last executing test programs: 6.619922272s ago: executing program 3 (id=5767): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1a}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) r0 = socket$l2tp6(0xa, 0x2, 0x73) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001f61e308d016a9105230010203010902121402"], 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.self_freezing\x00', 0x26e1, 0x0) close(r1) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @random='=\x00'}) (async) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000080)={'icmp6\x00'}, &(0x7f00000000c0)=0x1e) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f0000000480)={0xa, 0xce1d, 0x380000, @loopback}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000002340)=[{{&(0x7f0000000f40)={0xa, 0x0, 0xffff0000, @loopback, 0x7}, 0x1c, 0x0}}], 0x1, 0x4004800) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) (async) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000010000304000000000000000000000300", @ANYRES32=0x0, @ANYBLOB="0000a06c0439df48180012800b00010067656e65766500000800028004000e00"], 0x38}}, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601020000000000ffb1343d8a2fa557000400000000000900020073797a32000000005b334a779eeee2e35e3a8bd04d65980500040003000000050005000200000005000100060000a5200000006861736881947d887a48168100000000"], 0x54}}, 0x0) 5.984168952s ago: executing program 3 (id=5770): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x9, 0xcc, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x4, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x34, 0x6, 0x7, 0x0, 0x0, 0xfffffffffffffffe, 0x44, 0xd, 0x8000000000000, 0x8, 0x401, 0x9, 0x0, 0x0, 0x400000007, 0xbd9], 0x1, 0x10a144}) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_usb_connect(0x5, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000124d5240e316e9f958000000000109021b00010000000009047800018fa68d0009058a", @ANYRES16], 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0)="a6e2976b5c", 0x5, 0x88c1, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcc2, 0x0, 0x0}, &(0x7f0000000180)=0x40) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r8, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x48, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @remote}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r10, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}}, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x40) 4.446514869s ago: executing program 3 (id=5783): openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 3.25907805s ago: executing program 3 (id=5801): prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000400000/0xc00000)=nil) r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x9c900) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000180)={0x1, {0x73, 0x4, 0x7, 0x7}}) 3.189476735s ago: executing program 3 (id=5803): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [], {0x14, 0x10}}, 0x28}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 21) 2.909612053s ago: executing program 3 (id=5809): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_pts(r0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="000200"/13]) dup3(r2, r1, 0x0) syz_open_dev$usbfs(&(0x7f0000000200), 0x1403, 0x40000) r5 = dup(r1) fadvise64(r5, 0x0, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000017f000/0x4000)=nil, 0x4000, &(0x7f0000000000)='\x00') r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) move_pages(0x0, 0x1, &(0x7f00000001c0)=[&(0x7f0000000000/0x1000)=nil], &(0x7f0000000180)=[0x1], 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009000008250200000000000000010902"], 0x0) syz_usb_disconnect(r10) syz_usb_connect(0x1, 0x24, &(0x7f00000000c0)=ANY=[], 0x0) 2.18907336s ago: executing program 1 (id=5818): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="300000002c030a000000000000000000050000801c0011802e"], 0x30}], 0x1}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x5, &(0x7f0000001580)=0x6, 0x4) 2.188610116s ago: executing program 1 (id=5819): r0 = socket(0x200000000000011, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000040)={'ip6gretap0\x00', {0x2, 0x4e24, @broadcast}}) sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16}}], 0x40000cf, 0x0) 2.039883533s ago: executing program 1 (id=5820): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./control\x00', 0x40000000) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a0000000700"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000100), 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 2.039472595s ago: executing program 1 (id=5822): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000900000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879"], 0xcc}}, 0x0) 1.92019159s ago: executing program 1 (id=5823): r0 = socket$inet6(0x10, 0x2, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) sendto$inet6(r0, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000671d00030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 1.920018852s ago: executing program 1 (id=5824): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_disconnect(r3) syz_usb_connect(0x1, 0x24, &(0x7f00000000c0)=ANY=[], 0x0) 1.809501315s ago: executing program 2 (id=5826): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newtfilter={0x1428, 0x2c, 0xd29, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x13f8, 0x2, [@TCA_CGROUP_ACT={0x1fc, 0x1, [@m_mpls={0x8c, 0x0, 0x0, 0x0, {{0x9}, {0x60, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_LABEL={0x8, 0x5, 0xa9513}, @TCA_MPLS_LABEL={0x8, 0x5, 0x73ddd}, @TCA_MPLS_LABEL={0x8, 0x5, 0x7482f}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x3, 0x6032, 0x6, 0x6, 0x3}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x3}, @TCA_MPLS_TTL={0x5, 0x7, 0x5}, @TCA_MPLS_TTL={0x5, 0x7, 0x4}, @TCA_MPLS_LABEL={0x8, 0x5, 0xb621f}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_mpls={0x78, 0xd, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x9}, @TCA_MPLS_LABEL={0x8, 0x5, 0x15ddf}, @TCA_MPLS_TC={0x5, 0x6, 0x3}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}, @TCA_MPLS_TTL={0x5, 0x7, 0x5}]}, {0x19, 0x6, "21b179f82014aa9a4777bb4a3d069f62a798b1563b"}, {0xc}, {0xc}}}, @m_ife={0xf4, 0x3, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x81}]}, {0xc2, 0x6, "cbc7917c41268ee14135c5d2b233be092365b108c377e25c6f0033129fa1c845b897fa080bec850e3d600f48dc45995b8f530423427c0413afea071cbbbd150fa1ededa5c6dd2de43dfd8286c316aa541c97baf43840cefd9512971251d084f265dcec2c838cbaff9143f6fb7e541bd0705c6932d3d3671092d8d3cfd507d6f8e18a444307e2ca17089c55fe5c0777e78a9261c8dba8bfc2f4a3ff692adaf1971f473aecd6c20f3841895e7bde856c5c71f0c9161b4042e37809c0dfc162"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_CGROUP_EMATCHES={0x1188, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfff9}}, @TCA_EMATCH_TREE_LIST={0x90, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3, 0x1, 0x9983}, {0x3, 0x6, 0x7, 0x1, 0x8, 0x1, 0x2}}}, @TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x8001, 0x2, 0x1}, {0x2, 0x1, 0x0, "cb"}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1, 0x8, 0x8}, {0x0, 0x3, 0x5}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x7f, 0x8, 0x5}, {0x4, 0x5}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x401, 0x3, 0x9}, {0x40, 0x7, 0xffffffff, 0x97fa}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x4, 0x7, 0x7}, {{0x1, 0x1, 0x1}, {0x1, 0x1, 0x0, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x88a8, 0x8, 0x5}, {0x3, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x10e4, 0x2, 0x0, 0x1, [@TCF_EM_META={0x90, 0x3, 0x0, 0x0, {{0xf5}, [@TCA_EM_META_RVALUE={0x12, 0x3, [@TCF_META_TYPE_VAR="ab", @TCF_META_TYPE_VAR="a39d8dc1769c6c0124", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR]}, @TCA_EM_META_LVALUE={0x18, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="a5ef93a3e97e14", @TCF_META_TYPE_VAR="44c9866fb5c7732498"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x3, 0x1}, {0x0, 0x3, 0x1}}}, @TCA_EM_META_LVALUE={0x24, 0x2, [@TCF_META_TYPE_VAR="313220b07c55", @TCF_META_TYPE_VAR="d22cd196", @TCF_META_TYPE_VAR="cd26e491f6", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="b2"]}, @TCA_EM_META_RVALUE={0x9, 0x3, [@TCF_META_TYPE_VAR="ddc09b", @TCF_META_TYPE_VAR='*l']}, @TCA_EM_META_HDR={0xc, 0x1, {{0xa}, {0x2, 0xff, 0x1}}}, @TCA_EM_META_RVALUE={0xd, 0x3, [@TCF_META_TYPE_VAR="37dc147e9c4f7ec11f"]}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x916, 0x7, 0x2}, {{0x2, 0x0, 0x1}, {0x4, 0x1}}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x0, 0x3, 0xf563}, {0x0, 0x6, 0x5, 0x6}}}, @TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x8, 0x2, 0x2}, {0x1, 0x2, 0x0, "cd2e"}}}, @TCF_EM_CONTAINER={0x100c, 0x2, 0x0, 0x0, {{0x2, 0x0, 0x4}, "9457dd8e3415f0b6ab3f041aaa974d83e198b6c76ac3e0d7a50dc59d6983e3509d4ffbbe55086177e464d644ccc6b4548c557a056199a8468d11f1aae3f81f2207e0589ed6576606b365e2673b42716142c081dafc997fdfcee602ccd2d4caec1cf970506a744f460b02143c716041cbfe0f68058193faf17c82d874f5b2bffa6edc6b3a3acaeeec0065fba5e13d77898d2449d5a7fb079b99208c0835b36d48d7f751ed7cbfe5fa92b0de3695cd57ce390e894849a64819e4d20824b3db826d26b147de6442ff5d3cf25c5989f1394f585284cc6fd18c6c06dc6a5fa20884dcf7d2dd328a82bc0b3a2f7b6edde90c94cdeec0231ec6f2f9858340d9c6f3c2ac8e3f3ed2bcf478c4ac8da4a8e850c01297c8aa7fa182b6bfbcca805bf65896f1d6c60203ecb531d981f919d4f05b262529e5f703e2b341d47cb39509657d420ad6d2efe9d88d6b3e07d9df45780adcb119825710b58263bad0c2d2d87a9f137331f473b095fabf886d113e6eb28d3255a8cefadb95dae58a6117aaf1fd0d82a596f23ad41670ff197ff05e343d0d15eba92e4840abf14c6c45b0ae5ede8ae9c41d8f9cc60bd947f8888751ff44ea6759140fd4666b190f64bcb2bfc33c6265eda40974657ef2e79b3c3593fe46c1263f282361d257db748f0abcfa642057e9d7b21fee35b9dc9a853a00e3efa4c5fa175684e310fd016926392e3bcc6d62e76d510b27090ab726bc79e41c1587767983668102b19a6e0629c4d972f9547731762a62129d6559888739a27cdc9f4f99ddf416741f92016922b4830ac3ec6d690cb790260f82b0e13e2216d499386e2204331954ec5358707174fafbbbe1f2537009f7108b26a6390ffad5dd7c70c822f50ce7bcde7476d1649633afa8f295ded0a5a38d50e3f652caee375c77b8b1610efa10f89b6ebeb68d2b709b422c5c301dcb02cc1e9812f8ffd12717eaa04feb2c849f69995f8bb916de8a5424d30ed6835284603edabb601b67d1ee30247e2e64fc0c0ff6f979e3631e14aa89b005bc951c935d9b9c45c774f40661dca298e076fcfbf59530c07834a5c60919a3110ed20ea77160d0e3fcfcd61764d09ac431207bda5370af53d00a8e8109d0f00ae49f35ad5f67f499cc421b2032fcea8ec68ac8af2f816ef1c58f63a4021fe5232c90b0d149fea14f0da3522ff2e8acf80137fa77b444d575a967c263ef9a8cfb1bb04371ec10e1cc1c1cff18a3e30ba104ea38b376b20edd65f5d97a30d3d406baf9bc0eeaa893a54f535db0089f0418ba07b59ca7700324cbce7e8440c1f4fabc38e0eaf9d029d9fdbe660ab5134c080e499f231282a1fccdc8c2a3009189b4c31d21f84fff931e1427281df906b106647f524d5ff519c046c13211c3ec3ea623c45637e12566f89363547c49e896c6f166c364d4098ce9b10c25a36440668c5dfe0598c1006f78b800bbf7c54e040b6a22e1e20ddd79df47b9ae95dba13200b1d52aef40d26296ee0d40227f4f92164a0cc2967fb6426829d7fe15855353d36678aab6e5e85e0976008f4694a6e5df3a831593e247000b7546d28dfc5f4b936553422281bffbfb32224cdf787711067f81314623867ee7f5e1f57112f85b3d172f4d4b51db0b96649f985657cf236ee3ae0f302e7daafcc804d76874f40d6d247298dbab2a20e563ede5521e792f16ffef5134d64d28994b71b861c59706a0791740b0af3829da0bc79e9f1f705aaca9cf04ddd6c3766583ab5ad7c6eb9b8fd60923e09d43ec6b8a35f98e897b9ea0b41dd44ed24fe41d85bed3f0bf7544c6e4bd6890836c1b84e882343c8d058f52b9e19d6f31218c298f968b0f1b995cda8fbda74221e899d9fbaf8a9dc6ff1f6164aee139e6394b46fa0d22ebab30554eab669f20311cfc0add1ddd60f128ec344a62749f4c16a8d63d1cc7996038b8f3b1492b87f3b22afc074c5e365e96237cb4e02d95923012cc06c0a455af6881f5a6b42e91ae17204b2a1101286efc8621c8e0df7dcdc0cdd025c7449a763cf350fe9480592ed0cdb8a01a34c95021ec0ea51fe94d20819fc94d2651d5ecab754ac743613d45b71a45b64a8a5b45d0380a8ab2cbb762bd168ed0e442ce73f47614a565deef866969c6b8e15b6277ca0456978ca5cb50a168b73908b93a507d765ad89508ce1ffc29e1dbecc889030b7e531083e07a132469e84daa2535ce16b9536fdadaed6fc540a050b7b48515cda0c05ae10a07383aa8df9b2dc14e8905a54325bbe5c35f4c32dfa94f896bd341f746b46fca7329be05ad1702c142a057b449334ffb36a0bc8f61d7f9148de764432215932c39656d9272b6b6e239d89096d551ded06e68f5c701d946e323a4417ecc02684bae47f18049222826877bc1d0ed9a7297c4652cca44d1b50ed8415b1c2ed4142762a02fdb43fe72a831289bb55261e7416a0c1b7cd2ec9905c94cfeb1f4cbf98a84c4c49f1026acbc9c53a00e503ad8fd1c926d547a2e683b9a9e97625ac2b5960c6d306631ca9049d056843829c82f6751f57087cba51f5ad7b38094754929c9de1c47967552944e8d2009abf86a51348fb33cff74b0eb4a45a628c2632274b8b0b0e52ac34baa8e7a70b15c76ca7ec1a84a25a5321494bc4ac927a55a60fa0ab813436ab89d7c3f48e11808db031dff4ee04443ee304c3f4e4730aa6d2bd0bf2d572ce51ef863083027433fd3e0bdd54d21fe478d214153a939f8f1fb833318b6a7b33cc20efb318e54f98f2a32a1887ccb44fb5d67008918af68f61a500f11e3db0e020861984e6e11f94ecd77ff9c1b15ca2ce38f5da906c74c1869338f7dd49b1fe8829390eeb431cef357a8fa8a389ce40fc92127d42a99dac2d6311a55cbdd603e79417203b1d691e761ee430ec5dd3ae8064cff599af14393dd48b27c87d2953ad4f2f6f4478328ca5bb8ab670f96378c4cbfddef945e591436aa3608964dc9cbcf59f2babe391c3c68c901643e1a1aace3a4a70d06457508f4026f49124ab2dddf3acece0cc840827def68c929b43c2446a5650643545f6b185fe4981273492c919956810d6501831a4805be2ef298cd36d5ace81efdc7049ab5eac40e88c9dee2bbe28fddaede3b17b669f67803d992e511986704d04c40449afd15b13bd0f2136028432a6f64b1296a4b45b2a06a6fda01752535d3541c6461a3380188a73de29a729782975e21694803fde5ca6221c1c976b492f5b09af5c0f4a9d2291c2d31f248af50ec69c75d48c8dfbbf7a7a40f2f504b450cf3c0bb7616a5aef4b97ee778f4308236a696f5c58a1d89a34f67266df7c04045341c9655432f2bd33547b2f87b7943356caa4f0fa8529b03a144f938948c59559c77ff1d5f0ed16f804b7773ee78638a7d9ed0236ac13f83d17e82fe95a6828c5cb6cba7b947e5704bb177daf3f3274d0058d56993744b4f72bedc7de49c27362865a68e00b66e141d5b18e1642758cf5a3ecf1877920f332dfbf277772d590553389c11c02109bc6e92306251e1481cd8284361994bf6f67fbf225f9f778b5b1ad1dcfa29799dde8588683d0aa54c791228fc2137f15900d0355e23ed1bd07a8859a59c61baa599062430bdfa04098c85dbcc9749717416257a94327b605eb8e283176c5aacbac9faaf05a77dbe5c3e5bc137ba1231bb79209d0d4422faf8ce4e10c984425fb8a98bd2fab75cacf20f398cc591df7bcc10e2fe69dacda6121ef842db69657330fb421b856c3c4563eb3cfe66422c24eb0c58879776cd8869a71d5be782a0f194d5bda57079f3dd29aa57b86f760ec8de1cfd987154ca8852806237020b712ac1151a4218cf37a2d54472902ea7f33fd189c00000c0ee6a6cced84e413f6289dcc1100d36c14684f59987d12805dbe9d646e0b43796689436a888f18727f9acbe4023115879e1addc8cde341ae1b8586c35acbb5e152528a3137eacdde7e6457922deb2f041b3cbcaafb6a0100f93d9be7f2ceb36c824ffd455ccc975c9adfaac450938dbbd75a6d0c2690bed63b10c4c2439d4b17bcdb392b15bc022dbf313ba62b6023780dba49156f0b758cd8227291bca4d9b706beea2a2a92f4cb93bb2a5e83d14f0b18a1d927be6558ba349206ad7a0514bd6b7815256abf8747de8da19a48a40008ba74fbe103d1220729f2a95e43ce413683a33225dc7ee0eb2a63a9b1364b090edce0ebdbf2bb146ab5e0c2e6359137bac5b91f772bc72ae8eb6c5ae52d43873ee3852f5ea6ca872ab00a20cae40930ccc67c811524f5379e14dc05a21f8588f2b8a90e236005d5a1b9b45fb30fe008e3c1508e305f185c31b98276d8991c49dc33c7ef8fe524dc55479f579a71ed12a676f0cd01ee853b2d0309d952c115c4e87aa6d1cad7d0f2a0f15a3f12c052b987a340001ea94450517dc4febd2ada112bb21192ca4d957e259cc4c138a971526259cac1f1ab09654b98828c02f3ffb0b9675747b277e76c6952aafc9cb63d2466c11e8d574fffec1e55003ea6587a5f8c89514c0ad17e2b386afa3543942988422859f1e0c20079762d158d421b6379b6f142c435be98d80ee2d724a7d12cd8a5d93e02cb602061bab1e8e08707edf80b7f2bf7c347023b5dab2a1d207d96cae4076a2f91246542b139d9577c954b00dffa99073680bbeca87a92bdd58b969ac59b3dc11446e0369cc455d5a157317cfc6deeb4d5696202db65a69b02e8991858b2da94cd04d938c28dd56b78ab4549270ec64a557ef10588dba07e376e049f2b61ce015a49e053724bbd3e3143d5da57928118ddf1eaf27bd6f4984978e0bb737e4c42dab51b63ec89f456ff23d8857d9f0665bd6bac0a5e89246a7ed1b76c330964ac947f1f4407390d7f5d2043e8fbb12e1ab3f80ed6173f29d2823393920c67c27c51b6d39bea69a6a060b3c791960c717f60fc479d41a8afa739e6e52a8065eb6cfec8a3647bba0d35b8891037e157b255c130b8daa64cc8966a8c1c9b637384515272ce5a09db5cb465d47d9f7569035b2372466c6cb3e3279b4ad67194733cbed3a57197070c2443e42084a567a68719b3cf5b5aec8d973c0b429eec32b57d65d09c844aee37b09bb8466fd7fbddd2393b979bf3e8dcaea05f71dc020f938fdb7f5aa68f1a64e1529dbce70747c47fe171602f920d369b704e214cb9aba820b167e65e2cabfe5dcd2155c2bcef3b6ddc37ff8170bb8be18ec8dc467f0c6e5c08443296c91d6852872b94969fe6e9db3f747571c0355168104fafe9cb9c4bb13cc408485043ec3dd6fd5c54bf441e0a8cb9f734f938af3aef49e20629eb50ce631a6a519325d424b2ab39a7ae91d7bd9de4d6351cc726b6a9ebf5ad77090fd519a5c11cd73fb68b6eeee4eba924b4cf9f22d0ae06c4f40090588f6ccfc7df5ae41d33fbcc99723125430eb49d72d747627d7c8d7079ee30dc2510f93a8ea5b95279e421161cd57e2e43f94a9a5b6ead30ace2d7d1f61844d1195f1153ef660d735d90ea5d3dc2242b459a82bc0c98aab66c2b474f09ad12c6de2457bc92759584286196cc66630c4cd77f9e39179a6d061ac9e92982529950a5ca7e1b6fc9c03ad1012843fe90f75a2a1e256d8dc2b8b18745382fa4bdd689e53023c201a4fb358964c8e40bf29fa964158a316e2d548f3ebf0ac4374874774fee07c83d9060d541d56b21832d063a03226783b8f1b67bcec674b01c5a3ea3845295daa80674521cf41a4c45d4a603ca2feea938272a9901a497241659890da28276e800e7212146067c88706ba461441010f2dc395ecbe064c13d65492"}}]}]}, @TCA_CGROUP_ACT={0x70, 0x1, [@m_bpf={0x6c, 0x14, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}]}, {0x30, 0x6, "13cc4fc3e6f1211db2f3f29d9fc550e4528c54eb3d6c85e7a92e034d2b7e4ccfd755e87f18e529e01bdb3088"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x1428}}, 0x0) 1.719952137s ago: executing program 2 (id=5827): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="54010000100013070000010000000000000000000000000077fb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040007"], 0x154}}, 0x0) (async) syz_emit_ethernet(0x7e, &(0x7f0000001a40)={@random="0f539af21094", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x48, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x0, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [@hopopts={0x2f, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x3b}}]}]}}}}}}}, 0x0) 1.719609522s ago: executing program 2 (id=5828): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6000}, 0x48) 1.509893272s ago: executing program 2 (id=5830): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0) ioctl$I2C_PEC(r3, 0x708, 0x40) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x7, &(0x7f00000000c0)={0x0, "af5405a7b1818f4a097d9a9f2996a3177cef40e38b874823e38090260074bf2cb6"}}) write(r2, &(0x7f00000001c0)="240000005800410f9c00f4f90085b3025cb1fddf08000100050100000800028001000000", 0x24) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'tunl0\x00', &(0x7f0000000200)={'ip_vti0\x00', 0x0, 0x8000, 0x40, 0x9, 0x9, {{0x7, 0x4, 0x3, 0x1b, 0x1c, 0x67, 0x0, 0x7, 0x29, 0x0, @local, @private=0xa010100, {[@noop, @generic={0x82, 0x5, 'Glo'}]}}}}}) r5 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000380), 0x0, 0x60, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x5b, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x2, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{0x1, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%ps \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)='%pi6 \x00'}, 0x20) openat$procfs(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/meminfo\x00', 0x0, 0x0) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x18, 0xc, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10001}, [@jmp={0x5, 0x0, 0xe, 0xc, 0x6, 0xfffffffffffffffe, 0xffffffffffffffff}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2c}}]}, &(0x7f0000000140)='syzkaller\x00', 0x3, 0x42, &(0x7f0000000180)=""/66, 0x41100, 0x8, '\x00', r4, @fallback=0x3e, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r6, 0xffffffffffffffff, 0x1, &(0x7f0000000880)=[r7, r8, 0x1, r9, r10], &(0x7f00000008c0)=[{0x3, 0x3, 0x10, 0x9}], 0x10, 0x80, @void, @value}, 0x94) socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x1159b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PORT={0x6, 0x2, 0x1, 0x0, 0x4e20}]}}}, @IFLA_LINK={0x8, 0x5, r11}]}, 0x44}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000a40)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000380)={0x28, 0x17, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000005}, 0x24000000) 749.794895ms ago: executing program 2 (id=5833): bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0dd86110100000000000004000000000000000000ff0200000000000000000000b6bc000000014e20"], 0x42) 579.196298ms ago: executing program 2 (id=5838): openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 339.831547ms ago: executing program 0 (id=5841): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./control\x00', 0x40000000) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a0000000700"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 270.26946ms ago: executing program 0 (id=5842): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newtaction={0x68, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}, 0x1, 0x1000000, 0x0, 0x8000}, 0x0) 270.038637ms ago: executing program 0 (id=5843): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [], {0x14, 0x10}}, 0x28}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r6, 0x0}) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000080)=0x40000) ioctl$SNDCTL_DSP_SYNC(r8, 0x5001, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0), 0x42300, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000004, 0x42031, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000300)={r7, 0x0, 0x9, 0x0, 0x0, [], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd]}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000380)={r7, 0x2354115b, 0x5, 0x2, 0x3, [], [0x3, 0x1, 0x9, 0xe4], [0x101, 0x3, 0x0, 0x5], [0x8, 0x47c1, 0x3, 0x3]}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@mpls_delroute={0xa0, 0x19, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_NEWDST={0x84, 0x13, [{0x7fff}, {0xcd9}, {0xfff44}, {0x0, 0x0, 0x1}, {0x9}, {0x1}, {0xf, 0x0, 0x1}, {0x9}, {0x1ff, 0x0, 0x1}, {0xff426, 0x0, 0x1}, {0x8}, {}, {0xd32}, {0x3, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0xfff, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x3a, 0x0, 0x1}, {0x1000}, {0x3, 0x0, 0x1}, {0x9}, {0xecb, 0x0, 0x1}, {0x1000}, {0x4a3, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x21, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x100}, {0xff}, {0x59}]}]}, 0xa0}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 89.942654ms ago: executing program 0 (id=5844): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newtfilter={0x1428, 0x2c, 0xd29, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x13f8, 0x2, [@TCA_CGROUP_ACT={0x1fc, 0x1, [@m_mpls={0x8c, 0x0, 0x0, 0x0, {{0x9}, {0x60, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_LABEL={0x8, 0x5, 0xa9513}, @TCA_MPLS_LABEL={0x8, 0x5, 0x73ddd}, @TCA_MPLS_LABEL={0x8, 0x5, 0x7482f}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x3, 0x6032, 0x6, 0x6, 0x3}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x3}, @TCA_MPLS_TTL={0x5, 0x7, 0x5}, @TCA_MPLS_TTL={0x5, 0x7, 0x4}, @TCA_MPLS_LABEL={0x8, 0x5, 0xb621f}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_mpls={0x78, 0xd, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x9}, @TCA_MPLS_LABEL={0x8, 0x5, 0x15ddf}, @TCA_MPLS_TC={0x5, 0x6, 0x3}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}, @TCA_MPLS_TTL={0x5, 0x7, 0x5}]}, {0x19, 0x6, "21b179f82014aa9a4777bb4a3d069f62a798b1563b"}, {0xc}, {0xc}}}, @m_ife={0xf4, 0x3, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x81}]}, {0xc2, 0x6, "cbc7917c41268ee14135c5d2b233be092365b108c377e25c6f0033129fa1c845b897fa080bec850e3d600f48dc45995b8f530423427c0413afea071cbbbd150fa1ededa5c6dd2de43dfd8286c316aa541c97baf43840cefd9512971251d084f265dcec2c838cbaff9143f6fb7e541bd0705c6932d3d3671092d8d3cfd507d6f8e18a444307e2ca17089c55fe5c0777e78a9261c8dba8bfc2f4a3ff692adaf1971f473aecd6c20f3841895e7bde856c5c71f0c9161b4042e37809c0dfc162"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_CGROUP_EMATCHES={0x1188, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfff9}}, @TCA_EMATCH_TREE_LIST={0x90, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3, 0x1, 0x9983}, {0x3, 0x6, 0x7, 0x1, 0x8, 0x1, 0x2}}}, @TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x8001, 0x2, 0x1}, {0x2, 0x1, 0x0, "cb"}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1, 0x8, 0x8}, {0x0, 0x3, 0x5}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x7f, 0x8, 0x5}, {0x4, 0x5}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x401, 0x3, 0x9}, {0x40, 0x7, 0xffffffff, 0x97fa}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x4, 0x7, 0x7}, {{0x1, 0x1, 0x1}, {0x1, 0x1, 0x0, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x88a8, 0x8, 0x5}, {0x3, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x10e4, 0x2, 0x0, 0x1, [@TCF_EM_META={0x90, 0x3, 0x0, 0x0, {{0xf5}, [@TCA_EM_META_RVALUE={0x12, 0x3, [@TCF_META_TYPE_VAR="ab", @TCF_META_TYPE_VAR="a39d8dc1769c6c0124", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR]}, @TCA_EM_META_LVALUE={0x18, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="a5ef93a3e97e14", @TCF_META_TYPE_VAR="44c9866fb5c7732498"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x3, 0x1}, {0x0, 0x3, 0x1}}}, @TCA_EM_META_LVALUE={0x24, 0x2, [@TCF_META_TYPE_VAR="313220b07c55", @TCF_META_TYPE_VAR="d22cd196", @TCF_META_TYPE_VAR="cd26e491f6", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="b2"]}, @TCA_EM_META_RVALUE={0x9, 0x3, [@TCF_META_TYPE_VAR="ddc09b", @TCF_META_TYPE_VAR='*l']}, @TCA_EM_META_HDR={0xc, 0x1, {{0xa}, {0x2, 0xff, 0x1}}}, @TCA_EM_META_RVALUE={0xd, 0x3, [@TCF_META_TYPE_VAR="37dc147e9c4f7ec11f"]}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x916, 0x7, 0x2}, {{0x2, 0x0, 0x1}, {0x4, 0x1}}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x0, 0x3, 0xf563}, {0x0, 0x6, 0x5, 0x6}}}, @TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x8, 0x2, 0x2}, {0x1, 0x2, 0x0, "cd2e"}}}, @TCF_EM_CONTAINER={0x100c, 0x2, 0x0, 0x0, {{0x2, 0x0, 0x4}, "9457dd8e3415f0b6ab3f041aaa974d83e198b6c76ac3e0d7a50dc59d6983e3509d4ffbbe55086177e464d644ccc6b4548c557a056199a8468d11f1aae3f81f2207e0589ed6576606b365e2673b42716142c081dafc997fdfcee602ccd2d4caec1cf970506a744f460b02143c716041cbfe0f68058193faf17c82d874f5b2bffa6edc6b3a3acaeeec0065fba5e13d77898d2449d5a7fb079b99208c0835b36d48d7f751ed7cbfe5fa92b0de3695cd57ce390e894849a64819e4d20824b3db826d26b147de6442ff5d3cf25c5989f1394f585284cc6fd18c6c06dc6a5fa20884dcf7d2dd328a82bc0b3a2f7b6edde90c94cdeec0231ec6f2f9858340d9c6f3c2ac8e3f3ed2bcf478c4ac8da4a8e850c01297c8aa7fa182b6bfbcca805bf65896f1d6c60203ecb531d981f919d4f05b262529e5f703e2b341d47cb39509657d420ad6d2efe9d88d6b3e07d9df45780adcb119825710b58263bad0c2d2d87a9f137331f473b095fabf886d113e6eb28d3255a8cefadb95dae58a6117aaf1fd0d82a596f23ad41670ff197ff05e343d0d15eba92e4840abf14c6c45b0ae5ede8ae9c41d8f9cc60bd947f8888751ff44ea6759140fd4666b190f64bcb2bfc33c6265eda40974657ef2e79b3c3593fe46c1263f282361d257db748f0abcfa642057e9d7b21fee35b9dc9a853a00e3efa4c5fa175684e310fd016926392e3bcc6d62e76d510b27090ab726bc79e41c1587767983668102b19a6e0629c4d972f9547731762a62129d6559888739a27cdc9f4f99ddf416741f92016922b4830ac3ec6d690cb790260f82b0e13e2216d499386e2204331954ec5358707174fafbbbe1f2537009f7108b26a6390ffad5dd7c70c822f50ce7bcde7476d1649633afa8f295ded0a5a38d50e3f652caee375c77b8b1610efa10f89b6ebeb68d2b709b422c5c301dcb02cc1e9812f8ffd12717eaa04feb2c849f69995f8bb916de8a5424d30ed6835284603edabb601b67d1ee30247e2e64fc0c0ff6f979e3631e14aa89b005bc951c935d9b9c45c774f40661dca298e076fcfbf59530c07834a5c60919a3110ed20ea77160d0e3fcfcd61764d09ac431207bda5370af53d00a8e8109d0f00ae49f35ad5f67f499cc421b2032fcea8ec68ac8af2f816ef1c58f63a4021fe5232c90b0d149fea14f0da3522ff2e8acf80137fa77b444d575a967c263ef9a8cfb1bb04371ec10e1cc1c1cff18a3e30ba104ea38b376b20edd65f5d97a30d3d406baf9bc0eeaa893a54f535db0089f0418ba07b59ca7700324cbce7e8440c1f4fabc38e0eaf9d029d9fdbe660ab5134c080e499f231282a1fccdc8c2a3009189b4c31d21f84fff931e1427281df906b106647f524d5ff519c046c13211c3ec3ea623c45637e12566f89363547c49e896c6f166c364d4098ce9b10c25a36440668c5dfe0598c1006f78b800bbf7c54e040b6a22e1e20ddd79df47b9ae95dba13200b1d52aef40d26296ee0d40227f4f92164a0cc2967fb6426829d7fe15855353d36678aab6e5e85e0976008f4694a6e5df3a831593e247000b7546d28dfc5f4b936553422281bffbfb32224cdf787711067f81314623867ee7f5e1f57112f85b3d172f4d4b51db0b96649f985657cf236ee3ae0f302e7daafcc804d76874f40d6d247298dbab2a20e563ede5521e792f16ffef5134d64d28994b71b861c59706a0791740b0af3829da0bc79e9f1f705aaca9cf04ddd6c3766583ab5ad7c6eb9b8fd60923e09d43ec6b8a35f98e897b9ea0b41dd44ed24fe41d85bed3f0bf7544c6e4bd6890836c1b84e882343c8d058f52b9e19d6f31218c298f968b0f1b995cda8fbda74221e899d9fbaf8a9dc6ff1f6164aee139e6394b46fa0d22ebab30554eab669f20311cfc0add1ddd60f128ec344a62749f4c16a8d63d1cc7996038b8f3b1492b87f3b22afc074c5e365e96237cb4e02d95923012cc06c0a455af6881f5a6b42e91ae17204b2a1101286efc8621c8e0df7dcdc0cdd025c7449a763cf350fe9480592ed0cdb8a01a34c95021ec0ea51fe94d20819fc94d2651d5ecab754ac743613d45b71a45b64a8a5b45d0380a8ab2cbb762bd168ed0e442ce73f47614a565deef866969c6b8e15b6277ca0456978ca5cb50a168b73908b93a507d765ad89508ce1ffc29e1dbecc889030b7e531083e07a132469e84daa2535ce16b9536fdadaed6fc540a050b7b48515cda0c05ae10a07383aa8df9b2dc14e8905a54325bbe5c35f4c32dfa94f896bd341f746b46fca7329be05ad1702c142a057b449334ffb36a0bc8f61d7f9148de764432215932c39656d9272b6b6e239d89096d551ded06e68f5c701d946e323a4417ecc02684bae47f18049222826877bc1d0ed9a7297c4652cca44d1b50ed8415b1c2ed4142762a02fdb43fe72a831289bb55261e7416a0c1b7cd2ec9905c94cfeb1f4cbf98a84c4c49f1026acbc9c53a00e503ad8fd1c926d547a2e683b9a9e97625ac2b5960c6d306631ca9049d056843829c82f6751f57087cba51f5ad7b38094754929c9de1c47967552944e8d2009abf86a51348fb33cff74b0eb4a45a628c2632274b8b0b0e52ac34baa8e7a70b15c76ca7ec1a84a25a5321494bc4ac927a55a60fa0ab813436ab89d7c3f48e11808db031dff4ee04443ee304c3f4e4730aa6d2bd0bf2d572ce51ef863083027433fd3e0bdd54d21fe478d214153a939f8f1fb833318b6a7b33cc20efb318e54f98f2a32a1887ccb44fb5d67008918af68f61a500f11e3db0e020861984e6e11f94ecd77ff9c1b15ca2ce38f5da906c74c1869338f7dd49b1fe8829390eeb431cef357a8fa8a389ce40fc92127d42a99dac2d6311a55cbdd603e79417203b1d691e761ee430ec5dd3ae8064cff599af14393dd48b27c87d2953ad4f2f6f4478328ca5bb8ab670f96378c4cbfddef945e591436aa3608964dc9cbcf59f2babe391c3c68c901643e1a1aace3a4a70d06457508f4026f49124ab2dddf3acece0cc840827def68c929b43c2446a5650643545f6b185fe4981273492c919956810d6501831a4805be2ef298cd36d5ace81efdc7049ab5eac40e88c9dee2bbe28fddaede3b17b669f67803d992e511986704d04c40449afd15b13bd0f2136028432a6f64b1296a4b45b2a06a6fda01752535d3541c6461a3380188a73de29a729782975e21694803fde5ca6221c1c976b492f5b09af5c0f4a9d2291c2d31f248af50ec69c75d48c8dfbbf7a7a40f2f504b450cf3c0bb7616a5aef4b97ee778f4308236a696f5c58a1d89a34f67266df7c04045341c9655432f2bd33547b2f87b7943356caa4f0fa8529b03a144f938948c59559c77ff1d5f0ed16f804b7773ee78638a7d9ed0236ac13f83d17e82fe95a6828c5cb6cba7b947e5704bb177daf3f3274d0058d56993744b4f72bedc7de49c27362865a68e00b66e141d5b18e1642758cf5a3ecf1877920f332dfbf277772d590553389c11c02109bc6e92306251e1481cd8284361994bf6f67fbf225f9f778b5b1ad1dcfa29799dde8588683d0aa54c791228fc2137f15900d0355e23ed1bd07a8859a59c61baa599062430bdfa04098c85dbcc9749717416257a94327b605eb8e283176c5aacbac9faaf05a77dbe5c3e5bc137ba1231bb79209d0d4422faf8ce4e10c984425fb8a98bd2fab75cacf20f398cc591df7bcc10e2fe69dacda6121ef842db69657330fb421b856c3c4563eb3cfe66422c24eb0c58879776cd8869a71d5be782a0f194d5bda57079f3dd29aa57b86f760ec8de1cfd987154ca8852806237020b712ac1151a4218cf37a2d54472902ea7f33fd189c00000c0ee6a6cced84e413f6289dcc1100d36c14684f59987d12805dbe9d646e0b43796689436a888f18727f9acbe4023115879e1addc8cde341ae1b8586c35acbb5e152528a3137eacdde7e6457922deb2f041b3cbcaafb6a0100f93d9be7f2ceb36c824ffd455ccc975c9adfaac450938dbbd75a6d0c2690bed63b10c4c2439d4b17bcdb392b15bc022dbf313ba62b6023780dba49156f0b758cd8227291bca4d9b706beea2a2a92f4cb93bb2a5e83d14f0b18a1d927be6558ba349206ad7a0514bd6b7815256abf8747de8da19a48a40008ba74fbe103d1220729f2a95e43ce413683a33225dc7ee0eb2a63a9b1364b090edce0ebdbf2bb146ab5e0c2e6359137bac5b91f772bc72ae8eb6c5ae52d43873ee3852f5ea6ca872ab00a20cae40930ccc67c811524f5379e14dc05a21f8588f2b8a90e236005d5a1b9b45fb30fe008e3c1508e305f185c31b98276d8991c49dc33c7ef8fe524dc55479f579a71ed12a676f0cd01ee853b2d0309d952c115c4e87aa6d1cad7d0f2a0f15a3f12c052b987a340001ea94450517dc4febd2ada112bb21192ca4d957e259cc4c138a971526259cac1f1ab09654b98828c02f3ffb0b9675747b277e76c6952aafc9cb63d2466c11e8d574fffec1e55003ea6587a5f8c89514c0ad17e2b386afa3543942988422859f1e0c20079762d158d421b6379b6f142c435be98d80ee2d724a7d12cd8a5d93e02cb602061bab1e8e08707edf80b7f2bf7c347023b5dab2a1d207d96cae4076a2f91246542b139d9577c954b00dffa99073680bbeca87a92bdd58b969ac59b3dc11446e0369cc455d5a157317cfc6deeb4d5696202db65a69b02e8991858b2da94cd04d938c28dd56b78ab4549270ec64a557ef10588dba07e376e049f2b61ce015a49e053724bbd3e3143d5da57928118ddf1eaf27bd6f4984978e0bb737e4c42dab51b63ec89f456ff23d8857d9f0665bd6bac0a5e89246a7ed1b76c330964ac947f1f4407390d7f5d2043e8fbb12e1ab3f80ed6173f29d2823393920c67c27c51b6d39bea69a6a060b3c791960c717f60fc479d41a8afa739e6e52a8065eb6cfec8a3647bba0d35b8891037e157b255c130b8daa64cc8966a8c1c9b637384515272ce5a09db5cb465d47d9f7569035b2372466c6cb3e3279b4ad67194733cbed3a57197070c2443e42084a567a68719b3cf5b5aec8d973c0b429eec32b57d65d09c844aee37b09bb8466fd7fbddd2393b979bf3e8dcaea05f71dc020f938fdb7f5aa68f1a64e1529dbce70747c47fe171602f920d369b704e214cb9aba820b167e65e2cabfe5dcd2155c2bcef3b6ddc37ff8170bb8be18ec8dc467f0c6e5c08443296c91d6852872b94969fe6e9db3f747571c0355168104fafe9cb9c4bb13cc408485043ec3dd6fd5c54bf441e0a8cb9f734f938af3aef49e20629eb50ce631a6a519325d424b2ab39a7ae91d7bd9de4d6351cc726b6a9ebf5ad77090fd519a5c11cd73fb68b6eeee4eba924b4cf9f22d0ae06c4f40090588f6ccfc7df5ae41d33fbcc99723125430eb49d72d747627d7c8d7079ee30dc2510f93a8ea5b95279e421161cd57e2e43f94a9a5b6ead30ace2d7d1f61844d1195f1153ef660d735d90ea5d3dc2242b459a82bc0c98aab66c2b474f09ad12c6de2457bc92759584286196cc66630c4cd77f9e39179a6d061ac9e92982529950a5ca7e1b6fc9c03ad1012843fe90f75a2a1e256d8dc2b8b18745382fa4bdd689e53023c201a4fb358964c8e40bf29fa964158a316e2d548f3ebf0ac4374874774fee07c83d9060d541d56b21832d063a03226783b8f1b67bcec674b01c5a3ea3845295daa80674521cf41a4c45d4a603ca2feea938272a9901a497241659890da28276e800e7212146067c88706ba461441010f2dc395ecbe064c13d65492"}}]}]}, @TCA_CGROUP_ACT={0x70, 0x1, [@m_bpf={0x6c, 0x14, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}]}, {0x30, 0x6, "13cc4fc3e6f1211db2f3f29d9fc550e4528c54eb3d6c85e7a92e034d2b7e4ccfd755e87f18e529e01bdb3088"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x1428}}, 0x0) 89.642326ms ago: executing program 0 (id=5845): socket$inet6(0xa, 0x1, 0x8010000000000084) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="500000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8840000000280012800b0001006772657461700000180002800400120008000500c11d080006000f"], 0x50}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0) r1 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0xa, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x102, 0x2}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=5846): r0 = socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xd, &(0x7f0000000480)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x2, 0x79, &(0x7f0000000000)=""/121, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x30, 0x0, 0x0, 0xee01}}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b1000000070000000000000099f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x6, 0xff, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000080), 0x602, r4}, 0x38) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x300000000000000}}}, 0xb8}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xfffd, 0xa}, {0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0xfffffffffffffffd}}, {{@in=@private=0xa010102, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x2}}, 0xe8) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "e1d03dd09b63755e", "ae65b7d95274938574addf3ed84cbb67322ac3d7b17fc122a5cbe0b5c3c010e0", "e78ac1fa", "ace80a577a495ed7"}, 0x38) r5 = socket(0x1d, 0x2, 0x6) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000740)={'sit0\x00', &(0x7f00000006c0)={'sit0\x00', 0x0, 0x80, 0x1, 0x9, 0xcc3, {{0x5, 0x4, 0x3, 0x32, 0x14, 0x64, 0x0, 0x9, 0x4, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x1b}}}}}) socket$inet6_tcp(0xa, 0x1, 0x0) kernel console output (not intermixed with test programs): allmulticast mode [ 358.713170][T20119] veth0_to_batadv: entered allmulticast mode [ 358.715895][T20119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.721873][T20119] batadv_slave_0: entered allmulticast mode [ 358.725973][T20119] veth1_to_batadv: entered allmulticast mode [ 358.729466][T20119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.732904][T20119] batadv_slave_1: entered allmulticast mode [ 358.735864][T20119] xfrm0: entered allmulticast mode [ 358.739622][T20119] veth0_to_hsr: entered allmulticast mode [ 358.742604][T20119] hsr_slave_0: entered allmulticast mode [ 358.746017][T20119] veth1_to_hsr: entered allmulticast mode [ 358.749877][T20119] hsr_slave_1: entered allmulticast mode [ 358.752874][T20119] hsr0: entered allmulticast mode [ 358.758384][T20119] veth1_virt_wifi: entered allmulticast mode [ 358.762378][T20119] veth0_virt_wifi: entered allmulticast mode [ 358.765085][T20119] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 358.768370][T20119] veth1_vlan: entered allmulticast mode [ 358.772577][T20119] veth0_vlan: entered allmulticast mode [ 358.777513][T20119] vlan0: left promiscuous mode [ 358.779373][T20119] vlan0: entered allmulticast mode [ 358.781031][T20119] vlan1: entered allmulticast mode [ 358.783123][T20119] macvlan0: entered allmulticast mode [ 358.786925][T20119] macvlan1: entered allmulticast mode [ 358.789507][T20119] ipvlan0: entered allmulticast mode [ 358.791167][T20119] ipvlan1: entered allmulticast mode [ 358.795353][T20119] veth1_macvtap: entered allmulticast mode [ 358.799270][T20119] veth0_macvtap: entered allmulticast mode [ 358.802657][T20119] macvtap0: entered allmulticast mode [ 358.805416][T20119] macsec0: entered allmulticast mode [ 358.808422][T20119] geneve0: entered allmulticast mode [ 358.818650][T20119] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.821464][T20119] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.824707][T20119] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.827650][T20119] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.833560][T20119] geneve1: entered allmulticast mode [ 358.837737][T20119] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 358.842510][T20119] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 358.845916][T20119] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 358.849521][T20119] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 358.853511][ T5981] usb 8-1: USB disconnect, device number 17 [ 358.858016][T20119] mac80211_hwsim hwsim30 wlan0: entered allmulticast mode [ 358.865739][T20119] mac80211_hwsim hwsim31 wlan1: entered allmulticast mode [ 358.868414][T20119] ip6erspan0: entered allmulticast mode [ 358.870108][T20119] syztnl1: entered allmulticast mode [ 358.881119][ T40] audit: type=1400 audit(2000000226.952:36595): avc: denied { read } for pid=20123 comm="syz.2.5200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 359.130148][T20132] (syz.2.5203,20132,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 359.132771][T20132] (syz.2.5203,20132,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 359.189700][T20132] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 359.338793][ T5981] usb 8-1: new low-speed USB device number 18 using dummy_hcd [ 359.510956][ T5981] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 359.513686][ T5981] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 359.516859][ T5981] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 359.521476][ T5981] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 359.524104][ T5981] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 359.526894][ T5981] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.531574][ T5981] usb 8-1: config 0 descriptor?? [ 360.376838][T20158] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5210'. [ 360.431170][T20163] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5211'. [ 360.513481][T20167] (syz.0.5213,20167,2):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 360.516695][T20167] (syz.0.5213,20167,2):ocfs2_fill_super:1177 ERROR: status = -22 [ 360.579258][T20167] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 360.638958][T20176] netlink: del zone limit has 4 unknown bytes [ 360.887902][T20203] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 360.939224][ T836] usb 8-1: USB disconnect, device number 18 [ 361.001394][T20205] (syz.2.5225,20205,2):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 361.004641][T20205] (syz.2.5225,20205,2):ocfs2_fill_super:1177 ERROR: status = -22 [ 361.059890][T20205] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 361.091658][ T10] usb 6-1: USB disconnect, device number 102 [ 361.204474][T20213] FAULT_INJECTION: forcing a failure. [ 361.204474][T20213] name failslab, interval 1, probability 0, space 0, times 0 [ 361.209176][T20213] CPU: 1 UID: 0 PID: 20213 Comm: syz.1.5230 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 361.209197][T20213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 361.209207][T20213] Call Trace: [ 361.209213][T20213] [ 361.209219][T20213] dump_stack_lvl+0x16c/0x1f0 [ 361.209247][T20213] should_fail_ex+0x50a/0x650 [ 361.209285][T20213] ? fs_reclaim_acquire+0xae/0x150 [ 361.209311][T20213] should_failslab+0xc2/0x120 [ 361.209331][T20213] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 361.209349][T20213] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 361.209376][T20213] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 361.209405][T20213] mmu_topup_memory_caches+0x25/0x170 [ 361.209426][T20213] kvm_mmu_load+0xda/0x22a0 [ 361.209447][T20213] ? kvm_apic_has_interrupt+0xb6/0x190 [ 361.209472][T20213] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 361.209495][T20213] ? kvm_guest_time_update+0x71e/0xeb0 [ 361.209515][T20213] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 361.209538][T20213] ? __pfx_kvm_mmu_load+0x10/0x10 [ 361.209556][T20213] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 361.209580][T20213] ? kvm_check_and_inject_events+0x725/0x12e0 [ 361.209599][T20213] ? trace_kvm_fpu+0x1f1/0x220 [ 361.209620][T20213] vcpu_run+0x2e8b/0x4cc0 [ 361.209647][T20213] ? __pfx_vcpu_run+0x10/0x10 [ 361.209663][T20213] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 361.209686][T20213] ? rcu_is_watching+0x12/0xc0 [ 361.209703][T20213] ? trace_lock_acquire+0x14e/0x1f0 [ 361.209721][T20213] ? __local_bh_enable_ip+0xa4/0x120 [ 361.209744][T20213] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.209769][T20213] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 361.209794][T20213] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 361.209813][T20213] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 361.209838][T20213] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 361.209861][T20213] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 361.209886][T20213] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 361.209913][T20213] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 361.209941][T20213] ? __pfx_lock_release+0x10/0x10 [ 361.209972][T20213] ? selinux_file_ioctl+0x180/0x270 [ 361.209993][T20213] ? selinux_file_ioctl+0xb4/0x270 [ 361.210017][T20213] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 361.210036][T20213] __x64_sys_ioctl+0x190/0x200 [ 361.210060][T20213] do_syscall_64+0xcd/0x250 [ 361.210086][T20213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.210108][T20213] RIP: 0033:0x7f540018d169 [ 361.210121][T20213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.210136][T20213] RSP: 002b:00007f54010d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 361.210153][T20213] RAX: ffffffffffffffda RBX: 00007f54003a5fa0 RCX: 00007f540018d169 [ 361.210163][T20213] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 361.210173][T20213] RBP: 00007f54010d3090 R08: 0000000000000000 R09: 0000000000000000 [ 361.210183][T20213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 361.210192][T20213] R13: 0000000000000000 R14: 00007f54003a5fa0 R15: 00007ffdd84d90d8 [ 361.210215][T20213] [ 361.525287][ T40] audit: type=1400 audit(2000000229.592:36596): avc: denied { ioctl } for pid=20233 comm="syz.0.5237" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x641c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 361.536352][T20240] FAULT_INJECTION: forcing a failure. [ 361.536352][T20240] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 361.546138][T20240] CPU: 2 UID: 0 PID: 20240 Comm: syz.2.5240 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 361.546155][T20240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 361.546162][T20240] Call Trace: [ 361.546166][T20240] [ 361.546170][T20240] dump_stack_lvl+0x16c/0x1f0 [ 361.546190][T20240] should_fail_ex+0x50a/0x650 [ 361.546205][T20240] ? __pfx___might_resched+0x10/0x10 [ 361.546225][T20240] should_fail_alloc_page+0xe7/0x130 [ 361.546238][T20240] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 361.546257][T20240] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 361.546269][T20240] ? hlock_class+0x4e/0x130 [ 361.546280][T20240] ? mark_lock+0xb5/0xc60 [ 361.546295][T20240] ? __pfx_mark_lock+0x10/0x10 [ 361.546323][T20240] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 361.546334][T20240] ? hlock_class+0x4e/0x130 [ 361.546345][T20240] ? hlock_class+0x4e/0x130 [ 361.546355][T20240] ? mark_lock+0xb5/0xc60 [ 361.546369][T20240] ? hlock_class+0x4e/0x130 [ 361.546382][T20240] ? hlock_class+0x4e/0x130 [ 361.546392][T20240] ? __lock_acquire+0xcc5/0x3c40 [ 361.546407][T20240] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 361.546424][T20240] ? policy_nodemask+0xea/0x4e0 [ 361.546437][T20240] alloc_pages_mpol+0x1fc/0x540 [ 361.546449][T20240] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 361.546461][T20240] ? __lock_acquire+0x15a9/0x3c40 [ 361.546480][T20240] folio_alloc_mpol_noprof+0x36/0x2f0 [ 361.546501][T20240] vma_alloc_folio_noprof+0xee/0x1b0 [ 361.546520][T20240] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 361.546540][T20240] ? find_held_lock+0x2d/0x110 [ 361.546562][T20240] do_pte_missing+0x202f/0x3e10 [ 361.546588][T20240] __handle_mm_fault+0x1166/0x2c60 [ 361.546611][T20240] ? __pfx___handle_mm_fault+0x10/0x10 [ 361.546621][T20240] ? follow_page_pte+0x3ac/0x1490 [ 361.546631][T20240] ? __pfx_lock_release+0x10/0x10 [ 361.546655][T20240] handle_mm_fault+0x3fa/0xaa0 [ 361.546668][T20240] __get_user_pages+0x773/0x36f0 [ 361.546682][T20240] ? __pfx___get_user_pages+0x10/0x10 [ 361.546691][T20240] ? down_read_killable+0xcc/0x380 [ 361.546713][T20240] ? __pfx_down_read_killable+0x10/0x10 [ 361.546733][T20240] get_user_pages_unlocked+0x1c2/0x780 [ 361.546745][T20240] ? __pfx_get_user_pages_unlocked+0x10/0x10 [ 361.546755][T20240] ? get_user_pages_fast_only+0xaf/0x100 [ 361.546765][T20240] ? __pfx_get_user_pages_fast_only+0x10/0x10 [ 361.546776][T20240] ? __pfx___might_resched+0x10/0x10 [ 361.546794][T20240] hva_to_pfn+0x8be/0xc20 [ 361.546812][T20240] ? __pfx_hva_to_pfn+0x10/0x10 [ 361.546825][T20240] ? lock_acquire.part.0+0x11b/0x380 [ 361.546839][T20240] ? find_held_lock+0x2d/0x110 [ 361.546853][T20240] ? find_held_lock+0x2d/0x110 [ 361.546865][T20240] ? xa_load+0x14a/0x2c0 [ 361.546881][T20240] ? __pfx_lock_release+0x10/0x10 [ 361.546896][T20240] kvm_follow_pfn+0x29f/0x3f0 [ 361.546912][T20240] __kvm_faultin_pfn+0x11c/0x1a0 [ 361.546929][T20240] ? __pfx___kvm_faultin_pfn+0x10/0x10 [ 361.546944][T20240] ? __pfx_xa_load+0x10/0x10 [ 361.546966][T20240] kvm_mmu_faultin_pfn+0x583/0x2190 [ 361.546985][T20240] ? __pfx_fast_page_fault+0x10/0x10 [ 361.547000][T20240] ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10 [ 361.547014][T20240] ? __pfx_lock_release+0x10/0x10 [ 361.547028][T20240] ? __kvm_mmu_topup_memory_cache+0x330/0x600 [ 361.547047][T20240] kvm_tdp_page_fault+0x182/0x3d0 [ 361.547059][T20240] kvm_mmu_do_page_fault+0x587/0x6c0 [ 361.547072][T20240] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 361.547082][T20240] ? init_emulate_ctxt+0x338/0x510 [ 361.547098][T20240] ? hlock_class+0x4e/0x130 [ 361.547110][T20240] kvm_mmu_page_fault+0x20f/0x1bd0 [ 361.547125][T20240] ? __pfx___lock_acquire+0x10/0x10 [ 361.547139][T20240] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 361.547150][T20240] ? __pfx_mark_lock+0x10/0x10 [ 361.547162][T20240] ? clear_bhb_loop+0x35/0x90 [ 361.547182][T20240] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 361.547198][T20240] handle_ept_violation+0x25a/0x640 [ 361.547208][T20240] ? __pfx_handle_ept_violation+0x10/0x10 [ 361.547219][T20240] vmx_handle_exit+0x6a4/0x1a30 [ 361.547231][T20240] vcpu_run+0x2af3/0x4cc0 [ 361.547248][T20240] ? __pfx_vcpu_run+0x10/0x10 [ 361.547258][T20240] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 361.547272][T20240] ? rcu_is_watching+0x12/0xc0 [ 361.547283][T20240] ? trace_lock_acquire+0x14e/0x1f0 [ 361.547294][T20240] ? __local_bh_enable_ip+0xa4/0x120 [ 361.547309][T20240] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.547322][T20240] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 361.547337][T20240] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 361.547349][T20240] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 361.547364][T20240] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 361.547378][T20240] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 361.547393][T20240] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 361.547413][T20240] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 361.547431][T20240] ? __pfx_lock_release+0x10/0x10 [ 361.547451][T20240] ? selinux_file_ioctl+0x180/0x270 [ 361.547466][T20240] ? selinux_file_ioctl+0xb4/0x270 [ 361.547482][T20240] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 361.547495][T20240] __x64_sys_ioctl+0x190/0x200 [ 361.547511][T20240] do_syscall_64+0xcd/0x250 [ 361.547527][T20240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.547540][T20240] RIP: 0033:0x7f9be4d8d169 [ 361.547550][T20240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.547560][T20240] RSP: 002b:00007f9be5b28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 361.547570][T20240] RAX: ffffffffffffffda RBX: 00007f9be4fa5fa0 RCX: 00007f9be4d8d169 [ 361.547576][T20240] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 361.547582][T20240] RBP: 00007f9be5b28090 R08: 0000000000000000 R09: 0000000000000000 [ 361.547588][T20240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 361.547594][T20240] R13: 0000000000000000 R14: 00007f9be4fa5fa0 R15: 00007ffe88e6eef8 [ 361.547608][T20240] [ 361.708620][ C2] vkms_vblank_simulate: vblank timer overrun [ 361.761526][T20254] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5245'. [ 361.822947][T20256] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5246'. [ 361.838530][ T64] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 361.988494][ T64] usb 8-1: Using ep0 maxpacket: 8 [ 361.993083][ T64] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 361.996688][ T64] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 362.005860][ T64] usb 8-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 362.010244][ T64] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 362.015189][ T64] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 362.019085][ T64] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.027226][ T64] usbtmc 8-1:16.0: bulk endpoints not found [ 362.032131][T20272] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5253'. [ 362.044185][ T40] audit: type=1400 audit(2000000230.112:36597): avc: denied { setattr } for pid=20273 comm="syz.2.5254" name="NETLINK" dev="sockfs" ino=110188 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 362.131243][ T40] audit: type=1326 audit(2000000230.202:36598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20275 comm="syz.2.5255" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9be4d8d169 code=0x0 [ 362.263333][T20287] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5258'. [ 362.766078][T20314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5269'. [ 362.867333][T20326] program syz.1.5273 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 362.876078][ T5953] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 362.886055][T20327] netlink: 604 bytes leftover after parsing attributes in process `syz.0.5271'. [ 362.943909][ T1141] bridge_slave_1: left allmulticast mode [ 362.945960][ T1141] bridge_slave_1: left promiscuous mode [ 362.947698][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.953895][ T1141] bridge_slave_0: left allmulticast mode [ 362.955603][ T1141] bridge_slave_0: left promiscuous mode [ 362.957305][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.159053][ T31] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 363.241569][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 363.245327][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 363.248656][ T1141] bond0 (unregistering): Released all slaves [ 363.308350][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 363.310967][ T31] usb 5-1: config 0 has no interfaces? [ 363.312929][ T31] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 363.315974][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.319951][ T31] usb 5-1: config 0 descriptor?? [ 363.401328][T20354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5282'. [ 363.403951][T20354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5282'. [ 363.457065][T20356] netlink: zone id is out of range [ 363.459272][T20356] netlink: del zone limit has 4 unknown bytes [ 363.501936][ T1141] hsr_slave_0: left promiscuous mode [ 363.503958][ T1141] hsr_slave_1: left promiscuous mode [ 363.505774][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.507872][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.510689][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.512803][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.523270][ T31] usb 5-1: USB disconnect, device number 89 [ 363.571853][ T1141] veth1_macvtap: left promiscuous mode [ 363.573466][ T1141] veth0_macvtap: left promiscuous mode [ 363.681022][T20368] FAULT_INJECTION: forcing a failure. [ 363.681022][T20368] name failslab, interval 1, probability 0, space 0, times 0 [ 363.685611][T20368] CPU: 2 UID: 0 PID: 20368 Comm: syz.2.5288 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 363.685625][T20368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 363.685632][T20368] Call Trace: [ 363.685635][T20368] [ 363.685640][T20368] dump_stack_lvl+0x16c/0x1f0 [ 363.685659][T20368] should_fail_ex+0x50a/0x650 [ 363.685676][T20368] ? fs_reclaim_acquire+0xae/0x150 [ 363.685694][T20368] should_failslab+0xc2/0x120 [ 363.685707][T20368] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 363.685718][T20368] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 363.685740][T20368] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 363.685759][T20368] mmu_topup_memory_caches+0x25/0x170 [ 363.685772][T20368] kvm_mmu_load+0xda/0x22a0 [ 363.685784][T20368] ? kvm_apic_has_interrupt+0xb6/0x190 [ 363.685801][T20368] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 363.685816][T20368] ? kvm_guest_time_update+0x71e/0xeb0 [ 363.685829][T20368] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 363.685842][T20368] ? __pfx_kvm_mmu_load+0x10/0x10 [ 363.685854][T20368] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 363.685869][T20368] ? kvm_check_and_inject_events+0x725/0x12e0 [ 363.685881][T20368] ? trace_kvm_fpu+0x1f1/0x220 [ 363.685894][T20368] vcpu_run+0x2e8b/0x4cc0 [ 363.685910][T20368] ? __pfx_vcpu_run+0x10/0x10 [ 363.685920][T20368] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 363.685941][T20368] ? rcu_is_watching+0x12/0xc0 [ 363.685956][T20368] ? trace_lock_acquire+0x14e/0x1f0 [ 363.685967][T20368] ? __local_bh_enable_ip+0xa4/0x120 [ 363.685983][T20368] ? lockdep_hardirqs_on+0x7c/0x110 [ 363.685996][T20368] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 363.686011][T20368] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 363.686023][T20368] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 363.686038][T20368] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 363.686052][T20368] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 363.686067][T20368] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 363.686085][T20368] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 363.686104][T20368] ? __pfx_lock_release+0x10/0x10 [ 363.686123][T20368] ? selinux_file_ioctl+0x180/0x270 [ 363.686138][T20368] ? selinux_file_ioctl+0xb4/0x270 [ 363.686155][T20368] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 363.686167][T20368] __x64_sys_ioctl+0x190/0x200 [ 363.686183][T20368] do_syscall_64+0xcd/0x250 [ 363.686203][T20368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.686218][T20368] RIP: 0033:0x7f9be4d8d169 [ 363.686227][T20368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.686237][T20368] RSP: 002b:00007f9be5b28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 363.686247][T20368] RAX: ffffffffffffffda RBX: 00007f9be4fa5fa0 RCX: 00007f9be4d8d169 [ 363.686254][T20368] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 363.686260][T20368] RBP: 00007f9be5b28090 R08: 0000000000000000 R09: 0000000000000000 [ 363.686266][T20368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 363.686272][T20368] R13: 0000000000000000 R14: 00007f9be4fa5fa0 R15: 00007ffe88e6eef8 [ 363.686284][T20368] [ 363.774550][ C2] vkms_vblank_simulate: vblank timer overrun [ 363.777250][T20385] netlink: zone id is out of range [ 363.779395][T20385] netlink: zone id is out of range [ 363.780806][T20385] netlink: zone id is out of range [ 363.782247][T20385] netlink: zone id is out of range [ 363.784111][T20385] netlink: set zone limit has 8 unknown bytes [ 363.896529][T20387] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 363.917999][ T40] audit: type=1400 audit(2000000231.982:36599): avc: denied { bind } for pid=20386 comm="syz.2.5294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 363.939338][ T836] usb 5-1: new low-speed USB device number 90 using dummy_hcd [ 364.127350][ T836] usb 5-1: config 0 has no interfaces? [ 364.129265][ T836] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 364.131638][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.134681][ T836] usb 5-1: config 0 descriptor?? [ 364.158477][ T64] usb 6-1: new low-speed USB device number 103 using dummy_hcd [ 364.291438][ T64] usb 6-1: device descriptor read/64, error -71 [ 364.411219][ T1141] team0 (unregistering): Port device team_slave_1 removed [ 364.489478][ T5979] usb 8-1: USB disconnect, device number 19 [ 364.525986][ T1141] team0 (unregistering): Port device team_slave_0 removed [ 364.528450][ T64] usb 6-1: new low-speed USB device number 104 using dummy_hcd [ 364.658392][ T64] usb 6-1: device descriptor read/64, error -71 [ 364.719305][T20403] misc userio: The device must be registered before sending interrupts [ 364.768567][ T64] usb usb6-port1: attempt power cycle [ 365.119304][ T64] usb 6-1: new low-speed USB device number 105 using dummy_hcd [ 365.154211][ T64] usb 6-1: device descriptor read/8, error -71 [ 365.402906][ T64] usb 6-1: new low-speed USB device number 106 using dummy_hcd [ 365.428655][ T64] usb 6-1: device descriptor read/8, error -71 [ 365.548473][ T64] usb usb6-port1: unable to enumerate USB device [ 365.817157][ T836] usb 5-1: USB disconnect, device number 90 [ 365.928274][ T5979] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 366.078237][ T5979] usb 8-1: Using ep0 maxpacket: 8 [ 366.080824][ T5979] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 366.084668][ T5979] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 366.088061][ T5979] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 366.090968][ T5979] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 366.093583][ T5979] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 366.096935][ T5979] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 366.102099][ T40] audit: type=1400 audit(2000000234.173:36600): avc: denied { listen } for pid=20444 comm="syz.2.5313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 366.108677][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.112908][ T5979] usbtmc 8-1:16.0: probe with driver usbtmc failed with error -22 [ 366.230123][T20450] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=20450 comm=syz.0.5315 [ 366.310186][T20452] x_tables: duplicate underflow at hook 2 [ 366.354317][ T40] audit: type=1400 audit(2000000234.423:36601): avc: denied { accept } for pid=20444 comm="syz.2.5313" lport=33738 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 366.411427][ T40] audit: type=1400 audit(2000000234.483:36602): avc: denied { ioctl } for pid=20444 comm="syz.2.5313" path="socket:[110423]" dev="sockfs" ino=110423 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 366.498259][ T31] usb 6-1: new low-speed USB device number 107 using dummy_hcd [ 366.628185][ T31] usb 6-1: device descriptor read/64, error -71 [ 366.878152][ T31] usb 6-1: new low-speed USB device number 108 using dummy_hcd [ 367.567616][T20498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5334'. [ 367.705933][T20515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5340'. [ 367.709091][T20515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5340'. [ 368.148687][ T836] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 368.162970][ T40] audit: type=1400 audit(2000000236.233:36603): avc: denied { bind } for pid=20551 comm="syz.1.5353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 368.238629][T20554] syz.2.5354: vmalloc error: size 16384, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 368.243779][T20554] CPU: 3 UID: 0 PID: 20554 Comm: syz.2.5354 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 368.243813][T20554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 368.243825][T20554] Call Trace: [ 368.243831][T20554] [ 368.243839][T20554] dump_stack_lvl+0x16c/0x1f0 [ 368.243867][T20554] warn_alloc+0x24d/0x3a0 [ 368.243887][T20554] ? __pfx_warn_alloc+0x10/0x10 [ 368.243907][T20554] ? alloc_pages_mpol+0x25b/0x540 [ 368.243927][T20554] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 368.243949][T20554] ? trace_kmalloc+0x2d/0xd0 [ 368.243977][T20554] __vmalloc_node_range_noprof+0x12bd/0x1530 [ 368.244013][T20554] ? vhost_task_create+0x1d3/0x2e0 [ 368.244041][T20554] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 368.244068][T20554] ? rcu_is_watching+0x12/0xc0 [ 368.244087][T20554] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 368.244109][T20554] ? kmem_cache_alloc_node_noprof+0x272/0x3c0 [ 368.244126][T20554] ? mark_held_locks+0x9f/0xe0 [ 368.244148][T20554] ? copy_process+0x4be/0x8c50 [ 368.244165][T20554] ? vhost_task_create+0x1d3/0x2e0 [ 368.244187][T20554] copy_process+0x2ef2/0x8c50 [ 368.244203][T20554] ? vhost_task_create+0x1d3/0x2e0 [ 368.244243][T20554] ? __pfx_copy_process+0x10/0x10 [ 368.244275][T20554] ? lockdep_init_map_type+0x16d/0x7d0 [ 368.244298][T20554] ? __raw_spin_lock_init+0x3a/0x110 [ 368.244317][T20554] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 368.244342][T20554] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 368.244361][T20554] vhost_task_create+0x1d3/0x2e0 [ 368.244381][T20554] ? __pfx_vhost_task_create+0x10/0x10 [ 368.244402][T20554] ? kvm_mmu_post_init_vm+0xb4/0x370 [ 368.244429][T20554] ? __pfx_vhost_task_fn+0x10/0x10 [ 368.244452][T20554] ? lock_acquire.part.0+0x11b/0x380 [ 368.244474][T20554] ? find_held_lock+0x2d/0x110 [ 368.244499][T20554] kvm_mmu_post_init_vm+0x1b7/0x370 [ 368.244523][T20554] kvm_arch_vcpu_ioctl_run+0x66/0x17f0 [ 368.244542][T20554] ? lock_acquire+0x2f/0xb0 [ 368.244562][T20554] ? kvm_vcpu_ioctl+0x14be/0x16b0 [ 368.244587][T20554] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 368.244610][T20554] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 368.244638][T20554] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 368.244672][T20554] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 368.244703][T20554] ? __pfx_lock_release+0x10/0x10 [ 368.244737][T20554] ? selinux_file_ioctl+0x180/0x270 [ 368.244761][T20554] ? selinux_file_ioctl+0xb4/0x270 [ 368.244787][T20554] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 368.244808][T20554] __x64_sys_ioctl+0x190/0x200 [ 368.244834][T20554] do_syscall_64+0xcd/0x250 [ 368.244878][T20554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.244901][T20554] RIP: 0033:0x7f9be4d8d169 [ 368.244915][T20554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.244929][T20554] RSP: 002b:00007f9be5b28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 368.244945][T20554] RAX: ffffffffffffffda RBX: 00007f9be4fa5fa0 RCX: 00007f9be4d8d169 [ 368.244956][T20554] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 368.244965][T20554] RBP: 00007f9be5b28090 R08: 0000000000000000 R09: 0000000000000000 [ 368.244975][T20554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 368.244984][T20554] R13: 0000000000000000 R14: 00007f9be4fa5fa0 R15: 00007ffe88e6eef8 [ 368.245008][T20554] [ 368.245025][T20554] Mem-Info: [ 368.308102][ T836] usb 5-1: Using ep0 maxpacket: 8 [ 368.311055][T20554] active_anon:23763 inactive_anon:0 isolated_anon:0 [ 368.311055][T20554] active_file:3753 inactive_file:52919 isolated_file:0 [ 368.311055][T20554] unevictable:11002 dirty:26 writeback:0 [ 368.311055][T20554] slab_reclaimable:7786 slab_unreclaimable:79856 [ 368.311055][T20554] mapped:27638 shmem:6772 pagetables:971 [ 368.311055][T20554] sec_pagetables:310 bounce:0 [ 368.311055][T20554] kernel_misc_reclaimable:0 [ 368.311055][T20554] free:428282 free_pcp:5745 free_cma:0 [ 368.313302][ T836] usb 5-1: config index 0 descriptor too short (expected 192, got 92) [ 368.313618][T20554] Node 0 active_anon:95052kB inactive_anon:0kB active_file:15012kB inactive_file:211560kB unevictable:40432kB isolated(anon):0kB isolated(file):0kB mapped:110472kB dirty:104kB writeback:0kB shmem:23552kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13264kB pagetables:3884kB sec_pagetables:1240kB all_unreclaimable? no [ 368.315045][ T836] usb 5-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 368.316510][T20554] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:116kB unevictable:3576kB isolated(anon):0kB isolated(file):0kB mapped:80kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 368.317821][ T836] usb 5-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 368.317835][ T836] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 368.317853][ T836] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 368.319849][T20554] Node 0 [ 368.320801][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.322186][T20554] DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 368.329833][ T836] usb 5-1: config 0 descriptor?? [ 368.332105][T20554] lowmem_reserve[]: 0 1240 1240 1240 1240 [ 368.400920][T20554] Node 0 DMA32 free:127132kB boost:0kB min:27608kB low:34508kB high:41408kB reserved_highatomic:0KB active_anon:95052kB inactive_anon:0kB active_file:15012kB inactive_file:211560kB unevictable:40432kB writepending:104kB present:2080628kB managed:1270112kB mlocked:16kB bounce:0kB free_pcp:10508kB local_pcp:612kB free_cma:0kB [ 368.410668][T20554] lowmem_reserve[]: 0 0 0 0 0 [ 368.412065][T20554] Node 1 Normal free:1570636kB boost:0kB min:39632kB low:49540kB high:59448kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:116kB unevictable:3576kB writepending:0kB present:2097152kB managed:1781924kB mlocked:40kB bounce:0kB free_pcp:12440kB local_pcp:2048kB free_cma:0kB [ 368.420175][T20554] lowmem_reserve[]: 0 0 0 0 0 [ 368.421783][T20554] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 368.426660][T20554] Node 0 DMA32: 421*4kB (UME) 90*8kB (UME) 146*16kB (UE) 272*32kB (UME) 118*64kB (UME) 87*128kB (UME) 46*256kB (UME) 52*512kB (UME) 23*1024kB (UME) 10*2048kB (UM) 3*4096kB (UM) = 126852kB [ 368.432282][T20554] Node 1 Normal: 11*4kB (UME) 12*8kB (UME) 24*16kB (UME) 138*32kB (UME) 68*64kB (UME) 22*128kB (UME) 10*256kB (UE) 5*512kB (UME) 1*1024kB (E) 2*2048kB (UE) 378*4096kB (UM) = 1570636kB [ 368.437749][T20554] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 368.440606][T20554] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 368.444045][T20554] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 368.446879][T20554] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 368.449772][T20554] 72705 total pagecache pages [ 368.451120][T20554] 0 pages in swap cache [ 368.452315][T20554] Free swap = 124500kB [ 368.453492][T20554] Total swap = 124996kB [ 368.454654][T20554] 1048443 pages RAM [ 368.455741][T20554] 0 pages HighMem/MovableOnly [ 368.457061][T20554] 281594 pages reserved [ 368.458731][T20554] 0 pages cma reserved [ 368.546260][ T836] usb 5-1: USB disconnect, device number 91 [ 368.702494][T20567] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 368.710708][ T31] usb 8-1: USB disconnect, device number 20 [ 368.789321][ T40] audit: type=1400 audit(2000000236.863:36604): avc: denied { accept } for pid=20574 comm="syz.2.5360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 368.998128][ T9] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 369.008600][T20551] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 369.168309][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 369.171033][ T9] usb 5-1: config index 0 descriptor too short (expected 192, got 92) [ 369.173381][ T9] usb 5-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 369.175759][ T9] usb 5-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 369.178788][ T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 369.181217][ T9] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 369.183686][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.186963][ T9] usb 5-1: config 0 descriptor?? [ 369.397585][ T9] IPVS: starting estimator thread 0... [ 369.402297][T20604] bridge: RTM_NEWNEIGH with invalid ether address [ 369.404455][T20604] netlink: 'syz.3.5370': attribute type 12 has an invalid length. [ 369.407015][T20604] netlink: 'syz.3.5370': attribute type 29 has an invalid length. [ 369.410215][ T836] usb 6-1: new high-speed USB device number 109 using dummy_hcd [ 369.413819][T20604] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5370'. [ 369.417235][T20604] netlink: 59 bytes leftover after parsing attributes in process `syz.3.5370'. [ 369.423638][T20604] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=20604 comm=syz.3.5370 [ 369.508073][T20605] IPVS: using max 36 ests per chain, 86400 per kthread [ 369.568297][ T836] usb 6-1: Using ep0 maxpacket: 8 [ 369.577499][ T836] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 369.581497][ T836] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 369.585152][ T836] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 369.590462][ T836] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 369.594332][ T836] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 369.597878][ T836] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 369.600454][ T836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.606216][ T836] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22 [ 369.726687][T20616] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5374'. [ 369.778075][T19136] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 369.958038][T19136] usb 8-1: Using ep0 maxpacket: 8 [ 369.960754][T19136] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 369.963125][T19136] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 369.967315][T19136] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 369.970381][T19136] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 369.973054][T19136] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 369.975816][T19136] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.983735][T19136] usb 8-1: config 0 descriptor?? [ 370.193578][T19136] usb 8-1: USB disconnect, device number 21 [ 370.418730][T20639] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 370.576063][T20650] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5387'. [ 370.658568][T19136] usb 8-1: new low-speed USB device number 22 using dummy_hcd [ 370.809429][ T5979] usb 5-1: USB disconnect, device number 92 [ 370.820304][T19136] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 370.822641][T19136] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 370.825126][T19136] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 370.828227][T19136] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 370.830839][T19136] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 370.833415][T19136] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.836983][T19136] usb 8-1: config 0 descriptor?? [ 370.990576][T20673] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 371.209451][T20698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5402'. [ 371.271982][T20700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5403'. [ 371.274478][T20700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5403'. [ 371.548199][T20708] netlink: 'syz.2.5406': attribute type 39 has an invalid length. [ 372.173363][ T5979] usb 6-1: USB disconnect, device number 109 [ 372.197900][ T40] audit: type=1400 audit(2000000240.273:36605): avc: denied { accept } for pid=20726 comm="syz.1.5414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 372.205487][T20727] program syz.1.5414 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 372.317503][T20736] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 372.345051][T20732] FAULT_INJECTION: forcing a failure. [ 372.345051][T20732] name failslab, interval 1, probability 0, space 0, times 0 [ 372.348659][T20732] CPU: 2 UID: 0 PID: 20732 Comm: syz.0.5415 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 372.348672][T20732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 372.348678][T20732] Call Trace: [ 372.348682][T20732] [ 372.348686][T20732] dump_stack_lvl+0x16c/0x1f0 [ 372.348704][T20732] should_fail_ex+0x50a/0x650 [ 372.348720][T20732] ? fs_reclaim_acquire+0xae/0x150 [ 372.348736][T20732] should_failslab+0xc2/0x120 [ 372.348749][T20732] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 372.348760][T20732] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 372.348777][T20732] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 372.348794][T20732] mmu_topup_memory_caches+0x25/0x170 [ 372.348824][T20732] kvm_mmu_load+0xda/0x22a0 [ 372.348836][T20732] ? kvm_apic_has_interrupt+0xb6/0x190 [ 372.348852][T20732] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 372.348872][T20732] ? kvm_guest_time_update+0x71e/0xeb0 [ 372.348884][T20732] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 372.348898][T20732] ? __pfx_kvm_mmu_load+0x10/0x10 [ 372.348909][T20732] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 372.348924][T20732] ? kvm_check_and_inject_events+0x725/0x12e0 [ 372.348936][T20732] ? trace_kvm_fpu+0x1f1/0x220 [ 372.348949][T20732] vcpu_run+0x2e8b/0x4cc0 [ 372.348964][T20732] ? __pfx_vcpu_run+0x10/0x10 [ 372.348974][T20732] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 372.348990][T20732] ? rcu_is_watching+0x12/0xc0 [ 372.349001][T20732] ? trace_lock_acquire+0x14e/0x1f0 [ 372.349012][T20732] ? __local_bh_enable_ip+0xa4/0x120 [ 372.349028][T20732] ? lockdep_hardirqs_on+0x7c/0x110 [ 372.349041][T20732] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 372.349056][T20732] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 372.349067][T20732] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 372.349082][T20732] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 372.349096][T20732] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 372.349111][T20732] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 372.349129][T20732] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 372.349148][T20732] ? __pfx_lock_release+0x10/0x10 [ 372.349167][T20732] ? selinux_file_ioctl+0x180/0x270 [ 372.349182][T20732] ? selinux_file_ioctl+0xb4/0x270 [ 372.349198][T20732] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 372.349211][T20732] __x64_sys_ioctl+0x190/0x200 [ 372.349226][T20732] do_syscall_64+0xcd/0x250 [ 372.349242][T20732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.349256][T20732] RIP: 0033:0x7f10c2f8d169 [ 372.349264][T20732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.349273][T20732] RSP: 002b:00007f10c3d1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 372.349283][T20732] RAX: ffffffffffffffda RBX: 00007f10c31a5fa0 RCX: 00007f10c2f8d169 [ 372.349289][T20732] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 372.349295][T20732] RBP: 00007f10c3d1d090 R08: 0000000000000000 R09: 0000000000000000 [ 372.349301][T20732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 372.349306][T20732] R13: 0000000000000000 R14: 00007f10c31a5fa0 R15: 00007ffe31592ef8 [ 372.349319][T20732] [ 372.442359][ C2] vkms_vblank_simulate: vblank timer overrun [ 372.464157][T19136] usb 8-1: USB disconnect, device number 22 [ 372.651832][T20756] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 372.659845][ T40] audit: type=1400 audit(2000000240.733:36606): avc: denied { read } for pid=20750 comm="syz.3.5423" name="file0" dev="9p" ino=36831326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.666605][ T40] audit: type=1400 audit(2000000240.733:36607): avc: denied { read } for pid=20750 comm="syz.3.5423" name="file0" dev="overlay" ino=36831326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.673771][ T40] audit: type=1400 audit(2000000240.733:36608): avc: denied { open } for pid=20750 comm="syz.3.5423" path="/260/bus/file0" dev="overlay" ino=36831326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.674493][T20756] evm: overlay not supported [ 372.680905][ T40] audit: type=1400 audit(2000000240.743:36609): avc: denied { setattr } for pid=20750 comm="syz.3.5423" name="file0" dev="overlay" ino=36831326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.689357][ T40] audit: type=1400 audit(2000000240.753:36610): avc: denied { write } for pid=20750 comm="syz.3.5423" path=2F202864656C6574656429 dev="tmpfs" ino=1387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.697641][ T40] audit: type=1400 audit(2000000240.763:36611): avc: denied { link } for pid=20750 comm="syz.3.5423" name="#1387" dev="tmpfs" ino=1387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.707784][ T40] audit: type=1400 audit(2000000240.773:36612): avc: denied { read } for pid=20750 comm="syz.3.5423" lport=43652 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 372.735179][T20760] vimc link validate: Scaler:src:16x16 (0x33524742, 8, 0, 0, 6) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 372.738102][ T836] usb 7-1: new high-speed USB device number 104 using dummy_hcd [ 372.758880][ T9] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 372.794621][ T40] audit: type=1400 audit(2000000240.863:36613): avc: denied { unlink } for pid=16947 comm="syz-executor" name="file0" dev="tmpfs" ino=1387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 372.907882][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 372.911961][ T836] usb 7-1: config 0 has an invalid interface number: 120 but max is 0 [ 372.914897][ T836] usb 7-1: config 0 has no interface number 0 [ 372.917114][ T836] usb 7-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 372.921509][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 372.924199][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 372.926838][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 372.931962][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 372.934676][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 372.938466][ T836] usb 7-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 372.941229][ T836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.944287][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 372.946782][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.951512][ T836] usb 7-1: config 0 descriptor?? [ 372.953412][ T40] audit: type=1400 audit(2000000241.023:36614): avc: denied { append } for pid=20769 comm="syz.3.5429" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 372.956139][ T836] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.120/input/input16 [ 372.965463][ T9] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 373.165481][T20747] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5421'. [ 373.184053][T20747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5421'. [ 373.193889][T20784] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5434'. [ 373.253152][ T9] usb 7-1: USB disconnect, device number 104 [ 373.366455][T20794] xt_CT: You must specify a L4 protocol and not use inversions on it [ 373.397147][T20798] (syz.3.5439,20798,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 373.400699][T20798] (syz.3.5439,20798,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 373.424403][T20803] loop9: detected capacity change from 0 to 16 [ 373.429699][T20803] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 373.432081][T20803] loop9: partition table partially beyond EOD, truncated [ 373.434494][T20803] loop9: p1 size 81768186 extends beyond EOD, truncated [ 373.440180][T20798] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 373.452876][T20802] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5441'. [ 373.492224][T20808] (syz.3.5442,20808,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 373.495497][T20808] (syz.3.5442,20808,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 373.541339][T20812] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=20812 comm=syz.1.5444 [ 373.549496][T20808] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 373.635920][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.638003][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.640011][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.642093][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.644047][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.646054][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.648516][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.653376][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.655396][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.657337][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.660277][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.662494][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.664463][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.666436][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.668822][T19136] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 373.673931][T19136] hid-generic 00A0:0006:0003.0007: hidraw1: HID v0.05 Device [syz1] on syz0 [ 373.853322][T20839] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 373.874120][T20840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.878269][T20840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.910018][T20844] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5456'. [ 374.043585][T20852] tmpfs: Bad value for 'mpol' [ 374.045776][T20852] netlink: 'syz.2.5460': attribute type 5 has an invalid length. [ 374.088426][T20840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.092174][T20840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.110099][T19136] usb 6-1: new high-speed USB device number 110 using dummy_hcd [ 374.320385][T20868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5465'. [ 374.323514][T20868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5465'. [ 374.961410][T20891] VFS: unable to find oldfs superblock on device nullb0 [ 374.966217][T20891] sg_read: process 708 (syz.3.5475) changed security contexts after opening file descriptor, this is not allowed. [ 375.023396][T20896] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 375.026160][ T5953] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 375.272430][T20904] FAULT_INJECTION: forcing a failure. [ 375.272430][T20904] name failslab, interval 1, probability 0, space 0, times 0 [ 375.275950][T20904] CPU: 2 UID: 0 PID: 20904 Comm: syz.3.5481 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 375.275963][T20904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 375.275970][T20904] Call Trace: [ 375.275974][T20904] [ 375.275978][T20904] dump_stack_lvl+0x16c/0x1f0 [ 375.275996][T20904] should_fail_ex+0x50a/0x650 [ 375.276012][T20904] ? fs_reclaim_acquire+0xae/0x150 [ 375.276029][T20904] should_failslab+0xc2/0x120 [ 375.276041][T20904] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 375.276053][T20904] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 375.276069][T20904] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 375.276087][T20904] mmu_topup_memory_caches+0x25/0x170 [ 375.276100][T20904] kvm_mmu_load+0xda/0x22a0 [ 375.276113][T20904] ? kvm_apic_has_interrupt+0xb6/0x190 [ 375.276129][T20904] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 375.276144][T20904] ? kvm_guest_time_update+0x71e/0xeb0 [ 375.276156][T20904] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 375.276170][T20904] ? __pfx_kvm_mmu_load+0x10/0x10 [ 375.276182][T20904] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 375.276197][T20904] ? kvm_check_and_inject_events+0x725/0x12e0 [ 375.276209][T20904] ? trace_kvm_fpu+0x1f1/0x220 [ 375.276221][T20904] vcpu_run+0x2e8b/0x4cc0 [ 375.276237][T20904] ? __pfx_vcpu_run+0x10/0x10 [ 375.276247][T20904] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 375.276263][T20904] ? rcu_is_watching+0x12/0xc0 [ 375.276275][T20904] ? trace_lock_acquire+0x14e/0x1f0 [ 375.276286][T20904] ? __local_bh_enable_ip+0xa4/0x120 [ 375.276302][T20904] ? lockdep_hardirqs_on+0x7c/0x110 [ 375.276315][T20904] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 375.276330][T20904] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 375.276341][T20904] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 375.276357][T20904] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 375.276370][T20904] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 375.276386][T20904] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 375.276404][T20904] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 375.276422][T20904] ? __pfx_lock_release+0x10/0x10 [ 375.276441][T20904] ? selinux_file_ioctl+0x180/0x270 [ 375.276457][T20904] ? selinux_file_ioctl+0xb4/0x270 [ 375.276473][T20904] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 375.276486][T20904] __x64_sys_ioctl+0x190/0x200 [ 375.276501][T20904] do_syscall_64+0xcd/0x250 [ 375.276517][T20904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.276531][T20904] RIP: 0033:0x7f61b3d8d169 [ 375.276540][T20904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.276550][T20904] RSP: 002b:00007f61b4c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 375.276559][T20904] RAX: ffffffffffffffda RBX: 00007f61b3fa5fa0 RCX: 00007f61b3d8d169 [ 375.276566][T20904] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 375.276573][T20904] RBP: 00007f61b4c27090 R08: 0000000000000000 R09: 0000000000000000 [ 375.276579][T20904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 375.276584][T20904] R13: 0000000000000000 R14: 00007f61b3fa5fa0 R15: 00007ffd69c5c768 [ 375.276597][T20904] [ 375.360543][ C2] vkms_vblank_simulate: vblank timer overrun [ 375.529772][T19136] usb 5-1: USB disconnect, device number 93 [ 375.607203][T20929] tmpfs: Unknown parameter 'mŸ´Á€C<5!ùÿÿÿÿÿÿÿgíû' [ 375.728055][ T9] usb 6-1: new high-speed USB device number 111 using dummy_hcd [ 375.863160][T20946] netlink: 16166 bytes leftover after parsing attributes in process `syz.2.5494'. [ 375.907750][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 375.914987][ T9] usb 6-1: config index 0 descriptor too short (expected 192, got 92) [ 375.917261][ T9] usb 6-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 375.920707][ T9] usb 6-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 375.923527][ T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 375.925978][ T9] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 375.928659][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.931998][ T9] usb 6-1: config 0 descriptor?? [ 376.139935][ T9] usb 6-1: USB disconnect, device number 111 [ 376.178829][ T5979] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 376.337684][ T5979] usb 8-1: Using ep0 maxpacket: 8 [ 376.344541][ T5979] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 376.347987][ T5979] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 376.350798][ T5979] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 376.353941][ T5979] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 376.357434][ T5979] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 376.362167][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.567332][ T5979] usb 8-1: usb_control_msg returned -32 [ 376.570116][ T5979] usbtmc 8-1:16.0: can't read capabilities [ 376.574276][ T5979] usb 8-1: USB disconnect, device number 23 [ 376.580192][ T9] usb 6-1: new low-speed USB device number 112 using dummy_hcd [ 376.695685][T20977] FAULT_INJECTION: forcing a failure. [ 376.695685][T20977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 376.700218][T20977] CPU: 3 UID: 0 PID: 20977 Comm: syz.2.5504 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 376.700231][T20977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 376.700238][T20977] Call Trace: [ 376.700242][T20977] [ 376.700245][T20977] dump_stack_lvl+0x16c/0x1f0 [ 376.700264][T20977] should_fail_ex+0x50a/0x650 [ 376.700282][T20977] _copy_from_user+0x2e/0xd0 [ 376.700293][T20977] memdup_user+0x71/0xd0 [ 376.700308][T20977] strndup_user+0x78/0xe0 [ 376.700322][T20977] __x64_sys_mount+0x138/0x310 [ 376.700335][T20977] ? __pfx___x64_sys_mount+0x10/0x10 [ 376.700350][T20977] do_syscall_64+0xcd/0x250 [ 376.700366][T20977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.700380][T20977] RIP: 0033:0x7f9be4d8d169 [ 376.700389][T20977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.700398][T20977] RSP: 002b:00007f9be5b28038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 376.700409][T20977] RAX: ffffffffffffffda RBX: 00007f9be4fa5fa0 RCX: 00007f9be4d8d169 [ 376.700415][T20977] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: 0000400000000000 [ 376.700421][T20977] RBP: 00007f9be5b28090 R08: 0000000000000000 R09: 0000000000000000 [ 376.700427][T20977] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 376.700433][T20977] R13: 0000000000000000 R14: 00007f9be4fa5fa0 R15: 00007ffe88e6eef8 [ 376.700444][T20977] [ 376.768847][ T9] usb 6-1: config index 0 descriptor too short (expected 192, got 92) [ 376.771132][ T9] usb 6-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 376.773510][ T9] usb 6-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 376.776334][ T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 376.778962][ T9] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 376.781479][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.784825][T20979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 376.788048][T20979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.788855][ T9] usb 6-1: config 0 descriptor?? [ 376.835220][T20988] netlink: 1268 bytes leftover after parsing attributes in process `syz.2.5508'. [ 376.838228][T20988] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 376.915917][T20992] new mount options do not match the existing superblock, will be ignored [ 376.921426][T20992] cgroup: Unknown subsys name ' ugetlb' [ 376.979835][T20999] netlink: 'syz.2.5512': attribute type 142 has an invalid length. [ 377.017039][T20999] sg_write: data in/out 43/14 bytes for SCSI command 0x9-- guessing data in; [ 377.017039][T20999] program syz.2.5512 not setting count and/or reply_len properly [ 377.232151][T21015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5519'. [ 377.236825][T21017] PKCS7: Unknown OID: [4] 5.25.43204.122 [ 377.239676][T21017] PKCS7: Only support pkcs7_signedData type [ 377.579670][ T5979] usb 7-1: new high-speed USB device number 105 using dummy_hcd [ 377.659005][ T9] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 377.747684][ T5979] usb 7-1: Using ep0 maxpacket: 8 [ 377.758444][ T5979] usb 7-1: config index 0 descriptor too short (expected 192, got 92) [ 377.761071][ T5979] usb 7-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 377.763707][ T5979] usb 7-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 377.766813][ T5979] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 377.777599][ T5979] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 377.780026][ T5979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.785503][ T5979] usb 7-1: config 0 descriptor?? [ 377.837605][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 377.844819][ T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 377.847924][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 377.850875][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 377.867608][ T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 377.871841][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 377.874590][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.991622][ T5979] usb 7-1: USB disconnect, device number 105 [ 378.053281][T21037] loop9: detected capacity change from 0 to 1 [ 378.057308][T21037] Dev loop9: unable to read RDB block 1 [ 378.059261][T21037] loop9: unable to read partition table [ 378.061097][T21037] loop9: partition table beyond EOD, truncated [ 378.062829][T21037] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 378.081505][ T9] usb 8-1: usb_control_msg returned -32 [ 378.083843][ T9] usbtmc 8-1:16.0: can't read capabilities [ 378.088282][ T9] usb 8-1: USB disconnect, device number 24 [ 378.289750][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.291475][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.418298][ T36] usb 6-1: USB disconnect, device number 112 [ 378.447845][ T5979] usb 7-1: new low-speed USB device number 106 using dummy_hcd [ 378.588510][ T5979] usb 7-1: device descriptor read/64, error -71 [ 378.642012][T21046] FAULT_INJECTION: forcing a failure. [ 378.642012][T21046] name failslab, interval 1, probability 0, space 0, times 0 [ 378.645969][T21046] CPU: 3 UID: 0 PID: 21046 Comm: syz.1.5532 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 378.645986][T21046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 378.645992][T21046] Call Trace: [ 378.645996][T21046] [ 378.646000][T21046] dump_stack_lvl+0x16c/0x1f0 [ 378.646020][T21046] should_fail_ex+0x50a/0x650 [ 378.646036][T21046] ? fs_reclaim_acquire+0xae/0x150 [ 378.646053][T21046] ? lsm_blob_alloc+0x68/0x90 [ 378.646063][T21046] should_failslab+0xc2/0x120 [ 378.646075][T21046] __kmalloc_noprof+0xcb/0x510 [ 378.646085][T21046] ? __pfx_perf_event_init_task+0x10/0x10 [ 378.646097][T21046] ? audit_alloc+0xa3/0x7b0 [ 378.646109][T21046] lsm_blob_alloc+0x68/0x90 [ 378.646120][T21046] security_task_alloc+0x2d/0x260 [ 378.646136][T21046] copy_process+0x24cc/0x8c50 [ 378.646145][T21046] ? kasan_save_stack+0x33/0x60 [ 378.646155][T21046] ? kasan_save_track+0x14/0x30 [ 378.646164][T21046] ? __kasan_kmalloc+0xaa/0xb0 [ 378.646173][T21046] ? vhost_task_create+0xe6/0x2e0 [ 378.646185][T21046] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 378.646199][T21046] ? kvm_arch_vcpu_ioctl_run+0x66/0x17f0 [ 378.646210][T21046] ? kvm_vcpu_ioctl+0x5ea/0x16b0 [ 378.646221][T21046] ? __x64_sys_ioctl+0x190/0x200 [ 378.646235][T21046] ? do_syscall_64+0xcd/0x250 [ 378.646249][T21046] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.646270][T21046] ? __pfx_copy_process+0x10/0x10 [ 378.646287][T21046] ? lockdep_init_map_type+0x16d/0x7d0 [ 378.646302][T21046] ? __raw_spin_lock_init+0x3a/0x110 [ 378.646312][T21046] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 378.646328][T21046] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 378.646339][T21046] vhost_task_create+0x1d3/0x2e0 [ 378.646351][T21046] ? __pfx_vhost_task_create+0x10/0x10 [ 378.646364][T21046] ? kvm_mmu_post_init_vm+0xb4/0x370 [ 378.646380][T21046] ? __pfx_vhost_task_fn+0x10/0x10 [ 378.646393][T21046] ? lock_acquire.part.0+0x11b/0x380 [ 378.646407][T21046] ? find_held_lock+0x2d/0x110 [ 378.646422][T21046] kvm_mmu_post_init_vm+0x1b7/0x370 [ 378.646435][T21046] kvm_arch_vcpu_ioctl_run+0x66/0x17f0 [ 378.646447][T21046] ? lock_acquire+0x2f/0xb0 [ 378.646459][T21046] ? kvm_vcpu_ioctl+0x14be/0x16b0 [ 378.646473][T21046] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 378.646486][T21046] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 378.646502][T21046] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 378.646519][T21046] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 378.646537][T21046] ? __pfx_lock_release+0x10/0x10 [ 378.646556][T21046] ? selinux_file_ioctl+0x180/0x270 [ 378.646571][T21046] ? selinux_file_ioctl+0xb4/0x270 [ 378.646588][T21046] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 378.646600][T21046] __x64_sys_ioctl+0x190/0x200 [ 378.646615][T21046] do_syscall_64+0xcd/0x250 [ 378.646630][T21046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.646644][T21046] RIP: 0033:0x7f540018d169 [ 378.646652][T21046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.646661][T21046] RSP: 002b:00007f54010d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 378.646672][T21046] RAX: ffffffffffffffda RBX: 00007f54003a5fa0 RCX: 00007f540018d169 [ 378.646678][T21046] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 378.646684][T21046] RBP: 00007f54010d3090 R08: 0000000000000000 R09: 0000000000000000 [ 378.646689][T21046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 378.646695][T21046] R13: 0000000000000000 R14: 00007f54003a5fa0 R15: 00007ffdd84d90d8 [ 378.646707][T21046] [ 378.768516][T19129] bond0 (unregistering): Released all slaves [ 378.889022][ T5979] usb 7-1: new low-speed USB device number 107 using dummy_hcd [ 378.926999][T21055] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5536'. [ 378.931146][T19129] bond1 (unregistering): Released all slaves [ 378.935698][T19129] bond2 (unregistering): Released all slaves [ 378.944122][T21052] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.5534'. [ 379.031023][ T5979] usb 7-1: device descriptor read/64, error -71 [ 379.106235][T21078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5543'. [ 379.150326][ T5979] usb usb7-port1: attempt power cycle [ 379.219451][T21084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5541'. [ 379.354229][T21088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5545'. [ 379.394861][T19129] hsr_slave_0: left promiscuous mode [ 379.397716][T19129] hsr_slave_1: left promiscuous mode [ 379.426731][T19129] veth1_macvtap: left promiscuous mode [ 379.428416][T19129] veth0_macvtap: left promiscuous mode [ 379.430002][T19129] veth1_vlan: left promiscuous mode [ 379.431481][T19129] veth0_vlan: left promiscuous mode [ 379.479180][T19129] pim6reg (unregistering): left allmulticast mode [ 379.507516][ T5979] usb 7-1: new low-speed USB device number 108 using dummy_hcd [ 379.538461][ T5979] usb 7-1: device descriptor read/8, error -71 [ 379.549069][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 379.549078][ T40] audit: type=1326 audit(2000000247.623:36617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21108 comm="syz.0.5553" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f10c2f8d169 code=0x0 [ 379.605968][T21110] PKCS7: Unknown OID: [4] 5.25.43183(bad) [ 379.607710][T21110] PKCS7: Only support pkcs7_signedData type [ 379.787549][ T5979] usb 7-1: new low-speed USB device number 109 using dummy_hcd [ 379.808867][ T5979] usb 7-1: device descriptor read/8, error -71 [ 379.929826][ T5979] usb usb7-port1: unable to enumerate USB device [ 380.480024][T21118] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5556'. [ 380.968779][T21110] netlink: 'syz.0.5553': attribute type 4 has an invalid length. [ 381.069277][T21139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5565'. [ 381.071778][T21139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5565'. [ 381.118930][T21145] (syz.2.5568,21145,2):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 381.121383][T21145] (syz.2.5568,21145,2):ocfs2_fill_super:1177 ERROR: status = -22 [ 381.167956][T21145] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 381.193308][T21150] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=784 sclass=netlink_route_socket pid=21150 comm=syz.1.5569 [ 381.203815][T21153] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9281 sclass=netlink_route_socket pid=21153 comm=syz.2.5570 [ 381.340549][T19129] IPVS: stop unused estimator thread 0... [ 381.375079][T21185] overlay: ./bus is not a directory [ 381.377834][T21185] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 381.388003][ T5942] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 381.470612][ T40] audit: type=1400 audit(2000000249.543:36618): avc: denied { write } for pid=21194 comm="syz.2.5584" lport=33757 faddr=::ffff:172.20.255.187 fport=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 381.765046][T21215] FAULT_INJECTION: forcing a failure. [ 381.765046][T21215] name failslab, interval 1, probability 0, space 0, times 0 [ 381.769676][T21215] CPU: 0 UID: 0 PID: 21215 Comm: syz.1.5591 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 381.769699][T21215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 381.769706][T21215] Call Trace: [ 381.769716][T21215] [ 381.769721][T21215] dump_stack_lvl+0x16c/0x1f0 [ 381.769753][T21215] should_fail_ex+0x50a/0x650 [ 381.769775][T21215] ? fs_reclaim_acquire+0xae/0x150 [ 381.769792][T21215] should_failslab+0xc2/0x120 [ 381.769804][T21215] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 381.769816][T21215] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 381.769833][T21215] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 381.769850][T21215] mmu_topup_memory_caches+0x25/0x170 [ 381.769863][T21215] kvm_mmu_load+0xda/0x22a0 [ 381.769876][T21215] ? kvm_apic_has_interrupt+0xb6/0x190 [ 381.769892][T21215] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 381.769907][T21215] ? kvm_guest_time_update+0x71e/0xeb0 [ 381.769919][T21215] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 381.769933][T21215] ? __pfx_kvm_mmu_load+0x10/0x10 [ 381.769945][T21215] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 381.769960][T21215] ? kvm_check_and_inject_events+0x725/0x12e0 [ 381.769972][T21215] ? trace_kvm_fpu+0x1f1/0x220 [ 381.769984][T21215] vcpu_run+0x2e8b/0x4cc0 [ 381.770000][T21215] ? __pfx_vcpu_run+0x10/0x10 [ 381.770010][T21215] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 381.770025][T21215] ? rcu_is_watching+0x12/0xc0 [ 381.770036][T21215] ? trace_lock_acquire+0x14e/0x1f0 [ 381.770047][T21215] ? __local_bh_enable_ip+0xa4/0x120 [ 381.770063][T21215] ? lockdep_hardirqs_on+0x7c/0x110 [ 381.770077][T21215] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 381.770091][T21215] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 381.770103][T21215] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 381.770118][T21215] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 381.770131][T21215] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 381.770147][T21215] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 381.770165][T21215] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 381.770183][T21215] ? __pfx_lock_release+0x10/0x10 [ 381.770202][T21215] ? selinux_file_ioctl+0x180/0x270 [ 381.770217][T21215] ? selinux_file_ioctl+0xb4/0x270 [ 381.770234][T21215] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 381.770246][T21215] __x64_sys_ioctl+0x190/0x200 [ 381.770262][T21215] do_syscall_64+0xcd/0x250 [ 381.770277][T21215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.770292][T21215] RIP: 0033:0x7f540018d169 [ 381.770300][T21215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.770310][T21215] RSP: 002b:00007f54010d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 381.770320][T21215] RAX: ffffffffffffffda RBX: 00007f54003a5fa0 RCX: 00007f540018d169 [ 381.770326][T21215] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 381.770332][T21215] RBP: 00007f54010d3090 R08: 0000000000000000 R09: 0000000000000000 [ 381.770337][T21215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 381.770343][T21215] R13: 0000000000000000 R14: 00007f54003a5fa0 R15: 00007ffdd84d90d8 [ 381.770355][T21215] [ 381.827362][ T31] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 381.998979][T21232] FAULT_INJECTION: forcing a failure. [ 381.998979][T21232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 382.002590][T21232] CPU: 2 UID: 0 PID: 21232 Comm: syz.2.5598 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 382.002605][T21232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 382.002611][T21232] Call Trace: [ 382.002615][T21232] [ 382.002620][T21232] dump_stack_lvl+0x16c/0x1f0 [ 382.002639][T21232] should_fail_ex+0x50a/0x650 [ 382.002657][T21232] _copy_from_user+0x2e/0xd0 [ 382.002668][T21232] memdup_user+0x71/0xd0 [ 382.002683][T21232] strndup_user+0x78/0xe0 [ 382.002698][T21232] __x64_sys_mount+0x181/0x310 [ 382.002711][T21232] ? __pfx___x64_sys_mount+0x10/0x10 [ 382.002725][T21232] do_syscall_64+0xcd/0x250 [ 382.002741][T21232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.002756][T21232] RIP: 0033:0x7f9be4d8d169 [ 382.002765][T21232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.002775][T21232] RSP: 002b:00007f9be5b28038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 382.002785][T21232] RAX: ffffffffffffffda RBX: 00007f9be4fa5fa0 RCX: 00007f9be4d8d169 [ 382.002791][T21232] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: 0000400000000000 [ 382.002797][T21232] RBP: 00007f9be5b28090 R08: 0000000000000000 R09: 0000000000000000 [ 382.002802][T21232] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 382.002808][T21232] R13: 0000000000000000 R14: 00007f9be4fa5fa0 R15: 00007ffe88e6eef8 [ 382.002820][T21232] [ 382.046845][ C2] vkms_vblank_simulate: vblank timer overrun [ 382.057762][ T31] usb 8-1: Using ep0 maxpacket: 8 [ 382.061444][ T31] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 382.063703][ T31] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 382.066080][ T31] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 382.069008][ T31] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 382.071693][ T31] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 382.074381][ T31] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.077736][ T31] usb 8-1: config 0 descriptor?? [ 382.280600][ T5981] usb 8-1: USB disconnect, device number 25 [ 382.557359][ T36] usb 6-1: new high-speed USB device number 113 using dummy_hcd [ 382.727282][ T36] usb 6-1: Using ep0 maxpacket: 8 [ 382.729964][ T36] usb 6-1: config index 0 descriptor too short (expected 192, got 92) [ 382.732245][ T36] usb 6-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 382.734684][ T36] usb 6-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 382.737728][ T36] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 382.740555][ T36] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 382.743034][ T36] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.746148][ T36] usb 6-1: config 0 descriptor?? [ 382.749356][ T5981] usb 8-1: new low-speed USB device number 26 using dummy_hcd [ 382.928403][ T5981] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 382.930881][ T5981] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 382.933344][ T5981] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 382.936111][ T5981] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 382.938977][ T5981] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 382.941904][ T5981] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.946626][ T5981] usb 8-1: config 0 descriptor?? [ 382.952982][ T5981] usb 6-1: USB disconnect, device number 113 [ 382.996370][T21257] openvswitch: netlink: Actions may not be safe on all matching packets [ 383.087463][ T5942] Bluetooth: hci2: command 0x0406 tx timeout [ 383.288262][T21283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5619'. [ 383.290821][T21283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5619'. [ 383.427356][ T9] usb 6-1: new low-speed USB device number 114 using dummy_hcd [ 383.440355][T21292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4624 sclass=netlink_route_socket pid=21292 comm=syz.0.5623 [ 383.556596][ T40] audit: type=1400 audit(2000000251.624:36619): avc: denied { write } for pid=21300 comm="syz.2.5626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 383.559702][T21305] netlink: 'syz.0.5627': attribute type 3 has an invalid length. [ 383.570388][T21305] (syz.0.5627,21305,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 383.572584][T21305] (syz.0.5627,21305,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 383.608227][T21305] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 383.608827][ T9] usb 6-1: config index 0 descriptor too short (expected 192, got 92) [ 383.613292][ T9] usb 6-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 383.615587][ T9] usb 6-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 383.618545][ T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 383.620995][ T9] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 383.623927][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.627724][ T9] usb 6-1: config 0 descriptor?? [ 384.277254][ T9] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 384.439225][T21323] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 384.442257][ T5953] Bluetooth: hci2: ACL packet for unknown connection handle 5 [ 384.447945][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 384.451156][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 384.457707][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 384.457828][T19136] usb 8-1: USB disconnect, device number 26 [ 384.461633][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 384.468557][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 384.476542][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 384.479438][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.685733][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 384.688346][ T9] usbtmc 5-1:16.0: can't read capabilities [ 384.798282][T21355] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 384.807939][T21355] fuse: Bad value for 'group_id' [ 384.809400][T21355] fuse: Bad value for 'group_id' [ 384.813422][T21348] FAULT_INJECTION: forcing a failure. [ 384.813422][T21348] name failslab, interval 1, probability 0, space 0, times 0 [ 384.816988][T21348] CPU: 3 UID: 0 PID: 21348 Comm: syz.3.5644 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 384.817002][T21348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 384.817008][T21348] Call Trace: [ 384.817012][T21348] [ 384.817016][T21348] dump_stack_lvl+0x16c/0x1f0 [ 384.817035][T21348] should_fail_ex+0x50a/0x650 [ 384.817051][T21348] ? fs_reclaim_acquire+0xae/0x150 [ 384.817080][T21348] should_failslab+0xc2/0x120 [ 384.817092][T21348] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 384.817103][T21348] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 384.817120][T21348] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 384.817137][T21348] mmu_topup_memory_caches+0x25/0x170 [ 384.817150][T21348] kvm_mmu_load+0xda/0x22a0 [ 384.817163][T21348] ? kvm_apic_has_interrupt+0xb6/0x190 [ 384.817179][T21348] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 384.817195][T21348] ? kvm_guest_time_update+0x71e/0xeb0 [ 384.817207][T21348] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 384.817221][T21348] ? __pfx_kvm_mmu_load+0x10/0x10 [ 384.817233][T21348] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 384.817247][T21348] ? kvm_check_and_inject_events+0x725/0x12e0 [ 384.817259][T21348] ? trace_kvm_fpu+0x1f1/0x220 [ 384.817271][T21348] vcpu_run+0x2e8b/0x4cc0 [ 384.817287][T21348] ? __pfx_vcpu_run+0x10/0x10 [ 384.817297][T21348] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 384.817313][T21348] ? rcu_is_watching+0x12/0xc0 [ 384.817323][T21348] ? trace_lock_acquire+0x14e/0x1f0 [ 384.817335][T21348] ? __local_bh_enable_ip+0xa4/0x120 [ 384.817350][T21348] ? lockdep_hardirqs_on+0x7c/0x110 [ 384.817363][T21348] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 384.817377][T21348] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 384.817389][T21348] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 384.817404][T21348] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 384.817418][T21348] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 384.817433][T21348] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 384.817451][T21348] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 384.817469][T21348] ? __pfx_lock_release+0x10/0x10 [ 384.817488][T21348] ? selinux_file_ioctl+0x180/0x270 [ 384.817503][T21348] ? selinux_file_ioctl+0xb4/0x270 [ 384.817519][T21348] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 384.817535][T21348] __x64_sys_ioctl+0x190/0x200 [ 384.817551][T21348] do_syscall_64+0xcd/0x250 [ 384.817567][T21348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.817582][T21348] RIP: 0033:0x7f61b3d8d169 [ 384.817594][T21348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.817606][T21348] RSP: 002b:00007f61b4c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 384.817621][T21348] RAX: ffffffffffffffda RBX: 00007f61b3fa5fa0 RCX: 00007f61b3d8d169 [ 384.817630][T21348] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 384.817639][T21348] RBP: 00007f61b4c27090 R08: 0000000000000000 R09: 0000000000000000 [ 384.817648][T21348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 384.817657][T21348] R13: 0000000000000000 R14: 00007f61b3fa5fa0 R15: 00007ffd69c5c768 [ 384.817677][T21348] [ 384.912642][T21358] 9p: Unknown uid 00000000004294967295 [ 384.962713][ T40] audit: type=1400 audit(2000000253.034:36620): avc: denied { setopt } for pid=21320 comm="syz.0.5634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 384.990333][ T10] usb 5-1: USB disconnect, device number 94 [ 385.085857][T21361] FAULT_INJECTION: forcing a failure. [ 385.085857][T21361] name failslab, interval 1, probability 0, space 0, times 0 [ 385.089687][T21361] CPU: 3 UID: 0 PID: 21361 Comm: syz.2.5647 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 385.089700][T21361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 385.089706][T21361] Call Trace: [ 385.089710][T21361] [ 385.089714][T21361] dump_stack_lvl+0x16c/0x1f0 [ 385.089734][T21361] should_fail_ex+0x50a/0x650 [ 385.089750][T21361] ? fs_reclaim_acquire+0xae/0x150 [ 385.089766][T21361] should_failslab+0xc2/0x120 [ 385.089778][T21361] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 385.089789][T21361] ? lock_acquire+0x2f/0xb0 [ 385.089803][T21361] ? __might_fault+0xe3/0x190 [ 385.089815][T21361] ? getname_flags.part.0+0x4c/0x550 [ 385.089829][T21361] ? __might_fault+0xe3/0x190 [ 385.089842][T21361] getname_flags.part.0+0x4c/0x550 [ 385.089856][T21361] getname_flags+0x93/0xf0 [ 385.089872][T21361] user_path_at+0x24/0x60 [ 385.089882][T21361] __x64_sys_mount+0x1fd/0x310 [ 385.089893][T21361] ? __pfx___x64_sys_mount+0x10/0x10 [ 385.089908][T21361] do_syscall_64+0xcd/0x250 [ 385.089924][T21361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.089938][T21361] RIP: 0033:0x7f9be4d8d169 [ 385.089946][T21361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.089957][T21361] RSP: 002b:00007f9be5b28038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 385.089966][T21361] RAX: ffffffffffffffda RBX: 00007f9be4fa5fa0 RCX: 00007f9be4d8d169 [ 385.089973][T21361] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: 0000400000000000 [ 385.089979][T21361] RBP: 00007f9be5b28090 R08: 0000000000000000 R09: 0000000000000000 [ 385.089985][T21361] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 385.089990][T21361] R13: 0000000000000000 R14: 00007f9be4fa5fa0 R15: 00007ffe88e6eef8 [ 385.090002][T21361] [ 385.260938][ T10] usb 6-1: USB disconnect, device number 114 [ 385.497977][T21408] __nla_validate_parse: 1 callbacks suppressed [ 385.497988][T21408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5666'. [ 385.526388][T21414] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16144 sclass=netlink_route_socket pid=21414 comm=syz.0.5669 [ 385.598202][ T40] audit: type=1326 audit(2000000253.664:36621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.604281][ T40] audit: type=1326 audit(2000000253.664:36622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.611025][ T40] audit: type=1326 audit(2000000253.664:36623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.618494][ T40] audit: type=1326 audit(2000000253.664:36624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.625615][ T40] audit: type=1326 audit(2000000253.664:36625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.633111][ T40] audit: type=1326 audit(2000000253.664:36626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.640757][ T40] audit: type=1326 audit(2000000253.694:36627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.648744][ T40] audit: type=1326 audit(2000000253.694:36628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.650787][T21428] (syz.3.5673,21428,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 385.655299][ T40] audit: type=1326 audit(2000000253.694:36629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21427 comm="syz.3.5673" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f61b3d8d169 code=0x7ffc0000 [ 385.657521][T21428] (syz.3.5673,21428,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 385.719701][T21430] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 385.776660][T21452] wireguard0: entered promiscuous mode [ 385.778439][T21452] wireguard0: entered allmulticast mode [ 385.982541][T21476] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5690'. [ 386.064860][T21480] netlink: 'syz.0.5692': attribute type 1 has an invalid length. [ 386.068766][T21480] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.5692'. [ 386.087555][T21485] FAULT_INJECTION: forcing a failure. [ 386.087555][T21485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 386.090311][T21478] FAULT_INJECTION: forcing a failure. [ 386.090311][T21478] name failslab, interval 1, probability 0, space 0, times 0 [ 386.091223][T21485] CPU: 1 UID: 0 PID: 21485 Comm: syz.1.5694 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 386.091243][T21485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 386.091252][T21485] Call Trace: [ 386.091257][T21485] [ 386.091264][T21485] dump_stack_lvl+0x16c/0x1f0 [ 386.091290][T21485] should_fail_ex+0x50a/0x650 [ 386.091314][T21485] strncpy_from_user+0x3b/0x2d0 [ 386.091330][T21485] getname_flags.part.0+0x8f/0x550 [ 386.091346][T21485] getname_flags+0x93/0xf0 [ 386.091361][T21485] user_path_at+0x24/0x60 [ 386.091371][T21485] __x64_sys_mount+0x1fd/0x310 [ 386.091383][T21485] ? __pfx___x64_sys_mount+0x10/0x10 [ 386.091398][T21485] do_syscall_64+0xcd/0x250 [ 386.091414][T21485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.091429][T21485] RIP: 0033:0x7f540018d169 [ 386.091438][T21485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.091447][T21485] RSP: 002b:00007f54010d3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 386.091457][T21485] RAX: ffffffffffffffda RBX: 00007f54003a5fa0 RCX: 00007f540018d169 [ 386.091464][T21485] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: 0000400000000000 [ 386.091470][T21485] RBP: 00007f54010d3090 R08: 0000000000000000 R09: 0000000000000000 [ 386.091475][T21485] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 386.091481][T21485] R13: 0000000000000000 R14: 00007f54003a5fa0 R15: 00007ffdd84d90d8 [ 386.091493][T21485] [ 386.127088][ T10] usb 7-1: new high-speed USB device number 110 using dummy_hcd [ 386.128075][T21478] CPU: 3 UID: 0 PID: 21478 Comm: syz.3.5691 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 386.128090][T21478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 386.128096][T21478] Call Trace: [ 386.128100][T21478] [ 386.128104][T21478] dump_stack_lvl+0x16c/0x1f0 [ 386.128123][T21478] should_fail_ex+0x50a/0x650 [ 386.128139][T21478] ? fs_reclaim_acquire+0xae/0x150 [ 386.128156][T21478] should_failslab+0xc2/0x120 [ 386.128168][T21478] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 386.128179][T21478] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 386.128196][T21478] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 386.128213][T21478] mmu_topup_memory_caches+0x25/0x170 [ 386.128226][T21478] kvm_mmu_load+0xda/0x22a0 [ 386.128240][T21478] ? kvm_apic_has_interrupt+0xb6/0x190 [ 386.128256][T21478] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 386.128271][T21478] ? kvm_guest_time_update+0x71e/0xeb0 [ 386.128284][T21478] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 386.128298][T21478] ? __pfx_kvm_mmu_load+0x10/0x10 [ 386.128310][T21478] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 386.128325][T21478] ? kvm_check_and_inject_events+0x725/0x12e0 [ 386.128336][T21478] ? trace_kvm_fpu+0x1f1/0x220 [ 386.128349][T21478] vcpu_run+0x2e8b/0x4cc0 [ 386.128364][T21478] ? __pfx_vcpu_run+0x10/0x10 [ 386.128374][T21478] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 386.128390][T21478] ? rcu_is_watching+0x12/0xc0 [ 386.128400][T21478] ? trace_lock_acquire+0x14e/0x1f0 [ 386.128412][T21478] ? __local_bh_enable_ip+0xa4/0x120 [ 386.128428][T21478] ? lockdep_hardirqs_on+0x7c/0x110 [ 386.128441][T21478] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 386.128456][T21478] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 386.128473][T21478] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 386.128488][T21478] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 386.128501][T21478] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 386.128516][T21478] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 386.128534][T21478] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 386.128552][T21478] ? __pfx_lock_release+0x10/0x10 [ 386.128572][T21478] ? selinux_file_ioctl+0x180/0x270 [ 386.128587][T21478] ? selinux_file_ioctl+0xb4/0x270 [ 386.128603][T21478] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 386.128616][T21478] __x64_sys_ioctl+0x190/0x200 [ 386.128632][T21478] do_syscall_64+0xcd/0x250 [ 386.128648][T21478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.128662][T21478] RIP: 0033:0x7f61b3d8d169 [ 386.128672][T21478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.128704][T21478] RSP: 002b:00007f61b4c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 386.128716][T21478] RAX: ffffffffffffffda RBX: 00007f61b3fa5fa0 RCX: 00007f61b3d8d169 [ 386.128722][T21478] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 386.128728][T21478] RBP: 00007f61b4c27090 R08: 0000000000000000 R09: 0000000000000000 [ 386.128733][T21478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 386.128739][T21478] R13: 0000000000000000 R14: 00007f61b3fa5fa0 R15: 00007ffd69c5c768 [ 386.128752][T21478] [ 386.322853][T21502] netlink: 'syz.0.5701': attribute type 10 has an invalid length. [ 386.325094][T21502] mac80211_hwsim hwsim31 wlan1: left allmulticast mode [ 386.328310][T21502] mac80211_hwsim hwsim31 wlan1: entered allmulticast mode [ 386.330556][T21502] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 386.387490][T21508] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5704'. [ 386.390125][T21508] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5704'. [ 386.397194][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 386.400118][ T10] usb 7-1: config index 0 descriptor too short (expected 192, got 92) [ 386.402686][ T10] usb 7-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 386.405299][ T10] usb 7-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 386.408914][ T10] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 386.412180][ T10] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 386.414769][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.422383][ T10] usb 7-1: config 0 descriptor?? [ 386.625980][ T10] usb 7-1: USB disconnect, device number 110 [ 386.754202][T21534] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5714'. [ 386.851304][T21538] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24592 sclass=netlink_route_socket pid=21538 comm=syz.3.5716 [ 387.099278][ T10] usb 7-1: new low-speed USB device number 111 using dummy_hcd [ 387.278154][ T10] usb 7-1: config index 0 descriptor too short (expected 192, got 92) [ 387.281006][ T10] usb 7-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 387.283906][ T10] usb 7-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 387.288002][ T10] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 387.290805][ T10] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 387.294229][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.305030][ T10] usb 7-1: config 0 descriptor?? [ 387.490915][T21526] IPv6: sit2: Disabled Multicast RS [ 387.878089][T21568] ieee802154 phy0 wpan0: encryption failed: -126 [ 387.930833][T21574] ieee802154 phy0 wpan0: encryption failed: -126 [ 388.142892][T21600] FAULT_INJECTION: forcing a failure. [ 388.142892][T21600] name failslab, interval 1, probability 0, space 0, times 0 [ 388.149214][T21600] CPU: 2 UID: 0 PID: 21600 Comm: syz.3.5738 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 388.149236][T21600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 388.149246][T21600] Call Trace: [ 388.149252][T21600] [ 388.149258][T21600] dump_stack_lvl+0x16c/0x1f0 [ 388.149302][T21600] should_fail_ex+0x50a/0x650 [ 388.149330][T21600] ? fs_reclaim_acquire+0xae/0x150 [ 388.149352][T21600] ? tomoyo_encode2+0x100/0x3e0 [ 388.149372][T21600] should_failslab+0xc2/0x120 [ 388.149390][T21600] __kmalloc_noprof+0xcb/0x510 [ 388.149405][T21600] ? __pfx_lock_release+0x10/0x10 [ 388.149431][T21600] ? trace_lock_acquire+0x14e/0x1f0 [ 388.149449][T21600] tomoyo_encode2+0x100/0x3e0 [ 388.149471][T21600] tomoyo_encode+0x29/0x50 [ 388.149492][T21600] tomoyo_mount_acl+0x145/0x880 [ 388.149512][T21600] ? hlock_class+0x4e/0x130 [ 388.149527][T21600] ? __lock_acquire+0x15a9/0x3c40 [ 388.149551][T21600] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 388.149571][T21600] ? __pfx___lock_acquire+0x10/0x10 [ 388.149591][T21600] ? stack_trace_save+0x95/0xd0 [ 388.149608][T21600] ? __pfx_lock_release+0x10/0x10 [ 388.149639][T21600] ? trace_lock_acquire+0x14e/0x1f0 [ 388.149654][T21600] ? tomoyo_mount_permission+0x149/0x420 [ 388.149674][T21600] ? lock_acquire+0x2f/0xb0 [ 388.149693][T21600] ? tomoyo_mount_permission+0x149/0x420 [ 388.149716][T21600] tomoyo_mount_permission+0x16e/0x420 [ 388.149736][T21600] ? tomoyo_mount_permission+0x149/0x420 [ 388.149758][T21600] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 388.149783][T21600] ? get_current_fs_domain+0x184/0x1f0 [ 388.149803][T21600] security_sb_mount+0x9b/0x260 [ 388.149824][T21600] path_mount+0x129/0x1f10 [ 388.149843][T21600] ? kmem_cache_free+0x2e2/0x4d0 [ 388.149858][T21600] ? __pfx_path_mount+0x10/0x10 [ 388.149877][T21600] ? putname+0x13c/0x180 [ 388.149894][T21600] __x64_sys_mount+0x28f/0x310 [ 388.149911][T21600] ? __pfx___x64_sys_mount+0x10/0x10 [ 388.149935][T21600] do_syscall_64+0xcd/0x250 [ 388.149958][T21600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.149979][T21600] RIP: 0033:0x7f61b3d8d169 [ 388.149992][T21600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.150003][T21600] RSP: 002b:00007f61b4c27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 388.150017][T21600] RAX: ffffffffffffffda RBX: 00007f61b3fa5fa0 RCX: 00007f61b3d8d169 [ 388.150028][T21600] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: 0000400000000000 [ 388.150037][T21600] RBP: 00007f61b4c27090 R08: 0000000000000000 R09: 0000000000000000 [ 388.150046][T21600] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 388.150055][T21600] R13: 0000000000000000 R14: 00007f61b3fa5fa0 R15: 00007ffd69c5c768 [ 388.150088][T21600] [ 388.244491][ C2] vkms_vblank_simulate: vblank timer overrun [ 388.315134][T21607] batadv_slave_1: entered promiscuous mode [ 388.317294][T21607] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5741'. [ 388.320413][T21607] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5741'. [ 388.322951][T21607] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5741'. [ 388.325532][T21607] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5741'. [ 388.333778][T21605] batadv_slave_1: left promiscuous mode [ 388.507651][T21616] FAULT_INJECTION: forcing a failure. [ 388.507651][T21616] name failslab, interval 1, probability 0, space 0, times 0 [ 388.511118][T21616] CPU: 1 UID: 0 PID: 21616 Comm: syz.3.5743 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 388.511132][T21616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 388.511139][T21616] Call Trace: [ 388.511143][T21616] [ 388.511147][T21616] dump_stack_lvl+0x16c/0x1f0 [ 388.511166][T21616] should_fail_ex+0x50a/0x650 [ 388.511182][T21616] ? fs_reclaim_acquire+0xae/0x150 [ 388.511199][T21616] should_failslab+0xc2/0x120 [ 388.511212][T21616] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 388.511223][T21616] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 388.511240][T21616] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 388.511257][T21616] mmu_topup_memory_caches+0x25/0x170 [ 388.511271][T21616] kvm_mmu_load+0xda/0x22a0 [ 388.511284][T21616] ? kvm_apic_has_interrupt+0xb6/0x190 [ 388.511300][T21616] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 388.511315][T21616] ? kvm_guest_time_update+0x71e/0xeb0 [ 388.511327][T21616] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 388.511341][T21616] ? __pfx_kvm_mmu_load+0x10/0x10 [ 388.511353][T21616] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 388.511367][T21616] ? kvm_check_and_inject_events+0x725/0x12e0 [ 388.511379][T21616] ? trace_kvm_fpu+0x1f1/0x220 [ 388.511391][T21616] vcpu_run+0x2e8b/0x4cc0 [ 388.511410][T21616] ? __pfx_vcpu_run+0x10/0x10 [ 388.511420][T21616] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 388.511436][T21616] ? rcu_is_watching+0x12/0xc0 [ 388.511446][T21616] ? trace_lock_acquire+0x14e/0x1f0 [ 388.511458][T21616] ? __local_bh_enable_ip+0xa4/0x120 [ 388.511473][T21616] ? lockdep_hardirqs_on+0x7c/0x110 [ 388.511486][T21616] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 388.511501][T21616] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 388.511513][T21616] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 388.511528][T21616] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 388.511541][T21616] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 388.511557][T21616] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 388.511574][T21616] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 388.511592][T21616] ? __pfx_lock_release+0x10/0x10 [ 388.511611][T21616] ? selinux_file_ioctl+0x180/0x270 [ 388.511626][T21616] ? selinux_file_ioctl+0xb4/0x270 [ 388.511643][T21616] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 388.511656][T21616] __x64_sys_ioctl+0x190/0x200 [ 388.511671][T21616] do_syscall_64+0xcd/0x250 [ 388.511686][T21616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.511705][T21616] RIP: 0033:0x7f61b3d8d169 [ 388.511713][T21616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.511723][T21616] RSP: 002b:00007f61b4c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 388.511734][T21616] RAX: ffffffffffffffda RBX: 00007f61b3fa5fa0 RCX: 00007f61b3d8d169 [ 388.511740][T21616] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 388.511746][T21616] RBP: 00007f61b4c27090 R08: 0000000000000000 R09: 0000000000000000 [ 388.511751][T21616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 388.511757][T21616] R13: 0000000000000000 R14: 00007f61b3fa5fa0 R15: 00007ffd69c5c768 [ 388.511769][T21616] [ 388.811025][ T10] usb 7-1: USB disconnect, device number 111 [ 389.335354][T21673] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49936 sclass=netlink_route_socket pid=21673 comm=syz.1.5765 [ 389.346997][ T10] usb 5-1: new low-speed USB device number 95 using dummy_hcd [ 389.477116][ T10] usb 5-1: device descriptor read/64, error -71 [ 389.716996][ T10] usb 5-1: new low-speed USB device number 96 using dummy_hcd [ 389.846892][ T10] usb 5-1: device descriptor read/64, error -71 [ 389.887300][T19136] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 389.967167][ T10] usb usb5-port1: attempt power cycle [ 390.036889][T19136] usb 8-1: Using ep0 maxpacket: 8 [ 390.049126][T19136] usb 8-1: config index 0 descriptor too short (expected 5138, got 18) [ 390.051453][T19136] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 390.054212][T19136] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 2 [ 390.058671][T19136] usb 8-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 390.062090][T19136] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.064883][T19136] usb 8-1: Product: syz [ 390.066403][T19136] usb 8-1: Manufacturer: syz [ 390.068202][T19136] usb 8-1: SerialNumber: syz [ 390.071282][T19136] usb 8-1: config 0 descriptor?? [ 390.289312][T19136] usb 8-1: USB disconnect, device number 27 [ 390.323952][ T10] usb 5-1: new low-speed USB device number 97 using dummy_hcd [ 390.337499][ T10] usb 5-1: device descriptor read/8, error -71 [ 390.347002][ T5981] usb 6-1: new high-speed USB device number 115 using dummy_hcd [ 390.506830][ T5981] usb 6-1: Using ep0 maxpacket: 8 [ 390.509866][ T5981] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 390.512578][ T5981] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 390.515416][ T5981] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 390.518336][ T5981] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 390.521961][ T5981] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 390.524490][ T5981] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.547556][T21692] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 390.576849][ T10] usb 5-1: new low-speed USB device number 98 using dummy_hcd [ 390.597586][ T10] usb 5-1: device descriptor read/8, error -71 [ 390.657221][T19136] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 390.716953][ T10] usb usb5-port1: unable to enumerate USB device [ 390.734927][ T5981] usb 6-1: usb_control_msg returned -32 [ 390.737089][ T5981] usbtmc 6-1:16.0: can't read capabilities [ 390.742210][ T5981] usb 6-1: USB disconnect, device number 115 [ 390.808188][T19136] usb 8-1: config 0 has an invalid interface number: 120 but max is 0 [ 390.810509][T19136] usb 8-1: config 0 has no interface number 0 [ 390.812240][T19136] usb 8-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 390.815253][T19136] usb 8-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 390.817875][T19136] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.824342][T19136] usb 8-1: config 0 descriptor?? [ 390.828787][T19136] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.120/input/input18 [ 391.033206][T21689] __nla_validate_parse: 30 callbacks suppressed [ 391.033225][T21689] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5770'. [ 391.062367][T21689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5770'. [ 391.186828][ T10] usb 7-1: new high-speed USB device number 112 using dummy_hcd [ 391.255739][T19136] usb 8-1: USB disconnect, device number 28 [ 391.326833][ T10] usb 7-1: device descriptor read/64, error -71 [ 391.576856][ T10] usb 7-1: new high-speed USB device number 113 using dummy_hcd [ 391.663013][T21718] (syz.1.5781,21718,2):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 391.665352][T21718] (syz.1.5781,21718,2):ocfs2_fill_super:1177 ERROR: status = -22 [ 391.706847][ T10] usb 7-1: device descriptor read/64, error -71 [ 391.767724][T21718] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 391.826885][ T10] usb usb7-port1: attempt power cycle [ 391.993889][T21732] netlink: 'syz.0.5787': attribute type 21 has an invalid length. [ 392.089357][ T5981] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 392.175102][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 392.175114][ T40] audit: type=1400 audit(2000000260.244:36657): avc: granted { setsecparam } for pid=21745 comm="syz.0.5793" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 392.179106][T21746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5793'. [ 392.184912][T21746] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5793'. [ 392.187548][ T10] usb 7-1: new high-speed USB device number 114 using dummy_hcd [ 392.216338][T21748] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5794'. [ 392.219829][ T10] usb 7-1: device descriptor read/8, error -71 [ 392.256749][ T5981] usb 8-1: Using ep0 maxpacket: 8 [ 392.262662][ T5981] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 392.266122][ T5981] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 392.270678][ T5981] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 392.274964][ T5981] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 392.280227][ T5981] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 392.283614][ T5981] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.286523][T21753] FAULT_INJECTION: forcing a failure. [ 392.286523][T21753] name failslab, interval 1, probability 0, space 0, times 0 [ 392.290581][T21753] CPU: 2 UID: 0 PID: 21753 Comm: syz.0.5796 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 392.290596][T21753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 392.290602][T21753] Call Trace: [ 392.290606][T21753] [ 392.290610][T21753] dump_stack_lvl+0x16c/0x1f0 [ 392.290628][T21753] should_fail_ex+0x50a/0x650 [ 392.290644][T21753] ? fs_reclaim_acquire+0xae/0x150 [ 392.290660][T21753] ? tomoyo_realpath_from_path+0xb9/0x720 [ 392.290676][T21753] should_failslab+0xc2/0x120 [ 392.290688][T21753] __kmalloc_noprof+0xcb/0x510 [ 392.290698][T21753] ? trace_kmalloc+0x2d/0xd0 [ 392.290710][T21753] ? __kmalloc_noprof+0x23b/0x510 [ 392.290723][T21753] tomoyo_realpath_from_path+0xb9/0x720 [ 392.290739][T21753] ? tomoyo_fill_path_info+0x233/0x420 [ 392.290752][T21753] tomoyo_mount_acl+0x1af/0x880 [ 392.290766][T21753] ? hlock_class+0x4e/0x130 [ 392.290777][T21753] ? __lock_acquire+0x15a9/0x3c40 [ 392.290793][T21753] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 392.290809][T21753] ? __pfx___lock_acquire+0x10/0x10 [ 392.290824][T21753] ? stack_trace_save+0x95/0xd0 [ 392.290836][T21753] ? __pfx_lock_release+0x10/0x10 [ 392.290856][T21753] ? trace_lock_acquire+0x14e/0x1f0 [ 392.290868][T21753] ? tomoyo_mount_permission+0x149/0x420 [ 392.290882][T21753] ? lock_acquire+0x2f/0xb0 [ 392.290895][T21753] ? tomoyo_mount_permission+0x149/0x420 [ 392.290911][T21753] tomoyo_mount_permission+0x16e/0x420 [ 392.290924][T21753] ? tomoyo_mount_permission+0x149/0x420 [ 392.290939][T21753] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 392.290959][T21753] ? get_current_fs_domain+0x184/0x1f0 [ 392.290971][T21753] security_sb_mount+0x9b/0x260 [ 392.290985][T21753] path_mount+0x129/0x1f10 [ 392.290997][T21753] ? kmem_cache_free+0x2e2/0x4d0 [ 392.291007][T21753] ? __pfx_path_mount+0x10/0x10 [ 392.291019][T21753] ? putname+0x13c/0x180 [ 392.291033][T21753] __x64_sys_mount+0x28f/0x310 [ 392.291044][T21753] ? __pfx___x64_sys_mount+0x10/0x10 [ 392.291059][T21753] do_syscall_64+0xcd/0x250 [ 392.291075][T21753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.291090][T21753] RIP: 0033:0x7f10c2f8d169 [ 392.291099][T21753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.291108][T21753] RSP: 002b:00007f10c3d1d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 392.291118][T21753] RAX: ffffffffffffffda RBX: 00007f10c31a5fa0 RCX: 00007f10c2f8d169 [ 392.291124][T21753] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: 0000400000000000 [ 392.291130][T21753] RBP: 00007f10c3d1d090 R08: 0000000000000000 R09: 0000000000000000 [ 392.291136][T21753] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 392.291142][T21753] R13: 0000000000000000 R14: 00007f10c31a5fa0 R15: 00007ffe31592ef8 [ 392.291154][T21753] [ 392.291158][T21753] ERROR: Out of memory at tomoyo_realpath_from_path. [ 392.406765][ T836] usb 6-1: new high-speed USB device number 116 using dummy_hcd [ 392.466804][ T10] usb 7-1: new high-speed USB device number 115 using dummy_hcd [ 392.489041][ T10] usb 7-1: device descriptor read/8, error -71 [ 392.489325][ T5981] usb 8-1: usb_control_msg returned -32 [ 392.492372][ T5981] usbtmc 8-1:16.0: can't read capabilities [ 392.499403][ T5981] usb 8-1: USB disconnect, device number 29 [ 392.590073][ T836] usb 6-1: config 0 has an invalid interface number: 120 but max is 0 [ 392.592471][ T836] usb 6-1: config 0 has no interface number 0 [ 392.594166][ T836] usb 6-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 392.597577][ T10] usb usb7-port1: unable to enumerate USB device [ 392.599328][ T836] usb 6-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 392.601773][ T836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.605256][ T836] usb 6-1: config 0 descriptor?? [ 392.607781][T21757] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 392.609529][ T836] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.120/input/input20 [ 392.611275][T21757] input: syz1 as /devices/virtual/input/input19 [ 392.813381][T21743] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5792'. [ 392.844579][T21743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5792'. [ 393.027142][ T40] audit: type=1400 audit(2000000261.104:36658): avc: denied { map } for pid=21766 comm="syz.0.5802" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 393.034452][ T40] audit: type=1400 audit(2000000261.104:36659): avc: denied { execute } for pid=21766 comm="syz.0.5802" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 393.098069][T19136] usb 6-1: USB disconnect, device number 116 [ 393.134690][T21772] FAULT_INJECTION: forcing a failure. [ 393.134690][T21772] name failslab, interval 1, probability 0, space 0, times 0 [ 393.138118][T21772] CPU: 0 UID: 0 PID: 21772 Comm: syz.3.5803 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 393.138131][T21772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 393.138137][T21772] Call Trace: [ 393.138141][T21772] [ 393.138144][T21772] dump_stack_lvl+0x16c/0x1f0 [ 393.138162][T21772] should_fail_ex+0x50a/0x650 [ 393.138178][T21772] ? fs_reclaim_acquire+0xae/0x150 [ 393.138195][T21772] should_failslab+0xc2/0x120 [ 393.138207][T21772] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 393.138218][T21772] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 393.138235][T21772] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 393.138253][T21772] mmu_topup_memory_caches+0x25/0x170 [ 393.138266][T21772] kvm_mmu_load+0xda/0x22a0 [ 393.138278][T21772] ? kvm_apic_has_interrupt+0xb6/0x190 [ 393.138295][T21772] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 393.138310][T21772] ? kvm_guest_time_update+0x71e/0xeb0 [ 393.138322][T21772] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 393.138336][T21772] ? __pfx_kvm_mmu_load+0x10/0x10 [ 393.138347][T21772] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 393.138362][T21772] ? kvm_check_and_inject_events+0x725/0x12e0 [ 393.138374][T21772] ? trace_kvm_fpu+0x1f1/0x220 [ 393.138386][T21772] vcpu_run+0x2e8b/0x4cc0 [ 393.138403][T21772] ? __pfx_vcpu_run+0x10/0x10 [ 393.138413][T21772] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 393.138428][T21772] ? rcu_is_watching+0x12/0xc0 [ 393.138439][T21772] ? trace_lock_acquire+0x14e/0x1f0 [ 393.138450][T21772] ? __local_bh_enable_ip+0xa4/0x120 [ 393.138466][T21772] ? lockdep_hardirqs_on+0x7c/0x110 [ 393.138479][T21772] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 393.138494][T21772] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 393.138506][T21772] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 393.138521][T21772] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 393.138535][T21772] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 393.138551][T21772] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 393.138569][T21772] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 393.138588][T21772] ? __pfx_lock_release+0x10/0x10 [ 393.138607][T21772] ? selinux_file_ioctl+0x180/0x270 [ 393.138622][T21772] ? selinux_file_ioctl+0xb4/0x270 [ 393.138638][T21772] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 393.138651][T21772] __x64_sys_ioctl+0x190/0x200 [ 393.138667][T21772] do_syscall_64+0xcd/0x250 [ 393.138682][T21772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.138696][T21772] RIP: 0033:0x7f61b3d8d169 [ 393.138705][T21772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.138718][T21772] RSP: 002b:00007f61b4c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 393.138727][T21772] RAX: ffffffffffffffda RBX: 00007f61b3fa5fa0 RCX: 00007f61b3d8d169 [ 393.138734][T21772] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 393.138740][T21772] RBP: 00007f61b4c27090 R08: 0000000000000000 R09: 0000000000000000 [ 393.138745][T21772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 393.138751][T21772] R13: 0000000000000000 R14: 00007f61b3fa5fa0 R15: 00007ffd69c5c768 [ 393.138763][T21772] [ 393.272325][ T836] IPVS: starting estimator thread 0... [ 393.367844][T21782] IPVS: using max 35 ests per chain, 84000 per kthread [ 393.636790][ T5981] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 393.706769][ T31] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 393.806747][ T5981] usb 5-1: Using ep0 maxpacket: 8 [ 393.809755][ T5981] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 393.813275][ T5981] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 393.816043][ T5981] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 393.819429][ T5981] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 393.822973][ T5981] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 393.825401][ T5981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.838466][T21796] overlayfs: failed to verify upper (415/file0, ino=2182, err=-116) [ 393.840999][T21796] overlayfs: failed to verify index dir 'upper' xattr [ 393.842843][T21796] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 393.878367][ T31] usb 8-1: Using ep0 maxpacket: 8 [ 393.881083][ T31] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 393.883546][ T31] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 393.887613][ T31] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 393.890490][ T31] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 393.892994][ T31] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 393.895523][ T31] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.905422][ T31] usb 8-1: config 0 descriptor?? [ 394.010343][T21808] ata1.00: invalid multi_count 128 ignored [ 394.032960][ T5981] usb 5-1: usb_control_msg returned -32 [ 394.034585][ T5981] usbtmc 5-1:16.0: can't read capabilities [ 394.042700][ T5981] usb 5-1: USB disconnect, device number 99 [ 394.116089][T19136] usb 8-1: USB disconnect, device number 30 [ 394.242245][T21821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5822'. [ 394.245620][T21821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5822'. [ 394.385497][ T40] audit: type=1326 audit(2000000262.454:36660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21817 comm="syz.2.5821" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9be4d8d169 code=0x7fc00000 [ 394.401543][ T40] audit: type=1326 audit(2000000262.454:36661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21817 comm="syz.2.5821" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9be4d8d169 code=0x7fc00000 [ 394.587347][ T5981] usb 8-1: new low-speed USB device number 31 using dummy_hcd [ 394.686615][ T31] usb 6-1: new high-speed USB device number 117 using dummy_hcd [ 394.769528][ T5981] usb 8-1: config index 0 descriptor too short (expected 192, got 92) [ 394.771811][ T5981] usb 8-1: config 0 has too many interfaces: 95, using maximum allowed: 32 [ 394.774148][ T5981] usb 8-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config [ 394.778444][ T5981] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 95 [ 394.780788][ T5981] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 394.783378][ T5981] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.786831][ T5981] usb 8-1: config 0 descriptor?? [ 394.804104][T21845] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2583 sclass=netlink_route_socket pid=21845 comm=syz.2.5830 [ 394.826931][ T31] usb 6-1: device descriptor read/64, error -71 [ 395.096634][ T31] usb 6-1: new high-speed USB device number 118 using dummy_hcd [ 395.246666][ T31] usb 6-1: device descriptor read/64, error -71 [ 395.358209][ T31] usb usb6-port1: attempt power cycle [ 395.360028][T21844] macsec1: entered promiscuous mode [ 395.366688][T21844] veth1_to_batadv: entered promiscuous mode [ 395.441000][T21849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65040 sclass=netlink_route_socket pid=21849 comm=syz.0.5832 [ 395.707598][ T31] usb 6-1: new high-speed USB device number 119 using dummy_hcd [ 395.727260][ T31] usb 6-1: device descriptor read/8, error -71 [ 395.916893][T21866] program syz.0.5840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 395.966615][ T36] usb 7-1: new high-speed USB device number 116 using dummy_hcd [ 395.976697][ T31] usb 6-1: new high-speed USB device number 120 using dummy_hcd [ 396.009232][ T31] usb 6-1: device descriptor read/8, error -71 [ 396.117534][ T31] usb usb6-port1: unable to enumerate USB device [ 396.146539][ T36] usb 7-1: Using ep0 maxpacket: 8 [ 396.151087][ T36] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 396.154487][ T36] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 396.157870][ T36] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 396.160727][ T36] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 396.164317][ T36] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 396.168789][ T36] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.184347][T21877] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5845'. [ 396.282254][T21878] ================================================================== [ 396.284503][T21878] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.286951][T21878] Write of size 3840 at addr ffffc900056e6000 by task vivid-000-vid-c/21878 [ 396.290184][T21878] [ 396.292112][T21878] CPU: 1 UID: 0 PID: 21878 Comm: vivid-000-vid-c Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 396.292125][T21878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 396.292132][T21878] Call Trace: [ 396.292137][T21878] [ 396.292142][T21878] dump_stack_lvl+0x116/0x1f0 [ 396.292160][T21878] print_report+0xc3/0x670 [ 396.292171][T21878] ? __virt_addr_valid+0x5e/0x590 [ 396.292183][T21878] kasan_report+0xd9/0x110 [ 396.292194][T21878] ? tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.292207][T21878] ? tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.292220][T21878] kasan_check_range+0xef/0x1a0 [ 396.292234][T21878] __asan_memcpy+0x3c/0x60 [ 396.292249][T21878] tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.292267][T21878] ? __pfx_tpg_fill_plane_buffer+0x10/0x10 [ 396.292281][T21878] vivid_fillbuff+0x8e0/0x41f0 [ 396.292294][T21878] ? hlock_class+0x4e/0x130 [ 396.292305][T21878] ? __lock_acquire+0x15a9/0x3c40 [ 396.292322][T21878] ? __pfx_vivid_fillbuff+0x10/0x10 [ 396.292334][T21878] ? vivid_thread_vid_cap_tick+0x7ab/0x15d0 [ 396.292348][T21878] ? v4l2_ctrl_request_setup+0x45c/0xa60 [ 396.292364][T21878] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.292378][T21878] ? vivid_thread_vid_cap_tick+0x81b/0x15d0 [ 396.292390][T21878] vivid_thread_vid_cap_tick+0x81b/0x15d0 [ 396.292401][T21878] ? lock_acquire+0x2f/0xb0 [ 396.292420][T21878] vivid_thread_vid_cap+0x5b8/0xb90 [ 396.292432][T21878] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.292445][T21878] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 396.292457][T21878] ? __kthread_parkme+0x148/0x220 [ 396.292467][T21878] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 396.292479][T21878] kthread+0x3af/0x750 [ 396.292491][T21878] ? __pfx_kthread+0x10/0x10 [ 396.292504][T21878] ? __pfx_kthread+0x10/0x10 [ 396.292516][T21878] ret_from_fork+0x45/0x80 [ 396.292530][T21878] ? __pfx_kthread+0x10/0x10 [ 396.292541][T21878] ret_from_fork_asm+0x1a/0x30 [ 396.292555][T21878] [ 396.292559][T21878] [ 396.345260][T21878] The buggy address belongs to the virtual mapping at [ 396.345260][T21878] [ffffc900056aa000, ffffc900056e7000) created by: [ 396.345260][T21878] vb2_vmalloc_alloc+0x11e/0x3d0 [ 396.350146][T21878] [ 396.350860][T21878] Memory state around the buggy address: [ 396.352442][T21878] ffffc900056e5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.354696][T21878] ffffc900056e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.356983][T21878] >ffffc900056e6000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 396.359206][T21878] ^ [ 396.360347][T21878] ffffc900056e6080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 396.362578][T21878] ffffc900056e6100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 396.364788][T21878] ================================================================== [ 396.368210][T21878] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 396.370263][T21878] CPU: 1 UID: 0 PID: 21878 Comm: vivid-000-vid-c Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 396.373328][T21878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 396.376062][T21878] Call Trace: [ 396.376925][T21878] [ 396.377764][T21878] dump_stack_lvl+0x3d/0x1f0 [ 396.379067][T21878] panic+0x71d/0x800 [ 396.380213][T21878] ? __pfx_panic+0x10/0x10 [ 396.381507][T21878] ? irqentry_exit+0x3b/0x90 [ 396.382800][T21878] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.384239][T21878] ? preempt_schedule_thunk+0x1a/0x30 [ 396.385736][T21878] ? preempt_schedule_common+0x44/0xc0 [ 396.387241][T21878] ? check_panic_on_warn+0x1f/0xb0 [ 396.388665][T21878] check_panic_on_warn+0xab/0xb0 [ 396.390053][T21878] end_report+0x117/0x180 [ 396.391298][T21878] kasan_report+0xe9/0x110 [ 396.392542][T21878] ? tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.394104][T21878] ? tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.395653][T21878] kasan_check_range+0xef/0x1a0 [ 396.397019][T21878] __asan_memcpy+0x3c/0x60 [ 396.398268][T21878] tpg_fill_plane_buffer+0x21c5/0x4380 [ 396.399845][T21878] ? __pfx_tpg_fill_plane_buffer+0x10/0x10 [ 396.401508][T21878] vivid_fillbuff+0x8e0/0x41f0 [ 396.402846][T21878] ? hlock_class+0x4e/0x130 [ 396.404118][T21878] ? __lock_acquire+0x15a9/0x3c40 [ 396.405547][T21878] ? __pfx_vivid_fillbuff+0x10/0x10 [ 396.406993][T21878] ? vivid_thread_vid_cap_tick+0x7ab/0x15d0 [ 396.408647][T21878] ? v4l2_ctrl_request_setup+0x45c/0xa60 [ 396.410200][T21878] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.411668][T21878] ? vivid_thread_vid_cap_tick+0x81b/0x15d0 [ 396.413305][T21878] vivid_thread_vid_cap_tick+0x81b/0x15d0 [ 396.414878][T21878] ? lock_acquire+0x2f/0xb0 [ 396.416147][T21878] vivid_thread_vid_cap+0x5b8/0xb90 [ 396.417606][T21878] ? lockdep_hardirqs_on+0x7c/0x110 [ 396.419239][T21878] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 396.421143][T21878] ? __kthread_parkme+0x148/0x220 [ 396.422571][T21878] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 396.424179][T21878] kthread+0x3af/0x750 [ 396.425326][T21878] ? __pfx_kthread+0x10/0x10 [ 396.426647][T21878] ? __pfx_kthread+0x10/0x10 [ 396.427925][T21878] ret_from_fork+0x45/0x80 [ 396.429173][T21878] ? __pfx_kthread+0x10/0x10 [ 396.430464][T21878] ret_from_fork_asm+0x1a/0x30 [ 396.431792][T21878] [ 396.433240][T21878] Kernel Offset: disabled [ 396.434445][T21878] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:34:28 Registers: info registers vcpu 0 CPU#0 RAX=0000000000004408 RBX=ffff8880219e5280 RCX=0000000000000000 RDX=0000000080000b0e RSI=0000000000000000 RDI=ffff8880219e5280 RBP=0000000000000001 RSP=ffffc900058679e0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffff8880219e71b6 R13=0000000000000001 R14=0000000000352ef0 R15=ffff8880219e5280 RIP=ffffffff8b57772d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] FS =0000 00007f61b4c276c0 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff88806a600000 ffffffff 00c09300 DPL=0 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000ffff IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000000000b CR3=000000005f87c000 CR4=00352ef0 DR0=0000000000000000 DR1=000000000000e0de DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8540af35 RDI=ffffffff9ab867c0 RBP=ffffffff9ab86780 RSP=ffffc900212af240 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=000000000000005b R14=ffffffff9ab86780 R15=0000000000000000 RIP=ffffffff8540af5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005555586b8808 CR3=00000000212a6000 CR4=00352ef0 DR0=0000000000000002 DR1=0000000000000009 DR2=0000000000000568 DR3=0000000000000009 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000001df8a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e6d0ff2 000055555e6d0e20 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e74b5eb 000055555e7498f0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e6c7e24 000055555e6c7e20 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b0030072656c6c61 6b7a797301ffffff ffffffffffeb0808 80030880040fa003 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0002031402000003 0010000100000808 062410000a100001 00080007000c0008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00080030031fffff ffffffff04200300 1000100301080008 0300040004030202 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffd7 0858030004005403 0004005003041000 4003048408003803 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010010001fffffff ffffff0400100000 080001b4fc080001 00000208060c010c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f200040000000610 0600000004100606 0170a40000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffffffffffff d708580300040054 0300040050030410 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0040030484080038 0300080030031fff ffffffffff042003 0010001003010800 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000e0000031 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc90021b7f990 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8b577a50 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] FS =0000 00007f54010d36c0 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff88806a800000 ffffffff 00c09300 DPL=0 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000ffff IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000000000b CR3=00000000378a6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000346ea1 RBX=0000000000000003 RCX=ffffffff8b57d469 RDX=0000000000000000 RSI=ffffffff8b6cfc80 RDI=ffffffff8bd36a20 RBP=ffffed1003b5a910 RSP=ffffc900001b7e08 R8 =0000000000000001 R9 =ffffed100d526f85 R10=ffff88806a937c2b R11=0000000000000000 R12=0000000000000003 R13=ffff88801dad4880 R14=ffffffff90626f10 R15=0000000000000000 RIP=ffffffff8b57e84f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2ef995 CR3=000000005f87c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3e0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3e0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3e0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3e0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3e0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3e0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3f7c488 00007f61b3f7c480 00007f61b3f7c478 00007f61b3f7c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b4add100 00007f61b3f7c440 00007f61b3f70004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f61b3f7c498 00007f61b3f7c490 00007f61b3f7c488 00007f61b3f7c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000