000 [ 256.830250][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 256.833795][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.844890][ T10] usb 6-1: Product: syz [ 256.846790][ T10] usb 6-1: Manufacturer: syz [ 256.858982][ T10] usb 6-1: SerialNumber: syz [ 257.365740][ T9020] lo speed is unknown, defaulting to 1000 [ 257.718041][ T9020] lo speed is unknown, defaulting to 1000 [ 257.835418][ T9061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1097'. [ 258.127736][ T9020] lo speed is unknown, defaulting to 1000 [ 258.131898][ T9068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1100'. [ 258.151922][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1100'. [ 258.156649][ T9068] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1100'. [ 258.489532][ T10] cdc_ncm 6-1:1.0: bind() failure [ 258.495935][ T10] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 258.499186][ T10] cdc_ncm 6-1:1.1: bind() failure [ 258.505020][ T10] usb 6-1: USB disconnect, device number 6 [ 260.517048][ T9101] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.541582][ T9101] FAULT_INJECTION: forcing a failure. [ 260.541582][ T9101] name failslab, interval 1, probability 0, space 0, times 0 [ 260.555504][ T9101] CPU: 0 UID: 0 PID: 9101 Comm: syz.1.1107 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 260.559854][ T9101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 260.564299][ T9101] Call Trace: [ 260.565630][ T9101] [ 260.566750][ T9101] dump_stack_lvl+0x16c/0x1f0 [ 260.568562][ T9101] should_fail_ex+0x497/0x5b0 [ 260.570383][ T9101] ? fs_reclaim_acquire+0xae/0x160 [ 260.572461][ T9101] should_failslab+0xc2/0x120 [ 260.574421][ T9101] __kmalloc_noprof+0xcb/0x400 [ 260.576503][ T9101] ? __pfx_lock_acquire+0x10/0x10 [ 260.584831][ T9101] tomoyo_realpath_from_path+0xb9/0x720 [ 260.593981][ T9101] ? tomoyo_profile+0x47/0x60 [ 260.596091][ T9101] tomoyo_path_number_perm+0x245/0x590 [ 260.598495][ T9101] ? tomoyo_path_number_perm+0x232/0x590 [ 260.600945][ T9101] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 260.603545][ T9101] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 260.606245][ T9101] ? __fget_files+0x256/0x400 [ 260.608272][ T9101] security_file_ioctl+0x75/0xc0 [ 260.610349][ T9101] __x64_sys_ioctl+0xbb/0x220 [ 260.612334][ T9101] do_syscall_64+0xcd/0x250 [ 260.614242][ T9101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.616768][ T9101] RIP: 0033:0x7fe431b77299 [ 260.618680][ T9101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.626918][ T9101] RSP: 002b:00007fe43295b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.630656][ T9101] RAX: ffffffffffffffda RBX: 00007fe431d06130 RCX: 00007fe431b77299 [ 260.634265][ T9101] RDX: 0000000020000400 RSI: 00000000c06864a2 RDI: 0000000000000004 [ 260.638085][ T9101] RBP: 00007fe43295b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 260.641503][ T9101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.644919][ T9101] R13: 000000000000006e R14: 00007fe431d06130 R15: 00007ffdc7141f58 [ 260.647994][ T9101] [ 260.710762][ T9111] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.1113' sets config #6 [ 260.770327][ T9101] ERROR: Out of memory at tomoyo_realpath_from_path. [ 260.809519][ T9116] netlink: 'syz.3.1115': attribute type 3 has an invalid length. [ 260.954849][ T9122] netlink: 'syz.1.1116': attribute type 10 has an invalid length. [ 260.991747][ T9122] team0: Failed to send options change via netlink (err -105) [ 260.995229][ T9122] team0: Port device netdevsim0 added [ 261.004497][ T5160] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 261.016071][ T9125] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=9125 comm=syz.3.1117 [ 261.022979][ T9125] Bluetooth: MGMT ver 1.23 [ 261.024041][ T9119] netlink: 'syz.1.1116': attribute type 10 has an invalid length. [ 261.037308][ T9119] team0: Failed to send options change via netlink (err -105) [ 261.041262][ T9119] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 261.044939][ T39] kauditd_printk_skb: 28 callbacks suppressed [ 261.044952][ T39] audit: type=1400 audit(1722139580.136:624): avc: denied { mount } for pid=9124 comm="syz.3.1117" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 261.046303][ T9119] team0: Port device netdevsim0 removed [ 261.065612][ T9119] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 261.253765][ T39] audit: type=1400 audit(1722139580.366:625): avc: denied { read } for pid=9131 comm="syz.1.1119" name="usbmon0" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 261.263693][ T9132] FAULT_INJECTION: forcing a failure. [ 261.263693][ T9132] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.272287][ T9132] CPU: 0 UID: 0 PID: 9132 Comm: syz.1.1119 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 261.276204][ T39] audit: type=1400 audit(1722139580.366:626): avc: denied { open } for pid=9131 comm="syz.1.1119" path="/dev/usbmon0" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 261.276871][ T9132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 261.291078][ T9132] Call Trace: [ 261.292514][ T9132] [ 261.293841][ T9132] dump_stack_lvl+0x16c/0x1f0 [ 261.295961][ T9132] should_fail_ex+0x497/0x5b0 [ 261.298108][ T9132] _copy_to_user+0x30/0xc0 [ 261.300157][ T9132] simple_read_from_buffer+0xd0/0x160 [ 261.302537][ T9132] proc_fail_nth_read+0x1b0/0x290 [ 261.304580][ T9132] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 261.306795][ T9132] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 261.309365][ T9132] vfs_read+0x1d4/0xbd0 [ 261.311185][ T9132] ? __fdget_pos+0xeb/0x180 [ 261.313150][ T9132] ? __pfx_vfs_read+0x10/0x10 [ 261.315192][ T9132] ? __pfx___mutex_lock+0x10/0x10 [ 261.317518][ T9132] ? __fget_files+0x256/0x400 [ 261.319760][ T9132] ksys_read+0x12f/0x260 [ 261.321762][ T9132] ? __pfx_ksys_read+0x10/0x10 [ 261.323922][ T9132] do_syscall_64+0xcd/0x250 [ 261.326105][ T9132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.328816][ T9132] RIP: 0033:0x7fe431b75d7c [ 261.330959][ T9132] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 261.339646][ T9132] RSP: 002b:00007fe43299d040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 261.343397][ T9132] RAX: ffffffffffffffda RBX: 00007fe431d05f80 RCX: 00007fe431b75d7c [ 261.347719][ T9132] RDX: 000000000000000f RSI: 00007fe43299d0b0 RDI: 0000000000000005 [ 261.352320][ T9132] RBP: 00007fe43299d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 261.356548][ T9132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.360297][ T9132] R13: 000000000000000b R14: 00007fe431d05f80 R15: 00007ffdc7141f58 [ 261.363911][ T9132] [ 261.542481][ T1381] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.545472][ T1381] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.975671][ T9141] __nla_validate_parse: 5 callbacks suppressed [ 261.975687][ T9141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1122'. [ 261.982137][ T9141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'. [ 261.993920][ T9141] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1122'. [ 262.063678][ T9147] netlink: 'syz.0.1125': attribute type 3 has an invalid length. [ 262.070096][ T9147] netlink: 196520 bytes leftover after parsing attributes in process `syz.0.1125'. [ 262.145463][ T9151] FAULT_INJECTION: forcing a failure. [ 262.145463][ T9151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 262.150971][ T9151] CPU: 3 UID: 0 PID: 9151 Comm: syz.0.1127 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 262.155382][ T9151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 262.159990][ T9151] Call Trace: [ 262.161447][ T9151] [ 262.162740][ T9151] dump_stack_lvl+0x16c/0x1f0 [ 262.164829][ T9151] should_fail_ex+0x497/0x5b0 [ 262.166892][ T9151] _copy_from_user+0x30/0xf0 [ 262.168939][ T9151] copy_msghdr_from_user+0x99/0x160 [ 262.171202][ T9151] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 262.173484][ T9151] ? find_held_lock+0x2d/0x110 [ 262.175344][ T9151] ? __pfx___lock_acquire+0x10/0x10 [ 262.177445][ T9151] ___sys_sendmsg+0xff/0x1e0 [ 262.179219][ T9151] ? __pfx____sys_sendmsg+0x10/0x10 [ 262.181063][ T9151] ? ksys_write+0x21c/0x260 [ 262.182858][ T9151] ? __fget_light+0x173/0x210 [ 262.184718][ T9151] __sys_sendmsg+0x117/0x1f0 [ 262.186651][ T9151] ? __pfx___sys_sendmsg+0x10/0x10 [ 262.188849][ T9151] do_syscall_64+0xcd/0x250 [ 262.190997][ T9151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.193973][ T9151] RIP: 0033:0x7f0f45b77299 [ 262.195908][ T9151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.218463][ T9151] RSP: 002b:00007f0f468a3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.222111][ T9151] RAX: ffffffffffffffda RBX: 00007f0f45d05f80 RCX: 00007f0f45b77299 [ 262.225717][ T9151] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 262.229125][ T9151] RBP: 00007f0f468a30a0 R08: 0000000000000000 R09: 0000000000000000 [ 262.232355][ T9151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.235661][ T9151] R13: 000000000000000b R14: 00007f0f45d05f80 R15: 00007ffc92603f58 [ 262.239578][ T9151] [ 262.390931][ T39] audit: type=1326 audit(1722139581.506:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9148 comm="syz.2.1126" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1707377299 code=0x0 [ 263.037954][ T9166] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.1131' sets config #6 [ 263.191784][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 263.201065][ T9172] FAULT_INJECTION: forcing a failure. [ 263.201065][ T9172] name failslab, interval 1, probability 0, space 0, times 0 [ 263.217125][ T9172] CPU: 2 UID: 0 PID: 9172 Comm: syz.0.1134 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 263.221364][ T9172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 263.226913][ T9172] Call Trace: [ 263.228598][ T9172] [ 263.230077][ T9172] dump_stack_lvl+0x16c/0x1f0 [ 263.232970][ T9172] should_fail_ex+0x497/0x5b0 [ 263.235102][ T9172] ? fs_reclaim_acquire+0xae/0x160 [ 263.237235][ T9172] should_failslab+0xc2/0x120 [ 263.238937][ T9172] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 263.241243][ T9172] ? __d_alloc+0x31/0xaa0 [ 263.243097][ T9172] __d_alloc+0x31/0xaa0 [ 263.244952][ T9172] d_alloc_pseudo+0x1c/0xc0 [ 263.246918][ T9172] alloc_file_pseudo+0xdc/0x210 [ 263.249016][ T9172] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 263.251216][ T9172] ? security_inode_alloc+0x19e/0x240 [ 263.253656][ T9172] ? inode_init_always+0xc77/0xf80 [ 263.255912][ T9172] sock_alloc_file+0x50/0x1d0 [ 263.257871][ T9172] do_accept+0x2a8/0x540 [ 263.259673][ T9172] ? __pfx_do_accept+0x10/0x10 [ 263.261571][ T9172] __sys_accept4+0x102/0x1c0 [ 263.263383][ T9172] ? __pfx___sys_accept4+0x10/0x10 [ 263.265450][ T9172] ? __pfx_ksys_write+0x10/0x10 [ 263.267412][ T9172] __x64_sys_accept4+0x96/0x100 [ 263.269689][ T9172] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.271770][ T9172] do_syscall_64+0xcd/0x250 [ 263.273554][ T9172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.276019][ T9172] RIP: 0033:0x7f0f45b77299 [ 263.277862][ T9172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.285999][ T9172] RSP: 002b:00007f0f468a3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 263.289286][ T9172] RAX: ffffffffffffffda RBX: 00007f0f45d05f80 RCX: 00007f0f45b77299 [ 263.292598][ T9172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 263.295000][ T9172] RBP: 00007f0f468a30a0 R08: 0000000000000000 R09: 0000000000000000 [ 263.297725][ T9172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.300708][ T9172] R13: 000000000000000b R14: 00007f0f45d05f80 R15: 00007ffc92603f58 [ 263.304018][ T9172] [ 263.305297][ C2] vkms_vblank_simulate: vblank timer overrun [ 263.449370][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1136'. [ 263.453292][ T9176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1136'. [ 263.467965][ T9176] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1136'. [ 263.610235][ T39] audit: type=1400 audit(1722139582.726:628): avc: denied { append } for pid=9169 comm="syz.3.1132" name="userio" dev="devtmpfs" ino=860 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 264.696384][ T9192] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.1141' sets config #6 [ 265.348323][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 265.404187][ T9206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1146'. [ 265.409968][ T9206] netlink: 'syz.0.1146': attribute type 3 has an invalid length. [ 265.413411][ T9206] netlink: 196520 bytes leftover after parsing attributes in process `syz.0.1146'. [ 265.476439][ T9208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1147'. [ 265.548282][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 265.553132][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.558191][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.563955][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 265.573392][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 265.580190][ T10] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 265.587361][ T10] usb 6-1: Manufacturer: syz [ 265.593759][ T10] usb 6-1: config 0 descriptor?? [ 266.109028][ T10] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 266.113712][ T10] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 266.116259][ T9219] FAULT_INJECTION: forcing a failure. [ 266.116259][ T9219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 266.122750][ T9219] CPU: 1 UID: 0 PID: 9219 Comm: syz.3.1150 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 266.128631][ T9219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 266.133239][ T9219] Call Trace: [ 266.134640][ T9219] [ 266.135837][ T9219] dump_stack_lvl+0x16c/0x1f0 [ 266.138171][ T9219] should_fail_ex+0x497/0x5b0 [ 266.140361][ T9219] _copy_from_user+0x30/0xf0 [ 266.142457][ T9219] __sys_bpf+0x21c/0x4a20 [ 266.144456][ T9219] ? ksys_write+0x21c/0x260 [ 266.146698][ T9219] ? reacquire_held_locks+0x410/0x4c0 [ 266.149278][ T9219] ? __pfx___sys_bpf+0x10/0x10 [ 266.151792][ T9219] ? vfs_write+0x14d/0x1140 [ 266.153905][ T9219] ? __mutex_unlock_slowpath+0x164/0x650 [ 266.156521][ T9219] ? fput+0x32/0x390 [ 266.158195][ T9219] ? ksys_write+0x1ab/0x260 [ 266.160171][ T9219] ? __pfx_ksys_write+0x10/0x10 [ 266.162284][ T9219] __x64_sys_bpf+0x78/0xc0 [ 266.164581][ T9219] ? lockdep_hardirqs_on+0x7c/0x110 [ 266.166916][ T9219] do_syscall_64+0xcd/0x250 [ 266.169215][ T9219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.172050][ T9219] RIP: 0033:0x7f75b9977299 [ 266.174260][ T9219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.183227][ T9219] RSP: 002b:00007f75ba7b6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 266.187014][ T9219] RAX: ffffffffffffffda RBX: 00007f75b9b06130 RCX: 00007f75b9977299 [ 266.190651][ T9219] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000000 [ 266.194574][ T9219] RBP: 00007f75ba7b60a0 R08: 0000000000000000 R09: 0000000000000000 [ 266.198642][ T9219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.203003][ T9219] R13: 000000000000006e R14: 00007f75b9b06130 R15: 00007ffc733350a8 [ 266.207519][ T9219] [ 266.518502][ T10] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 266.604076][ C2] vkms_vblank_simulate: vblank timer overrun [ 267.035881][ T9238] __nla_validate_parse: 2 callbacks suppressed [ 267.035900][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1156'. [ 267.042211][ T9238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1156'. [ 267.045982][ T9238] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1156'. [ 267.327808][ T9245] mkiss: ax0: crc mode is auto. [ 267.786311][ T9257] FAULT_INJECTION: forcing a failure. [ 267.786311][ T9257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.792895][ T9257] CPU: 3 UID: 0 PID: 9257 Comm: syz.0.1160 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 267.798348][ T9257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 267.804535][ T9257] Call Trace: [ 267.806029][ T9257] [ 267.807579][ T9257] dump_stack_lvl+0x16c/0x1f0 [ 267.810272][ T9257] should_fail_ex+0x497/0x5b0 [ 267.812600][ T9257] _copy_from_user+0x30/0xf0 [ 267.814773][ T9257] __sys_bpf+0x21c/0x4a20 [ 267.817646][ T9257] ? ksys_write+0x21c/0x260 [ 267.820363][ T9257] ? reacquire_held_locks+0x410/0x4c0 [ 267.822424][ T9257] ? __pfx___sys_bpf+0x10/0x10 [ 267.824537][ T9257] ? vfs_write+0x14d/0x1140 [ 267.827033][ T9257] ? __mutex_unlock_slowpath+0x164/0x650 [ 267.829734][ T9257] ? fput+0x32/0x390 [ 267.831744][ T9257] ? ksys_write+0x1ab/0x260 [ 267.834476][ T9257] ? __pfx_ksys_write+0x10/0x10 [ 267.837171][ T9257] __x64_sys_bpf+0x78/0xc0 [ 267.839749][ T9257] ? lockdep_hardirqs_on+0x7c/0x110 [ 267.842163][ T9257] do_syscall_64+0xcd/0x250 [ 267.844129][ T9257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.846667][ T9257] RIP: 0033:0x7f0f45b77299 [ 267.849061][ T9257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.857746][ T9257] RSP: 002b:00007f0f468a3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 267.861595][ T9257] RAX: ffffffffffffffda RBX: 00007f0f45d05f80 RCX: 00007f0f45b77299 [ 267.864741][ T9257] RDX: 0000000000000040 RSI: 00000000200005c0 RDI: 000000000000001c [ 267.867639][ T9257] RBP: 00007f0f468a30a0 R08: 0000000000000000 R09: 0000000000000000 [ 267.871179][ T9257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.874700][ T9257] R13: 000000000000000b R14: 00007f0f45d05f80 R15: 00007ffc92603f58 [ 267.878206][ T9257] [ 268.078528][ T832] usb 6-1: USB disconnect, device number 7 [ 270.065954][ T9285] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 270.083121][ T9285] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1167'. [ 270.263486][ T9287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1168'. [ 270.267013][ T9287] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1168'. [ 270.270440][ T9287] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1168'. [ 270.500247][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 270.555328][ T9295] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 270.567076][ T9295] netlink: 196520 bytes leftover after parsing attributes in process `syz.3.1172'. [ 270.623150][ T39] audit: type=1400 audit(1722139589.736:629): avc: denied { ioctl } for pid=9292 comm="syz.2.1171" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 270.899596][ T9306] serio: Serial port ptm0 [ 271.133296][ T39] audit: type=1400 audit(1722139590.246:630): avc: denied { create } for pid=9311 comm="syz.2.1177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 271.146771][ T39] audit: type=1400 audit(1722139590.256:631): avc: denied { setopt } for pid=9311 comm="syz.2.1177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 271.147247][ T9312] FAULT_INJECTION: forcing a failure. [ 271.147247][ T9312] name failslab, interval 1, probability 0, space 0, times 0 [ 271.156272][ T9312] CPU: 3 UID: 0 PID: 9312 Comm: syz.2.1177 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 271.165301][ T9312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 271.169755][ T9312] Call Trace: [ 271.171163][ T9312] [ 271.172437][ T9312] dump_stack_lvl+0x16c/0x1f0 [ 271.174307][ T9312] should_fail_ex+0x497/0x5b0 [ 271.176278][ T9312] ? fs_reclaim_acquire+0xae/0x160 [ 271.178360][ T9312] should_failslab+0xc2/0x120 [ 271.180243][ T9312] __kmalloc_noprof+0xcb/0x400 [ 271.182085][ T9312] kernfs_fop_write_iter+0x229/0x500 [ 271.184343][ T9312] vfs_write+0x6b6/0x1140 [ 271.186743][ T9312] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 271.189465][ T9312] ? __pfx_vfs_write+0x10/0x10 [ 271.191737][ T9312] ? __pfx___mutex_lock+0x10/0x10 [ 271.193988][ T9312] ? __fget_files+0x256/0x400 [ 271.196121][ T9312] ksys_write+0x12f/0x260 [ 271.198065][ T9312] ? __pfx_ksys_write+0x10/0x10 [ 271.200245][ T9312] do_syscall_64+0xcd/0x250 [ 271.202268][ T9312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.204902][ T9312] RIP: 0033:0x7f1707377299 [ 271.206867][ T9312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.215126][ T9312] RSP: 002b:00007f1708084048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 271.218789][ T9312] RAX: ffffffffffffffda RBX: 00007f1707505f80 RCX: 00007f1707377299 [ 271.222353][ T9312] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000006 [ 271.225349][ T9312] RBP: 00007f17080840a0 R08: 0000000000000000 R09: 0000000000000000 [ 271.228398][ T9312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.231587][ T9312] R13: 000000000000000b R14: 00007f1707505f80 R15: 00007fff7da13d38 [ 271.235292][ T9312] [ 271.410441][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1179'. [ 271.414461][ T9317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1179'. [ 271.658292][ T9326] netlink: 'syz.1.1182': attribute type 3 has an invalid length. [ 272.562395][ T9344] __nla_validate_parse: 2 callbacks suppressed [ 272.562412][ T9344] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1186'. [ 272.569218][ T9344] netlink: 'syz.2.1186': attribute type 1 has an invalid length. [ 272.573205][ T9344] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1186'. [ 273.668461][ T9375] netlink: 'syz.0.1193': attribute type 3 has an invalid length. [ 273.671971][ T9375] netlink: 196520 bytes leftover after parsing attributes in process `syz.0.1193'. [ 273.688410][ T9372] serio: Serial port ptm0 [ 273.858938][ T9378] FAULT_INJECTION: forcing a failure. [ 273.858938][ T9378] name failslab, interval 1, probability 0, space 0, times 0 [ 273.872074][ T9378] CPU: 0 UID: 0 PID: 9378 Comm: syz.1.1194 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 273.876577][ T9378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 273.881490][ T9378] Call Trace: [ 273.882994][ T9378] [ 273.884342][ T9378] dump_stack_lvl+0x16c/0x1f0 [ 273.886473][ T9378] should_fail_ex+0x497/0x5b0 [ 273.888612][ T9378] ? fs_reclaim_acquire+0xae/0x160 [ 273.890920][ T9378] should_failslab+0xc2/0x120 [ 273.893089][ T9378] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 273.895504][ T9378] ? getname_flags.part.0+0x4c/0x550 [ 273.897894][ T9378] getname_flags.part.0+0x4c/0x550 [ 273.900224][ T9378] getname+0x8d/0xe0 [ 273.902013][ T9378] do_sys_openat2+0x104/0x1e0 [ 273.904125][ T9378] ? __pfx_do_sys_openat2+0x10/0x10 [ 273.906450][ T9378] ? __pfx___schedule+0x10/0x10 [ 273.908658][ T9378] __x64_sys_openat+0x175/0x210 [ 273.910849][ T9378] ? __pfx___x64_sys_openat+0x10/0x10 [ 273.913111][ T9378] do_syscall_64+0xcd/0x250 [ 273.914926][ T9378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.917277][ T9378] RIP: 0033:0x7fe431b77299 [ 273.919051][ T9378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.927131][ T9378] RSP: 002b:00007fe43299d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 273.930956][ T9378] RAX: ffffffffffffffda RBX: 00007fe431d05f80 RCX: 00007fe431b77299 [ 273.934617][ T9378] RDX: 0000000000000002 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 273.938218][ T9378] RBP: 00007fe43299d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 273.941803][ T9378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.945185][ T9378] R13: 000000000000000b R14: 00007fe431d05f80 R15: 00007ffdc7141f58 [ 273.948654][ T9378] [ 274.278459][ T39] audit: type=1400 audit(1722139593.396:632): avc: denied { accept } for pid=9388 comm="syz.3.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 274.287336][ T39] audit: type=1400 audit(1722139593.396:633): avc: denied { read } for pid=9388 comm="syz.3.1199" dev="sockfs" ino=29213 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 274.289624][ T9389] 9pnet_fd: Insufficient options for proto=fd [ 276.115372][ T9400] FAULT_INJECTION: forcing a failure. [ 276.115372][ T9400] name failslab, interval 1, probability 0, space 0, times 0 [ 276.126998][ T9400] CPU: 0 UID: 0 PID: 9400 Comm: syz.1.1201 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 276.131618][ T9400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 276.136602][ T9400] Call Trace: [ 276.138538][ T9400] [ 276.140135][ T9400] dump_stack_lvl+0x16c/0x1f0 [ 276.142194][ T9400] should_fail_ex+0x497/0x5b0 [ 276.144316][ T9400] ? fs_reclaim_acquire+0xae/0x160 [ 276.146182][ T9400] should_failslab+0xc2/0x120 [ 276.147945][ T9400] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 276.150080][ T9400] ? taskstats_exit+0x656/0xbe0 [ 276.152144][ T9400] taskstats_exit+0x656/0xbe0 [ 276.154322][ T9400] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 276.156868][ T9400] ? __pfx_taskstats_exit+0x10/0x10 [ 276.159340][ T9400] ? _raw_spin_unlock_irq+0x23/0x50 [ 276.161685][ T9400] ? __seccomp_filter_orphan+0x18/0x140 [ 276.164120][ T9400] ? __put_seccomp_filter+0x16/0x100 [ 276.166414][ T9400] do_exit+0x84a/0x2bb0 [ 276.168378][ T9400] ? get_signal+0x8f2/0x2770 [ 276.170450][ T9400] ? __pfx_do_exit+0x10/0x10 [ 276.172519][ T9400] ? do_raw_spin_lock+0x12d/0x2c0 [ 276.174752][ T9400] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 276.177125][ T9400] do_group_exit+0xd3/0x2a0 [ 276.179095][ T9400] get_signal+0x25fd/0x2770 [ 276.181123][ T9400] ? __pfx_child_wait_callback+0x10/0x10 [ 276.183690][ T9400] ? __pfx_get_signal+0x10/0x10 [ 276.185762][ T9400] ? __do_sys_wait4+0xd2/0x170 [ 276.188193][ T9400] arch_do_signal_or_restart+0x90/0x7e0 [ 276.190803][ T9400] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 276.193871][ T9400] ? __pfx_ksys_write+0x10/0x10 [ 276.196897][ T9400] syscall_exit_to_user_mode+0x150/0x2a0 [ 276.199452][ T9400] do_syscall_64+0xda/0x250 [ 276.201403][ T9400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.203698][ T9400] RIP: 0033:0x7fe431b77299 [ 276.205598][ T9400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.213817][ T9400] RSP: 002b:00007fe43297c048 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 276.217400][ T9400] RAX: fffffffffffffe00 RBX: 00007fe431d06058 RCX: 00007fe431b77299 [ 276.220855][ T9400] RDX: 0000000040000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 276.224125][ T9400] RBP: 00007fe43297c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 276.226656][ T9400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 276.229896][ T9400] R13: 000000000000006e R14: 00007fe431d06058 R15: 00007ffdc7141f58 [ 276.233464][ T9400] [ 276.795094][ T39] audit: type=1326 audit(1722139595.906:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9415 comm="syz.3.1209" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75b9977299 code=0x0 [ 276.816040][ T39] audit: type=1326 audit(1722139595.936:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9418 comm="syz.0.1208" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0f45b77299 code=0x0 [ 278.698498][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.853695][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.949520][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.073296][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.107353][ T5345] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 279.113670][ T5345] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 279.120749][ T5345] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 279.132379][ T5345] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 279.141931][ T5345] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 279.163740][ T5345] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 279.300960][ T9460] lo speed is unknown, defaulting to 1000 [ 279.346727][ T64] bridge_slave_1: left allmulticast mode [ 279.349325][ T64] bridge_slave_1: left promiscuous mode [ 279.353312][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.366443][ T64] bridge_slave_0: left allmulticast mode [ 279.371718][ T64] bridge_slave_0: left promiscuous mode [ 279.379591][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.880761][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.906042][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.913833][ T64] bond0 (unregistering): Released all slaves [ 280.145316][ T9460] chnl_net:caif_netlink_parms(): no params data found [ 280.326470][ T834] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 280.350502][ T9460] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.353748][ T9460] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.358021][ T9460] bridge_slave_0: entered allmulticast mode [ 280.361887][ T9460] bridge_slave_0: entered promiscuous mode [ 280.397267][ T9460] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.400150][ T9460] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.403373][ T9460] bridge_slave_1: entered allmulticast mode [ 280.410265][ T9460] bridge_slave_1: entered promiscuous mode [ 280.516405][ T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 280.521280][ T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 280.526568][ T834] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 280.532254][ T834] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 280.537532][ T834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.550602][ T9460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.558206][ T834] usb 8-1: config 0 descriptor?? [ 280.574561][ T9466] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 280.586752][ T9460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 280.780078][ T9460] team0: Port device team_slave_0 added [ 280.786395][ T9460] team0: Port device team_slave_1 added [ 280.901737][ T64] hsr_slave_0: left promiscuous mode [ 280.909043][ T64] hsr_slave_1: left promiscuous mode [ 280.913599][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.918294][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.924854][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 280.929855][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.976466][ T64] veth1_macvtap: left promiscuous mode [ 280.980015][ T64] veth0_macvtap: left promiscuous mode [ 280.982209][ T64] veth1_vlan: left promiscuous mode [ 280.984674][ T64] veth0_vlan: left promiscuous mode [ 281.225498][ T5343] Bluetooth: hci0: command tx timeout [ 281.399488][ T9488] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 281.903573][ T9500] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1226'. [ 281.922263][ T9500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1226'. [ 281.928377][ T9500] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1226'. [ 281.939832][ T834] usbhid 8-1:0.0: can't add hid device: -71 [ 281.943190][ T834] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 281.960173][ T834] usb 8-1: USB disconnect, device number 4 [ 282.392082][ T64] team0 (unregistering): Port device team_slave_1 removed [ 282.529418][ T64] team0 (unregistering): Port device team_slave_0 removed [ 282.735477][ T9504] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1227'. [ 283.294938][ T5343] Bluetooth: hci0: command tx timeout [ 283.518575][ T9460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.521820][ T9460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.532458][ T9460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.538735][ T9460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.541434][ T9460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.550768][ T9460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.806758][ T9519] FAULT_INJECTION: forcing a failure. [ 283.806758][ T9519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 283.812344][ T9519] CPU: 2 UID: 0 PID: 9519 Comm: syz.3.1231 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 283.816801][ T9519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 283.821193][ T9519] Call Trace: [ 283.822685][ T9519] [ 283.823996][ T9519] dump_stack_lvl+0x16c/0x1f0 [ 283.826051][ T9519] should_fail_ex+0x497/0x5b0 [ 283.828069][ T9519] _copy_from_user+0x30/0xf0 [ 283.830075][ T9519] __sys_bpf+0x21c/0x4a20 [ 283.832040][ T9519] ? ksys_write+0x21c/0x260 [ 283.834202][ T9519] ? reacquire_held_locks+0x410/0x4c0 [ 283.836428][ T9519] ? __pfx___sys_bpf+0x10/0x10 [ 283.838332][ T9519] ? vfs_write+0x14d/0x1140 [ 283.840184][ T9519] ? __mutex_unlock_slowpath+0x164/0x650 [ 283.842601][ T9519] ? fput+0x32/0x390 [ 283.844312][ T9519] ? ksys_write+0x1ab/0x260 [ 283.846296][ T9519] ? __pfx_ksys_write+0x10/0x10 [ 283.848394][ T9519] __x64_sys_bpf+0x78/0xc0 [ 283.850324][ T9519] ? lockdep_hardirqs_on+0x7c/0x110 [ 283.852603][ T9519] do_syscall_64+0xcd/0x250 [ 283.854593][ T9519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.857103][ T9519] RIP: 0033:0x7f75b9977299 [ 283.859030][ T9519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.867095][ T9519] RSP: 002b:00007f75ba7f8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 283.870623][ T9519] RAX: ffffffffffffffda RBX: 00007f75b9b05f80 RCX: 00007f75b9977299 [ 283.873957][ T9519] RDX: 0000000000000040 RSI: 00000000200005c0 RDI: 000000000000001c [ 283.877289][ T9519] RBP: 00007f75ba7f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 283.880456][ T9519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.883901][ T9519] R13: 000000000000000b R14: 00007f75b9b05f80 R15: 00007ffc733350a8 [ 283.887313][ T9519] [ 284.039703][ T9460] hsr_slave_0: entered promiscuous mode [ 284.080026][ T9460] hsr_slave_1: entered promiscuous mode [ 284.086599][ T9460] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 284.089868][ T9460] Cannot create hsr debugfs directory [ 284.311115][ T9534] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 284.642614][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 284.858092][ T9553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1239'. [ 284.864570][ T9553] netlink: 'syz.2.1239': attribute type 3 has an invalid length. [ 284.868633][ T9553] netlink: 196520 bytes leftover after parsing attributes in process `syz.2.1239'. [ 285.053509][ T9460] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 285.063171][ T9570] netlink: 'syz.2.1241': attribute type 10 has an invalid length. [ 285.084158][ T9570] batman_adv: batadv0: Adding interface: team0 [ 285.087429][ T9570] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.099444][ T9570] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 285.104463][ T9460] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 285.118881][ T9460] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 285.125322][ T9570] netlink: 'syz.2.1241': attribute type 10 has an invalid length. [ 285.128360][ T9570] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1241'. [ 285.132282][ T9570] team0: entered promiscuous mode [ 285.134637][ T9570] team_slave_0: entered promiscuous mode [ 285.137837][ T9570] team_slave_1: entered promiscuous mode [ 285.142524][ T9570] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.145411][ T9570] batman_adv: batadv0: Interface activated: team0 [ 285.147906][ T9570] batman_adv: batadv0: Interface deactivated: team0 [ 285.150385][ T9570] batman_adv: batadv0: Removing interface: team0 [ 285.173163][ T9570] bridge0: port 3(team0) entered blocking state [ 285.175843][ T9570] bridge0: port 3(team0) entered disabled state [ 285.178573][ T9570] team0: entered allmulticast mode [ 285.180750][ T9570] team_slave_0: entered allmulticast mode [ 285.183332][ T9570] team_slave_1: entered allmulticast mode [ 285.191411][ T9570] bridge0: port 3(team0) entered blocking state [ 285.194355][ T9570] bridge0: port 3(team0) entered listening state [ 285.204948][ T9460] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 285.332332][ T9460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.353138][ T9460] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.363752][ T832] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.366848][ T832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.375049][ T5343] Bluetooth: hci0: command tx timeout [ 285.382422][ T5379] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.385191][ T5379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.691655][ T9460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 285.735760][ T9460] veth0_vlan: entered promiscuous mode [ 285.746122][ T9460] veth1_vlan: entered promiscuous mode [ 285.769005][ T9460] veth0_macvtap: entered promiscuous mode [ 285.779921][ T9460] veth1_macvtap: entered promiscuous mode [ 285.825350][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.830752][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.836556][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.840965][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.865566][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.870102][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.874378][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.879407][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.887323][ T9460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 285.900128][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.905164][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.909468][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.914143][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.919098][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.923374][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.929542][ T9460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.930111][ T39] audit: type=1400 audit(1722139605.046:636): avc: denied { map } for pid=9595 comm="syz.3.1244" path="/dev/usbmon0" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 285.933925][ T9460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.937310][ T9460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.958119][ T9460] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.961743][ T9460] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.970211][ T9460] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.973968][ T9460] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.018664][ T9600] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 286.035797][ T9600] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1245'. [ 286.046323][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.055050][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.084096][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.087660][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.150907][ T9606] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 286.157728][ T9606] qnx6: wrong signature (magic) in superblock #1. [ 286.160470][ T9606] qnx6: unable to read the first superblock [ 286.207552][ T9609] Bluetooth: MGMT ver 1.23 [ 286.210286][ T39] audit: type=1326 audit(1722139605.326:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9608 comm="syz.0.1248" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe13c977299 code=0x0 [ 286.498566][ T9614] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=9614 comm=syz.2.1249 [ 286.814455][ T39] audit: type=1400 audit(1722139605.926:638): avc: denied { read } for pid=9621 comm="syz.2.1251" dev="sockfs" ino=31347 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 286.820769][ T9622] 9pnet_fd: Insufficient options for proto=fd [ 287.324642][ T9635] netlink: 'syz.0.1253': attribute type 10 has an invalid length. [ 287.358901][ T39] audit: type=1326 audit(1722139606.476:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9636 comm="syz.2.1255" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1707377299 code=0x0 [ 287.374645][ T9635] batman_adv: batadv0: Adding interface: team0 [ 287.377804][ T9635] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.390753][ T9635] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 287.399146][ T9629] netlink: 'syz.0.1253': attribute type 10 has an invalid length. [ 287.402471][ T9629] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1253'. [ 287.406163][ T9629] team0: entered promiscuous mode [ 287.407950][ T9629] team_slave_0: entered promiscuous mode [ 287.411045][ T9629] team_slave_1: entered promiscuous mode [ 287.414617][ T9638] FAULT_INJECTION: forcing a failure. [ 287.414617][ T9638] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.418823][ T9629] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.422294][ T9638] CPU: 3 UID: 0 PID: 9638 Comm: syz.2.1255 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 287.425980][ T9629] batman_adv: batadv0: Interface activated: team0 [ 287.429802][ T9638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 287.429815][ T9638] Call Trace: [ 287.429821][ T9638] [ 287.429827][ T9638] dump_stack_lvl+0x16c/0x1f0 [ 287.429851][ T9638] should_fail_ex+0x497/0x5b0 [ 287.432861][ T9629] batman_adv: batadv0: Interface deactivated: team0 [ 287.437529][ T9638] _copy_to_user+0x30/0xc0 [ 287.437553][ T9638] simple_read_from_buffer+0xd0/0x160 [ 287.437573][ T9638] proc_fail_nth_read+0x1b0/0x290 [ 287.437590][ T9638] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.439090][ T9629] batman_adv: batadv0: Removing interface: team0 [ 287.440491][ T9638] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.440510][ T9638] vfs_read+0x1d4/0xbd0 [ 287.466145][ T9638] ? __fdget_pos+0xeb/0x180 [ 287.468053][ T9638] ? kasan_quarantine_put+0x10a/0x240 [ 287.470656][ T9638] ? __pfx_vfs_read+0x10/0x10 [ 287.472744][ T9638] ? __pfx___mutex_lock+0x10/0x10 [ 287.475226][ T9638] ? __fget_files+0x256/0x400 [ 287.477453][ T9638] ksys_read+0x12f/0x260 [ 287.479731][ T9638] ? __pfx_ksys_read+0x10/0x10 [ 287.482156][ T9638] do_syscall_64+0xcd/0x250 [ 287.484538][ T9638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.487742][ T9638] RIP: 0033:0x7f1707375d7c [ 287.490913][ T9638] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 287.499236][ T9638] RSP: 002b:00007f1708063040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 287.502824][ T9638] RAX: ffffffffffffffda RBX: 00007f1707506058 RCX: 00007f1707375d7c [ 287.506845][ T9638] RDX: 000000000000000f RSI: 00007f17080630b0 RDI: 0000000000000004 [ 287.510839][ T9638] RBP: 00007f17080630a0 R08: 0000000000000000 R09: 0000000000000000 [ 287.514656][ T9638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.518366][ T9638] R13: 000000000000006e R14: 00007f1707506058 R15: 00007fff7da13d38 [ 287.521737][ T9638] [ 287.534871][ T5345] Bluetooth: hci0: command tx timeout [ 287.554011][ T9629] bridge0: port 3(team0) entered blocking state [ 287.557376][ T9629] bridge0: port 3(team0) entered disabled state [ 287.560157][ T9629] team0: entered allmulticast mode [ 287.563961][ T9629] team_slave_0: entered allmulticast mode [ 287.566614][ T9629] team_slave_1: entered allmulticast mode [ 287.571375][ T9629] bridge0: port 3(team0) entered blocking state [ 287.574356][ T9629] bridge0: port 3(team0) entered forwarding state [ 288.126066][ T9666] tipc: Enabling of bearer rejected, failed to enable media [ 288.177466][ T9665] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 288.200209][ T9665] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1264'. [ 288.361778][ T9674] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 288.373816][ T9674] qnx6: wrong signature (magic) in superblock #1. [ 288.377981][ T9674] qnx6: unable to read the first superblock [ 288.380566][ T39] audit: type=1400 audit(1722139607.496:640): avc: denied { write } for pid=9670 comm="syz.1.1266" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 288.671939][ T9678] FAULT_INJECTION: forcing a failure. [ 288.671939][ T9678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.677748][ T9678] CPU: 2 UID: 0 PID: 9678 Comm: syz.3.1269 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 288.682435][ T9678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 288.686972][ T9678] Call Trace: [ 288.688450][ T9678] [ 288.689847][ T9678] dump_stack_lvl+0x16c/0x1f0 [ 288.692001][ T9678] should_fail_ex+0x497/0x5b0 [ 288.694502][ T9678] _copy_to_user+0x30/0xc0 [ 288.696540][ T9678] simple_read_from_buffer+0xd0/0x160 [ 288.699151][ T9678] proc_fail_nth_read+0x1b0/0x290 [ 288.701348][ T9678] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 288.703699][ T9678] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 288.706026][ T9678] vfs_read+0x1d4/0xbd0 [ 288.707820][ T9678] ? __fdget_pos+0xeb/0x180 [ 288.709869][ T9678] ? __pfx_vfs_read+0x10/0x10 [ 288.712299][ T9678] ? __pfx___mutex_lock+0x10/0x10 [ 288.714584][ T9678] ? __fget_files+0x256/0x400 [ 288.716562][ T9678] ksys_read+0x12f/0x260 [ 288.718387][ T9678] ? __pfx_ksys_read+0x10/0x10 [ 288.720524][ T9678] do_syscall_64+0xcd/0x250 [ 288.722479][ T9678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.725531][ T9678] RIP: 0033:0x7f75b9975d7c [ 288.727827][ T9678] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 288.737826][ T9678] RSP: 002b:00007f75ba7f8040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 288.742050][ T9678] RAX: ffffffffffffffda RBX: 00007f75b9b05f80 RCX: 00007f75b9975d7c [ 288.745732][ T9678] RDX: 000000000000000f RSI: 00007f75ba7f80b0 RDI: 0000000000000003 [ 288.749727][ T9678] RBP: 00007f75ba7f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 288.753510][ T9678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.757096][ T9678] R13: 000000000000000b R14: 00007f75b9b05f80 R15: 00007ffc733350a8 [ 288.760711][ T9678] [ 288.820658][ T39] audit: type=1326 audit(1722139607.936:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9672 comm="syz.0.1267" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe13c977299 code=0x0 [ 289.225830][ T5345] Bluetooth: hci4: command 0x0406 tx timeout [ 289.329835][ T9694] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1274'. [ 289.335866][ T9694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1274'. [ 289.340738][ T9694] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1274'. [ 289.605092][ T9697] process 'syz.0.1275' launched './file1' with NULL argv: empty string added [ 289.609051][ T39] audit: type=1400 audit(1722139608.716:642): avc: denied { execute } for pid=9695 comm="syz.0.1275" name="file1" dev="ramfs" ino=29596 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 289.628806][ T39] audit: type=1400 audit(1722139608.746:643): avc: denied { execute_no_trans } for pid=9695 comm="syz.0.1275" path="/9/file0/file1" dev="ramfs" ino=29596 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 289.708489][ T9701] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 289.726515][ T9701] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1276'. [ 289.834336][ T9704] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 289.848716][ T9704] qnx6: wrong signature (magic) in superblock #1. [ 289.855541][ T9704] qnx6: unable to read the first superblock [ 290.310744][ T39] audit: type=1326 audit(1722139609.426:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9717 comm="syz.1.1282" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe431b77299 code=0x0 [ 290.475035][ T834] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 290.668158][ T834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 290.673608][ T834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 290.679739][ T834] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 290.687220][ T834] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 290.691770][ T834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.700602][ T834] usb 5-1: config 0 descriptor?? [ 290.703764][ T9720] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 290.879052][ T39] audit: type=1400 audit(1722139609.996:645): avc: denied { write } for pid=9726 comm="syz.3.1285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 291.042124][ T9729] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 291.052994][ T9729] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1286'. [ 291.082217][ T9731] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=9731 comm=syz.3.1287 [ 291.101722][ T9734] FAULT_INJECTION: forcing a failure. [ 291.101722][ T9734] name failslab, interval 1, probability 0, space 0, times 0 [ 291.109711][ T9734] CPU: 0 UID: 0 PID: 9734 Comm: syz.1.1288 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 291.114803][ T9734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.119417][ T9734] Call Trace: [ 291.120572][ T9734] [ 291.121654][ T9734] dump_stack_lvl+0x16c/0x1f0 [ 291.123712][ T9734] should_fail_ex+0x497/0x5b0 [ 291.126050][ T9734] should_failslab+0xc2/0x120 [ 291.128097][ T9734] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 291.130587][ T9734] ? __build_skb+0x3f/0x90 [ 291.132744][ T9734] __build_skb+0x3f/0x90 [ 291.134287][ T9734] netlink_alloc_large_skb+0xb5/0x130 [ 291.136440][ T9734] netlink_sendmsg+0x689/0xd70 [ 291.138474][ T9734] ? __pfx_netlink_sendmsg+0x10/0x10 [ 291.140709][ T9734] sock_sendmsg+0x3cb/0x470 [ 291.142664][ T9734] ? pipe_lock+0x64/0x80 [ 291.144696][ T9734] ? __pfx_sock_sendmsg+0x10/0x10 [ 291.146895][ T9734] ? __pfx_lock_release+0x10/0x10 [ 291.149072][ T9734] splice_to_socket+0xab2/0x1040 [ 291.150749][ T9734] ? __pfx_splice_to_socket+0x10/0x10 [ 291.152985][ T9734] ? mark_lock+0xb5/0xc60 [ 291.154914][ T9734] ? inode_has_perm+0x16f/0x1d0 [ 291.156915][ T9734] ? security_file_permission+0x98/0xc0 [ 291.159210][ T9734] ? __pfx_splice_to_socket+0x10/0x10 [ 291.161468][ T9734] do_splice+0x148c/0x1f90 [ 291.163327][ T9734] ? find_held_lock+0x2d/0x110 [ 291.164968][ T9734] ? __pfx_do_splice+0x10/0x10 [ 291.167312][ T9734] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 291.170159][ T9734] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 291.172758][ T9734] __do_splice+0x327/0x360 [ 291.174695][ T9734] ? __pfx___do_splice+0x10/0x10 [ 291.176840][ T9734] __x64_sys_splice+0x1d2/0x260 [ 291.178988][ T9734] do_syscall_64+0xcd/0x250 [ 291.181202][ T9734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.184252][ T9734] RIP: 0033:0x7fe431b77299 [ 291.186217][ T9734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.194273][ T9734] RSP: 002b:00007fe43299d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 291.197418][ T9734] RAX: ffffffffffffffda RBX: 00007fe431d05f80 RCX: 00007fe431b77299 [ 291.200375][ T9734] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 291.203117][ T9734] RBP: 00007fe43299d0a0 R08: 0000000000010500 R09: 0000000000000000 [ 291.206893][ T9734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.210145][ T9734] R13: 000000000000000b R14: 00007fe431d05f80 R15: 00007ffdc7141f58 [ 291.213353][ T9734] [ 291.441073][ T9744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1292'. [ 291.446160][ T9744] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1292'. [ 291.450130][ T9744] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1292'. [ 291.717644][ T9754] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 291.885367][ T39] audit: type=1326 audit(1722139611.006:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9749 comm="syz.3.1294" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75b9977299 code=0x0 [ 292.223973][ T834] usbhid 5-1:0.0: can't add hid device: -71 [ 292.226564][ T834] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 292.232329][ T834] usb 5-1: USB disconnect, device number 4 [ 292.687644][ T9774] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1300'. [ 292.694252][ T9774] netlink: 'syz.1.1300': attribute type 3 has an invalid length. [ 292.698625][ T9774] netlink: 196520 bytes leftover after parsing attributes in process `syz.1.1300'. [ 292.872805][ T39] audit: type=1400 audit(1722139611.986:647): avc: denied { ioctl } for pid=9777 comm="syz.3.1302" path="/dev/vhost-net" dev="devtmpfs" ino=1117 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 293.041390][ T39] audit: type=1400 audit(1722139612.146:648): avc: denied { ioctl } for pid=9781 comm="syz.0.1303" path="socket:[29656]" dev="sockfs" ino=29656 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 293.088561][ T39] audit: type=1400 audit(1722139612.206:649): avc: denied { getopt } for pid=9781 comm="syz.0.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 293.146641][ T9788] input: syz0 as /devices/virtual/input/input14 [ 293.324271][ T9795] FAULT_INJECTION: forcing a failure. [ 293.324271][ T9795] name failslab, interval 1, probability 0, space 0, times 0 [ 293.349975][ T9795] CPU: 0 UID: 0 PID: 9795 Comm: syz.0.1308 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 293.354891][ T9795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.360033][ T9795] Call Trace: [ 293.361674][ T9795] [ 293.363015][ T9795] dump_stack_lvl+0x16c/0x1f0 [ 293.365887][ T9795] should_fail_ex+0x497/0x5b0 [ 293.368342][ T9795] should_failslab+0xc2/0x120 [ 293.370502][ T9795] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 293.372880][ T9795] ? __build_skb+0x3f/0x90 [ 293.374597][ T9795] __build_skb+0x3f/0x90 [ 293.376707][ T9795] build_skb+0x22/0x280 [ 293.378546][ T9795] __tun_build_skb+0x2c/0x340 [ 293.380364][ T9795] tun_build_skb.constprop.0+0x8bf/0x1390 [ 293.383497][ T9795] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 293.392066][ T9795] ? __pfx___lock_acquire+0x10/0x10 [ 293.394402][ T9795] ? __pfx_mark_lock+0x10/0x10 [ 293.400601][ T9795] tun_get_user+0x888/0x3c30 [ 293.402547][ T9795] ? __pfx_tun_get_user+0x10/0x10 [ 293.404664][ T9795] ? find_held_lock+0x2d/0x110 [ 293.406871][ T9795] ? __pfx_lock_release+0x10/0x10 [ 293.408831][ T9795] tun_chr_write_iter+0xe8/0x210 [ 293.410693][ T9795] vfs_write+0x6b6/0x1140 [ 293.412550][ T9795] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 293.414875][ T9795] ? __pfx_vfs_write+0x10/0x10 [ 293.416961][ T9795] ? __fget_files+0x256/0x400 [ 293.419215][ T9795] ? __fget_light+0x173/0x210 [ 293.421264][ T9795] ksys_write+0x12f/0x260 [ 293.423112][ T9795] ? __pfx_ksys_write+0x10/0x10 [ 293.425212][ T9795] do_syscall_64+0xcd/0x250 [ 293.427107][ T9795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.429634][ T9795] RIP: 0033:0x7fe13c975e1f [ 293.431520][ T9795] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 293.440434][ T9795] RSP: 002b:00007fe13d741010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 293.443334][ T9795] RAX: ffffffffffffffda RBX: 00007fe13cb05f80 RCX: 00007fe13c975e1f [ 293.446644][ T9795] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 00000000000000c8 [ 293.449908][ T9795] RBP: 00007fe13d7410a0 R08: 0000000000000000 R09: 0000000000000000 [ 293.452994][ T9795] R10: 0000000000000012 R11: 0000000000000293 R12: 0000000000000001 [ 293.456709][ T9795] R13: 000000000000000b R14: 00007fe13cb05f80 R15: 00007fffbecaf0f8 [ 293.459479][ T9795] [ 293.460937][ C0] vkms_vblank_simulate: vblank timer overrun [ 293.644950][ T39] audit: type=1400 audit(1722139612.756:650): avc: denied { mounton } for pid=9797 comm="syz.0.1309" path="/14/file0/file0" dev="9p" ino=36701659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 294.204581][ T9810] lo speed is unknown, defaulting to 1000 [ 294.354890][ T5160] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 294.568432][ T5160] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 294.579947][ T9819] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1316'. [ 294.584702][ T5160] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 294.590754][ T5160] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 294.624854][ T5160] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 294.628832][ T5160] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.639889][ T9819] netlink: 'syz.3.1316': attribute type 3 has an invalid length. [ 294.643372][ T5160] usb 7-1: config 0 descriptor?? [ 294.643376][ T9819] netlink: 196520 bytes leftover after parsing attributes in process `syz.3.1316'. [ 294.645930][ T9808] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 295.201068][ T5345] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 295.212098][ T5345] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 295.216473][ T5345] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 295.227435][ T5345] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 295.232118][ T5345] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 295.239975][ T5345] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 295.269769][ T40] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.356175][ T9823] lo speed is unknown, defaulting to 1000 [ 295.436234][ T40] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.550609][ T40] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.672123][ T40] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.808135][ T5160] usbhid 7-1:0.0: can't add hid device: -71 [ 295.810827][ T5160] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 295.818804][ T9823] chnl_net:caif_netlink_parms(): no params data found [ 295.826191][ T5160] usb 7-1: USB disconnect, device number 10 [ 295.974683][ T9841] FAULT_INJECTION: forcing a failure. [ 295.974683][ T9841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.981045][ T9841] CPU: 2 UID: 0 PID: 9841 Comm: syz.3.1322 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 295.986082][ T9841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 295.990502][ T9841] Call Trace: [ 295.991794][ T9841] [ 295.993103][ T9841] dump_stack_lvl+0x16c/0x1f0 [ 295.995210][ T9841] should_fail_ex+0x497/0x5b0 [ 295.997323][ T9841] _copy_to_user+0x30/0xc0 [ 295.999305][ T9841] simple_read_from_buffer+0xd0/0x160 [ 296.001669][ T9841] proc_fail_nth_read+0x1b0/0x290 [ 296.003771][ T9841] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 296.006138][ T9841] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 296.008490][ T9841] vfs_read+0x1d4/0xbd0 [ 296.010260][ T9841] ? __fdget_pos+0xeb/0x180 [ 296.012198][ T9841] ? __pfx_vfs_read+0x10/0x10 [ 296.014342][ T9841] ? __pfx___mutex_lock+0x10/0x10 [ 296.016588][ T9841] ? __fget_files+0x256/0x400 [ 296.018640][ T9841] ksys_read+0x12f/0x260 [ 296.020497][ T9841] ? __pfx_ksys_read+0x10/0x10 [ 296.022600][ T9841] do_syscall_64+0xcd/0x250 [ 296.024569][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.026826][ T9841] RIP: 0033:0x7f75b9975d7c [ 296.028559][ T9841] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 296.035551][ T9841] RSP: 002b:00007f75ba7f8040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 296.038584][ T9841] RAX: ffffffffffffffda RBX: 00007f75b9b05f80 RCX: 00007f75b9975d7c [ 296.042063][ T9841] RDX: 000000000000000f RSI: 00007f75ba7f80b0 RDI: 0000000000000004 [ 296.045591][ T9841] RBP: 00007f75ba7f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 296.049056][ T9841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.052303][ T9841] R13: 000000000000000b R14: 00007f75b9b05f80 R15: 00007ffc733350a8 [ 296.055606][ T9841] [ 296.071089][ T9823] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.074257][ T9823] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.082996][ T9823] bridge_slave_0: entered allmulticast mode [ 296.092641][ T9823] bridge_slave_0: entered promiscuous mode [ 296.099103][ T9823] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.103846][ T9823] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.107781][ T9823] bridge_slave_1: entered allmulticast mode [ 296.113429][ T9823] bridge_slave_1: entered promiscuous mode [ 296.157305][ T39] audit: type=1400 audit(1722139615.276:651): avc: denied { read } for pid=9847 comm="syz.3.1325" name="/" dev="configfs" ino=2151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 296.159480][ T5345] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 296.167938][ T39] audit: type=1400 audit(1722139615.276:652): avc: denied { open } for pid=9847 comm="syz.3.1325" path="/216/file0" dev="configfs" ino=2151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 296.244507][ T9823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.256213][ T9823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.359761][ T9823] team0: Port device team_slave_0 added [ 296.371032][ T9823] team0: Port device team_slave_1 added [ 296.463832][ T40] team0: left allmulticast mode [ 296.466039][ T40] team_slave_0: left allmulticast mode [ 296.468867][ T40] team_slave_1: left allmulticast mode [ 296.472245][ T40] bridge0: port 3(team0) entered disabled state [ 296.479652][ T40] bridge_slave_1: left allmulticast mode [ 296.482174][ T40] bridge_slave_1: left promiscuous mode [ 296.485392][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.491435][ T40] bridge_slave_0: left allmulticast mode [ 296.493869][ T40] bridge_slave_0: left promiscuous mode [ 296.497392][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.634532][ T39] audit: type=1326 audit(1722139615.746:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9870 comm="syz.3.1326" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75b9977299 code=0x0 [ 296.760459][ T39] audit: type=1400 audit(1722139615.876:654): avc: denied { mount } for pid=9877 comm="syz.2.1329" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 296.772760][ T39] audit: type=1400 audit(1722139615.886:655): avc: denied { unmount } for pid=9877 comm="syz.2.1329" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 296.871868][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 296.878824][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 296.894158][ T40] bond0 (unregistering): Released all slaves [ 296.903371][ T9823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 296.907904][ T9823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.920366][ T9823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.927248][ T9823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.931947][ T9823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.957582][ T9823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.124394][ T9883] afs: Unknown parameter '' [ 297.202531][ T9823] hsr_slave_0: entered promiscuous mode [ 297.206330][ T9823] hsr_slave_1: entered promiscuous mode [ 297.209619][ T9823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.214313][ T9823] Cannot create hsr debugfs directory [ 297.296087][ T5345] Bluetooth: hci0: command tx timeout [ 297.628808][ T39] audit: type=1326 audit(1722139616.746:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.3.1333" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75b9977299 code=0x0 [ 297.702380][ T40] hsr_slave_0: left promiscuous mode [ 297.712320][ T40] hsr_slave_1: left promiscuous mode [ 297.716563][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.719863][ T40] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.723740][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.727017][ T40] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.777423][ T40] veth1_macvtap: left promiscuous mode [ 297.779876][ T40] veth0_macvtap: left promiscuous mode [ 297.782640][ T40] veth1_vlan: left promiscuous mode [ 297.789871][ T40] veth0_vlan: left promiscuous mode [ 298.217060][ T9919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1336'. [ 298.282133][ T9920] netlink: 'syz.1.1336': attribute type 3 has an invalid length. [ 298.288303][ T9920] netlink: 196520 bytes leftover after parsing attributes in process `syz.1.1336'. [ 298.633915][ T39] audit: type=1400 audit(1722139617.746:657): avc: denied { bind } for pid=9924 comm="syz.2.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 298.645108][ T39] audit: type=1400 audit(1722139617.756:658): avc: denied { write } for pid=9924 comm="syz.2.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 299.282117][ T40] team_slave_1 (unregistering): left promiscuous mode [ 299.300094][ T40] team0 (unregistering): Port device team_slave_1 removed [ 299.375070][ T5345] Bluetooth: hci0: command tx timeout [ 299.435919][ T40] team_slave_0 (unregistering): left promiscuous mode [ 299.440455][ T40] team0 (unregistering): Port device team_slave_0 removed [ 300.578280][ C0] bridge0: port 3(team0) entered learning state [ 301.080748][ T9823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 301.099647][ T9823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 301.115235][ T9823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 301.125917][ T9823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 301.325391][ T9823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.353606][ T9823] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.366669][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.369856][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.383488][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.386404][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.466899][ T5345] Bluetooth: hci0: command tx timeout [ 301.644870][ T39] audit: type=1400 audit(1722139620.756:659): avc: denied { sqpoll } for pid=9993 comm="syz.2.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 301.649399][ T9823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.761104][ T9823] veth0_vlan: entered promiscuous mode [ 301.776587][ T9823] veth1_vlan: entered promiscuous mode [ 301.874261][ T9823] veth0_macvtap: entered promiscuous mode [ 301.926366][ T9823] veth1_macvtap: entered promiscuous mode [ 301.958988][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.963056][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.973402][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.978480][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.984155][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.988957][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.993090][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.001041][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.007077][ T9823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.017748][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.022217][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.029111][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.033657][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.039428][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.044844][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.049337][ T9823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.054989][ T9823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.060779][ T9823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.069166][ T9823] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.072920][ T9823] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.076510][ T9823] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.080115][ T9823] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.103766][T10011] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1350'. [ 302.111298][T10011] netlink: 'syz.3.1350': attribute type 3 has an invalid length. [ 302.114757][T10011] netlink: 196520 bytes leftover after parsing attributes in process `syz.3.1350'. [ 302.237913][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.241530][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.315801][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.319759][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.418904][T10018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1319'. [ 302.427033][T10018] netlink: 'syz.0.1319': attribute type 3 has an invalid length. [ 302.430516][T10018] netlink: 196520 bytes leftover after parsing attributes in process `syz.0.1319'. [ 303.196018][T10025] netlink: 'syz.1.1354': attribute type 10 has an invalid length. [ 303.201590][T10025] netlink: 'syz.1.1354': attribute type 10 has an invalid length. [ 303.207231][T10025] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1354'. [ 303.211154][T10025] team0: entered promiscuous mode [ 303.217155][T10025] team_slave_0: entered promiscuous mode [ 303.225162][T10025] team_slave_1: entered promiscuous mode [ 303.232217][T10025] 8021q: adding VLAN 0 to HW filter on device team0 [ 303.239936][T10025] batman_adv: batadv0: Interface activated: team0 [ 303.271245][T10025] batman_adv: batadv0: Interface deactivated: team0 [ 303.282225][T10025] batman_adv: batadv0: Removing interface: team0 [ 303.317070][T10025] bridge0: port 3(team0) entered blocking state [ 303.331974][T10025] bridge0: port 3(team0) entered disabled state [ 303.336849][T10025] team0: entered allmulticast mode [ 303.339698][T10025] team_slave_0: entered allmulticast mode [ 303.345471][T10025] team_slave_1: entered allmulticast mode [ 303.359931][T10025] bridge0: port 3(team0) entered blocking state [ 303.362958][T10025] bridge0: port 3(team0) entered listening state [ 303.535136][ T5345] Bluetooth: hci0: command tx timeout [ 304.054687][ T39] audit: type=1400 audit(1722139623.166:660): avc: denied { listen } for pid=10035 comm="syz.1.1357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 304.066846][ T39] audit: type=1400 audit(1722139623.186:661): avc: denied { accept } for pid=10035 comm="syz.1.1357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 304.251720][T10039] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1358'. [ 304.263934][T10039] netlink: 'syz.2.1358': attribute type 3 has an invalid length. [ 304.268885][T10039] netlink: 196520 bytes leftover after parsing attributes in process `syz.2.1358'. [ 304.385723][T10043] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 304.460975][T10045] FAULT_INJECTION: forcing a failure. [ 304.460975][T10045] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.467492][T10045] CPU: 0 UID: 0 PID: 10045 Comm: syz.0.1361 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 304.472061][T10045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.476763][T10045] Call Trace: [ 304.478256][T10045] [ 304.479569][T10045] dump_stack_lvl+0x16c/0x1f0 [ 304.481644][T10045] should_fail_ex+0x497/0x5b0 [ 304.483750][T10045] _copy_to_user+0x30/0xc0 [ 304.485853][T10045] simple_read_from_buffer+0xd0/0x160 [ 304.488242][T10045] proc_fail_nth_read+0x1b0/0x290 [ 304.490466][T10045] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 304.492837][T10045] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 304.495263][T10045] vfs_read+0x1d4/0xbd0 [ 304.497150][T10045] ? __fdget_pos+0xeb/0x180 [ 304.499186][T10045] ? __pfx_vfs_read+0x10/0x10 [ 304.501361][T10045] ? __pfx___mutex_lock+0x10/0x10 [ 304.504215][T10045] ? __fget_files+0x256/0x400 [ 304.506038][T10045] ksys_read+0x12f/0x260 [ 304.507854][T10045] ? __pfx_ksys_read+0x10/0x10 [ 304.509873][T10045] do_syscall_64+0xcd/0x250 [ 304.511444][T10045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.513454][T10045] RIP: 0033:0x7f98b4375d7c [ 304.515077][T10045] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 304.522087][T10045] RSP: 002b:00007f98b519a040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 304.525563][T10045] RAX: ffffffffffffffda RBX: 00007f98b4505f80 RCX: 00007f98b4375d7c [ 304.528722][T10045] RDX: 000000000000000f RSI: 00007f98b519a0b0 RDI: 0000000000000004 [ 304.531822][T10045] RBP: 00007f98b519a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 304.534676][T10045] R10: 0000000020001c80 R11: 0000000000000246 R12: 0000000000000001 [ 304.537923][T10045] R13: 000000000000000b R14: 00007f98b4505f80 R15: 00007ffd219ac3e8 [ 304.541244][T10045] [ 304.675317][ T35] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 304.730820][T10051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1364'. [ 304.741707][T10051] netlink: 'syz.0.1364': attribute type 3 has an invalid length. [ 304.745386][T10051] netlink: 196520 bytes leftover after parsing attributes in process `syz.0.1364'. [ 304.858659][ T35] usb 7-1: Using ep0 maxpacket: 16 [ 304.863051][ T35] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA5, changing to 0x85 [ 304.868328][ T35] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 104 [ 304.874836][ T35] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 304.878954][ T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.882683][ T35] usb 7-1: Product: syz [ 304.884570][ T35] usb 7-1: Manufacturer: syz [ 304.886920][ T35] usb 7-1: SerialNumber: syz [ 304.893679][ T35] usb 7-1: config 0 descriptor?? [ 304.897989][T10042] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 304.904344][ T35] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input15 [ 304.920231][ C3] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 304.932999][ C2] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 304.934263][T10054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1365'. [ 304.958292][T10054] netlink: 'syz.1.1365': attribute type 3 has an invalid length. [ 304.964146][T10054] netlink: 196520 bytes leftover after parsing attributes in process `syz.1.1365'. [ 305.101806][T10042] FAULT_INJECTION: forcing a failure. [ 305.101806][T10042] name failslab, interval 1, probability 0, space 0, times 0 [ 305.107112][T10042] CPU: 3 UID: 0 PID: 10042 Comm: syz.2.1360 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 305.110990][T10042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 305.115338][T10042] Call Trace: [ 305.116595][T10042] [ 305.117683][T10042] dump_stack_lvl+0x16c/0x1f0 [ 305.119527][T10042] should_fail_ex+0x497/0x5b0 [ 305.121551][T10042] ? fs_reclaim_acquire+0xae/0x160 [ 305.123919][T10042] should_failslab+0xc2/0x120 [ 305.125818][T10042] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 305.127825][T10042] ? alloc_empty_file+0x73/0x1e0 [ 305.129659][T10042] ? __lock_acquire+0xbdd/0x3cb0 [ 305.131717][T10042] alloc_empty_file+0x73/0x1e0 [ 305.133966][T10042] path_openat+0xe0/0x2d20 [ 305.137085][T10042] ? hlock_class+0x4e/0x130 [ 305.139918][T10042] ? __lock_acquire+0x1620/0x3cb0 [ 305.143268][T10042] ? __pfx_path_openat+0x10/0x10 [ 305.146922][T10042] ? __pfx___lock_acquire+0x10/0x10 [ 305.150073][T10042] ? find_held_lock+0x2d/0x110 [ 305.153082][T10042] do_filp_open+0x1dc/0x430 [ 305.156960][T10042] ? __pfx_do_filp_open+0x10/0x10 [ 305.159681][T10042] ? find_held_lock+0x2d/0x110 [ 305.162290][T10042] ? _raw_spin_unlock+0x28/0x50 [ 305.165336][T10042] ? alloc_fd+0x2d7/0x6c0 [ 305.169037][T10042] do_sys_openat2+0x17a/0x1e0 [ 305.171900][T10042] ? __pfx_do_sys_openat2+0x10/0x10 [ 305.175844][T10042] __x64_sys_openat+0x175/0x210 [ 305.178862][T10042] ? __pfx___x64_sys_openat+0x10/0x10 [ 305.182806][T10042] ? ksys_write+0x1ab/0x260 [ 305.186499][T10042] do_syscall_64+0xcd/0x250 [ 305.188643][T10042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.191149][T10042] RIP: 0033:0x7f1707375cd0 [ 305.193229][T10042] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 79 8d 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 cc 8d 02 00 8b 44 [ 305.201659][T10042] RSP: 002b:00007f1708083b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 305.205361][T10042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1707375cd0 [ 305.208923][T10042] RDX: 0000000000000000 RSI: 00007f1708083c20 RDI: 00000000ffffff9c [ 305.212327][T10042] RBP: 00007f1708083c20 R08: 0000000000000000 R09: 0000000000000000 [ 305.215796][T10042] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 305.218951][T10042] R13: 000000000000000b R14: 00007f1707505f80 R15: 00007fff7da13d38 [ 305.222155][T10042] [ 305.277255][ T5379] usb 7-1: USB disconnect, device number 11 [ 305.570447][T10059] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 305.589275][ T40] Bluetooth: hci3: Frame reassembly failed (-84) [ 306.823445][T10076] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 306.830076][ T39] audit: type=1400 audit(1722139625.946:662): avc: denied { shutdown } for pid=10072 comm="syz.0.1372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 307.535380][ C3] ================================================================== [ 307.538919][ C3] BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x41c/0x4e0 [ 307.542154][ C3] Read of size 4 at addr ffffc900033dfa50 by task syz.0.1372/10077 [ 307.548868][ C3] [ 307.549924][ C3] CPU: 3 UID: 0 PID: 10077 Comm: syz.0.1372 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 307.554019][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 307.558530][ C3] Call Trace: [ 307.559987][ C3] [ 307.561226][ C3] dump_stack_lvl+0x116/0x1f0 [ 307.563031][ C3] print_report+0xc3/0x620 [ 307.564961][ C3] ? __virt_addr_valid+0x5e/0x590 [ 307.566950][ C3] kasan_report+0xd9/0x110 [ 307.568851][ C3] ? xdp_do_check_flushed+0x41c/0x4e0 [ 307.571224][ C3] ? xdp_do_check_flushed+0x41c/0x4e0 [ 307.573238][ C3] xdp_do_check_flushed+0x41c/0x4e0 [ 307.575264][ C3] __napi_poll.constprop.0+0xd1/0x550 [ 307.577577][ C3] net_rx_action+0xa92/0x1010 [ 307.579347][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 307.581194][ C3] ? __pfx_mark_lock+0x10/0x10 [ 307.583304][ C3] ? sched_balance_domains+0x285/0xec0 [ 307.585526][ C3] ? mark_held_locks+0x9f/0xe0 [ 307.587452][ C3] handle_softirqs+0x216/0x8f0 [ 307.589650][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 307.592147][ C3] irq_exit_rcu+0xbb/0x120 [ 307.594309][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 307.596922][ C3] [ 307.598012][ C3] [ 307.599135][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 307.601698][ C3] RIP: 0010:write_comp_data+0x11/0x90 [ 307.604081][ C3] Code: cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 3f 52 79 7e <65> 8b 05 40 52 79 7e a9 00 01 ff 00 74 0f f6 c4 01 74 59 8b 82 1c [ 307.611032][ C3] RSP: 0018:ffffc900033deeb0 EFLAGS: 00000202 [ 307.613327][ C3] RAX: 0000000000000000 RBX: ffffc900033def38 RCX: ffffffff813ce4f2 [ 307.616340][ C3] RDX: ffff888021820000 RSI: 0000000000000000 RDI: 0000000000000001 [ 307.619000][ C3] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 307.622045][ C3] R10: 0000000000000002 R11: 0000000000000000 R12: ffffffff90aed7b4 [ 307.625102][ C3] R13: ffffffff90aed7b9 R14: 0000000000000002 R15: ffffc900033def6d [ 307.628011][ C3] ? unwind_next_frame+0x5f2/0x23a0 [ 307.629781][ C3] unwind_next_frame+0x5f2/0x23a0 [ 307.631505][ C3] ? exit_mmap+0x1b8/0xb20 [ 307.633035][ C3] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 307.635121][ C3] arch_stack_walk+0x100/0x170 [ 307.637676][ C3] ? exit_mmap+0x1b8/0xb20 [ 307.639713][ C3] stack_trace_save+0x95/0xd0 [ 307.642146][ C3] ? __pfx_stack_trace_save+0x10/0x10 [ 307.644342][ C3] save_stack+0x162/0x1f0 [ 307.646029][ C3] ? __pfx_save_stack+0x10/0x10 [ 307.648057][ C3] ? __pfx_lock_acquire+0x10/0x10 [ 307.649991][ C3] ? free_unref_folios+0x9e9/0x1390 [ 307.652026][ C3] ? folios_put_refs+0x560/0x760 [ 307.653985][ C3] ? free_pages_and_swap_cache+0x36d/0x510 [ 307.656529][ C3] ? __tlb_batch_free_encoded_pages+0xf9/0x290 [ 307.659352][ C3] ? tlb_flush_mmu+0xe9/0x590 [ 307.661244][ C3] ? unmap_page_range+0x1c88/0x3c10 [ 307.663258][ C3] ? unmap_single_vma+0x194/0x2b0 [ 307.665282][ C3] ? unmap_vmas+0x22f/0x490 [ 307.666959][ C3] ? exit_mmap+0x1b8/0xb20 [ 307.668689][ C3] __reset_page_owner+0x8d/0x400 [ 307.670620][ C3] free_unref_folios+0x9e9/0x1390 [ 307.672594][ C3] folios_put_refs+0x560/0x760 [ 307.674469][ C3] ? __pfx_folios_put_refs+0x10/0x10 [ 307.676637][ C3] ? lru_add_drain_cpu+0x454/0x860 [ 307.677446][ T5343] Bluetooth: hci3: command 0x1003 tx timeout [ 307.678641][ C3] ? prepare_alloc_pages.constprop.0+0x412/0x560 [ 307.678661][ C3] free_pages_and_swap_cache+0x36d/0x510 [ 307.686032][ C3] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 307.688424][ C3] ? __pfx_tlb_is_not_lazy+0x10/0x10 [ 307.690506][ C3] ? __pfx___might_resched+0x10/0x10 [ 307.692236][ T5345] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 307.692556][ C3] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 307.692581][ C3] tlb_flush_mmu+0xe9/0x590 [ 307.692594][ C3] unmap_page_range+0x1c88/0x3c10 [ 307.701272][ C3] ? __pfx_unmap_page_range+0x10/0x10 [ 307.703335][ C3] ? uprobe_munmap+0x20/0x5d0 [ 307.705046][ C3] unmap_single_vma+0x194/0x2b0 [ 307.706705][ C3] unmap_vmas+0x22f/0x490 [ 307.708570][ C3] ? __pfx_unmap_vmas+0x10/0x10 [ 307.710461][ C3] ? __pfx_lock_release+0x10/0x10 [ 307.712430][ C3] ? lru_add_drain_cpu+0x454/0x860 [ 307.714541][ C3] exit_mmap+0x1b8/0xb20 [ 307.716207][ C3] ? __pfx_exit_mmap+0x10/0x10 [ 307.718113][ C3] __mmput+0x12a/0x480 [ 307.719695][ C3] mmput+0x62/0x70 [ 307.721162][ C3] do_exit+0x9bf/0x2bb0 [ 307.722701][ C3] ? get_signal+0x8f2/0x2770 [ 307.724466][ C3] ? __pfx_do_exit+0x10/0x10 [ 307.726071][ C3] ? do_raw_spin_lock+0x12d/0x2c0 [ 307.727795][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 307.729612][ C3] do_group_exit+0xd3/0x2a0 [ 307.731166][ C3] get_signal+0x25fd/0x2770 [ 307.733082][ C3] ? __pfx_get_signal+0x10/0x10 [ 307.735045][ C3] ? __pfx_do_futex+0x10/0x10 [ 307.737040][ C3] arch_do_signal_or_restart+0x90/0x7e0 [ 307.739491][ C3] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 307.741879][ C3] syscall_exit_to_user_mode+0x150/0x2a0 [ 307.744118][ C3] do_syscall_64+0xda/0x250 [ 307.745970][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.748263][ C3] RIP: 0033:0x7f98b4377299 [ 307.750009][ C3] Code: Unable to access opcode bytes at 0x7f98b437726f. [ 307.752694][ C3] RSP: 002b:00007f98b51580f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 307.756911][ C3] RAX: fffffffffffffe00 RBX: 00007f98b4506138 RCX: 00007f98b4377299 [ 307.759999][ C3] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f98b4506138 [ 307.762923][ C3] RBP: 00007f98b4506130 R08: 00007f98b51586c0 R09: 00007f98b51586c0 [ 307.765646][ C3] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98b450613c [ 307.768813][ C3] R13: 000000000000006e R14: 00007ffd219ac300 R15: 00007ffd219ac3e8 [ 307.772181][ C3] [ 307.773392][ C3] [ 307.774333][ C3] The buggy address belongs to stack of task syz.0.1372/10077 [ 307.777193][ C3] and is located at offset 24 in frame: [ 307.779502][ C3] exit_mmap+0x0/0xb20 [ 307.781097][ C3] [ 307.782042][ C3] This frame has 2 objects: [ 307.783782][ C3] [32, 96) 'vmi' [ 307.783791][ C3] [128, 256) 'tlb' [ 307.785048][ C3] [ 307.787207][ C3] The buggy address belongs to the virtual mapping at [ 307.787207][ C3] [ffffc900033d8000, ffffc900033e1000) created by: [ 307.787207][ C3] kernel_clone+0xfd/0x980 [ 307.793969][ C3] [ 307.794928][ C3] The buggy address belongs to the physical page: [ 307.797418][ C3] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801dc4b000 pfn:0x1dc4b [ 307.801286][ C3] memcg:ffff88802bfaaf02 [ 307.802823][ C3] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 307.805787][ C3] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 307.809601][ C3] raw: ffff88801dc4b000 0000000000000000 00000001ffffffff ffff88802bfaaf02 [ 307.813008][ C3] page dumped because: kasan: bad access detected [ 307.815758][ C3] page_owner tracks the page as allocated [ 307.817948][ C3] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 10072, tgid 10072 (syz.0.1372), ts 306803794888, free_ts 306711889128 [ 307.825202][ C3] post_alloc_hook+0x2d1/0x350 [ 307.827065][ C3] get_page_from_freelist+0x1351/0x2e50 [ 307.829477][ C3] __alloc_pages_noprof+0x22b/0x2460 [ 307.831664][ C3] alloc_pages_mpol_noprof+0x275/0x610 [ 307.833795][ C3] __vmalloc_node_range_noprof+0xa6a/0x1520 [ 307.836395][ C3] copy_process+0x2f3b/0x8de0 [ 307.838387][ C3] kernel_clone+0xfd/0x980 [ 307.840092][ C3] __do_sys_clone3+0x1f5/0x270 [ 307.842270][ C3] do_syscall_64+0xcd/0x250 [ 307.844002][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.846440][ C3] page last free pid 0 tgid 0 stack trace: [ 307.849073][ C3] free_unref_page+0x64a/0xe40 [ 307.850890][ C3] __folio_put+0x31c/0x3e0 [ 307.852660][ C3] free_page_and_swap_cache+0x249/0x2c0 [ 307.855015][ C3] tlb_remove_table_rcu+0x89/0xe0 [ 307.857344][ C3] rcu_core+0x828/0x16b0 [ 307.859219][ C3] handle_softirqs+0x216/0x8f0 [ 307.861267][ C3] irq_exit_rcu+0xbb/0x120 [ 307.863323][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 307.865796][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 307.868285][ C3] [ 307.869224][ C3] Memory state around the buggy address: [ 307.871431][ C3] ffffc900033df900: 00 f2 f2 f2 00 f2 f2 f2 00 00 f2 f2 00 00 00 00 [ 307.874570][ C3] ffffc900033df980: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 [ 307.877656][ C3] >ffffc900033dfa00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 [ 307.880753][ C3] ^ [ 307.883297][ C3] ffffc900033dfa80: 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 307.886622][ C3] ffffc900033dfb00: 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 [ 307.889917][ C3] ================================================================== [ 307.893121][ C3] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 307.896415][ C3] CPU: 3 UID: 0 PID: 10077 Comm: syz.0.1372 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 307.900566][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 307.904800][ C3] Call Trace: [ 307.906146][ C3] [ 307.907276][ C3] dump_stack_lvl+0x3d/0x1f0 [ 307.909133][ C3] panic+0x6f5/0x7a0 [ 307.910653][ C3] ? __pfx_panic+0x10/0x10 [ 307.912405][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 307.914387][ C3] check_panic_on_warn+0xab/0xb0 [ 307.916329][ C3] end_report+0x117/0x180 [ 307.917953][ C3] kasan_report+0xe9/0x110 [ 307.919503][ C3] ? xdp_do_check_flushed+0x41c/0x4e0 [ 307.921603][ C3] ? xdp_do_check_flushed+0x41c/0x4e0 [ 307.923821][ C3] xdp_do_check_flushed+0x41c/0x4e0 [ 307.927912][ C3] __napi_poll.constprop.0+0xd1/0x550 [ 307.930137][ C3] net_rx_action+0xa92/0x1010 [ 307.931998][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 307.934122][ C3] ? __pfx_mark_lock+0x10/0x10 [ 307.936327][ C3] ? sched_balance_domains+0x285/0xec0 [ 307.938798][ C3] ? mark_held_locks+0x9f/0xe0 [ 307.940670][ C3] handle_softirqs+0x216/0x8f0 [ 307.942548][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 307.944608][ C3] irq_exit_rcu+0xbb/0x120 [ 307.946360][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 307.948704][ C3] [ 307.949869][ C3] [ 307.951031][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 307.953382][ C3] RIP: 0010:write_comp_data+0x11/0x90 [ 307.955488][ C3] Code: cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 3f 52 79 7e <65> 8b 05 40 52 79 7e a9 00 01 ff 00 74 0f f6 c4 01 74 59 8b 82 1c [ 307.962921][ C3] RSP: 0018:ffffc900033deeb0 EFLAGS: 00000202 [ 307.965325][ C3] RAX: 0000000000000000 RBX: ffffc900033def38 RCX: ffffffff813ce4f2 [ 307.968424][ C3] RDX: ffff888021820000 RSI: 0000000000000000 RDI: 0000000000000001 [ 307.971484][ C3] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 307.974537][ C3] R10: 0000000000000002 R11: 0000000000000000 R12: ffffffff90aed7b4 [ 307.977518][ C3] R13: ffffffff90aed7b9 R14: 0000000000000002 R15: ffffc900033def6d [ 307.980202][ C3] ? unwind_next_frame+0x5f2/0x23a0 [ 307.981986][ C3] unwind_next_frame+0x5f2/0x23a0 [ 307.983717][ C3] ? exit_mmap+0x1b8/0xb20 [ 307.985259][ C3] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 307.987376][ C3] arch_stack_walk+0x100/0x170 [ 307.989445][ C3] ? exit_mmap+0x1b8/0xb20 [ 307.991191][ C3] stack_trace_save+0x95/0xd0 [ 307.993034][ C3] ? __pfx_stack_trace_save+0x10/0x10 [ 307.995271][ C3] save_stack+0x162/0x1f0 [ 307.997153][ C3] ? __pfx_save_stack+0x10/0x10 [ 307.999236][ C3] ? __pfx_lock_acquire+0x10/0x10 [ 308.001593][ C3] ? free_unref_folios+0x9e9/0x1390 [ 308.004040][ C3] ? folios_put_refs+0x560/0x760 [ 308.005970][ C3] ? free_pages_and_swap_cache+0x36d/0x510 [ 308.008225][ C3] ? __tlb_batch_free_encoded_pages+0xf9/0x290 [ 308.010555][ C3] ? tlb_flush_mmu+0xe9/0x590 [ 308.012399][ C3] ? unmap_page_range+0x1c88/0x3c10 [ 308.014416][ C3] ? unmap_single_vma+0x194/0x2b0 [ 308.016386][ C3] ? unmap_vmas+0x22f/0x490 [ 308.018153][ C3] ? exit_mmap+0x1b8/0xb20 [ 308.019905][ C3] __reset_page_owner+0x8d/0x400 [ 308.021881][ C3] free_unref_folios+0x9e9/0x1390 [ 308.023843][ C3] folios_put_refs+0x560/0x760 [ 308.025719][ C3] ? __pfx_folios_put_refs+0x10/0x10 [ 308.027695][ C3] ? lru_add_drain_cpu+0x454/0x860 [ 308.029579][ C3] ? prepare_alloc_pages.constprop.0+0x412/0x560 [ 308.031737][ C3] free_pages_and_swap_cache+0x36d/0x510 [ 308.033647][ C3] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 308.035753][ C3] ? __pfx_tlb_is_not_lazy+0x10/0x10 [ 308.037545][ C3] ? __pfx___might_resched+0x10/0x10 [ 308.039345][ C3] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 308.041897][ C3] tlb_flush_mmu+0xe9/0x590 [ 308.043827][ C3] unmap_page_range+0x1c88/0x3c10 [ 308.045757][ C3] ? __pfx_unmap_page_range+0x10/0x10 [ 308.047835][ C3] ? uprobe_munmap+0x20/0x5d0 [ 308.049616][ C3] unmap_single_vma+0x194/0x2b0 [ 308.051514][ C3] unmap_vmas+0x22f/0x490 [ 308.053224][ C3] ? __pfx_unmap_vmas+0x10/0x10 [ 308.054995][ C3] ? __pfx_lock_release+0x10/0x10 [ 308.056967][ C3] ? lru_add_drain_cpu+0x454/0x860 [ 308.058959][ C3] exit_mmap+0x1b8/0xb20 [ 308.060609][ C3] ? __pfx_exit_mmap+0x10/0x10 [ 308.062486][ C3] __mmput+0x12a/0x480 [ 308.064149][ C3] mmput+0x62/0x70 [ 308.065616][ C3] do_exit+0x9bf/0x2bb0 [ 308.067283][ C3] ? get_signal+0x8f2/0x2770 [ 308.069213][ C3] ? __pfx_do_exit+0x10/0x10 [ 308.071078][ C3] ? do_raw_spin_lock+0x12d/0x2c0 [ 308.073049][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 308.075143][ C3] do_group_exit+0xd3/0x2a0 [ 308.076924][ C3] get_signal+0x25fd/0x2770 [ 308.078696][ C3] ? __pfx_get_signal+0x10/0x10 [ 308.080611][ C3] ? __pfx_do_futex+0x10/0x10 [ 308.082439][ C3] arch_do_signal_or_restart+0x90/0x7e0 [ 308.084605][ C3] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 308.086987][ C3] syscall_exit_to_user_mode+0x150/0x2a0 [ 308.089179][ C3] do_syscall_64+0xda/0x250 [ 308.090961][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.093121][ C3] RIP: 0033:0x7f98b4377299 [ 308.094646][ C3] Code: Unable to access opcode bytes at 0x7f98b437726f. [ 308.097014][ C3] RSP: 002b:00007f98b51580f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 308.099834][ C3] RAX: fffffffffffffe00 RBX: 00007f98b4506138 RCX: 00007f98b4377299 [ 308.102531][ C3] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f98b4506138 [ 308.105595][ C3] RBP: 00007f98b4506130 R08: 00007f98b51586c0 R09: 00007f98b51586c0 [ 308.108681][ C3] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98b450613c [ 308.111727][ C3] R13: 000000000000006e R14: 00007ffd219ac300 R15: 00007ffd219ac3e8 [ 308.114764][ C3] [ 308.116551][ C3] Kernel Offset: disabled [ 308.118368][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:07:06 Registers: info registers vcpu 0 CPU#0 RAX=0000000080000000 RBX=0000000000000000 RCX=ffffffff81e0cffa RDX=ffff88804868a440 RSI=ffffffff81e0d00c RDI=0000000000000005 RBP=ffff88803a793970 RSP=ffffc9000325ec60 R8 =0000000000000005 R9 =00000000000001ff R10=000000000000012e R11=0000000000000000 R12=000000000000012e R13=0000000000000000 R14=0000000000000001 R15=00000000000003c1 RIP=ffffffff818a8fdd RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f17080636c0 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000203ff000 CR3=000000001df68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8132d795 ffffffff8132d763 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8200409b ffffffff8132d795 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff820045ab ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431be56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431be56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431be56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431be56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431be5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431be5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431cd5488 00007fe431cd5480 00007fe431cd5478 00007fe431cd5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe43283d100 00007fe431cd5440 00007fe400040008 000c00130014000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe431cd5498 00007fe431cd5490 00007fe431cd5488 00007fe431cd5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000664d7d RBX=0000000000000001 RCX=ffffffff8b115529 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08b40 RBP=ffffed1003058910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d626fe1 R10=ffff88806b137f0b R11=0000000000000000 R12=0000000000000001 R13=ffff8880182c4880 R14=ffffffff901293d8 R15=0000000000000000 RIP=ffffffff8b11691f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000561518d948e8 CR3=00000000122a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555724fe25e 00005555724fde00 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555724846c4 00005555724846c0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555572482490 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557248d5b8 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555724f6168 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555572484900 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04800304800406a0 0300000500000067 0000006d00000085 ecff644b00000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d5f0030190800401 d5e00303ce100001 d5d003018c800401 00080007000c0008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d6b0030195800401 d6a00301bc100001 d690030193800401 d68003028a100001 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00080001e0030010 0001d00303ffffff ff0401c0030c1000 01b0034080100001 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010880c410000180 0401000002080606 012fd200080001e0 0300100001d00303 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff0401c003 0c100001b0034080 100001d6b0030195 800401d6a00301bc ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 100001d690030193 800401d68003028a 100001d5f0030190 800401d5e00303ce ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 100001d5d003018c 800401d5c00301ba 100001d5b003018a 800401d5a00302b6 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000003494e1 RBX=0000000000000002 RCX=ffffffff8b115529 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08b40 RBP=ffffed100305b000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d646fe1 R10=ffff88806b237f0b R11=0000000000000000 R12=0000000000000002 R13=ffff8880182d8000 R14=ffffffff901293d8 R15=0000000000000000 RIP=ffffffff8b11691f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b32001ff8 CR3=0000000046dce000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff7da140c0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17073e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17073e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17073e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17073e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17073e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17073e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000340 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 0000000000000000 0000000000000000 0000000000000340 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fdd905 RDI=ffffffff95198720 RBP=ffffffff951986e0 RSP=ffffc90000908778 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3030303963666666 R12=0000000000000000 R13=0000000000000033 R14=ffffffff84fdd8a0 R15=0000000000000000 RIP=ffffffff84fdd92f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0c9608efa2 CR3=00000000554ac000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc73335430 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75b99e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75b99e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75b99e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75b99e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75b99e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75b99e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000048 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000048 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000