last executing test programs: 15.659042774s ago: executing program 2 (id=245): r0 = syz_open_dev$dri(&(0x7f0000000c00), 0x8, 0x4840) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000840)=[0x0, 0x0], &(0x7f0000000800)=[0x0], 0x0, 0x0, 0x2, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = openat$pmem0(0xffffff9c, &(0x7f0000000100), 0x101042, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r7, @ANYBLOB="14000200fe8000000000000000000000000000aa140006000000008001f0ffff"], 0x54}}, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000e40)={r8, 0x4, 0x2}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000240)={r8, 0xffffffffffffff00, 0x8, 0x1}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000000400)={r8, 0x5, 0x4, 0x1}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=@newtaction={0x54, 0x30, 0xcac229faa96ee7df, 0x0, 0x25dfdbfc, {}, [{0x40, 0x1, [@m_ife={0x3c, 0x1, 0x0, 0x0, {{0x8}, {0x14, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_METALST={0x4}]}, {0x4}, {0x2e, 0x4}, {0xc}}}]}]}, 0x54}}, 0x0) r10 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r10, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r10, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r11 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r11, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r11, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) listen(r6, 0xc98) write$binfmt_aout(r4, &(0x7f0000000480)=ANY=[], 0x20) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152) ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000180)={&(0x7f0000000140)=[0x0], 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000200)=0x2) 15.054223158s ago: executing program 2 (id=250): openat$fb0(0xffffffffffffff9c, &(0x7f0000001280), 0xaa000, 0x0) mmap$fb(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4000008, 0x110, 0xffffffffffffffff, 0x1d000) read$FUSE(0xffffffffffffffff, &(0x7f00000012c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0xc, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001340)=""/102378, 0x7706c522012798af) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x1, 0x0, 0x4}}, 0x2e) close(r2) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000003c0)={0x5, 0x0, 0x1}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x60, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xc}, {0xd, 0xffff}, {0xc, 0xc}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x34, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0x10}, @TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0xa}, @TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x6}, @TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x7fff}, @TCA_HHF_NON_HH_WEIGHT={0x8, 0x7, 0x25b}, @TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x9}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0xc0}, 0x0) ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000400)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, 0x600000000000, 0x0, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="24099ac807000000000000000000000000000000d83124390b26ee6af4b94670ba6ca019ffc1fe2e", @ANYRES32=0x0, @ANYBLOB="000002000000000004001980"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRES16=r0], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000008000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x48, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000000)={0x5000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r7}, 0x10) 4.895559065s ago: executing program 3 (id=302): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000300000000000000000000001801000020a0702500000000008000007b1af8ff00000000bfa100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x2000) 4.039947264s ago: executing program 3 (id=304): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0"], 0x40}}, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) 3.969001208s ago: executing program 3 (id=305): prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48850}, 0x0) r0 = socket(0x11, 0xa, 0x0) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x3859, 0x4) sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240), 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000100)=0x0) capset(&(0x7f0000000140)={0x0, r2}, &(0x7f0000000180)={0x4, 0x80, 0x56b0, 0x800, 0xf, 0x300000}) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') read(r3, &(0x7f0000001a00)=""/177, 0xb1) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f00000001c0)={'\x00', 0x0, 0x6, 0x9, 0x6, 0x6, "471d85001ff300", '\x00', "e1aa6045", "625fe46e", ["c81dbd080000000000002d42", "6d5eb3eec70d84000c00b4bd", "3433ff7f3300", "e996c9c4d21135876ea2fff7"]}) ppoll(&(0x7f0000000000)=[{r5}], 0x1, 0x0, 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000400)={"0301bb47", 0x0, 0x0, 0x0, 0xca1c, 0x0, "b40c902e9a00", "7b7fc907", "e79112e5", "38c4da13", ["8185d3a8873d4b79a717fb97", "9b784e78fce2dbce00", "0000faffe0600000fcff3280", "547013ca3319d99bbc64fd5e"]}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$CEC_DQEVENT(r5, 0xc0506107, &(0x7f0000000380)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0xaf5, 0x0) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil) 3.415577587s ago: executing program 1 (id=307): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5ff000000000004003b1c210008000300", @ANYRES32=r1, @ANYBLOB], 0x448}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e) sendfile(r5, r3, 0x0, 0x10000a007) 3.112400317s ago: executing program 1 (id=309): socket$inet6(0x10, 0x3, 0x4) accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10) r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x0, 0x2000) ioprio_set$pid(0x0, 0x0, 0x4007) fcntl$setstatus(r1, 0x4, 0x42000) r2 = socket$unix(0x1, 0x2, 0x0) gettid() r3 = socket$inet_udp(0x2, 0x2, 0x0) syz_80211_inject_frame(&(0x7f0000002180)=@device_b, &(0x7f00000020c0)=ANY=[@ANYRESDEC=r0, @ANYRES32=r1, @ANYRESOCT=r3, @ANYRES32=r3, @ANYRESDEC=r2, @ANYRESDEC=r3], 0x28) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000140), 0x0) socket(0x1e, 0x1, 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') io_submit(r4, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) syz_emit_ethernet(0x2e, &(0x7f0000000200)=ANY=[@ANYBLOB="bbbbbbbbbbbb4894826645f8810000000806000605000604000046d588477cc4ac1414000180c20000007f000001ad43295ee5d9644eaf7d2921f05ccebde432ae783baba0d81da9dc99c868fae8fc03224a78e385c137ce0b856a622afb640fa96503852355ef4bd792d6ba4b0da9f5c8671bc1005ff75d85fb21600e3d1eb7b0e97120b0c55cac4d40b95ef9dfcc289a45214005d8bc9b384b87a8d3d4da2d656ebaa07111954d1af3978d208e1e101d5e50001b2973bb279e3e0000000000000000000000000000b00a2617a3b38122f368e21c66809ffcdcf5d89d250d421087ad635ba9e0fbfbecba4074645d3437e796bbc5782c5df2550507e4621236cfb65dfe9437495119ed98b9cdbd7c4ff3eca4d8f1f3ca67b01b42fac653f5bc48"], 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$sock_SIOCINQ(r6, 0x541b, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x0) r7 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = dup2(r7, r7) openat$cdrom(0xffffffffffffff9c, &(0x7f00000012c0), 0x4081, 0x0) ioctl$CDROMPLAYTRKIND(r8, 0x5304, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 2.879034546s ago: executing program 3 (id=310): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x400) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r1, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0x5008, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) sendto(r0, &(0x7f0000000000)="60dcb8c0ccf9d1f13e280365babe32ba1a812817f784366dc8aa2b8eaa433c492102968db0ee93ddb6f528e03eeef1182f2dd0f9", 0x34, 0x10004, &(0x7f0000000080)=@sco={0x1f, @none}, 0x80) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) 2.840758868s ago: executing program 2 (id=301): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00'}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000200), &(0x7f0000000280)=0x4) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000480), 0x16000, 0x800, 0x5, 0x2}, 0x20) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x800, 0x4) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r4}, 0x10) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x0, r6}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x2, 0x3, 0x2) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) r7 = syz_open_dev$usbfs(&(0x7f00000007c0), 0x73, 0x0) ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000340), 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.268404727s ago: executing program 3 (id=311): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000300000000000000000000001801000020a0702500000000008000007b1af8ff00000000bfa100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x2000) 1.726411026s ago: executing program 2 (id=313): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, r1, 0x800, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xffff, 0x6e}}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r3}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r4 = socket$kcm(0x10, 0x400000002, 0x0) recvmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="1d100000120091ef"], 0xfe33) rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r5 = gettid() r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x7ffffffffffffffe]}, 0x8, 0x0) tkill(r5, 0x1f) readv(r6, &(0x7f0000000000)=[{&(0x7f0000000200)=""/215, 0x7ffff000}], 0x6) prlimit64(0x0, 0x7, &(0x7f0000000440), 0x0) timerfd_create(0x9, 0x0) 1.521507992s ago: executing program 1 (id=315): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e00000"], 0x40}}, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) 1.520638944s ago: executing program 2 (id=316): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc000905850200"], 0x0) r1 = syz_open_dev$radio(&(0x7f00000002c0), 0x0, 0x2) clock_gettime(0x0, &(0x7f0000000480)={0x0, 0x0}) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000500)=@userptr={0x5, 0x6, 0x4, 0x2, 0x5, {r2, r3/1000+60000}, {0x3, 0x8, 0x80, 0x7, 0xf3, 0x6, "ac718ecf"}, 0x40, 0x2, {&(0x7f00000004c0)}, 0x2}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)={0x3c, r5, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}]}, 0x3c}}, 0x0) r6 = fsopen(&(0x7f0000000180)='ntfs3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000140)={0xfffffffffffffff8, r1, 0x80000}) ioctl$VT_OPENQRY(r7, 0x5600, &(0x7f00000001c0)) iopl(0x3) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000400)={'macvlan0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) pipe(0x0) r8 = getpgid(0xffffffffffffffff) r9 = socket$inet_tcp(0x2, 0x1, 0x0) io_setup(0x8, &(0x7f00000005c0)=0x0) io_submit(r10, 0x1, &(0x7f0000000000)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x2}]) setsockopt$inet_buf(r9, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000010001000003be8c5ee17688a2002b08030300ecff3f0200000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba000840024f0298e9e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0x11a) r11 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r12 = openat$ocfs2_control(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, r8, 0x1, &(0x7f0000000280)) sendmsg$alg(r12, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000c00)="eaa9491e8f7fad2ab2212dd4e5c78fe2f40578018fdbf374888c0637aa04bee829585c59243ebe66b2bdf9caa82f0f2d164999e45cbedf87a52ed69bfdf43664ece34171f58840738124b5afbe8fa1757a06528a116113c8d91d47423d55bfab626a3f9e4a3f120516237b6fdf2d477beec88b2b705e8e470e847277e6a57c21f1ef1f41d817e7ac51db48d890bbbbec81cff0738442596185d388cad56bccbb8bbdd72807961381f3f8e191f6fe3d9595831de0865566048ca046805914a9f5700fdf91ea85b9004fe65ea868bd647b1bea660b3b236083", 0xd8}, {&(0x7f0000000d00)="da818e1e3759655c18603d16ab8a0f46b523973c27e0940680ce158fb0e41e9f6da37746a66476722b0602fed6c98b449d82afce95268467fb28a97b825d4dcc2aad939d1b1b55de3a7a31ef8b3ea6118e25064773afb71c1f74d2385451bf7f746f8ba1692b9dc0af7a8d4e53f55a57fb503fc979fc74eb25cc379a26a7bc89ecc589c78c3eb5a97b3423dc98eeebbe57c0417c8ebc3ce8ca5c3eee99e42cbda3bd4a99922b551ecd8270fbb4af8f9624879656590d8eecece5c59dfeacb4f14ba1219e84c94de6c3c11157076ad4843a529d081c7d88f7c9ec5c1b77c0547bbcc1836880b9606184cb42cb38", 0xed}, {&(0x7f0000000e00)="fbe1e3a8a57c0576c13f84c468ce8a6448d67a7b12262723b2d94d93a083faea393c8b2d621810ee1f5f94baeede4c0c4fd2a01538a90c08bdcbcd02242b6132f9a684c045244ac414e6e51aa0390d90c22699d9811ffe93c8103f1cf4197d6bf88672f9f97a54e61b67f241b377a94ac4d54ce5a9c3206874067ca41d6d3a9d0c8d70bcb916a3fb063087750140da8be4baa117b42345927ba47a624c47d4916fb3556cbc91b7b6395728976524f422685b7e29a6e719960d091ba4a157def765d3cd77afdbc5397b8b62f7a0e2862b9418befb433c4e00e17426391e236264b0da42", 0xe3}, {&(0x7f0000000f00)="1cd8f724d4d93125b116c19012496a86bd274208ff61329b3cc45aea08ff5648448cd1e25a89d9bdca78c9a15e059a959c464fd8263115441762f4039166fde2169ba7f432ae18740bc5c0a50846b91fef38f5b57315aee6c0de034d0f35aabbc7ed8f1332d28fc571e28c0e4f79315504dbae99a0e66a8698b5f97f8b15f46c850aceeb71c23f650757ec", 0x8b}], 0x4, &(0x7f0000000fc0)=[@iv={0xf0, 0x117, 0x2, 0xd6, "6c47587d9ecbc2be5e6d5b1173c53ec9a03689952c893c0da84083d317202f88ce02092f5e3e8d85780e9489363e388a41bb2420fcbf9a14ff3e025170881270f1306a46b3d50b3682486ea3f2d85d04380adf426ff561d65366f07437a24c9c75b308dab5ecfb3a827bd3e237f7b72873cc190f4ce0daad4e293aa2cfd4ce35980d1b006cc71de308d6020ca105a76e888480f798465e58e081a4839b2bab67120f42dd0e396853eeff5ff7b7122981892b157625ddca36620415a216304bc8d95cb84c3a18edf846185ead24c44217b92451d1ead6"}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x108, 0x117, 0x2, 0xef, "0b1c4bb9d1de6b2990a86dc46fb6f5f636cbc51a335d09b4f5ebe18c73fb9d3b1c8f37e41b7e11453a50419378b506c2634cf6ccdb136b7d18cf0d300e704a1dd246876c048cba58eb6f064ec544193c6af39cb5e823cf974c1e479fa86d0a563dcb5351fa4115163d050c85b1fb4bebdcf88b5823acfa2b7e55fb5794544cb5f9c6783e868460dd30fee3e0d7ad2e4d4648a3a53a7edcf6c7861e3c1ceb975b3c4aa418467b5c94b56b1c027fa65f608c846eef35b26691bb3f4c64552cb2891f3d7c919f2499f02456bdb34f1c3277f0e4e29d71397ef1bf93e707bd5b3af4602963fe524e9449402ee73c47acbb"}, @iv={0x1018, 0x117, 0x2, 0x1000, "c0fd31917e60c903b9d62ba718ab816959c223b2038513c6bc66a8860cd83397ee2d145bb728f408720e2275518a937c1b9e4164734ecb58dfe51ed9f87f51b7372c17ca9785510010e69cbf6e26b29c42ab3ff1c1523df6d35b40441b05e4c0d69a9ed61b7fcacdfb159e3f756e4046a23556ce8e56300117c72bbd6176db489a3ec2bd817a1d95f294295b4ea9c14840e4d6c277bce9ddc35669081a8a7f9afd01d4b30d9dead83f66b3efce5dd5154bacd598bd697b4094b3c6532acfe67d05c838433bf6a8b4aa1e54ef2e71d07db5d936e98871c83d88bb084705108d57475bd40f1afac777bdae2886bf7e146598eb782726792b420fbaeaf552f21cd4f67c0d9e2f6ef68e5821df168189d7e530dbfe9e599b43d2dabce3ccadbf1a09edd9babcf862ddf44861ea43b1b74046a6300b2395207ce307d206d9877a0c1ca8301467423e852d5cf587350a44482b14f07951e2847e98186f93c183b13d6bc1947c2ac8c4b4ba965a11d03326223079a7780a00ab2838916acb9336ab390561d5935f838341118e8ac3c8f87d06132cb6bdd403bbcb5e286a49301eb1f6b7151bf8423f908cf70ed2c7b326ecd10606028e8e0cf80cf12605aacc2b385172cb33d0a4300988c3df3c20d0a9679b39cf000a4e5978fcb53a5b199fdb0a695cd6d885301407c7c3951d0f55fdfed60596cee034ec4af9ab58945b57d305c7b70bd369541eeeff4a7e2ba581518f3cc0ed3cf76932e5da1391d7c73e760d0e45d4668e642f14db90372fe89555ccfc969b8dfe53ad1db89ba8987d1cbba29c22e4186a891555b464eac52d40cee8a36f1bfb7fa8b0826c6c6aa3a142d7576709294581f7b1ab87376f4417ab6c051a962ee44780afdc8b70213ee11da967be115e8e033033f4b49a47b4df1d1ec92855a4a23a06ae4edb21f6ac64bc4849353d404480545954bcdc44c52ab756d04e3863550db9947d865f524f16e3b90bada7a1a5d8aa0ed6c60706c544203a6b7ff4a821025efb600b9f8b0af9814785b0367792bd8bc9770dee4964b668489c53aa40ad9afdedfde58a1aff262ae07c98d4076b82edd2d72239110b8329b4a91b1264e06c27be992e94fd457ecf51370d42892680325fdb998431e5c7f6af478bc31e0b4f16d6f852634b3f77eea5e32444f26f9c184e75957549d11e3d9bcf08350e5c3f91034097c31ed5ba7f33ebbd99eb2899ae17a711c58e4ab922ccae3c98e427e3db93f57d62f45211c46b870f0870e8a140e28dd0d4d20b8293d5e9ad65426ab19850afd7bb6c4d8e67972ae6d186b8097d44337c38167de16e009175492db99562d8d8edd54bd886ad68943c0fcde07fd57e48371db96320490adc3b264f1aafd955360e5872d2587acc7471e0c93b8185e23d72992a4ed3f1ff4d99ddec3466c04794d536599294d41a3f5468c639efda8d79f4f45de1b24c17b1839fd695fa8ee6dec8493ebcd8ae62061be64534859c30465d0ed11e162837ec70dc429374d9ab5c91d4e04b84a30019a3619ba43c641e9dbbe7815b9575ed7ce8bb12d2a489624820ed09a528f1436287140877b15d7f028b16eec4560b0f70abaad6e391cc93f2baa29d5688302fdaf311ff738c13ef6f86b492dde76791671daa956e3b4f5d9a28786c50273d35710c917dadf3c6ed0513c281998e5c4f3b9a01cc0561b9ffb1a0e7dcb8c0b8c6689a9e8fafb0470e60105c196284f3b3832b6af414602eb109b9585b9a81cab1c8ee99b5524be2cd0ad0560c52ef7744f5ca158204422fd4be5e68468e0a1c3b348ad9216d89bf1503701afc834aeba56877b7bed3f3835714d9474373c56c57c4592544af400864ade6cf0e83dd131ae1fac308489381fd3ce6e818cb9f5daee823e86e001f3d51b94bda3896b4cd3f53c3e40f36a129620328d5e6a78675f18550f02795c07660858132f98dcedc9b5e74ebf5749f6ff7ae97895b6d94a7431cb235d15616f1a72d77ec87654c3878ba9e121d4e89620c41d2d2f409cb8d4ab6ac0f1a328789c4f31072498a8dc20d3ea61aeebd3ef60784c832973b19c1470cd5862a66b4786011772e3195da8d6602017fc6738a443d8cc204ae2a27ef7ac28b9b52955443bc82de8b63de2e56b35e2d300366ea9b91a5c63da39ab987a22ac650cd8c81876251f675e627fd0aadb07db892b7d0629803d8bcf28331b280e27745983da971cc8e3193aa63bdcf4992eba83ff388963f730558a167fda9888bc2c4ff89ce75be6fd51036ecbd9eab47c5101dd4c066d226efa56dcd6bce0c94bc891dfe102ea356f785b799f39d27752426862123a75529cebfefd23c31e3b645ba207b11cfb655bc68a77196cc94b4f8f5c94530c14e380157370c084c511c1c39b659b3a800c729542e897fb8093272bfe2bfbbead1e5e11917717cd0249552af929f1abef9939ab7f7ed472832f3b7ac69bc32476b1bb31484bac60a685a1400f2528679b3c34155e19691b956986c210a8ee5b2dee4fa4adc8b1c63c7c0f0abddf72dd7a1a56847d732f609c23c2c93552e4681380239d22da7e0c372474e0d6743fedec2a85ff11f7776e436ab4c6b59f86b5b7b86e78d2d2b2e6e98372ca0fb8bd556a010c912ab90de419e52a045c941b8a2341cd71b9f4108f8d33621e67da794d6694241eb28b7b91137844c7a5d108267427c9e3bf87c064a61809b69d6c62a88543bf8dd43cce65613de7a4d02b4fc0e0b9c3dd53447cf45b4b79d67f5e983817a99133aedecd948a015002b70578215ac289d0ffbb4ff713e5a229954a2361b6f5317daa7e54e172f99804823310f126d911cf5248c958a44e528880280adda75e2073b7ad1f23ec5066d324f7bb592bb8695355eac24db6f03a887539217aaa6ee5644d5694e29a26edade681cee355c69d70083f0f43d1598c256fa09a7a792af316b68083547c673c61580f1873c6a85ac0e1c4666f1a7c1479f01ae3b28dd59114b6b5b81e1ccc5673007e52667fb664d6dac6418806c65a26dd14ac81bf42a92be439c4bb5a951eeb49d4d092cd942ff346f5a6a39f3aec9e4b706824ef6740f499fb54c4fdd4c29db5c5e5c69fb5a94994440756ee1d5a279d6d02aba7de1ac74c1f1e57a8d7ac7ba3bb64f55a86a3e800759bae5dc5d9f1e2a8086266ca3ad55a9ee5126e66381a8ba77498b453e1306ade31632ce7453a1c33401c5672afac467bb58293f3ddaf2ce3342fc1377393f48821d445ae140248b0224b55ae4dac3bfdd652d0ee2c28a460f7ce98f87076db6523a73bef51d6c7e82dbe8c8f620ceeeca192631cd442c122c5112c246c4b5252f129da2db73b867076b3bffacda8ea5ad00bd8914e3512de661190cd8a4eed687bf49a2bd70452834bdc70c64ad249fa36edabd98f9f89c18cb011e2efdc066245fbefdf85e56f79c2cccd439341eabe53fa0e43f1a23dd2362fdd5dd013d75cd23e4860aec246632b4fc7ac56c3f2a238213c1811a6bbb8f735ed755fd4bb6caeab9b0ae614462d08db998ea566738c16af16929d8fc2face8c9a20adfa5d2af39b2a681cc576fe5ff9dc73d1b56d29339291048c15655bf430c61a5ff2e0b36000de0dca4d0db51b5bd9526b1272b21cbbe595b0db07c0e17d0ddf8f4d578be4fa387317b162c7c2bec3da762af530469690c3f3d419e8d954879e5ec455a83555e0b595547acc007c6f5c9823e87186dd8a40f0dc3341d9927c195e2393ac9896fc0329b37e345910708631c795724b162b77c9cd861176a1a31e364301594e183737feff30244bf5eb14f9966c89b6c2531c40dde477fd897528148506411d7e6622cde1bd1184b3f57e7286c99f7aff0aaed3bf30a8d99b062c73318a442a4ef7864efecb683aa6889691441e8017f930a9f62ff926bfd66fb971fc5c1a2fa5ea0320d8f03b1fbde3db2537e5b1efe17ffcf5d28b5cb4efbf85cd7609648021affb3c198277f7ac0ee0e1ac11ff0b08d87a797e0862ba75e27d3a7b981e607a81bf97a3731023483748b4e9ec4c9e4350609da368e7608702a50ae0f926a3738dd60e100769f52fd7273a95301b3ac949be64c237aeebc1a3e2e09cac1a45dc8b9e53498c559d3f40c9c59a117a0f7975182bce246602f208f0fd0d2cb91976f57d5e91a5b3cff321052b252fb2fba1250b7ac021f535782a47505bf95db390e00a57d75e5b3bbd8432d0fedfe64cf61fa457d0c0233325817fbd5fff3594051ae1a336428c754a51410ecd3bc121d6188725c8b058285c99686297a6547c07d8c68f55a9bbf37d1a02fb5caab0143df9dba56eab365afd0bc3ef0c84b7f038421ecf4c35a6ac7c9c0649c0183195bc39b1a1f7c279bde5116eb5ad08b0aaa613ce8ecf9b113e440497e3be07aebd870d1f3f5a9e319cbd78e5331204dfe7c8bb7d360491b8d14d0ae45a780a3cb9447809fb636c0b9acb4a272a1b48901c18c7140b6277530ac5241f05634eb8d63b724c795b0a6dd29b1ed0071d16066437fc9cd99e95f714c6cc8f1be23d735faa4af941687a8f0857817fc970dd5508dc66ca6fe59c2271a4c4c26b48cd803b3dd1e0e68b2937fdb7c6d25664ab787d48f93967d6151943b3abb34752c24a4bbf8cd4af3947b92e18689794002679d9690e177655fd0c4e0361830ecf215d26df14299463dda74568a53e8801adc83e7a50b7cd62803ffa506b7e5aa89bffa70ad725de0fe50f41a2a90f47d41442808d4278a07d500d20367bb2a2c42d20b9db4009fe77e65ae7adfd76844fd83754978a3de83f95adff80989e1d18c3f4c157c5b14fb15146a890c2c85a63dc9a5e593fb4237ddb63a7a9ac2bd33c1a53a8f483408213c531c8fd326e9a9d71af2357fb09efec7b2db609e3c3b9e369b459c4a88a303275f68e176bd7601518e0f6ed80491958c27fbeef7ebc05099c182e529acb8c979487f41597a55f0763135cb6dc252a62e0b6673e718c7c77eeaae1f26125079c3c280b5ca4a8c0741bebb1412cdb7654fd17ac5f2d83ccb3b3121afe7478d7985b2274785ac1def82cd4ee06d97c00f2bf1954d9ab762d67e7eabe4e2eb8988d95b3658bd028ce49ee3004b1ec8a5c109c6a5992f3a7dc739546189904684160c58859b9aede5a5928992892a1cf6f9833e9d801a0f8d33effec655e733f9c9375f0aafb54779aa1d0c42d037684fd7567fdc334a70c9872957246881ad1abf5f79948c90851d8ebecb4f9bcb312001d250375cd85261c924c2f2630673a547e2e07eb2eef16d5bec3417d1541de8ed1eb5733890bc64f7a41c2256ee77bbc85545d3af91698d75d99a820f566962e03eaaf4d18249d089dc0394ecf03458024d0b351760e88a9828e52d2de8f3ab39d8350eec7dbc09b0de76b960c4a7e43f0d4056f2dcef704aa18cbfe81c8d46e73caccd7393ab60a9c785812cff7c0072a2aacc11bbc01dac8d05533b787968ebda6d967113f177b908439ef81968bb3a3c9ba72b23a97b802ed6eaf16b08ace3e6d138bcb4cadad7ba64f684cbc36233d3f89527d3038fa70f72e66c60640a21cc370410679af20369187cf04394484d284a9a07c43eee0acb525ff98f0cb5f0c0327dfc47bbb25f61ca69039c6a199f6780ca173440965e4c9a0c6b07e5f69fa2c1d9873bd0c3fa9b3849932c6919fe02883e80651563a2c04901b55130ae997e8fc06d724e9d4e1a142acb435e8b9f335b39c7f76cf3a7a4cf39139c8e331fb5286cd3539c87c1346e8278b58cf7d399401785a9f3be5a3eede49164553c7066"}, @op={0x18, 0x117, 0x3, 0x1}], 0x1240}, 0x0) read$eventfd(r12, &(0x7f0000000100), 0x8) read$char_usb(r11, &(0x7f0000000200)=""/128, 0x80) syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), r12) 1.459741622s ago: executing program 1 (id=317): socket$nl_route(0x10, 0x3, 0x0) r0 = creat(&(0x7f0000001180)='./file0\x00', 0x0) r1 = mq_open(&(0x7f0000000080)='m$\x00\xdc\xb7\xb8\xd0>,\xb0\x13\x8b3z>K\x84\x05\x00\x00\x00\x9c\x81\xed\xc2\x00', 0x0, 0x0, 0x0) mq_getsetattr(r1, 0x0, 0x0) r2 = socket(0x200000100000011, 0x3, 0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa03e, 0x0, &(0x7f0000006680)) r3 = syz_open_dev$radio(&(0x7f0000000400), 0x2, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r3, 0xc0405665, &(0x7f0000000080)={0x8000, 0x1}) socket(0x1, 0x2, 0x40057) quotactl$Q_GETFMT(0xffffffff80000401, &(0x7f00000003c0)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xc3) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r4, 0xc4c03d09, &(0x7f00000001c0)) bind$ax25(r2, &(0x7f0000000100)={{0x3, @null}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000dc0)={0x2}) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYRESDEC=r1, @ANYRES32=r0], 0x1c}, 0x1, 0x0, 0x0, 0x24004008}, 0x40085) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f00000000c0)='gfs2\x00', 0x3f000000, 0x0) 1.287063854s ago: executing program 1 (id=318): r0 = epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}], 0x1, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) r3 = syz_open_dev$swradio(&(0x7f0000000200), 0x1, 0x2) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000400)={0x1, 0xb, 0x3, "f3d609c795d11e0ec5d205cd45262759cf83e66dfc86c2ba62781039ca5acc09", 0x41564e57}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r4 = socket$inet6(0xa, 0x4, 0x7) r5 = epoll_create(0x200) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)={0x20000002}) socket$nl_netfilter(0x10, 0x3, 0xc) get_robust_list(0x0, &(0x7f0000000540)=&(0x7f0000000500)={&(0x7f0000000440)={&(0x7f0000000380)}, 0x0, &(0x7f00000004c0)}, &(0x7f0000000580)=0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000004640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a0703000000000000000002000000080003400000000a0900010073797a30000000000900"], 0x5c}}, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40000) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/address_bits', 0x0, 0x0) io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x14, &(0x7f0000002400), 0x0) fcntl$notify(r8, 0x402, 0x8) ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffe4) r9 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r9, &(0x7f0000000040)={0xb0000018}) epoll_create(0x101) 809.809518ms ago: executing program 3 (id=319): r0 = syz_open_dev$vbi(&(0x7f0000001580), 0x2, 0x2) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000001640)=@multiplanar_mmap={0x8f33, 0x7, 0x4, 0x10000, 0x0, {}, {0x3, 0x0, 0x6, 0x6, 0x4, 0x3, "4cc4ae6d"}, 0x0, 0x1, {0x0}, 0x800}) openat$selinux_enforce(0xffffff9c, &(0x7f0000000000), 0x101000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081) sendmsg$kcm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)="82b2f1682a78248c2e24b1e32521b772173f70347be4579d8e068d3bad6608f7effdfbf954e0b5b74d0f28eabfba9d3cfefd8286a014a7ae06f6c3b2798dc3f271638869816cb90224c5dbcd9fb06c7bfce2ac03fc03ba7b636be32964e64cd5fc73", 0x62}], 0x1}, 0x8000) recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000001c0)=""/34, 0x22}], 0x1}, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000280)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ftruncate(r2, 0xc17c) write$FUSE_LK(r2, &(0x7f00000002c0)={0x28, 0xfffffffffffffffe, 0x0, {{0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0x28) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000080)={0x0, 0x1, 0x7}) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000500)={{0x1, 0x1, 0x18}, './file0\x00'}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = socket$nl_route(0x10, 0x3, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x7b43504fd1189517}, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_PATH(r2, 0x3, &(0x7f00000003c0)='fuse\x00', &(0x7f0000000400)='./file0\x00', 0xffffffffffffffff) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000001140)={[0xfffffffffffffff5]}, 0x8, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x5, 0x0, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x5e, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r6, 0x8b2a, &(0x7f0000000040)) 708.233909ms ago: executing program 0 (id=321): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x1ff, 0x56f39c1abc6ba11f, 0xfff}) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000080)={0x4, {{0x2, 0x0, @multicast1}}}, 0x88) 639.90821ms ago: executing program 0 (id=322): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5ff000000000004003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de"], 0x448}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e) sendfile(r5, r3, 0x0, 0x10000a007) 439.664916ms ago: executing program 0 (id=323): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (fail_nth: 31) 203.213106ms ago: executing program 0 (id=324): r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x0, 0x35315258, 0xf00, 0x0, 0x0, @stepwise}) (fail_nth: 2) 139.79197ms ago: executing program 0 (id=325): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec", 0x4) r3 = accept$alg(r2, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x4) recvmmsg(r3, &(0x7f0000009800)=[{{0x0, 0x0, &(0x7f0000003180)=[{&(0x7f0000006940)=""/4100, 0x1004}], 0x1}, 0x9}], 0x1, 0x400000c9, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000004c0)={'wg2\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b041400e0ffe2ff02004788001ca13bb100000208007f604803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0xc3, 0x10, 0x10, 0xc3, @in={0x2, 0xfffd, @empty}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x34}}}}, 0x118) 92.19849ms ago: executing program 1 (id=326): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0xd749, 0x80}) futex(&(0x7f0000000100)=0x2, 0x10b, 0x2, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180), 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x560, 0x0, 0x4}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 78.964922ms ago: executing program 0 (id=327): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000300000000000000000000001801000020a0702500000000008000007b1af8ff00000000bfa100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x2000) 0s ago: executing program 2 (id=328): r0 = openat$sr(0xffffffffffffff9c, 0x0, 0x887dab077f141882, 0x0) socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000000)={@multicast, @multicast, @val={@void, {0x8100, 0x6, 0x1, 0x4}}, {@ipv6={0x86dd, @udp={0x0, 0x6, "76b2af", 0x48, 0x2f, 0x1, @initdev={0xfe, 0x88, '\x00', 0x80, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, {[], {0x0, 0x883e, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "e655c644a71ceeb77717ecd115d19906c08878054483b8e7", "db9a3292cfce3361000c5ca17afa1529fa1c07580bfa70072e2222607dcfa9f4"}}}}}}}, 0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x3024, 0x3, 0x3}, 0x18, 0x0) kernel console output (not intermixed with test programs): [ 38.338841][ T39] audit: type=1400 audit(1728195607.492:81): avc: denied { rlimitinh } for pid=5319 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.345957][ T39] audit: type=1400 audit(1728195607.492:82): avc: denied { siginh } for pid=5319 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.569583][ T39] audit: type=1400 audit(1728195608.742:83): avc: denied { read } for pid=4816 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 39.575946][ T39] audit: type=1400 audit(1728195608.742:84): avc: denied { append } for pid=4816 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.583523][ T39] audit: type=1400 audit(1728195608.742:85): avc: denied { open } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.589323][ T39] audit: type=1400 audit(1728195608.742:86): avc: denied { getattr } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:64169' (ED25519) to the list of known hosts. [ 39.738631][ T39] audit: type=1400 audit(1728195608.912:87): avc: denied { name_bind } for pid=5323 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 41.512084][ T5325] cgroup: Unknown subsys name 'net' [ 41.615695][ T5325] cgroup: Unknown subsys name 'cpuset' [ 41.619434][ T5325] cgroup: Unknown subsys name 'rlimit' [ 41.803336][ T5328] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.403997][ T5325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.685236][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 44.685251][ T39] audit: type=1400 audit(1728195613.862:105): avc: denied { execmem } for pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.009730][ T39] audit: type=1400 audit(1728195614.182:106): avc: denied { create } for pid=5336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.021678][ T39] audit: type=1400 audit(1728195614.182:107): avc: denied { read write } for pid=5336 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.027789][ T39] audit: type=1400 audit(1728195614.182:108): avc: denied { open } for pid=5336 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.033276][ T39] audit: type=1400 audit(1728195614.192:109): avc: denied { ioctl } for pid=5336 comm="syz-executor" path="socket:[5050]" dev="sockfs" ino=5050 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.034521][ T5338] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.049457][ T5350] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.051884][ T5350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.054596][ T5350] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.057282][ T5350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.059181][ T5350] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.061157][ T5350] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.067320][ T5345] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.071304][ T5345] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.072945][ T5350] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.074545][ T5345] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.076244][ T5350] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.077525][ T5351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.077935][ T5345] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.078331][ T5345] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.078548][ T5345] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.079943][ T5349] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.080114][ T5352] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.081242][ T5352] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.081752][ T5351] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.084358][ T39] audit: type=1400 audit(1728195614.252:110): avc: denied { read } for pid=5341 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.085432][ T5352] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.086721][ T5350] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.086843][ T39] audit: type=1400 audit(1728195614.252:111): avc: denied { open } for pid=5341 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.086919][ T5350] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.087815][ T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.111914][ T39] audit: type=1400 audit(1728195614.262:112): avc: denied { mounton } for pid=5341 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.227974][ T39] audit: type=1400 audit(1728195614.402:113): avc: denied { module_request } for pid=5342 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.233694][ T39] audit: type=1400 audit(1728195614.402:114): avc: denied { module_request } for pid=5336 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.270977][ T5342] chnl_net:caif_netlink_parms(): no params data found [ 45.275929][ T5336] chnl_net:caif_netlink_parms(): no params data found [ 45.281236][ T5341] chnl_net:caif_netlink_parms(): no params data found [ 45.388072][ T5340] chnl_net:caif_netlink_parms(): no params data found [ 45.461550][ T5341] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.464728][ T5341] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.467513][ T5341] bridge_slave_0: entered allmulticast mode [ 45.470569][ T5341] bridge_slave_0: entered promiscuous mode [ 45.475211][ T5341] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.477798][ T5341] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.480433][ T5341] bridge_slave_1: entered allmulticast mode [ 45.483324][ T5341] bridge_slave_1: entered promiscuous mode [ 45.486254][ T5342] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.488670][ T5342] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.491090][ T5342] bridge_slave_0: entered allmulticast mode [ 45.493901][ T5342] bridge_slave_0: entered promiscuous mode [ 45.511290][ T5336] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.513703][ T5336] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.516383][ T5336] bridge_slave_0: entered allmulticast mode [ 45.519428][ T5336] bridge_slave_0: entered promiscuous mode [ 45.523644][ T5336] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.525578][ T5336] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.527481][ T5336] bridge_slave_1: entered allmulticast mode [ 45.529528][ T5336] bridge_slave_1: entered promiscuous mode [ 45.546341][ T5342] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.548650][ T5342] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.550650][ T5342] bridge_slave_1: entered allmulticast mode [ 45.552643][ T5342] bridge_slave_1: entered promiscuous mode [ 45.591531][ T5336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.620270][ T5342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.639560][ T5336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.643931][ T5341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.648137][ T5341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.652029][ T5342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.661719][ T5340] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.664494][ T5340] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.666911][ T5340] bridge_slave_0: entered allmulticast mode [ 45.669374][ T5340] bridge_slave_0: entered promiscuous mode [ 45.717948][ T5340] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.719853][ T5340] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.721711][ T5340] bridge_slave_1: entered allmulticast mode [ 45.723864][ T5340] bridge_slave_1: entered promiscuous mode [ 45.736429][ T5336] team0: Port device team_slave_0 added [ 45.739311][ T5341] team0: Port device team_slave_0 added [ 45.742217][ T5342] team0: Port device team_slave_0 added [ 45.746690][ T5342] team0: Port device team_slave_1 added [ 45.757321][ T5340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.761321][ T5336] team0: Port device team_slave_1 added [ 45.764080][ T5341] team0: Port device team_slave_1 added [ 45.779193][ T5340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.841921][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.843872][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.850604][ T5342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.856829][ T5340] team0: Port device team_slave_0 added [ 45.859367][ T5336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.861187][ T5336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.868276][ T5336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.871725][ T5341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.875116][ T5341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.884139][ T5341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.887579][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.889391][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.896176][ T5342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.900375][ T5340] team0: Port device team_slave_1 added [ 45.903319][ T5336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.905280][ T5336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.911841][ T5336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.915502][ T5341] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.917332][ T5341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.924219][ T5341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.950669][ T5340] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.952590][ T5340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.959466][ T5340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.964165][ T5340] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.965962][ T5340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.973114][ T5340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.006217][ T5341] hsr_slave_0: entered promiscuous mode [ 46.008065][ T5341] hsr_slave_1: entered promiscuous mode [ 46.045276][ T5342] hsr_slave_0: entered promiscuous mode [ 46.047329][ T5342] hsr_slave_1: entered promiscuous mode [ 46.049130][ T5342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.051297][ T5342] Cannot create hsr debugfs directory [ 46.061799][ T5336] hsr_slave_0: entered promiscuous mode [ 46.064344][ T5336] hsr_slave_1: entered promiscuous mode [ 46.066926][ T5336] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.068951][ T5336] Cannot create hsr debugfs directory [ 46.072083][ T5340] hsr_slave_0: entered promiscuous mode [ 46.074153][ T5340] hsr_slave_1: entered promiscuous mode [ 46.075958][ T5340] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.077945][ T5340] Cannot create hsr debugfs directory [ 46.354189][ T5341] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.359500][ T5341] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.364161][ T5341] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.368235][ T5341] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.397531][ T5336] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.402365][ T5336] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.409261][ T5336] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.412637][ T5336] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.440483][ T5340] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.443900][ T5340] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.450053][ T5340] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.460147][ T5340] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.486245][ T5342] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.490776][ T5342] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.494782][ T5342] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.508857][ T5342] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.533633][ T5341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.554519][ T5336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.566421][ T5340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.570162][ T5341] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.575379][ T5342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.579937][ T5336] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.587898][ T1207] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.589906][ T1207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.593628][ T1207] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.595638][ T1207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.606002][ T5340] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.608336][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.610241][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.614426][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.616283][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.622462][ T5342] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.634567][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.636428][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.639444][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.641618][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.657482][ T5336] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.661093][ T5336] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.668473][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.670428][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.686044][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.687974][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.765632][ T5336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.794901][ T5336] veth0_vlan: entered promiscuous mode [ 46.800233][ T5336] veth1_vlan: entered promiscuous mode [ 46.807935][ T5341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.815005][ T5340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.827615][ T5342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.850739][ T5341] veth0_vlan: entered promiscuous mode [ 46.858860][ T5336] veth0_macvtap: entered promiscuous mode [ 46.864224][ T5336] veth1_macvtap: entered promiscuous mode [ 46.869821][ T5341] veth1_vlan: entered promiscuous mode [ 46.890606][ T5342] veth0_vlan: entered promiscuous mode [ 46.894452][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.900743][ T5340] veth0_vlan: entered promiscuous mode [ 46.905700][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.909113][ T5342] veth1_vlan: entered promiscuous mode [ 46.912205][ T5336] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.915528][ T5336] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.917819][ T5336] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.920179][ T5336] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.934645][ T5340] veth1_vlan: entered promiscuous mode [ 46.944809][ T5341] veth0_macvtap: entered promiscuous mode [ 46.948060][ T5341] veth1_macvtap: entered promiscuous mode [ 46.958193][ T5341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.961383][ T5341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.965810][ T5341] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.984882][ T5341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.987605][ T5341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.990753][ T5341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.001333][ T5340] veth0_macvtap: entered promiscuous mode [ 47.001957][ T217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.006277][ T5341] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.006678][ T217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.011951][ T5341] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.014958][ T5341] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.017156][ T5341] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.028229][ T5340] veth1_macvtap: entered promiscuous mode [ 47.040580][ T5342] veth0_macvtap: entered promiscuous mode [ 47.050031][ T5342] veth1_macvtap: entered promiscuous mode [ 47.056493][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.059929][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.071158][ T5340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.074803][ T5340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.077352][ T5340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.080139][ T5340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.084434][ T5340] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.089600][ T5340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.092515][ T5340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.096567][ T5340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.099340][ T5340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.102889][ T5340] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.108046][ T5340] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.110563][ T5340] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.113307][ T5340] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.115697][ T5340] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.125467][ T5336] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.125936][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.132107][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.135368][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.137933][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.140337][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.143671][ T5338] Bluetooth: hci0: command tx timeout [ 47.143676][ T5352] Bluetooth: hci2: command tx timeout [ 47.143682][ T4772] Bluetooth: hci3: command tx timeout [ 47.143922][ T5352] Bluetooth: hci1: command tx timeout [ 47.144048][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.144731][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.145760][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.159467][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.162267][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.165148][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.168408][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.172060][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.177960][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.184848][ T217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.185963][ T5342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.186875][ T217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.192260][ T5342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.195786][ T5342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.198748][ T5342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.224978][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.228065][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.251937][ T1207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.254045][ T1207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.271415][ T1207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.278692][ T1207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.295119][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.297164][ T5403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 47.297686][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.301994][ T1207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.308428][ T1207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.393038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.395300][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.422971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.425190][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.523390][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.580080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 47.583260][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 47.682560][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 47.887293][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 47.890661][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.371641][ T68] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xe6 [ 48.492858][ T5380] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 48.522736][ T5430] Zero length message leads to an empty skb [ 48.642937][ T5380] usb 8-1: Using ep0 maxpacket: 8 [ 48.647706][ T5380] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 48.650057][ T5380] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 48.653461][ T5380] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 48.656794][ T5380] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 48.660278][ T5380] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 48.666584][ T5380] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 48.669681][ T5380] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.878957][ T5380] usb 8-1: usb_control_msg returned -32 [ 48.881045][ T5380] usbtmc 8-1:16.0: can't read capabilities [ 48.882078][ T5433] PKCS7: Unknown OID: [5] (bad) [ 48.886459][ T5433] PKCS7: Only support pkcs7_signedData type [ 49.223451][ T4772] Bluetooth: hci1: command tx timeout [ 49.223487][ T64] Bluetooth: hci3: command tx timeout [ 49.226367][ T4772] Bluetooth: hci2: command tx timeout [ 49.233493][ T4772] Bluetooth: hci0: command tx timeout [ 49.554760][ T5448] usb 2-1: USB disconnect, device number 2 [ 50.317989][ T39] kauditd_printk_skb: 95 callbacks suppressed [ 50.318796][ T39] audit: type=1400 audit(1728195619.492:210): avc: denied { append } for pid=5454 comm="syz.2.14" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 51.122817][ T1997] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 51.279958][ T1997] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 51.282431][ T1997] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.285554][ T1997] usb 6-1: Product: syz [ 51.286758][ T1997] usb 6-1: Manufacturer: syz [ 51.288066][ T1997] usb 6-1: SerialNumber: syz [ 51.290339][ T1997] usb 6-1: config 0 descriptor?? [ 51.306648][ T4772] Bluetooth: hci3: command tx timeout [ 51.306680][ T5338] Bluetooth: hci1: command tx timeout [ 51.308094][ T4772] Bluetooth: hci2: command tx timeout [ 51.309955][ T5338] Bluetooth: hci0: command tx timeout [ 51.375392][ T5471] netlink: 'syz.0.18': attribute type 4 has an invalid length. [ 51.377261][ T25] usb 8-1: USB disconnect, device number 2 [ 51.398690][ T5474] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.406044][ T5474] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.430166][ T39] audit: type=1400 audit(1728195620.602:211): avc: denied { bind } for pid=5475 comm="syz.3.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 51.456397][ T39] audit: type=1400 audit(1728195620.632:212): avc: denied { setopt } for pid=5475 comm="syz.3.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 51.553769][ T5467] openvswitch: netlink: Actions may not be safe on all matching packets [ 51.557165][ T1293] usb 6-1: USB disconnect, device number 2 [ 51.579804][ T39] audit: type=1326 audit(1728195620.752:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 51.585425][ T5482] Bluetooth: MGMT ver 1.23 [ 51.585936][ T39] audit: type=1326 audit(1728195620.752:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 51.594562][ T39] audit: type=1326 audit(1728195620.752:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 51.601489][ T39] audit: type=1326 audit(1728195620.752:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 51.616040][ T39] audit: type=1326 audit(1728195620.752:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 51.625660][ T39] audit: type=1326 audit(1728195620.752:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 51.632475][ T39] audit: type=1326 audit(1728195620.752:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5481 comm="syz.0.21" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecf4b7dff9 code=0x7ffc0000 [ 52.044857][ T5497] bridge0: port 3(team0) entered blocking state [ 52.047742][ T5497] bridge0: port 3(team0) entered disabled state [ 52.050198][ T5497] team0: entered allmulticast mode [ 52.052041][ T5497] team_slave_0: entered allmulticast mode [ 52.054760][ T5497] team_slave_1: entered allmulticast mode [ 52.063775][ T5497] team0: entered promiscuous mode [ 52.065151][ T5497] team_slave_0: entered promiscuous mode [ 52.067130][ T5497] team_slave_1: entered promiscuous mode [ 52.070132][ T5497] bridge0: port 3(team0) entered blocking state [ 52.072643][ T5497] bridge0: port 3(team0) entered forwarding state [ 52.877359][ T5505] sp0: Synchronizing with TNC [ 52.973391][ T5505] fuse: Bad value for 'group_id' [ 52.975136][ T5505] fuse: Bad value for 'group_id' [ 52.981163][ T5505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29'. [ 52.985810][ T5505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29'. [ 52.988177][ T5505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.29'. [ 53.301464][ T5515] capability: warning: `syz.0.30' uses deprecated v2 capabilities in a way that may be insecure [ 53.349900][ T5514] evm: overlay not supported [ 53.392838][ T64] Bluetooth: hci0: command tx timeout [ 53.393134][ T4772] Bluetooth: hci1: command tx timeout [ 53.394421][ T64] Bluetooth: hci3: command tx timeout [ 53.397787][ T5338] Bluetooth: hci2: command tx timeout [ 53.679845][ T68] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.818395][ T68] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.902618][ T64] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.913950][ T64] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.917890][ T64] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.920923][ T68] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.925880][ T64] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.928562][ T64] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 53.931261][ T64] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.019202][ T68] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.028119][ T5518] chnl_net:caif_netlink_parms(): no params data found [ 54.172043][ T5518] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.174872][ T5518] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.178026][ T5518] bridge_slave_0: entered allmulticast mode [ 54.184361][ T5518] bridge_slave_0: entered promiscuous mode [ 54.194832][ T5518] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.197588][ T5518] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.200362][ T5518] bridge_slave_1: entered allmulticast mode [ 54.208901][ T5518] bridge_slave_1: entered promiscuous mode [ 54.287243][ T5518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.301184][ T5518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.476237][ T5518] team0: Port device team_slave_0 added [ 54.489138][ T5518] team0: Port device team_slave_1 added [ 54.505774][ T68] bridge_slave_1: left allmulticast mode [ 54.508074][ T68] bridge_slave_1: left promiscuous mode [ 54.511176][ T68] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.538052][ T68] bridge_slave_0: left allmulticast mode [ 54.539552][ T68] bridge_slave_0: left promiscuous mode [ 54.541269][ T68] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.074106][ T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 55.078457][ T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 55.080363][ T68] bond0 (unregistering): Released all slaves [ 55.125290][ T5518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.130397][ T5518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.138481][ T5518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.160788][ T5518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.163795][ T5518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.172286][ T5518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.218096][ T5518] hsr_slave_0: entered promiscuous mode [ 55.220195][ T5518] hsr_slave_1: entered promiscuous mode [ 55.225475][ T5518] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.228532][ T5518] Cannot create hsr debugfs directory [ 55.323386][ T39] kauditd_printk_skb: 53 callbacks suppressed [ 55.324413][ T39] audit: type=1400 audit(1728195624.492:273): avc: denied { add_name } for pid=5549 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 55.341970][ T39] audit: type=1400 audit(1728195624.492:274): avc: denied { create } for pid=5549 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 55.357953][ T39] audit: type=1400 audit(1728195624.492:275): avc: denied { write } for pid=5549 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth2.link" dev="tmpfs" ino=1783 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 55.365675][ T39] audit: type=1400 audit(1728195624.492:276): avc: denied { append } for pid=5549 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" dev="tmpfs" ino=1783 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 55.372106][ T39] audit: type=1400 audit(1728195624.522:277): avc: denied { remove_name } for pid=5552 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=1783 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 55.381718][ T39] audit: type=1400 audit(1728195624.522:278): avc: denied { unlink } for pid=5552 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=1783 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 55.573290][ T68] hsr_slave_0: left promiscuous mode [ 55.580953][ T68] hsr_slave_1: left promiscuous mode [ 55.590159][ T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 55.598114][ T68] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 55.603053][ T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.607678][ T68] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 55.626461][ T68] veth1_macvtap: left promiscuous mode [ 55.628282][ T68] veth0_macvtap: left promiscuous mode [ 55.630282][ T68] veth1_vlan: left promiscuous mode [ 55.631882][ T68] veth0_vlan: left promiscuous mode [ 55.711289][ T39] audit: type=1400 audit(1728195624.882:279): avc: denied { map } for pid=5558 comm="syz.0.41" path="/dev/bus/usb/005/001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 55.731767][ T39] audit: type=1400 audit(1728195624.902:280): avc: denied { read } for pid=5558 comm="syz.0.41" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 55.738616][ T39] audit: type=1400 audit(1728195624.902:281): avc: denied { open } for pid=5558 comm="syz.0.41" path="/dev/ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 55.749060][ T39] audit: type=1400 audit(1728195624.902:282): avc: denied { ioctl } for pid=5558 comm="syz.0.41" path="/dev/ppp" dev="devtmpfs" ino=714 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 56.035335][ T5338] Bluetooth: hci2: command tx timeout [ 56.829820][ T68] team0 (unregistering): Port device team_slave_1 removed [ 56.887746][ T68] team0 (unregistering): Port device team_slave_0 removed [ 57.492297][ T5583] syz.2.44: attempt to access beyond end of device [ 57.492297][ T5583] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 57.505563][ T5583] gfs2: error -5 reading superblock [ 57.567477][ T5592] Invalid logical block size (2304) [ 57.646051][ T5588] syz.0.46: attempt to access beyond end of device [ 57.646051][ T5588] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 57.652277][ T5588] gfs2: error -5 reading superblock [ 57.829059][ T5518] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.040526][ T5518] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.054117][ T5518] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.112839][ T5338] Bluetooth: hci2: command tx timeout [ 58.143609][ T5518] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 58.270550][ T5518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.294614][ T5518] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.312658][ T1207] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.314609][ T1207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.342534][ T5619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pid=5619 comm=syz.0.50 [ 58.355748][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.357768][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.857308][ T5518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.877872][ T5518] veth0_vlan: entered promiscuous mode [ 58.887086][ T5518] veth1_vlan: entered promiscuous mode [ 58.901288][ T5518] veth0_macvtap: entered promiscuous mode [ 58.904676][ T5518] veth1_macvtap: entered promiscuous mode [ 58.910253][ T5518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.914035][ T5518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.916543][ T5518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.919218][ T5518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.921746][ T5518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.924742][ T5518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.928072][ T5518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.933701][ T5518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.936339][ T5518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.938806][ T5518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.941414][ T5518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.944387][ T5518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.946979][ T5518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.949997][ T5518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.953639][ T5518] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.955905][ T5518] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.958156][ T5518] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.971529][ T5518] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.025750][ T1207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.027808][ T1207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.039963][ T1207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.041939][ T1207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.291212][ T5648] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pid=5648 comm=syz.0.52 [ 59.844521][ T5652] workqueue: name exceeds WQ_NAME_LEN. Truncating to: †< )Ù2¼”›U7‘Åä‹¡ô¾ÐËÝ;&!éi‡¼ [ 59.977531][ T5660] netlink: 'syz.0.56': attribute type 4 has an invalid length. [ 60.194194][ T5338] Bluetooth: hci2: command tx timeout [ 60.921415][ T39] kauditd_printk_skb: 30 callbacks suppressed [ 60.921431][ T39] audit: type=1400 audit(1728195630.092:313): avc: denied { create } for pid=5679 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 61.002285][ T39] audit: type=1400 audit(1728195630.172:314): avc: denied { create } for pid=5685 comm="syz.2.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 61.007585][ T5680] tipc: Started in network mode [ 61.009731][ T5680] tipc: Node identity 7f000001, cluster identity 4711 [ 61.013413][ T39] audit: type=1400 audit(1728195630.182:315): avc: denied { read write } for pid=5685 comm="syz.2.65" dev="sockfs" ino=10533 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 61.016834][ T5680] tipc: Enabled bearer , priority 10 [ 61.067567][ T39] audit: type=1400 audit(1728195630.242:316): avc: denied { setopt } for pid=5679 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 61.199578][ T5697] warning: `syz.0.67' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 61.262837][ T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 61.422870][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 61.427035][ T9] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 61.429378][ T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 61.432026][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 61.435162][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 61.437829][ T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 61.441246][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 61.443737][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.659773][ T9] usb 8-1: usb_control_msg returned -32 [ 61.661273][ T9] usbtmc 8-1:16.0: can't read capabilities [ 62.007788][ T5468] tipc: Node number set to 2130706433 [ 62.021433][ T5714] fuse: Unknown parameter 'fd0x0000000000000004' [ 62.022207][ T5715] netlink: 24 bytes leftover after parsing attributes in process `syz.3.64'. [ 62.030356][ T5715] usbtmc 8-1:16.0: usbtmc488_ioctl_trigger returned -90 [ 62.109550][ T5715] syz.3.64 uses obsolete (PF_INET,SOCK_PACKET) [ 62.220719][ T39] audit: type=1400 audit(1728195631.392:317): avc: denied { execute } for pid=5719 comm="syz.1.71" path="/6/cpu.stat" dev="tmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 62.265370][ T5338] Bluetooth: hci2: command tx timeout [ 62.285908][ T39] audit: type=1400 audit(1728195631.462:318): avc: denied { getopt } for pid=5719 comm="syz.1.71" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 62.385918][ T5724] ªªªªª»: renamed from hsr0 (while UP) [ 62.394263][ T5724] capability: warning: `syz.1.72' uses 32-bit capabilities (legacy support in use) [ 62.456171][ T39] audit: type=1400 audit(1728195631.632:319): avc: denied { create } for pid=5725 comm="syz.1.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 62.584870][ T39] audit: type=1400 audit(1728195631.762:320): avc: denied { create } for pid=5728 comm="syz.1.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 62.591858][ T5729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 62.597284][ T39] audit: type=1400 audit(1728195631.772:321): avc: denied { create } for pid=5728 comm="syz.1.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.602314][ T39] audit: type=1400 audit(1728195631.772:322): avc: denied { read write } for pid=5728 comm="syz.1.74" dev="sockfs" ino=9698 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 63.426321][ T5752] fuse: Unknown parameter 'fd0x0000000000000004' [ 64.009663][ T1293] usb 8-1: USB disconnect, device number 3 [ 64.526813][ T5776] batadv_slave_1: entered promiscuous mode [ 64.528952][ T5776] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.533880][ T5776] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.561185][ T5773] syz.0.86: attempt to access beyond end of device [ 64.561185][ T5773] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 64.570025][ T5773] gfs2: error -5 reading superblock [ 64.731697][ T5794] fuse: Unknown parameter 'ff' [ 64.982284][ T5806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.95'. [ 65.010299][ T5808] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4112 sclass=netlink_route_socket pid=5808 comm=syz.3.91 [ 65.125985][ T5806] cdrom: dropping to single frame dma [ 65.242981][ T5815] syz.1.98: attempt to access beyond end of device [ 65.242981][ T5815] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 65.247392][ T5815] gfs2: error -5 reading superblock [ 65.465784][ T5338] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 65.468371][ T5338] CPU: 2 UID: 0 PID: 5338 Comm: kworker/u33:2 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 65.471207][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.474012][ T5338] Workqueue: hci1 hci_rx_work [ 65.475273][ T5338] Call Trace: [ 65.476160][ T5338] [ 65.476945][ T5338] dump_stack_lvl+0x16c/0x1f0 [ 65.478218][ T5338] sysfs_warn_dup+0x7f/0xa0 [ 65.479416][ T5338] sysfs_create_dir_ns+0x24d/0x2b0 [ 65.480896][ T5338] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 65.482407][ T5338] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 65.483845][ T5338] ? kobject_add_internal+0x12d/0x990 [ 65.485261][ T5338] ? do_raw_spin_unlock+0x172/0x230 [ 65.486650][ T5338] kobject_add_internal+0x2c8/0x990 [ 65.488018][ T5338] kobject_add+0x16f/0x240 [ 65.489203][ T5338] ? __pfx_kobject_add+0x10/0x10 [ 65.490547][ T5338] ? class_to_subsys+0x3e/0x160 [ 65.491836][ T5338] ? do_raw_spin_unlock+0x172/0x230 [ 65.493225][ T5338] ? kobject_put+0xab/0x5a0 [ 65.494452][ T5338] device_add+0x289/0x1a70 [ 65.495670][ T5338] ? __pfx_dev_set_name+0x10/0x10 [ 65.496990][ T5338] ? __pfx_device_add+0x10/0x10 [ 65.498287][ T5338] ? mgmt_send_event_skb+0x2f2/0x460 [ 65.499657][ T5338] hci_conn_add_sysfs+0x17e/0x230 [ 65.501032][ T5338] le_conn_complete_evt+0x1078/0x1d80 [ 65.502470][ T5338] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 65.504061][ T5338] ? trace_contention_end+0xea/0x140 [ 65.505486][ T5338] hci_le_conn_complete_evt+0x23c/0x370 [ 65.506997][ T5338] hci_le_meta_evt+0x2e2/0x5d0 [ 65.508272][ T5338] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 65.509905][ T5338] hci_event_packet+0x666/0x1180 [ 65.511247][ T5338] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 65.512908][ T5338] ? __pfx_hci_event_packet+0x10/0x10 [ 65.514504][ T5338] ? mark_held_locks+0x9f/0xe0 [ 65.515812][ T5338] ? kcov_remote_start+0x3cf/0x6e0 [ 65.517527][ T5338] ? lockdep_hardirqs_on+0x7c/0x110 [ 65.519368][ T5338] hci_rx_work+0x2c6/0x16c0 [ 65.520652][ T5338] ? lock_acquire+0x2f/0xb0 [ 65.521871][ T5338] ? process_one_work+0x921/0x1ba0 [ 65.523257][ T5338] process_one_work+0x9c5/0x1ba0 [ 65.524675][ T5338] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 65.526207][ T5338] ? __pfx_process_one_work+0x10/0x10 [ 65.527654][ T5338] ? assign_work+0x1a0/0x250 [ 65.528895][ T5338] worker_thread+0x6c8/0xf00 [ 65.530166][ T5338] ? __kthread_parkme+0x148/0x220 [ 65.531517][ T5338] ? __pfx_worker_thread+0x10/0x10 [ 65.532946][ T5338] kthread+0x2c1/0x3a0 [ 65.534116][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 65.535527][ T5338] ? __pfx_kthread+0x10/0x10 [ 65.536754][ T5338] ret_from_fork+0x45/0x80 [ 65.537834][ T5338] ? __pfx_kthread+0x10/0x10 [ 65.539085][ T5338] ret_from_fork_asm+0x1a/0x30 [ 65.540384][ T5338] [ 65.544551][ T5338] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 65.549907][ T5338] Bluetooth: hci1: failed to register connection device [ 65.663162][ T5840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.103'. [ 65.896276][ T5838] tipc: Enabling of bearer rejected, failed to enable media [ 66.195896][ T5851] syz.3.109: attempt to access beyond end of device [ 66.195896][ T5851] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 66.199442][ T5851] gfs2: error -5 reading superblock [ 66.314563][ T39] kauditd_printk_skb: 30 callbacks suppressed [ 66.314578][ T39] audit: type=1400 audit(1728195635.492:353): avc: denied { ioctl } for pid=5858 comm="syz.2.113" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=10759 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 66.336293][ T39] audit: type=1400 audit(1728195635.502:354): avc: denied { create } for pid=5860 comm="syz.1.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 66.441640][ T39] audit: type=1326 audit(1728195635.612:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.473412][ T39] audit: type=1326 audit(1728195635.622:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.492189][ T39] audit: type=1326 audit(1728195635.642:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.515899][ T39] audit: type=1326 audit(1728195635.642:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.525113][ T39] audit: type=1326 audit(1728195635.642:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.531625][ T39] audit: type=1326 audit(1728195635.652:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.541065][ T39] audit: type=1326 audit(1728195635.662:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.553780][ T39] audit: type=1326 audit(1728195635.662:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5858 comm="syz.2.113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff77097dff9 code=0x7ffc0000 [ 66.585566][ T5867] FAULT_INJECTION: forcing a failure. [ 66.585566][ T5867] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 66.601764][ T5867] CPU: 3 UID: 0 PID: 5867 Comm: syz.3.116 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 66.604880][ T5867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.607695][ T5867] Call Trace: [ 66.608579][ T5867] [ 66.609410][ T5867] dump_stack_lvl+0x16c/0x1f0 [ 66.610711][ T5867] should_fail_ex+0x497/0x5b0 [ 66.612016][ T5867] _copy_to_user+0x30/0xc0 [ 66.613190][ T5867] simple_read_from_buffer+0xd0/0x160 [ 66.614691][ T5867] proc_fail_nth_read+0x198/0x270 [ 66.616400][ T5867] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 66.618332][ T5867] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 66.620271][ T5867] vfs_read+0x1ce/0xbd0 [ 66.621754][ T5867] ? __fget_files+0x23a/0x3f0 [ 66.623268][ T5867] ? fdget_pos+0x24c/0x360 [ 66.624922][ T5867] ? __pfx_lock_release+0x10/0x10 [ 66.626791][ T5867] ? trace_lock_acquire+0x14a/0x1d0 [ 66.628668][ T5867] ? __pfx_vfs_read+0x10/0x10 [ 66.630385][ T5867] ? __pfx___mutex_lock+0x10/0x10 [ 66.632190][ T5867] ? __fget_files+0x244/0x3f0 [ 66.633878][ T5867] ksys_read+0x12f/0x260 [ 66.635402][ T5867] ? __pfx_ksys_read+0x10/0x10 [ 66.637209][ T5867] do_syscall_64+0xcd/0x250 [ 66.638872][ T5867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.641023][ T5867] RIP: 0033:0x7fde2117ca3c [ 66.642647][ T5867] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 66.649339][ T5867] RSP: 002b:00007fde21f32030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 66.652261][ T5867] RAX: ffffffffffffffda RBX: 00007fde21335f80 RCX: 00007fde2117ca3c [ 66.655090][ T5867] RDX: 000000000000000f RSI: 00007fde21f320a0 RDI: 0000000000000003 [ 66.657921][ T5867] RBP: 00007fde21f32090 R08: 0000000000000000 R09: 0000000000000000 [ 66.660734][ T5867] R10: 00000000000000f1 R11: 0000000000000246 R12: 0000000000000002 [ 66.663568][ T5867] R13: 0000000000000000 R14: 00007fde21335f80 R15: 00007ffc6b0c7a18 [ 66.666459][ T5867] [ 66.667691][ C3] vkms_vblank_simulate: vblank timer overrun [ 67.057970][ T5876] ======================================================= [ 67.057970][ T5876] WARNING: The mand mount option has been deprecated and [ 67.057970][ T5876] and is ignored by this kernel. Remove the mand [ 67.057970][ T5876] option from the mount to silence this warning. [ 67.057970][ T5876] ======================================================= [ 67.440938][ T5886] netlink: 'syz.2.120': attribute type 11 has an invalid length. [ 67.447709][ T5886] netlink: 'syz.2.120': attribute type 11 has an invalid length. [ 67.449924][ T5886] debugfs: Directory 'netdev:' with parent 'phy7' already present! [ 67.884181][ T5893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.122'. [ 68.092193][ T5896] netlink: 'syz.0.123': attribute type 4 has an invalid length. [ 68.531733][ T5906] xt_CT: You must specify a L4 protocol and not use inversions on it [ 68.865111][ T5920] program syz.3.127 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 69.364533][ T5931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.129'. [ 69.451988][ T5938] loop7: detected capacity change from 0 to 16384 [ 69.483825][ T5938] loop7: detected capacity change from 16384 to 16383 [ 69.827192][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.134'. [ 70.763948][ T5970] netlink: 'syz.2.143': attribute type 4 has an invalid length. [ 71.080951][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.083405][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.144806][ T5974] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.145'. [ 71.148028][ T5974] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.145'. [ 71.379478][ T39] kauditd_printk_skb: 73 callbacks suppressed [ 71.379488][ T39] audit: type=1400 audit(1728195640.552:436): avc: denied { ioctl } for pid=5985 comm="syz.3.151" path="socket:[10019]" dev="sockfs" ino=10019 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 71.390012][ T39] audit: type=1400 audit(1728195640.562:437): avc: denied { accept } for pid=5982 comm="syz.0.149" lport=45305 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 71.399730][ T5987] netlink: 'syz.0.149': attribute type 9 has an invalid length. [ 71.410169][ T39] audit: type=1400 audit(1728195640.582:438): avc: denied { ioctl } for pid=5982 comm="syz.0.149" path="socket:[11825]" dev="sockfs" ino=11825 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 71.426094][ T39] audit: type=1400 audit(1728195640.602:439): avc: denied { accept } for pid=5988 comm="syz.2.150" lport=34317 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 71.540169][ T5993] netlink: 'syz.2.152': attribute type 4 has an invalid length. [ 71.941839][ T5999] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'. [ 71.947485][ T39] audit: type=1400 audit(1728195641.122:440): avc: denied { bind } for pid=5997 comm="syz.1.154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 71.953438][ T5999] ax25_connect(): syz.1.154 uses autobind, please contact jreuter@yaina.de [ 71.953438][ T39] audit: type=1400 audit(1728195641.132:441): avc: denied { connect } for pid=5997 comm="syz.1.154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 72.305682][ T39] audit: type=1400 audit(1728195641.482:442): avc: denied { set_context_mgr } for pid=6010 comm="syz.3.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 72.312006][ T39] audit: type=1400 audit(1728195641.482:443): avc: denied { write } for pid=6010 comm="syz.3.159" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 72.320483][ T6011] binder: 6010:6011 ioctl c0306201 200001c0 returned -22 [ 72.368085][ T6013] netlink: 'syz.0.160': attribute type 9 has an invalid length. [ 72.370272][ T6013] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.160'. [ 72.386262][ T6013] netlink: 'syz.0.160': attribute type 9 has an invalid length. [ 72.388287][ T6013] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.160'. [ 72.552078][ T6020] fuse: Bad value for 'fd' [ 72.711779][ T6024] Bluetooth: MGMT ver 1.23 [ 72.765246][ T39] audit: type=1400 audit(1728195897.948:444): avc: denied { write } for pid=6025 comm="syz.1.164" name="sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 72.809051][ T39] audit: type=1400 audit(1728195897.988:445): avc: denied { create } for pid=6027 comm="syz.0.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 72.812911][ T6028] netlink: 16 bytes leftover after parsing attributes in process `syz.0.165'. [ 72.817462][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.0.165'. [ 72.907398][ T6032] syz.0.167: attempt to access beyond end of device [ 72.907398][ T6032] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 72.911131][ T6032] gfs2: error -5 reading superblock [ 72.977062][ T6039] netlink: 16 bytes leftover after parsing attributes in process `syz.2.170'. [ 72.979964][ T6039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.170'. [ 73.002818][ T6039] FAULT_INJECTION: forcing a failure. [ 73.002818][ T6039] name failslab, interval 1, probability 0, space 0, times 1 [ 73.007040][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz.2.170 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 73.010446][ T6039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.014027][ T6039] Call Trace: [ 73.015170][ T6039] [ 73.016190][ T6039] dump_stack_lvl+0x16c/0x1f0 [ 73.017847][ T6039] should_fail_ex+0x497/0x5b0 [ 73.019354][ T6039] ? fs_reclaim_acquire+0xae/0x160 [ 73.021063][ T6039] should_failslab+0xc2/0x120 [ 73.022689][ T6039] __kmalloc_node_noprof+0xd1/0x430 [ 73.024290][ T6039] ? alloc_slab_obj_exts+0x41/0xa0 [ 73.026047][ T6039] alloc_slab_obj_exts+0x41/0xa0 [ 73.027736][ T6039] __memcg_slab_post_alloc_hook+0x2a7/0x9b0 [ 73.029671][ T6039] __kmalloc_node_noprof+0x3b0/0x430 [ 73.031484][ T6039] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 73.033262][ T6039] __kvmalloc_node_noprof+0xad/0x1a0 [ 73.035049][ T6039] alloc_netdev_mqs+0xd1/0x1420 [ 73.036545][ T6039] ? __pfx_macsec_setup+0x10/0x10 [ 73.038272][ T6039] rtnl_create_link+0xc10/0xfa0 [ 73.039817][ T6039] __rtnl_newlink+0x10ae/0x1920 [ 73.041050][ T6045] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.173'. [ 73.041480][ T6039] ? __pfx___rtnl_newlink+0x10/0x10 [ 73.044616][ T6045] openvswitch: netlink: Actions may not be safe on all matching packets [ 73.046250][ T6039] rtnl_newlink+0x67/0xa0 [ 73.050496][ T6039] ? __pfx_rtnl_newlink+0x10/0x10 [ 73.052113][ T6039] rtnetlink_rcv_msg+0x3c7/0xea0 [ 73.053829][ T6039] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 73.055570][ T6039] netlink_rcv_skb+0x16b/0x440 [ 73.057207][ T6039] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 73.059039][ T6039] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 73.060858][ T6039] ? netlink_deliver_tap+0x1ae/0xd90 [ 73.062600][ T6039] netlink_unicast+0x53c/0x7f0 [ 73.064236][ T6039] ? __pfx_netlink_unicast+0x10/0x10 [ 73.065923][ T6039] netlink_sendmsg+0x8b8/0xd70 [ 73.067564][ T6039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 73.069378][ T6039] ? __import_iovec+0x1fd/0x6e0 [ 73.071054][ T6039] ____sys_sendmsg+0xaaf/0xc90 [ 73.072681][ T6039] ? copy_msghdr_from_user+0x10b/0x160 [ 73.074525][ T6039] ? __pfx_____sys_sendmsg+0x10/0x10 [ 73.076327][ T6039] ? __pfx___lock_acquire+0x10/0x10 [ 73.078019][ T6039] ___sys_sendmsg+0x135/0x1e0 [ 73.079635][ T6039] ? __pfx____sys_sendmsg+0x10/0x10 [ 73.081381][ T6039] ? lock_acquire+0x2f/0xb0 [ 73.082934][ T6039] ? __fget_files+0x40/0x3f0 [ 73.084925][ T6039] ? fdget+0x176/0x210 [ 73.086330][ T6039] __sys_sendmmsg+0x1a1/0x450 [ 73.087932][ T6039] ? __pfx___sys_sendmmsg+0x10/0x10 [ 73.089696][ T6039] ? vfs_write+0x14d/0x1140 [ 73.091012][ T6039] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 73.092797][ T6039] ? fput+0x30/0x390 [ 73.094144][ T6039] ? ksys_write+0x1ad/0x260 [ 73.095677][ T6039] ? __pfx_ksys_write+0x10/0x10 [ 73.097334][ T6039] __x64_sys_sendmmsg+0x9c/0x100 [ 73.099016][ T6039] ? lockdep_hardirqs_on+0x7c/0x110 [ 73.100741][ T6039] do_syscall_64+0xcd/0x250 [ 73.102271][ T6039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.104254][ T6039] RIP: 0033:0x7ff77097dff9 [ 73.105789][ T6039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.112165][ T6039] RSP: 002b:00007ff771726038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 73.114518][ T6039] RAX: ffffffffffffffda RBX: 00007ff770b35f80 RCX: 00007ff77097dff9 [ 73.116939][ T6039] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000003 [ 73.119587][ T6039] RBP: 00007ff771726090 R08: 0000000000000000 R09: 0000000000000000 [ 73.122098][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.124468][ T6039] R13: 0000000000000000 R14: 00007ff770b35f80 R15: 00007ffdfb677b78 [ 73.126982][ T6039] [ 73.131964][ T6047] netlink: 'syz.1.171': attribute type 10 has an invalid length. [ 73.137400][ T6047] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.141154][ T6047] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.151653][ T6047] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.154163][ T6047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.157713][ T6047] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.160099][ T6047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.170654][ T6047] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 73.175423][ T6045] netlink: 36 bytes leftover after parsing attributes in process `syz.0.173'. [ 73.202931][ T6051] program syz.0.175 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 73.342410][ T6068] netlink: 'syz.3.182': attribute type 11 has an invalid length. [ 73.443036][ T5218] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 73.603430][ T5218] usb 7-1: Using ep0 maxpacket: 32 [ 73.609816][ T5218] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 73.612049][ T5218] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 73.614966][ T5218] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 73.617871][ T5218] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 73.621286][ T5218] usb 7-1: config 0 interface 0 has no altsetting 0 [ 73.626387][ T5218] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 73.628963][ T5218] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 73.631295][ T5218] usb 7-1: Product: syz [ 73.633570][ T5218] usb 7-1: Manufacturer: syz [ 73.634994][ T5218] usb 7-1: SerialNumber: syz [ 73.638041][ T5218] usb 7-1: config 0 descriptor?? [ 73.641532][ T5218] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 73.645828][ T5218] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 73.672808][ T25] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 73.853321][ T25] usb 8-1: Using ep0 maxpacket: 8 [ 73.856644][ T25] usb 8-1: config 0 has an invalid interface number: 25 but max is 0 [ 73.859434][ T25] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.862971][ T25] usb 8-1: config 0 has no interface number 0 [ 73.865219][ T25] usb 8-1: config 0 interface 25 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 73.869634][ T25] usb 8-1: config 0 interface 25 has no altsetting 0 [ 73.876063][ T25] usb 8-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.9f [ 73.879197][ T25] usb 8-1: New USB device strings: Mfr=0, Product=16, SerialNumber=3 [ 73.881960][ T25] usb 8-1: Product: syz [ 73.883594][ T25] usb 8-1: SerialNumber: syz [ 73.886887][ T25] usb 8-1: config 0 descriptor?? [ 73.900695][ T25] usb 7-1: USB disconnect, device number 2 [ 73.901944][ C0] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 73.905414][ T25] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 74.095301][ T25] usb 8-1: USB disconnect, device number 4 [ 74.242934][ T5218] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.244973][ T6100] program syz.1.191 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 74.342986][ T5338] Bluetooth: hci3: command 0x0406 tx timeout [ 74.393186][ T5218] usb 5-1: Using ep0 maxpacket: 16 [ 74.397243][ T5218] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.400888][ T5218] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.404960][ T5218] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 74.408127][ T5218] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.416222][ T5218] usb 5-1: config 0 descriptor?? [ 74.627877][ T6092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.640030][ T6092] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.735490][ T5218] usbhid 5-1:0.0: can't add hid device: -71 [ 74.742614][ T5218] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 74.748250][ T5218] usb 5-1: USB disconnect, device number 2 [ 75.421897][ T6149] fuse: Bad value for 'fd' [ 76.187741][ T828] cfg80211: failed to load regulatory.db [ 76.264058][ T6166] netlink: 256 bytes leftover after parsing attributes in process `syz.0.212'. [ 76.267813][ T6164] input: syz0 as /devices/virtual/input/input5 [ 76.298620][ T6160] syz.1.209: attempt to access beyond end of device [ 76.298620][ T6160] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 76.306071][ T6160] gfs2: error -5 reading superblock [ 76.319004][ T6164] 9pnet_fd: Insufficient options for proto=fd [ 76.509498][ T6183] Possible attack attempt. Unexpected rseq signature 0x0, expecting 0xff7f0000 (pid=6183, addr=00000000208f3d5f). [ 76.513430][ T6183] Possible attack attempt. Unexpected rseq signature 0x0, expecting 0xff7f0000 (pid=6183, addr=00000000208f3d5f). [ 76.535275][ T6185] FAULT_INJECTION: forcing a failure. [ 76.535275][ T6185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 76.538813][ T6185] CPU: 3 UID: 0 PID: 6185 Comm: syz.1.218 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 76.541529][ T6185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.544552][ T6185] Call Trace: [ 76.545499][ T6185] [ 76.546340][ T6185] dump_stack_lvl+0x16c/0x1f0 [ 76.547622][ T6185] should_fail_ex+0x497/0x5b0 [ 76.548901][ T6185] _copy_from_iter+0x2a1/0x1540 [ 76.550269][ T6185] ? __pfx__copy_from_iter+0x10/0x10 [ 76.551868][ T6185] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 76.553427][ T6185] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 76.555050][ T6185] ? __pfx_lock_release+0x10/0x10 [ 76.556422][ T6185] ? trace_lock_acquire+0x14a/0x1d0 [ 76.557837][ T6185] ? __pfx_lock_release+0x10/0x10 [ 76.559205][ T6185] copy_page_from_iter+0xa5/0x120 [ 76.560651][ T6185] tun_build_skb.constprop.0+0x294/0x1120 [ 76.562195][ T6185] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 76.563939][ T6185] ? __pfx___lock_acquire+0x10/0x10 [ 76.565522][ T6185] ? __pfx_mark_lock+0x10/0x10 [ 76.566881][ T6185] ? __pfx_mark_lock+0x10/0x10 [ 76.568146][ T6185] ? __lock_acquire+0xbdd/0x3ce0 [ 76.569458][ T6185] tun_get_user+0x872/0x3d80 [ 76.570762][ T6185] ? find_held_lock+0x2d/0x110 [ 76.572021][ T6185] ? __pfx_tun_get_user+0x10/0x10 [ 76.573347][ T6185] ? find_held_lock+0x2d/0x110 [ 76.574633][ T6185] ? __pfx_lock_release+0x10/0x10 [ 76.575997][ T6185] tun_chr_write_iter+0xdc/0x210 [ 76.577301][ T6185] vfs_write+0x6b5/0x1140 [ 76.578476][ T6185] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 76.579935][ T6185] ? trace_lock_acquire+0x14a/0x1d0 [ 76.581648][ T6185] ? __pfx_vfs_write+0x10/0x10 [ 76.583347][ T6185] ? __fget_files+0x40/0x3f0 [ 76.585066][ T6185] ksys_write+0x12f/0x260 [ 76.586382][ T6185] ? __pfx_ksys_write+0x10/0x10 [ 76.587670][ T6185] do_syscall_64+0xcd/0x250 [ 76.588874][ T6185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.590873][ T6185] RIP: 0033:0x7f440d57cadf [ 76.592475][ T6185] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 76.597808][ T6185] RSP: 002b:00007f440e3f0000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 76.599981][ T6185] RAX: ffffffffffffffda RBX: 00007f440d735f80 RCX: 00007f440d57cadf [ 76.602601][ T6185] RDX: 00000000000000be RSI: 0000000020000440 RDI: 00000000000000c8 [ 76.604678][ T6185] RBP: 00007f440e3f0090 R08: 0000000000000000 R09: 0000000000000000 [ 76.606788][ T6185] R10: 00000000000000be R11: 0000000000000293 R12: 0000000000000001 [ 76.608844][ T6185] R13: 0000000000000001 R14: 00007f440d735f80 R15: 00007fffb62d6a58 [ 76.611001][ T6185] [ 76.841390][ T39] kauditd_printk_skb: 68 callbacks suppressed [ 76.841491][ T39] audit: type=1400 audit(1728195902.018:514): avc: denied { ioctl } for pid=6191 comm="syz.1.220" path="socket:[12421]" dev="sockfs" ino=12421 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 76.875268][ T39] audit: type=1400 audit(1728195902.058:515): avc: denied { read } for pid=6191 comm="syz.1.220" name="mice" dev="devtmpfs" ino=860 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 77.020339][ T6197] netlink: 'syz.1.221': attribute type 25 has an invalid length. [ 77.022559][ T6197] netlink: 'syz.1.221': attribute type 8 has an invalid length. [ 77.051002][ T39] audit: type=1400 audit(1728195902.228:516): avc: denied { setopt } for pid=6195 comm="syz.1.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 77.056796][ T39] audit: type=1400 audit(1728195902.238:517): avc: denied { bind } for pid=6195 comm="syz.1.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 77.421806][ T6199] syz.2.222: attempt to access beyond end of device [ 77.421806][ T6199] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 77.434445][ T6199] gfs2: error -5 reading superblock [ 77.510406][ T6202] netlink: 12 bytes leftover after parsing attributes in process `syz.2.223'. [ 77.513253][ T6202] netlink: 56 bytes leftover after parsing attributes in process `syz.2.223'. [ 77.515867][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.223'. [ 77.549037][ T39] audit: type=1400 audit(1728195902.728:518): avc: denied { map } for pid=6205 comm="syz.2.224" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 77.896554][ T6229] FAULT_INJECTION: forcing a failure. [ 77.896554][ T6229] name failslab, interval 1, probability 0, space 0, times 0 [ 77.899879][ T6229] CPU: 2 UID: 0 PID: 6229 Comm: syz.2.229 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 77.902732][ T6229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.905569][ T6229] Call Trace: [ 77.906470][ T6229] [ 77.907263][ T6229] dump_stack_lvl+0x16c/0x1f0 [ 77.908523][ T6229] should_fail_ex+0x497/0x5b0 [ 77.909808][ T6229] ? fs_reclaim_acquire+0xae/0x160 [ 77.911168][ T6229] should_failslab+0xc2/0x120 [ 77.912420][ T6229] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 77.913846][ T6229] ? getname_flags.part.0+0x4c/0x550 [ 77.915249][ T6229] getname_flags.part.0+0x4c/0x550 [ 77.916616][ T6229] getname_flags+0x93/0xf0 [ 77.917871][ T6229] __x64_sys_rename+0x58/0xa0 [ 77.919124][ T6229] do_syscall_64+0xcd/0x250 [ 77.920397][ T6229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.922094][ T6229] RIP: 0033:0x7ff77097dff9 [ 77.923424][ T6229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.928998][ T6229] RSP: 002b:00007ff7716e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 77.931209][ T6229] RAX: ffffffffffffffda RBX: 00007ff770b36130 RCX: 00007ff77097dff9 [ 77.933289][ T6229] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000100 [ 77.935376][ T6229] RBP: 00007ff7716e4090 R08: 0000000000000000 R09: 0000000000000000 [ 77.937466][ T6229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 77.939543][ T6229] R13: 0000000000000001 R14: 00007ff770b36130 R15: 00007ffdfb677b78 [ 77.941644][ T6229] [ 77.968402][ T6228] syz.1.231: attempt to access beyond end of device [ 77.968402][ T6228] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 77.971847][ T6228] gfs2: error -5 reading superblock [ 78.026068][ T39] audit: type=1400 audit(1728195903.208:519): avc: denied { watch_mount } for pid=6235 comm="syz.1.233" path="/44" dev="tmpfs" ino=274 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 78.175618][ T39] audit: type=1400 audit(1728195903.358:520): avc: denied { open } for pid=6234 comm="syz.2.232" path="/dev/ttyq8" dev="devtmpfs" ino=391 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 78.199506][ T6236] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262395 (only 8 groups) [ 78.248737][ T6245] netlink: 'syz.1.234': attribute type 4 has an invalid length. [ 78.249805][ T6246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.290031][ T6248] netlink: 332 bytes leftover after parsing attributes in process `syz.2.236'. [ 78.292390][ T6248] netlink: 652 bytes leftover after parsing attributes in process `syz.2.236'. [ 78.599859][ T39] audit: type=1326 audit(1728195903.778:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6256 comm="syz.1.237" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f440d57dff9 code=0x0 [ 78.755649][ T39] audit: type=1400 audit(1728195903.938:522): avc: denied { create } for pid=6267 comm="syz.1.240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 78.760773][ T39] audit: type=1400 audit(1728195903.938:523): avc: denied { setopt } for pid=6267 comm="syz.1.240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 79.062022][ T6277] netlink: 15 bytes leftover after parsing attributes in process `syz.0.242'. [ 79.482234][ T6285] netlink: 20 bytes leftover after parsing attributes in process `syz.2.245'. [ 79.486763][ T6285] netlink: 24 bytes leftover after parsing attributes in process `syz.2.245'. [ 79.489072][ T6285] netlink: 24 bytes leftover after parsing attributes in process `syz.2.245'. [ 79.512926][ T5386] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 79.676256][ T5386] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 79.679144][ T5386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.682160][ T5386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.684833][ T5386] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 79.693607][ T5386] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 79.695990][ T5386] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 79.698108][ T5386] usb 5-1: Manufacturer: syz [ 79.712815][ T5386] usb 5-1: config 0 descriptor?? [ 80.123913][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.251'. [ 80.171848][ T5386] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 80.273291][ T5386] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 80.396874][ T5386] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 80.415679][ T6305] kvm: emulating exchange as write [ 80.925648][ T6323] FAULT_INJECTION: forcing a failure. [ 80.925648][ T6323] name failslab, interval 1, probability 0, space 0, times 0 [ 80.928938][ T6323] CPU: 3 UID: 0 PID: 6323 Comm: syz.1.256 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 80.931706][ T6323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.934589][ T6323] Call Trace: [ 80.935573][ T6323] [ 80.936359][ T6323] dump_stack_lvl+0x16c/0x1f0 [ 80.937615][ T6323] should_fail_ex+0x497/0x5b0 [ 80.938866][ T6323] ? fs_reclaim_acquire+0xae/0x160 [ 80.940240][ T6323] should_failslab+0xc2/0x120 [ 80.941480][ T6323] __kmalloc_noprof+0xcb/0x400 [ 80.942759][ T6323] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 80.944232][ T6323] tomoyo_realpath_from_path+0xb9/0x720 [ 80.945691][ T6323] ? tomoyo_path_number_perm+0x232/0x590 [ 80.947162][ T6323] tomoyo_path_number_perm+0x245/0x590 [ 80.948589][ T6323] ? tomoyo_path_number_perm+0x232/0x590 [ 80.950110][ T6323] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 80.951697][ T6323] ? trace_lock_acquire+0x14a/0x1d0 [ 80.953082][ T6323] ? lock_acquire+0x2f/0xb0 [ 80.954293][ T6323] ? __fget_files+0x40/0x3f0 [ 80.955512][ T6323] ? __fget_files+0x244/0x3f0 [ 80.956757][ T6323] security_file_ioctl+0x9b/0x240 [ 80.958102][ T6323] __x64_sys_ioctl+0xbb/0x220 [ 80.959344][ T6323] do_syscall_64+0xcd/0x250 [ 80.960558][ T6323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.962154][ T6323] RIP: 0033:0x7f440d57dff9 [ 80.963352][ T6323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.968465][ T6323] RSP: 002b:00007f440e3f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.970679][ T6323] RAX: ffffffffffffffda RBX: 00007f440d735f80 RCX: 00007f440d57dff9 [ 80.972828][ T6323] RDX: 0000000000000008 RSI: 0000000000005326 RDI: 0000000000000003 [ 80.974930][ T6323] RBP: 00007f440e3f0090 R08: 0000000000000000 R09: 0000000000000000 [ 80.976998][ T6323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.979085][ T6323] R13: 0000000000000000 R14: 00007f440d735f80 R15: 00007fffb62d6a58 [ 80.981189][ T6323] [ 80.984887][ T6323] ERROR: Out of memory at tomoyo_realpath_from_path. [ 81.071164][ T6327] netlink: 'syz.1.258': attribute type 2 has an invalid length. [ 81.073445][ T6327] netlink: 244 bytes leftover after parsing attributes in process `syz.1.258'. [ 81.093222][ T6327] IPVS: set_ctl: invalid protocol: 135 172.20.20.58:20003 [ 81.208900][ T6330] overlayfs: failed to resolve './file1': -2 [ 81.450241][ T6333] netlink: 'syz.1.260': attribute type 4 has an invalid length. [ 81.633250][ T25] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 81.644081][ T6317] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 81.647348][ T6317] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 81.652522][ T6317] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 81.656263][ T6317] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 81.657949][ T6317] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 81.660462][ T6317] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 81.664323][ T6317] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 81.668286][ T6317] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 81.670089][ T6317] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 81.673151][ T6317] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 81.675461][ T6317] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 81.677815][ T6317] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 81.763414][ T25] usb 5-1: device descriptor read/64, error -32 [ 81.852171][ T39] kauditd_printk_skb: 19 callbacks suppressed [ 81.852185][ T39] audit: type=1400 audit(1728195907.028:543): avc: denied { ioctl } for pid=6334 comm="syz.3.261" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 81.866372][ T39] audit: type=1400 audit(1728195907.048:544): avc: denied { create } for pid=6334 comm="syz.3.261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 82.002925][ T25] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 82.142956][ T25] usb 5-1: device descriptor read/64, error -32 [ 82.392855][ T25] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 82.427336][ T25] usb 5-1: device descriptor read/8, error -32 [ 82.510919][ T6311] syz.0.243 (6311) used greatest stack depth: 20128 bytes left [ 82.834523][ T39] audit: type=1400 audit(1728195908.018:545): avc: denied { setopt } for pid=6354 comm="syz.0.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 82.850092][ T39] audit: type=1400 audit(1728195908.028:546): avc: denied { ioctl } for pid=6354 comm="syz.0.266" path="socket:[14663]" dev="sockfs" ino=14663 ioctlcmd=0xf510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 82.908225][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 83.505805][ T5468] usb 5-1: USB disconnect, device number 3 [ 83.703239][ T64] Bluetooth: hci2: command 0x0c1a tx timeout [ 83.703352][ T5352] Bluetooth: hci1: command 0x0c1a tx timeout [ 83.705509][ T5338] Bluetooth: hci3: command 0x0406 tx timeout [ 83.977696][ T39] audit: type=1400 audit(1728195909.158:547): avc: denied { write } for pid=6379 comm="syz.3.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 83.988885][ T39] audit: type=1400 audit(1728195909.168:548): avc: denied { setopt } for pid=6379 comm="syz.3.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 84.033960][ T39] audit: type=1400 audit(1728195909.208:549): avc: denied { mount } for pid=6379 comm="syz.3.272" name="/" dev="gadgetfs" ino=12550 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 84.051534][ T39] audit: type=1400 audit(1728195909.228:550): avc: denied { unmount } for pid=5336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 84.078326][ T39] audit: type=1400 audit(1728195909.258:551): avc: denied { bind } for pid=6385 comm="syz.3.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 84.088842][ T39] audit: type=1400 audit(1728195909.258:552): avc: denied { listen } for pid=6385 comm="syz.3.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 84.723064][ T1447] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 84.888580][ T1447] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 84.890907][ T1447] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 84.893638][ T1447] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 84.898174][ T1447] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.904861][ T1447] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 84.907193][ T1447] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 84.909762][ T1447] usb 5-1: Product: syz [ 84.911184][ T1447] usb 5-1: Manufacturer: syz [ 84.930350][ T1447] cdc_wdm 5-1:1.0: skipping garbage [ 84.931769][ T1447] cdc_wdm 5-1:1.0: skipping garbage [ 84.936331][ T1447] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 84.937891][ T1447] cdc_wdm 5-1:1.0: Unknown control protocol [ 84.992850][ T5338] Bluetooth: hci0: command 0x0c1a tx timeout [ 85.126099][ T6400] netlink: 4 bytes leftover after parsing attributes in process `syz.1.277'. [ 85.139070][ T1293] usb 5-1: USB disconnect, device number 4 [ 85.782904][ T5338] Bluetooth: hci3: command 0x0406 tx timeout [ 85.785643][ T5338] Bluetooth: hci2: command 0x0c1a tx timeout [ 85.793373][ T5338] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.495095][ T6430] xt_socket: unknown flags 0x8 [ 87.062922][ T5338] Bluetooth: hci0: command 0x0c1a tx timeout [ 87.913053][ T5338] Bluetooth: hci1: command 0x0c1a tx timeout [ 87.915807][ T5338] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.626870][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 88.627284][ T39] audit: type=1400 audit(1728195913.808:557): avc: denied { map } for pid=6455 comm="syz.1.292" path="socket:[14811]" dev="sockfs" ino=14811 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 88.693377][ T39] audit: type=1400 audit(1728195913.868:558): avc: denied { execute } for pid=6455 comm="syz.1.292" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=15553 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 89.363946][ T6466] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 89.812003][ T6456] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 89.817764][ T6456] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 89.820709][ T6456] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 89.823710][ T6456] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 89.858746][ T39] audit: type=1400 audit(1728195915.038:559): avc: denied { ioctl } for pid=6472 comm="syz.0.298" path="/dev/nullb0" dev="devtmpfs" ino=691 ioctlcmd=0x5429 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.889997][ T39] audit: type=1400 audit(1728195915.068:560): avc: denied { execute_no_trans } for pid=6472 comm="syz.0.298" path="/78/file0" dev="tmpfs" ino=485 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 90.147664][ T39] audit: type=1400 audit(1728195915.328:561): avc: denied { execute } for pid=6482 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 90.162783][ T39] audit: type=1400 audit(1728195915.328:562): avc: denied { execute_no_trans } for pid=6482 comm="syz-executor" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 90.239177][ T5338] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.242571][ T5338] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.246552][ T5338] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.250188][ T5338] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.254811][ T5338] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.258634][ T5338] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.384431][ T6486] chnl_net:caif_netlink_parms(): no params data found [ 90.483117][ T6486] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.488068][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.491317][ T6486] bridge_slave_0: entered allmulticast mode [ 90.496152][ T6486] bridge_slave_0: entered promiscuous mode [ 90.501929][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.504502][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.506941][ T6486] bridge_slave_1: entered allmulticast mode [ 90.510137][ T6486] bridge_slave_1: entered promiscuous mode [ 90.550691][ T6486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.556179][ T6486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.592002][ T6486] team0: Port device team_slave_0 added [ 90.595910][ T6486] team0: Port device team_slave_1 added [ 90.626061][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.628384][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.638378][ T6486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.645472][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.647785][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.656392][ T6486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.708534][ T6486] hsr_slave_0: entered promiscuous mode [ 90.715540][ T6486] hsr_slave_1: entered promiscuous mode [ 90.742788][ T5352] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.795305][ T6486] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.886526][ T6486] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.953033][ T70] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 91.024670][ T6486] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.114646][ T70] usb 5-1: Using ep0 maxpacket: 32 [ 91.120725][ T70] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 91.124854][ T70] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 91.136548][ T70] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 91.139567][ T70] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 91.145491][ T70] usb 5-1: Product: syz [ 91.153956][ T70] usb 5-1: Manufacturer: syz [ 91.155616][ T70] usb 5-1: SerialNumber: syz [ 91.162939][ T6500] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.305'. [ 91.170028][ T70] usb 5-1: config 0 descriptor?? [ 91.173935][ T6486] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.319212][ T6486] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.334600][ T6486] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.380312][ T1293] usb 5-1: USB disconnect, device number 5 [ 91.407532][ T6486] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.578586][ T6486] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.616598][ T6486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.623059][ T6486] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.637062][ T6486] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 91.640094][ T6486] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.689141][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.691645][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.701340][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.703803][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.862817][ T5352] Bluetooth: hci1: command 0x0c1a tx timeout [ 91.862892][ T5338] Bluetooth: hci2: command 0x0c1a tx timeout [ 91.864891][ T5352] Bluetooth: hci3: command 0x0406 tx timeout [ 91.865474][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.877936][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.880988][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.884375][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.887624][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.890677][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.895218][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.897929][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.900426][ T6508] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.307'. [ 91.947043][ T6513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 91.983294][ T6486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.009497][ T6486] veth0_vlan: entered promiscuous mode [ 92.018862][ T6486] veth1_vlan: entered promiscuous mode [ 92.038154][ T6486] veth0_macvtap: entered promiscuous mode [ 92.045074][ T6486] veth1_macvtap: entered promiscuous mode [ 92.056253][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.059873][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.063617][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.067051][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.071026][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.074584][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.077776][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.081325][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.086482][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.094203][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.097558][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.100861][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.104585][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.107822][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.111202][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.116196][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.121553][ T6486] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.125099][ T6486] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.128105][ T6486] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.131081][ T6486] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.185877][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.187950][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.228767][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.231646][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.240820][ T39] audit: type=1400 audit(1728195917.418:563): avc: denied { mounton } for pid=6486 comm="syz-executor" path="/syzkaller.Vaj7Xu/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 92.350449][ T5338] Bluetooth: hci4: command tx timeout [ 92.406097][ T39] audit: type=1400 audit(1728195917.548:564): avc: denied { bind } for pid=6518 comm="syz.2.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 92.676419][ T6523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 93.542461][ T39] audit: type=1400 audit(1728195918.718:565): avc: denied { wake_alarm } for pid=6534 comm="syz.2.313" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 93.854931][ T5399] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 93.983709][ T39] audit: type=1400 audit(1728195919.158:566): avc: denied { read } for pid=6547 comm="syz.1.318" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 93.989921][ T39] audit: type=1400 audit(1728195919.168:567): avc: denied { open } for pid=6547 comm="syz.1.318" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 94.012897][ T5399] usb 7-1: Using ep0 maxpacket: 32 [ 94.014730][ T39] audit: type=1400 audit(1728195919.198:568): avc: denied { ioctl } for pid=6547 comm="syz.1.318" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 94.026214][ T5399] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 94.029740][ T5399] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 94.036553][ T5399] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 94.039755][ T5399] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 94.042584][ T5399] usb 7-1: Product: syz [ 94.044672][ T5399] usb 7-1: Manufacturer: syz [ 94.046492][ T5399] usb 7-1: SerialNumber: syz [ 94.049737][ T5399] usb 7-1: config 0 descriptor?? [ 94.318753][ T6556] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0001 with DS=0x7 [ 94.337810][ T5468] usb 7-1: USB disconnect, device number 3 [ 94.387143][ T39] audit: type=1400 audit(1728195919.568:569): avc: denied { write } for pid=6553 comm="syz.3.319" name="/" dev="9p" ino=35921866 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 94.395449][ T39] audit: type=1400 audit(1728195919.568:570): avc: denied { add_name } for pid=6553 comm="syz.3.319" name="blkio.bfq.io_serviced" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 94.409263][ T39] audit: type=1400 audit(1728195919.568:571): avc: denied { create } for pid=6553 comm="syz.3.319" name="blkio.bfq.io_serviced" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 94.415499][ T39] audit: type=1400 audit(1728195919.568:572): avc: denied { associate } for pid=6553 comm="syz.3.319" name="blkio.bfq.io_serviced" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 94.417938][ T6557] netfs: Couldn't get user pages (rc=-14) [ 94.421366][ T39] audit: type=1400 audit(1728195919.578:573): avc: denied { read append open } for pid=6553 comm="syz.3.319" path="/79/file0/blkio.bfq.io_serviced" dev="9p" ino=35922914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 94.430237][ T39] audit: type=1400 audit(1728195919.578:574): avc: denied { map } for pid=6553 comm="syz.3.319" path="/79/file0/blkio.bfq.io_serviced" dev="9p" ino=35922914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 94.433720][ T5338] Bluetooth: hci4: command tx timeout [ 94.439822][ T39] audit: type=1400 audit(1728195919.578:575): avc: denied { write } for pid=6553 comm="syz.3.319" path="/79/file0/blkio.bfq.io_serviced" dev="9p" ino=35922914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 94.663172][ T6564] FAULT_INJECTION: forcing a failure. [ 94.663172][ T6564] name failslab, interval 1, probability 0, space 0, times 0 [ 94.667923][ T6564] CPU: 3 UID: 0 PID: 6564 Comm: syz.0.323 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 94.670900][ T6564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.674758][ T6564] Call Trace: [ 94.676001][ T6564] [ 94.677098][ T6564] dump_stack_lvl+0x16c/0x1f0 [ 94.678841][ T6564] should_fail_ex+0x497/0x5b0 [ 94.680556][ T6564] ? fs_reclaim_acquire+0xae/0x160 [ 94.682432][ T6564] should_failslab+0xc2/0x120 [ 94.684255][ T6564] __kmalloc_cache_noprof+0x6b/0x300 [ 94.686171][ T6564] ? copy_verifier_state+0xb3a/0xf20 [ 94.687955][ T6564] copy_verifier_state+0xb3a/0xf20 [ 94.689316][ T6564] ? kasan_save_track+0x14/0x30 [ 94.690893][ T6564] push_stack+0x1d9/0x550 [ 94.692467][ T6564] ? tnum_const+0x11/0x20 [ 94.694053][ T6564] check_cond_jmp_op+0xb7a/0x7c50 [ 94.695905][ T6564] ? vscnprintf+0x5b/0x90 [ 94.697535][ T6564] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 94.699524][ T6564] ? __pfx_print_verifier_state+0x10/0x10 [ 94.701603][ T6564] ? print_insn_state+0x86/0x170 [ 94.703463][ T6564] ? verbose_linfo+0x197/0x8b0 [ 94.704786][ T6564] do_check_common+0x7c5e/0xbd20 [ 94.706094][ T6564] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 94.707795][ T6564] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 94.709234][ T6564] ? __pfx_do_check_common+0x10/0x10 [ 94.710630][ T6564] ? __pfx_verbose+0x10/0x10 [ 94.712270][ T6564] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 94.714236][ T6564] bpf_check+0x71b0/0xb310 [ 94.715917][ T6564] ? kasan_save_stack+0x42/0x60 [ 94.717736][ T6564] ? __pfx_bpf_check+0x10/0x10 [ 94.719539][ T6564] ? __kasan_kmalloc+0xaa/0xb0 [ 94.721292][ T6564] ? selinux_bpf_prog_load+0x15f/0x1c0 [ 94.723283][ T6564] bpf_prog_load+0xedb/0x2660 [ 94.725031][ T6564] ? __pfx_bpf_prog_load+0x10/0x10 [ 94.727016][ T6564] ? avc_has_perm_noaudit+0x143/0x3a0 [ 94.728873][ T6564] ? selinux_bpf+0xde/0x130 [ 94.730121][ T6564] __sys_bpf+0x402b/0x49a0 [ 94.731660][ T6564] ? ksys_write+0x21e/0x260 [ 94.733349][ T6564] ? reacquire_held_locks+0x440/0x4c0 [ 94.735322][ T6564] ? __pfx___sys_bpf+0x10/0x10 [ 94.737059][ T6564] ? vfs_write+0x14d/0x1140 [ 94.738754][ T6564] ? __mutex_unlock_slowpath+0x164/0x650 [ 94.740741][ T6564] ? fput+0x30/0x390 [ 94.742173][ T6564] ? ksys_write+0x1ad/0x260 [ 94.743747][ T6564] ? __pfx_ksys_write+0x10/0x10 [ 94.745501][ T6564] __x64_sys_bpf+0x78/0xc0 [ 94.747145][ T6564] ? lockdep_hardirqs_on+0x7c/0x110 [ 94.748576][ T6564] do_syscall_64+0xcd/0x250 [ 94.749746][ T6564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.751665][ T6564] RIP: 0033:0x7fecf4b7dff9 [ 94.753325][ T6564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.760093][ T6564] RSP: 002b:00007fecf45ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 94.763049][ T6564] RAX: ffffffffffffffda RBX: 00007fecf4d35f80 RCX: 00007fecf4b7dff9 [ 94.766034][ T6564] RDX: 0000000000000090 RSI: 0000000020000440 RDI: 0000000000000005 [ 94.768883][ T6564] RBP: 00007fecf45ff090 R08: 0000000000000000 R09: 0000000000000000 [ 94.770981][ T6564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 94.773027][ T6564] R13: 0000000000000001 R14: 00007fecf4d35f80 R15: 00007ffc2c589218 [ 94.775395][ T6564] [ 94.821410][ T6566] FAULT_INJECTION: forcing a failure. [ 94.821410][ T6566] name failslab, interval 1, probability 0, space 0, times 0 [ 94.825430][ T6566] CPU: 2 UID: 0 PID: 6566 Comm: syz.0.324 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 94.829037][ T6566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.832674][ T6566] Call Trace: [ 94.833929][ T6566] [ 94.834993][ T6566] dump_stack_lvl+0x16c/0x1f0 [ 94.836675][ T6566] should_fail_ex+0x497/0x5b0 [ 94.838363][ T6566] ? fs_reclaim_acquire+0xae/0x160 [ 94.840183][ T6566] should_failslab+0xc2/0x120 [ 94.841892][ T6566] __kmalloc_noprof+0xcb/0x400 [ 94.843594][ T6566] ? d_absolute_path+0x137/0x1b0 [ 94.845362][ T6566] tomoyo_encode2+0x100/0x3e0 [ 94.847050][ T6566] tomoyo_encode+0x29/0x50 [ 94.848643][ T6566] tomoyo_realpath_from_path+0x19d/0x720 [ 94.850700][ T6566] tomoyo_path_number_perm+0x245/0x590 [ 94.852715][ T6566] ? tomoyo_path_number_perm+0x232/0x590 [ 94.854751][ T6566] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 94.857002][ T6566] ? trace_lock_acquire+0x14a/0x1d0 [ 94.858857][ T6566] ? lock_acquire+0x2f/0xb0 [ 94.860495][ T6566] ? __fget_files+0x40/0x3f0 [ 94.862180][ T6566] ? __fget_files+0x244/0x3f0 [ 94.863886][ T6566] security_file_ioctl+0x9b/0x240 [ 94.865695][ T6566] __x64_sys_ioctl+0xbb/0x220 [ 94.867372][ T6566] do_syscall_64+0xcd/0x250 [ 94.869002][ T6566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.871179][ T6566] RIP: 0033:0x7fecf4b7dff9 [ 94.872814][ T6566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.878253][ T6566] RSP: 002b:00007fecf45ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 94.880661][ T6566] RAX: ffffffffffffffda RBX: 00007fecf4d35f80 RCX: 00007fecf4b7dff9 [ 94.883443][ T6566] RDX: 0000000020000080 RSI: 00000000c034564b RDI: 0000000000000003 [ 94.886163][ T6566] RBP: 00007fecf45ff090 R08: 0000000000000000 R09: 0000000000000000 [ 94.888814][ T6566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.891503][ T6566] R13: 0000000000000000 R14: 00007fecf4d35f80 R15: 00007ffc2c589218 [ 94.894408][ T6566] [ 94.895675][ C2] vkms_vblank_simulate: vblank timer overrun [ 94.901901][ T6566] ERROR: Out of memory at tomoyo_realpath_from_path. [ 94.990250][ T6568] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 95.119054][ T6580] ------------[ cut here ]------------ [ 95.120798][ T6580] kmem_cache of name '9p-fcall-cache' already exists [ 95.122782][ T6580] WARNING: CPU: 3 PID: 6580 at mm/slab_common.c:107 __kmem_cache_create_args+0xb0/0x3c0 [ 95.125352][ T6580] Modules linked in: [ 95.126690][ T6580] CPU: 3 UID: 0 PID: 6580 Comm: syz.0.327 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 95.131574][ T6580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.135047][ T6580] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 95.136709][ T6580] Code: 98 48 3d f0 d5 31 8e 74 25 48 8b 7b 60 48 89 ee e8 85 5c 42 09 85 c0 75 e0 90 48 c7 c7 20 0c 7b 8d 48 89 ee e8 11 18 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 0f 5e 42 09 48 85 c0 0f 85 [ 95.141753][ T6580] RSP: 0018:ffffc90005587900 EFLAGS: 00010282 [ 95.143608][ T6580] RAX: 0000000000000000 RBX: ffff88802557b7c0 RCX: ffffc900079f2000 [ 95.145886][ T6580] RDX: 0000000000040000 RSI: ffffffff814e71b6 RDI: 0000000000000001 [ 95.147996][ T6580] RBP: ffffffff8cc38fa0 R08: 0000000000000001 R09: 0000000000000000 [ 95.150760][ T6580] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 95.153837][ T6580] R13: 0000000000020018 R14: ffffc900055879f0 R15: 0000000000020018 [ 95.156647][ T6580] FS: 00007fecf45de6c0(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000 [ 95.159806][ T6580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.162175][ T6580] CR2: 0000000000000000 CR3: 000000004d1d0000 CR4: 0000000000352ef0 [ 95.165436][ T6580] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.168217][ T6580] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.170959][ T6580] Call Trace: [ 95.172153][ T6580] [ 95.173343][ T6580] ? __warn+0xea/0x3d0 [ 95.174863][ T6580] ? __kmem_cache_create_args+0xb0/0x3c0 [ 95.176876][ T6580] ? report_bug+0x3c0/0x580 [ 95.178504][ T6580] ? handle_bug+0x54/0xa0 [ 95.180080][ T6580] ? exc_invalid_op+0x17/0x50 [ 95.181791][ T6580] ? asm_exc_invalid_op+0x1a/0x20 [ 95.183857][ T6580] ? __warn_printk+0x1a6/0x350 [ 95.185642][ T6580] ? __kmem_cache_create_args+0xb0/0x3c0 [ 95.187622][ T6580] p9_client_create+0xebd/0x11b0 [ 95.189426][ T6580] ? __pfx_p9_client_create+0x10/0x10 [ 95.191482][ T6580] ? __raw_spin_lock_init+0x3a/0x110 [ 95.193461][ T6580] v9fs_session_init+0x1f8/0x1a80 [ 95.195145][ T6580] ? __pfx_v9fs_session_init+0x10/0x10 [ 95.197514][ T6580] ? kasan_save_track+0x14/0x30 [ 95.199301][ T6580] v9fs_mount+0xc6/0xa50 [ 95.200854][ T6580] ? __pfx_v9fs_mount+0x10/0x10 [ 95.202614][ T6580] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 95.205187][ T6580] ? cap_capable+0x1cf/0x240 [ 95.206915][ T6580] ? __pfx_v9fs_mount+0x10/0x10 [ 95.208648][ T6580] legacy_get_tree+0x109/0x220 [ 95.210414][ T6580] vfs_get_tree+0x8f/0x380 [ 95.212055][ T6580] path_mount+0x14e6/0x1f20 [ 95.214545][ T6580] ? kmem_cache_free+0x152/0x4b0 [ 95.216331][ T6580] ? __pfx_path_mount+0x10/0x10 [ 95.218124][ T6580] ? putname+0x12e/0x170 [ 95.219654][ T6580] __x64_sys_mount+0x294/0x320 [ 95.221341][ T6580] ? __pfx___x64_sys_mount+0x10/0x10 [ 95.223359][ T6580] do_syscall_64+0xcd/0x250 [ 95.225031][ T6580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.227192][ T6580] RIP: 0033:0x7fecf4b7dff9 [ 95.228768][ T6580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.235009][ T6580] RSP: 002b:00007fecf45de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 95.237999][ T6580] RAX: ffffffffffffffda RBX: 00007fecf4d36058 RCX: 00007fecf4b7dff9 [ 95.240882][ T6580] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000 [ 95.243817][ T6580] RBP: 00007fecf4bf0296 R08: 00000000200002c0 R09: 0000000000000000 [ 95.246853][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.249685][ T6580] R13: 0000000000000000 R14: 00007fecf4d36058 R15: 00007ffc2c589218 [ 95.252429][ T6580] [ 95.253682][ T6580] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 95.256217][ T6580] CPU: 3 UID: 0 PID: 6580 Comm: syz.0.327 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 95.259846][ T6580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.263598][ T6580] Call Trace: [ 95.264788][ T6580] [ 95.265779][ T6580] dump_stack_lvl+0x3d/0x1f0 [ 95.267015][ T6580] panic+0x71d/0x800 [ 95.268052][ T6580] ? __pfx_panic+0x10/0x10 [ 95.269245][ T6580] ? show_trace_log_lvl+0x29d/0x3d0 [ 95.270634][ T6580] ? __kmem_cache_create_args+0xb0/0x3c0 [ 95.272108][ T6580] check_panic_on_warn+0xab/0xb0 [ 95.273429][ T6580] __warn+0xf6/0x3d0 [ 95.274482][ T6580] ? __kmem_cache_create_args+0xb0/0x3c0 [ 95.275977][ T6580] report_bug+0x3c0/0x580 [ 95.277130][ T6580] handle_bug+0x54/0xa0 [ 95.278217][ T6580] exc_invalid_op+0x17/0x50 [ 95.279417][ T6580] asm_exc_invalid_op+0x1a/0x20 [ 95.280705][ T6580] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 95.282350][ T6580] Code: 98 48 3d f0 d5 31 8e 74 25 48 8b 7b 60 48 89 ee e8 85 5c 42 09 85 c0 75 e0 90 48 c7 c7 20 0c 7b 8d 48 89 ee e8 11 18 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 0f 5e 42 09 48 85 c0 0f 85 [ 95.287366][ T6580] RSP: 0018:ffffc90005587900 EFLAGS: 00010282 [ 95.288961][ T6580] RAX: 0000000000000000 RBX: ffff88802557b7c0 RCX: ffffc900079f2000 [ 95.291030][ T6580] RDX: 0000000000040000 RSI: ffffffff814e71b6 RDI: 0000000000000001 [ 95.292998][ T6580] RBP: ffffffff8cc38fa0 R08: 0000000000000001 R09: 0000000000000000 [ 95.295066][ T6580] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 95.297129][ T6580] R13: 0000000000020018 R14: ffffc900055879f0 R15: 0000000000020018 [ 95.299194][ T6580] ? __warn_printk+0x1a6/0x350 [ 95.300465][ T6580] p9_client_create+0xebd/0x11b0 [ 95.301775][ T6580] ? __pfx_p9_client_create+0x10/0x10 [ 95.303177][ T6580] ? __raw_spin_lock_init+0x3a/0x110 [ 95.304567][ T6580] v9fs_session_init+0x1f8/0x1a80 [ 95.305908][ T6580] ? __pfx_v9fs_session_init+0x10/0x10 [ 95.307345][ T6580] ? kasan_save_track+0x14/0x30 [ 95.308627][ T6580] v9fs_mount+0xc6/0xa50 [ 95.309765][ T6580] ? __pfx_v9fs_mount+0x10/0x10 [ 95.311049][ T6580] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 95.312523][ T6580] ? cap_capable+0x1cf/0x240 [ 95.313759][ T6580] ? __pfx_v9fs_mount+0x10/0x10 [ 95.315046][ T6580] legacy_get_tree+0x109/0x220 [ 95.316318][ T6580] vfs_get_tree+0x8f/0x380 [ 95.317509][ T6580] path_mount+0x14e6/0x1f20 [ 95.318717][ T6580] ? kmem_cache_free+0x152/0x4b0 [ 95.320022][ T6580] ? __pfx_path_mount+0x10/0x10 [ 95.321311][ T6580] ? putname+0x12e/0x170 [ 95.322441][ T6580] __x64_sys_mount+0x294/0x320 [ 95.323717][ T6580] ? __pfx___x64_sys_mount+0x10/0x10 [ 95.325114][ T6580] do_syscall_64+0xcd/0x250 [ 95.326328][ T6580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.327878][ T6580] RIP: 0033:0x7fecf4b7dff9 [ 95.329044][ T6580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.333963][ T6580] RSP: 002b:00007fecf45de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 95.336121][ T6580] RAX: ffffffffffffffda RBX: 00007fecf4d36058 RCX: 00007fecf4b7dff9 [ 95.338170][ T6580] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000 [ 95.340257][ T6580] RBP: 00007fecf4bf0296 R08: 00000000200002c0 R09: 0000000000000000 [ 95.342311][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.344366][ T6580] R13: 0000000000000000 R14: 00007fecf4d36058 R15: 00007ffc2c589218 [ 95.346441][ T6580] [ 95.347813][ T6580] Kernel Offset: disabled [ 95.349087][ T6580] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:21:04 Registers: info registers vcpu 0 CPU#0 RAX=00000000003e9bc5 RBX=0000000000000000 RCX=ffffffff8b21cd99 RDX=0000000000000000 RSI=ffffffff8b6cd040 RDI=ffffffff8bd19e40 RBP=fffffbfff1bd2af8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed100d4c7025 R10=ffff88806a63812b R11=ffffffff8b6f86c0 R12=0000000000000000 R13=ffffffff8de957c0 R14=ffffffff905f3408 R15=0000000000000000 RIP=ffffffff8b21e17f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020022000 CR3=000000004f86c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc6b0c7db0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde211f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde211f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde211f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde211f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde211f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde211f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffffff813ae3b0 RBX=ffff88802fadc880 RCX=ffffffff815c4a28 RDX=dffffc0000000000 RSI=ffffffff8bd19dc0 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc90003c3f508 R8 =0000000000000000 R9 =fffffbfff20be681 R10=ffffffff905f340f R11=0000000000000001 R12=1ffff92000787ea2 R13=ffffc90003c3f530 R14=ffff88806a63fc90 R15=ffffffff8de957c0 RIP=ffffffff813ae3b0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055557bf0b500 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000201c6000 CR3=0000000025732000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde8c964b0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0237f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0237f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0237f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0237f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0237f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa0237f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080000001 RBX=ffffea0000d77c40 RCX=ffffffff81c703b7 RDX=ffff88802bf32440 RSI=ffffffff81c7012e RDI=0000000000000007 RBP=1ffff9200069df00 RSP=ffffc900034ef7f0 R8 =0000000000000007 R9 =0000018000000000 R10=0000018000000000 R11=0000000000000000 R12=00fff5800000422c R13=0000018000000000 R14=0000018000000000 R15=0000008000000000 RIP=ffffffff818d8168 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f9817667d60 CR3=000000000df7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9816b0b6a3 00007f9816b0b6a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdf242d710 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557e2984a0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557e2a460f 000055557e2a3120 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000036323335 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c9a019074000802 9080808002080980 8080800220540020 34000a00040a0180 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100030100003 8004060129fc0610 0003a00306100003 900301c0c8100003 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 800303ffffffff04 0004028410000601 4c9a019074000802 9080808002080980 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8080800220540020 34000a00040a0180 03f4a9cf7d602222 2e0770fa0b58071c ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fa2915fa7aa15c0c 006133cecf92329a db400801c403e7b8 8344057888c00699 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6461746162206220 3032616664626139 6666666666666666 0a322e79656b5f5f ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a79656b5f737361 6c635f6b636f6c5f 687361685f6c6162 6f6c675f74745f76 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 636f6c5f74745f76 6461746162206220 3036616664626139 6666666666666666 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6220303463346562 6139666666666666 66660a64695f7465 6e7265705f706374 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656b5f5f20622030 3863346562613966 666666666666660a 302e79656b5f5f20 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a30312e79656b5f 5f20622030636334 6562613966666666 666666660a392e79 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 666666660a37322e 79656b5f5f206220 3030643465626139 6666666666666666 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff850a61b0 RDI=ffffffff9aae1b40 RBP=ffffffff9aae1b00 RSP=ffffc90005587210 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff355c3ba R15=dffffc0000000000 RIP=ffffffff850a61d7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fecf45de6c0 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000004d1d0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4bf1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4bf1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4bf113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4bf114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4bf11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4bf12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4d0b488 00007fecf4d0b480 00007fecf4d0b478 00007fecf4d0b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf586d100 00007fecf4d0b440 00007fecf4d0b458 00007fecf4d0b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecf4d0b498 00007fecf4d0b490 00007fecf4d0b488 00007fecf4d0b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000