last executing test programs: 3.718319275s ago: executing program 0 (id=678): capset(&(0x7f0000000300)={0x20071026}, &(0x7f0000000340)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pread64(r1, &(0x7f0000000440)=""/197, 0xc5, 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffe}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x4001}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@ipv4_delroute={0x24, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x20, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @multicast1}]}, 0x24}}, 0x0) 3.536742009s ago: executing program 0 (id=679): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x1000004) 3.36988762s ago: executing program 0 (id=684): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x4000, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000400)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000001400)=ANY=[@ANYRESOCT]) 3.240143146s ago: executing program 0 (id=685): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x406, @dev={0xfe, 0x80, '\x00', 0x10}, 0xd}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0xd, &(0x7f0000000000), 0x4) listen(r1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x800, 0xfffffffffffffe5a, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0300cafa049bc8443f0e0aed000000000000080000002200000010800100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r2, @ANYRES32=r4, @ANYBLOB="05"], 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000a40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8c}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="040000000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) r7 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@udp=r7}, 0x20) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r8, 0x407, 0x7000000) fcntl$setpipe(r8, 0x407, 0x100000) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000680)=""/130, &(0x7f0000000080)=0x82) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="1201100300000008961b1400400001020301090224000101fd759440ae26f68cd1a3f571a04f13646e82eb403f215b35d9028006090400e00203010305092101"], &(0x7f0000000300)={0x0, 0x0, 0x5, &(0x7f0000000780)=ANY=[@ANYBLOB="050f050000440de51a6682d9accc1ca4f298a7c294420952c934f38d3007000000d36ca7fa632a5b16cdf816fb2604fb3d62d841bf6ae23fffb60828d9f3fb691c4cbceb6498a486f0877b6da0e25a98f019209f5d0a22d9d94549cf12bd88cee37d82afb46a29b7f5d4c4eae9308014b5dbf65a77d8ff98bf5c5dfe22fc4f3af7163ba2d944aff8792e55d490201b2a6684018fa37f934197450bc6c254e400d0563a4114e3ba342dc70bd62d245c53aa9a070bee7ab4058d050163f94499c2fd9deaaa1c1d65b55ae919edb7"]}) write$binfmt_script(r9, &(0x7f0000000340)={'#! ', './file0', [{0x20, '#! '}, {0x20, '#! '}, {0x20, '\x14\x05F\r\x0e\xd9\v\xcd*${+)-[\xc1\xc6\f/\xe3\xe3m\x90\\^\xb0@%-**/,}'}, {0x20, '\x9f\x8el2\xea\xd7\xb0>\xe6K\x06\x98\nz\xa2u=8\xb4e\xed\x9b\x87\\\xce\x168*A\xf1\x12t\x1fW\xd4k\f>\xfb\x81J\xaa\xe10\x84=%\b\xa5\xfd\x1d\x82*L\xc2\xb9Xu\x80\xf2\xf8\xb1\xd1\x81\x7fVh\xe4B\x9b-\x00'/86}], 0xa, "de3e6eb910e62fd8aea078f8571d2d4dea82b2d23cfd23abd3292acebfa7098fe280ea735ead96d0986b728f11046049259f65916f383bdf5a87eeb99d794eb9f4"}, 0xce) open(&(0x7f0000000d40)='./file0\x00', 0x42c3, 0x0) r10 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) r11 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r11, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r11, &(0x7f0000005240), 0x4000095, 0x0) fcntl$setlease(r10, 0x400, 0x0) 3.130337938s ago: executing program 3 (id=688): timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) timer_settime(r0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, &(0x7f0000000080)) timer_settime(r0, 0x0, 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) pwritev(r2, &(0x7f0000000780)=[{&(0x7f00000001c0)="8b7b0aec79948004bb372b0227fdbd55f6f2402b396957fcdf7791e956bea518d131d3b4f5b2ad5202cecaa6dd14a7055be801b28dc3667777fae21bc49b48e9e755debda8d69c1adf4c80e2acfe21ee668f31134a9f1fd07bbdd69f1e25c4760420d31a2d", 0x65}, {0x0}], 0x2, 0x0, 0x9) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000010cc0), 0x0, 0x20000014) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xe7a8, 0x400, 0x7ffe, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x0, 0x2161, 0x1, {0x2}}) io_uring_enter(r3, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xf, &(0x7f0000000200)=0x2, 0x4) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) syz_usb_connect$uac1(0x4, 0xb4, &(0x7f0000000500)=ANY=[@ANYBLOB="12011003000000386b1d01014000010203010902a200030181109c0904000000010100000a2401bb9600020102082405050cfc80410924030303030505ab09040100000102000009040b010101920a0aeb6781020000072401f7060300152402ff000000ff646f46fa29090501092000093b02072501820207000904020000010200000904020101010200000e240202000806000905c7d8d055102402020200d70000066a8c81d25bd1010403072501060521cc000000000000"], &(0x7f00000003c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0x5, 0x6, 0x68, 0xff, 0x5}, 0x1a, &(0x7f0000000300)=ANY=[@ANYBLOB="1002001e0100038e7b73289a648b313c100b0b80"], 0x1, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x300a}}]}) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x482) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r6}, 0x8) syz_open_dev$loop(0x0, 0x1, 0x400000) fchdir(0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 2.779530213s ago: executing program 2 (id=689): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3, 0x6, 0x2, 0x8, 0xdfe, 0xa4, 0x100, 0xebf, 0x2b1}}}}]}, 0x58}}, 0x4044880) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd26, 0xfffffffc, {0x60, 0x0, 0x0, r2, {0xfff3, 0x3}, {0xd, 0xa}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x3, 0x6}}]}}]}, 0x48}}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[@ANYBLOB="10010020", @ANYRES16=r4, @ANYBLOB="01002dbd7000fcdbdf25010000000800070007000000e000088058000080060005000010000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39221400040002004e20ac14143400000000000000001400040002004e24ac141430000000000000000048000080200004000a004e21ffffffff200100000000000000000000000000000300000024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c3c0000801400040002004e217f000001000000000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1400020077673100"/266], 0x110}, 0x1, 0x0, 0x0, 0x4010}, 0x4008020) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) r5 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r5, 0xc2604110, &(0x7f0000000300)={0x0, [[0x9ef8], [0x10000], [0x7]], '\x00', [{0xffffffff}, {0x0, 0x10}, {}, {0x0, 0x80000000, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x5f, 0x1}, {}, {}, {0x0, 0x3}, {0x0, 0xffffffee}], '\x00', 0x1000}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r6, 0x401054d5, &(0x7f0000000040)) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000003e0007010300000000000000017c0000040042800c00018006000600843b0000100002800c0009"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) 2.620208792s ago: executing program 2 (id=690): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8000000000000008, 0x34be01) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x2}}) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x2004c884, &(0x7f0000000180)={0xa, 0x4e20, 0x8000002, @dev={0xfe, 0x80, '\x00', 0x17}}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r3, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc0287c02, &(0x7f0000000b80)={0x80000000, 0x0, &(0x7f0000000b00)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_ENTITIES(r5, 0xc1007c01, &(0x7f0000001380)={r6}) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000840)=[@text64={0x40, &(0x7f0000002140)="460f01f82ef30f09f3c11202656467660f3881b78e4a0000c42275bab10e000000b805000000b9000001000f01d9b8010000000f01c166450f38252eb9f30800000f320f2120", 0x46}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r9, 0x0, 0x0) syz_usb_control_io$printer(r9, 0x0, 0x0) r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r10, 0x80045b10, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r11 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSETD(r11, 0x5423, &(0x7f0000000000)=0x15) ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000140)=0x91) socket(0x10, 0x3, 0x0) 1.758908534s ago: executing program 3 (id=692): syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x800}}}}}}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000008c0)={0xc0}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00') 1.679595937s ago: executing program 3 (id=694): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x500, 0x0, 0x6, 0x0, @rand_addr=0x640100fe, @local}, {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe}}}}}}, 0x0) 1.630283492s ago: executing program 3 (id=696): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000004240)=0x7fff, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x1000000, @mcast1}, 0x1c) 1.629968426s ago: executing program 3 (id=697): unshare(0x22020600) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) r0 = syz_io_uring_setup(0x1714, &(0x7f0000000300)={0x0, 0x2dd2, 0x10100, 0x0, 0xffffffdc}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000002140)='./file0\x00', &(0x7f0000002180)='./file0\x00'}) io_uring_enter(r0, 0x636f, 0x1, 0x29, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x40, 0x5d, 0x2, 0x8}, {0x6, 0x0, 0x6, 0x1}]}, 0x10) bind$bt_hci(r3, &(0x7f0000000180)={0x1f, 0x0, 0x1}, 0x6) pselect6(0x0, 0x0, &(0x7f0000000440)={0x8, 0xfffffffffffffff7, 0x200, 0x6, 0x3, 0x7, 0xffff, 0x7}, &(0x7f0000000480)={0x5, 0x303, 0x40, 0x0, 0x1, 0xffffffff, 0x9, 0x1}, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='fd\x00') getdents64(r5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) r8 = dup(r7) ioctl$PTP_EXTTS_REQUEST2(r8, 0xc4c03d12, 0x0) sendmsg$DEVLINK_CMD_GET(r8, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x240000c0}, 0x8040) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000040), &(0x7f0000000080)=r6}, 0x20) io_uring_setup(0x1de0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) r10 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r10, 0xc0109207, &(0x7f0000000080)={0x0, 0xffffffffffffff71}) syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r11 = syz_open_procfs(0x0, &(0x7f0000000180)='fd\x00') statx(r11, 0x0, 0x1000, 0x6000, 0x0) write(r3, &(0x7f0000000140)="01020000010006", 0x7) 1.490264133s ago: executing program 2 (id=698): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) close_range(r0, 0xffffffffffffffff, 0x0) (fail_nth: 1) 1.440370266s ago: executing program 2 (id=699): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x0, 0x79}, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYRES64=r1], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="b90103606989068c3c270040f00000", 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$CDROM_GET_CAPABILITY(r3, 0x5331) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x880) ioctl$HIDIOCGREPORT(r5, 0x400c4807, &(0x7f0000000100)={0x3, 0x0, 0x4}) 728.702881ms ago: executing program 3 (id=702): timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) timer_settime(r0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, &(0x7f0000000080)) timer_settime(r0, 0x0, 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) pwritev(r2, &(0x7f0000000780)=[{&(0x7f00000001c0)="8b7b0aec79948004bb372b0227fdbd55f6f2402b396957fcdf7791e956bea518d131d3b4f5b2ad5202cecaa6dd14a7055be801b28dc3667777fae21bc49b48e9e755debda8d69c1adf4c80e2acfe21ee668f31134a9f1fd07bbdd69f1e25c4760420d31a2d", 0x65}, {0x0}], 0x2, 0x0, 0x9) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000010cc0), 0x0, 0x20000014) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xe7a8, 0x400, 0x7ffe, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}], 0x2}, 0x0, 0x2161, 0x1, {0x2}}) io_uring_enter(r3, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xf, 0x0, 0x0) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) syz_usb_connect$uac1(0x4, 0xb4, &(0x7f0000000500)=ANY=[@ANYBLOB="12011003000000386b1d01014000010203010902a200030181109c0904000000010100000a2401bb9600020102082405050cfc80410924030303030505ab09040100000102000009040b010101920a0aeb6781020000072401f7060300152402ff000000ff646f46fa29090501092000093b02072501820207000904020000010200000904020101010200000e240202000806000905c7d8d055102402020200d70000066a8c81d25bd1010403072501060521cc000000000000"], &(0x7f00000003c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0x5, 0x6, 0x68, 0xff, 0x5}, 0x1a, &(0x7f0000000300)=ANY=[@ANYBLOB="1002001e0100038e7b73289a648b313c100b0b80"], 0x1, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x300a}}]}) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x482) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r6}, 0x8) syz_open_dev$loop(0x0, 0x1, 0x400000) fchdir(0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 500.237553ms ago: executing program 1 (id=708): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) (fail_nth: 4) 399.911774ms ago: executing program 1 (id=709): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08"], 0x122}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x39, 0x2a, 0x400, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe9, 0x7}, {0xfff3}, {0xd, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x240508c8}, 0x40004) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) r2 = fsopen(&(0x7f0000000100)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000040)='context', &(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r3, 0x0, 0x22, &(0x7f00000000c0)=0xffffff18, 0x3) mmap(&(0x7f00001ec000/0x14000)=nil, 0x14000, 0x1000000, 0x16ced51db0ddbe34, r3, 0x10000) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002180)='net/icmp6\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x2010, r4, 0x296d3000) r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0) mmap(&(0x7f00005c9000/0x3000)=nil, 0x3000, 0x0, 0x4012011, r5, 0x7de16000) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') syz_clone(0xa61a2100, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x63, &(0x7f0000002100)={'icmp\x00'}, &(0x7f0000002140)=0x1e) prctl$PR_SCHED_CORE(0x24, 0x1, 0x0, 0x0, 0x0) r7 = syz_open_dev$loop(&(0x7f00000020c0), 0x8, 0x771582) ioctl$LOOP_SET_CAPACITY(r7, 0x4c07) read$FUSE(r6, &(0x7f0000000080)={0x2020}, 0x2020) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r9 = socket(0x2000000000000021, 0x2, 0x10000000000002) getsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, 0x0, 0x0) r10 = dup(r8) write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c) 329.066984ms ago: executing program 1 (id=710): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, &(0x7f0000001500)="267600410f01b00000000066b88e000f00d066420f3a14ce5736430f0164b107b805000000b9060000000f01c1f30f01330f015b7548b80c000000000000000f23d80f21f835800000000f23f8f30fc733", 0x51}], 0x1, 0x43, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x1, 0x4, 0x4, 0x80, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x3}, 0x50) ioctl$KVM_RUN(r2, 0xae80, 0xf400000000000000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 210.390474ms ago: executing program 0 (id=711): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000051000cff500000000ffffffff00000700", @ANYRES32=0x0, @ANYBLOB="000000000140060030001280080001006873720024000280050007000100000008000100", @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32=r1], 0x50}}, 0x0) 210.092784ms ago: executing program 1 (id=712): setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000001140)=ANY=[@ANYBLOB="030000000000000002004e23e0"], 0x90) add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073"], 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000810) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40080) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'vlan0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x6c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xf}, {}, {0x5, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x40, 0x2, [@TCA_U32_SEL={0x34, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}]}}]}, 0x6c}}, 0x24040084) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) syz_open_dev$mouse(&(0x7f0000000040), 0x9, 0x34403) 209.857934ms ago: executing program 0 (id=713): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) dup3(r1, r0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68942, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 149.941832ms ago: executing program 1 (id=714): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000400)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000001400)=ANY=[@ANYRESOCT]) 149.593618ms ago: executing program 1 (id=715): syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905", @ANYRES32], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect(0x1, 0x0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x1800000000000000) 269.86µs ago: executing program 2 (id=716): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90) r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed0000000800020006000000080002000400"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', 0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r4, 0x8b1b, &(0x7f0000000040)) 0s ago: executing program 2 (id=717): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x300, 0x168, 0x1170, 0x1170, 0x0, 0x1170, 0x390, 0x1398, 0x1398, 0x390, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x88}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@multiport={{0x50}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x360) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="8200000000000000f1000040"]) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000)) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r7, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r7, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYBLOB="9309979318cea90f0fa80c9abe9a9a5b7ab27d8837e2b2be7f3cd5bb883be2a07eb3c7878f6df0100091949d46416cb849c67f59783dd556ed9c8083ea6b0994f1bfc321b75e07ea6322770d4a40eb42623aed7c265f200286df25e0f39a8e8f090bbf9313415dd1171f0aa7dc0546323e064bf44530fbbef48f3a89bee9d42309156f917dad4e8ab2de1028f6f717a3cb8d3399e3250fff6a01348646ef1ef9", @ANYBLOB=',rootmode=0000040000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESHEX, @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r8, {0x7, 0x29, 0x0, 0x809000}}, 0x50) r9 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) ioctl$FIBMAP(r9, 0x401070cd, &(0x7f0000000000)) kernel console output (not intermixed with test programs): 7f04f07b5fa0 RCX: 00007f04f058e929 [ 73.622197][ T6819] RDX: 0000000000040000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 73.622206][ T6819] RBP: 00007f04f1464090 R08: 0000000000000000 R09: 0000000000000000 [ 73.622212][ T6819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.622219][ T6819] R13: 0000000000000000 R14: 00007f04f07b5fa0 R15: 00007fff3cd21c58 [ 73.622232][ T6819] [ 73.622255][ T6819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.265'. [ 73.755205][ T6819] hsr_slave_0 (unregistering): left promiscuous mode [ 73.866966][ T6839] loop6: detected capacity change from 0 to 7 [ 73.869189][ T6839] FAULT_INJECTION: forcing a failure. [ 73.869189][ T6839] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 73.874009][ T6839] CPU: 3 UID: 0 PID: 6839 Comm: syz.1.273 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 73.874026][ T6839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.874034][ T6839] Call Trace: [ 73.874037][ T6839] [ 73.874042][ T6839] dump_stack_lvl+0x16c/0x1f0 [ 73.874063][ T6839] should_fail_ex+0x512/0x640 [ 73.874081][ T6839] should_fail_alloc_page+0xe7/0x130 [ 73.874099][ T6839] prepare_alloc_pages+0x3c2/0x610 [ 73.874111][ T6839] ? rcu_is_watching+0x12/0xc0 [ 73.874126][ T6839] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 73.874144][ T6839] ? rcu_is_watching+0x12/0xc0 [ 73.874157][ T6839] ? trace_mm_page_alloc+0x11f/0x1a0 [ 73.874168][ T6839] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 73.874183][ T6839] ? stack_trace_save+0x8e/0xc0 [ 73.874198][ T6839] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 73.874218][ T6839] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 73.874233][ T6839] ? __get_vm_area_node+0x1ca/0x330 [ 73.874244][ T6839] ? __vmalloc_node_noprof+0xad/0xf0 [ 73.874254][ T6839] ? bdev_disk_changed+0x48d/0x1520 [ 73.874271][ T6839] ? loop_reread_partitions+0x70/0x140 [ 73.874288][ T6839] ? loop_configure+0x1230/0x1720 [ 73.874298][ T6839] ? lo_ioctl+0x1295/0x2760 [ 73.874309][ T6839] ? blkdev_ioctl+0x277/0x6d0 [ 73.874319][ T6839] ? __x64_sys_ioctl+0x18b/0x210 [ 73.874341][ T6839] alloc_pages_bulk_noprof+0x71c/0x1410 [ 73.874356][ T6839] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 73.874370][ T6839] ? policy_nodemask+0xea/0x4e0 [ 73.874388][ T6839] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 73.874407][ T6839] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 73.874430][ T6839] kasan_populate_vmalloc+0xf1/0x1f0 [ 73.874449][ T6839] alloc_vmap_area+0x959/0x29c0 [ 73.874473][ T6839] ? __pfx_alloc_vmap_area+0x10/0x10 [ 73.874494][ T6839] __get_vm_area_node+0x1ca/0x330 [ 73.874508][ T6839] __vmalloc_node_range_noprof+0x271/0x14b0 [ 73.874521][ T6839] ? bdev_disk_changed+0x48d/0x1520 [ 73.874542][ T6839] ? bdev_disk_changed+0x48d/0x1520 [ 73.874562][ T6839] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 73.874579][ T6839] ? bdev_disk_changed+0x48d/0x1520 [ 73.874595][ T6839] __vmalloc_node_noprof+0xad/0xf0 [ 73.874607][ T6839] ? bdev_disk_changed+0x48d/0x1520 [ 73.874625][ T6839] bdev_disk_changed+0x48d/0x1520 [ 73.874643][ T6839] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 73.874663][ T6839] ? __pfx_bdev_disk_changed+0x10/0x10 [ 73.874684][ T6839] loop_reread_partitions+0x70/0x140 [ 73.874703][ T6839] loop_configure+0x1230/0x1720 [ 73.874725][ T6839] ? __pfx_loop_configure+0x10/0x10 [ 73.874749][ T6839] lo_ioctl+0x1295/0x2760 [ 73.874761][ T6839] ? __lock_acquire+0xb8a/0x1c90 [ 73.874781][ T6839] ? __lock_acquire+0x622/0x1c90 [ 73.874804][ T6839] ? __pfx_lo_ioctl+0x10/0x10 [ 73.874815][ T6839] ? find_held_lock+0x2b/0x80 [ 73.874829][ T6839] ? avc_has_extended_perms+0x33a/0x1090 [ 73.874842][ T6839] ? avc_has_extended_perms+0x47c/0x1090 [ 73.874857][ T6839] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 73.874868][ T6839] ? kasan_quarantine_put+0x10a/0x240 [ 73.874881][ T6839] ? lockdep_hardirqs_on+0x7c/0x110 [ 73.874898][ T6839] ? find_held_lock+0x2b/0x80 [ 73.874915][ T6839] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 73.874927][ T6839] ? blkdev_common_ioctl+0x1dd/0x2480 [ 73.874954][ T6839] ? __pfx_lo_ioctl+0x10/0x10 [ 73.874965][ T6839] blkdev_ioctl+0x277/0x6d0 [ 73.874975][ T6839] ? __pfx_blkdev_ioctl+0x10/0x10 [ 73.874985][ T6839] ? selinux_file_ioctl+0x180/0x270 [ 73.874999][ T6839] ? selinux_file_ioctl+0xb4/0x270 [ 73.875014][ T6839] ? __pfx_blkdev_ioctl+0x10/0x10 [ 73.875025][ T6839] __x64_sys_ioctl+0x18b/0x210 [ 73.875038][ T6839] do_syscall_64+0xcd/0x4c0 [ 73.875054][ T6839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.875065][ T6839] RIP: 0033:0x7f04f058e929 [ 73.875074][ T6839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.875085][ T6839] RSP: 002b:00007f04f1464038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.875095][ T6839] RAX: ffffffffffffffda RBX: 00007f04f07b5fa0 RCX: 00007f04f058e929 [ 73.875102][ T6839] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 73.875108][ T6839] RBP: 00007f04f1464090 R08: 0000000000000000 R09: 0000000000000000 [ 73.875114][ T6839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 73.875120][ T6839] R13: 0000000000000000 R14: 00007f04f07b5fa0 R15: 00007fff3cd21c58 [ 73.875133][ T6839] [ 73.897809][ T5932] Bluetooth: hci2: command 0x0406 tx timeout [ 73.933036][ T6843] usb usb9: check_ctrlrecip: process 6843 (syz.1.275) requesting ep 01 but needs 81 [ 74.031415][ T6843] usb usb9: usbfs: process 6843 (syz.1.275) did not claim interface 0 before use [ 74.092964][ T4196] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 74.222663][ T6868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'. [ 74.230307][ T6868] tipc: Started in network mode [ 74.233007][ T6868] tipc: Node identity aaaaaaaaaaaa, cluster identity 4711 [ 74.235852][ T6868] tipc: Enabled bearer , priority 10 [ 74.239063][ T6868] netlink: 14 bytes leftover after parsing attributes in process `syz.0.285'. [ 74.242119][ T6868] tipc: Resetting bearer [ 74.254095][ T6868] tipc: Disabling bearer [ 74.271957][ T6874] gtp0: entered promiscuous mode [ 74.272898][ T4196] usb 8-1: Using ep0 maxpacket: 8 [ 74.272945][ T6876] netlink: 52 bytes leftover after parsing attributes in process `syz.1.289'. [ 74.275907][ T6876] sctp: [Deprecated]: syz.1.289 (pid 6876) Use of struct sctp_assoc_value in delayed_ack socket option. [ 74.275907][ T6876] Use struct sctp_sack_info instead [ 74.280498][ T4196] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 74.285452][ T4196] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 74.288476][ T4196] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 74.291396][ T4196] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 74.294990][ T4196] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 74.298976][ T4196] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 74.301788][ T4196] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.312605][ T6879] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.291'. [ 74.464400][ T6899] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 74.481863][ T6899] kvm: pic: non byte read [ 74.484604][ T6899] kvm: pic: non byte read [ 74.487164][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.298'. [ 74.487603][ T6899] kvm: pic: non byte read [ 74.494076][ T6899] kvm: pic: non byte read [ 74.497006][ T6899] kvm: pic: non byte read [ 74.514756][ T4196] usb 8-1: GET_CAPABILITIES returned 0 [ 74.520203][ T4196] usbtmc 8-1:16.0: can't read capabilities [ 74.535522][ T6899] kvm: pic: non byte read [ 74.540078][ T6899] kvm: pic: non byte read [ 74.549616][ T6906] FAULT_INJECTION: forcing a failure. [ 74.549616][ T6906] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 74.557526][ T6906] CPU: 1 UID: 0 PID: 6906 Comm: syz.0.301 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 74.557542][ T6906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.557549][ T6906] Call Trace: [ 74.557554][ T6906] [ 74.557557][ T6906] dump_stack_lvl+0x16c/0x1f0 [ 74.557578][ T6906] should_fail_ex+0x512/0x640 [ 74.557593][ T6906] _copy_from_user+0x2e/0xd0 [ 74.557609][ T6906] copy_msghdr_from_user+0x98/0x160 [ 74.557625][ T6906] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 74.557646][ T6906] ___sys_sendmsg+0xfe/0x1d0 [ 74.557661][ T6906] ? __pfx____sys_sendmsg+0x10/0x10 [ 74.557675][ T6906] ? __lock_acquire+0x622/0x1c90 [ 74.557706][ T6906] __sys_sendmsg+0x16d/0x220 [ 74.557721][ T6906] ? __pfx___sys_sendmsg+0x10/0x10 [ 74.557744][ T6906] do_syscall_64+0xcd/0x4c0 [ 74.557762][ T6906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.557773][ T6906] RIP: 0033:0x7fb087d8e929 [ 74.557781][ T6906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.557792][ T6906] RSP: 002b:00007fb088c63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.557803][ T6906] RAX: ffffffffffffffda RBX: 00007fb087fb5fa0 RCX: 00007fb087d8e929 [ 74.557810][ T6906] RDX: 0000000020000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 74.557816][ T6906] RBP: 00007fb088c63090 R08: 0000000000000000 R09: 0000000000000000 [ 74.557822][ T6906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 74.557828][ T6906] R13: 0000000000000000 R14: 00007fb087fb5fa0 R15: 00007ffc0866dd78 [ 74.557841][ T6906] [ 74.716567][ T5972] usb 8-1: USB disconnect, device number 6 [ 74.734465][ T6911] hugetlbfs: syz.0.303 (6911): Using mlock ulimits for SHM_HUGETLB is obsolete [ 74.955260][ T6939] netlink: 12 bytes leftover after parsing attributes in process `syz.0.312'. [ 75.034512][ T6943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.313'. [ 75.094552][ T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 75.204451][ T6947] FAULT_INJECTION: forcing a failure. [ 75.204451][ T6947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 75.208509][ T6947] CPU: 1 UID: 0 PID: 6947 Comm: syz.0.314 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 75.208525][ T6947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.208532][ T6947] Call Trace: [ 75.208536][ T6947] [ 75.208540][ T6947] dump_stack_lvl+0x16c/0x1f0 [ 75.208560][ T6947] should_fail_ex+0x512/0x640 [ 75.208578][ T6947] _copy_from_user+0x2e/0xd0 [ 75.208593][ T6947] copy_msghdr_from_user+0x98/0x160 [ 75.208610][ T6947] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 75.208631][ T6947] ___sys_sendmsg+0xfe/0x1d0 [ 75.208646][ T6947] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.208660][ T6947] ? __lock_acquire+0x622/0x1c90 [ 75.208692][ T6947] __sys_sendmsg+0x16d/0x220 [ 75.208707][ T6947] ? __pfx___sys_sendmsg+0x10/0x10 [ 75.208730][ T6947] do_syscall_64+0xcd/0x4c0 [ 75.208747][ T6947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.208758][ T6947] RIP: 0033:0x7fb087d8e929 [ 75.208767][ T6947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.208778][ T6947] RSP: 002b:00007fb088c63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.208788][ T6947] RAX: ffffffffffffffda RBX: 00007fb087fb5fa0 RCX: 00007fb087d8e929 [ 75.208795][ T6947] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 75.208801][ T6947] RBP: 00007fb088c63090 R08: 0000000000000000 R09: 0000000000000000 [ 75.208809][ T6947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.208815][ T6947] R13: 0000000000000000 R14: 00007fb087fb5fa0 R15: 00007ffc0866dd78 [ 75.208828][ T6947] [ 75.276218][ T6951] netlink: 20 bytes leftover after parsing attributes in process `syz.1.315'. [ 75.283875][ T10] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 75.287287][ T6955] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 75.289478][ T6955] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 75.292488][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.295701][ T6955] vhci_hcd vhci_hcd.0: Device attached [ 75.297798][ T6957] vhci_hcd: connection closed [ 75.297885][ T10] usb 7-1: config 0 has no interfaces? [ 75.298132][ T5932] Bluetooth: hci1: unknown advertising packet type: 0x82 [ 75.298553][ T6354] vhci_hcd: stop threads [ 75.298572][ T6354] vhci_hcd: release socket [ 75.298579][ T6354] vhci_hcd: disconnect device [ 75.300156][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.301251][ T5932] Bluetooth: hci1: Malformed LE Event: 0x02 [ 75.304017][ T10] usb 7-1: config 0 has no interfaces? [ 75.316415][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.319584][ T10] usb 7-1: config 0 has no interfaces? [ 75.322052][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.325807][ T10] usb 7-1: config 0 has no interfaces? [ 75.339959][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.343128][ T10] usb 7-1: config 0 has no interfaces? [ 75.346199][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.349340][ T10] usb 7-1: config 0 has no interfaces? [ 75.351833][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.356483][ T10] usb 7-1: config 0 has no interfaces? [ 75.359703][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.364240][ T10] usb 7-1: config 0 has no interfaces? [ 75.368506][ T10] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 75.372150][ T10] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 75.375688][ T10] usb 7-1: Product: syz [ 75.377518][ T10] usb 7-1: Manufacturer: syz [ 75.379404][ T10] usb 7-1: SerialNumber: syz [ 75.385038][ T10] usb 7-1: config 0 descriptor?? [ 75.412573][ T6970] netlink: 52 bytes leftover after parsing attributes in process `syz.1.322'. [ 75.594207][ T10] usb 7-1: USB disconnect, device number 5 [ 75.911670][ T6984] JFS: charset not found [ 75.942369][ T6992] set match dimension is over the limit! [ 76.835745][ T7020] kvm: Disabled LAPIC found during irq injection [ 76.888859][ T7020] hsr_slave_0 (unregistering): left promiscuous mode [ 77.083162][ T4196] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 77.210396][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 77.210407][ T40] audit: type=1400 audit(1751037011.465:345): avc: denied { create } for pid=7032 comm="syz.1.345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 77.234261][ T4196] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 77.237435][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.240536][ T4196] usb 8-1: config 0 has no interfaces? [ 77.243320][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.246379][ T4196] usb 8-1: config 0 has no interfaces? [ 77.248802][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.251788][ T4196] usb 8-1: config 0 has no interfaces? [ 77.254456][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.257474][ T4196] usb 8-1: config 0 has no interfaces? [ 77.259815][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.263045][ T4196] usb 8-1: config 0 has no interfaces? [ 77.265387][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.268442][ T4196] usb 8-1: config 0 has no interfaces? [ 77.271140][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.275936][ T4196] usb 8-1: config 0 has no interfaces? [ 77.279960][ T4196] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.280473][ T40] audit: type=1400 audit(1751037011.535:346): avc: denied { getopt } for pid=7032 comm="syz.1.345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 77.282929][ T61] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 77.284408][ T4196] usb 8-1: config 0 has no interfaces? [ 77.297150][ T4196] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 77.299933][ T4196] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 77.302446][ T4196] usb 8-1: Product: syz [ 77.303977][ T4196] usb 8-1: Manufacturer: syz [ 77.305409][ T4196] usb 8-1: SerialNumber: syz [ 77.308116][ T4196] usb 8-1: config 0 descriptor?? [ 77.323490][ T7041] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 77.400723][ T7047] cgroup: fork rejected by pids controller in /syz1 [ 77.445001][ T61] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 77.448536][ T61] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 77.451728][ T61] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 77.456889][ T61] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 77.460383][ T61] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 77.463937][ T61] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 77.466964][ T61] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.476504][ T7028] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 77.480417][ T61] hub 5-1:1.0: bad descriptor, ignoring hub [ 77.482338][ T61] hub 5-1:1.0: probe with driver hub failed with error -5 [ 77.485403][ T61] cdc_wdm 5-1:1.0: skipping garbage [ 77.487241][ T61] cdc_wdm 5-1:1.0: skipping garbage [ 77.489678][ T61] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 77.491538][ T61] cdc_wdm 5-1:1.0: Unknown control protocol [ 77.517387][ T61] usb 8-1: USB disconnect, device number 7 [ 77.682383][ T40] audit: type=1400 audit(1751037011.935:347): avc: denied { read write } for pid=7027 comm="syz.0.342" name="cdc-wdm0" dev="devtmpfs" ino=2916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 77.691295][ T40] audit: type=1400 audit(1751037011.935:348): avc: denied { open } for pid=7027 comm="syz.0.342" path="/dev/cdc-wdm0" dev="devtmpfs" ino=2916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 77.713134][ T7059] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 77.715404][ T7059] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 77.718271][ T7059] vhci_hcd vhci_hcd.0: Device attached [ 77.720478][ T5932] Bluetooth: hci0: unknown advertising packet type: 0x82 [ 77.720496][ T5932] Bluetooth: hci0: Malformed LE Event: 0x02 [ 77.724931][ T7060] vhci_hcd: connection closed [ 77.725144][ T6394] vhci_hcd: stop threads [ 77.728180][ T6394] vhci_hcd: release socket [ 77.729628][ T6394] vhci_hcd: disconnect device [ 77.768166][ T6344] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.856212][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 77.858904][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 77.860455][ T6344] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.860579][ T40] audit: type=1400 audit(1751037012.115:349): avc: denied { execute } for pid=7063 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 77.860744][ T40] audit: type=1400 audit(1751037012.115:350): avc: denied { execute_no_trans } for pid=7063 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 77.861591][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 77.886667][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 77.889406][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 77.893038][ C3] vkms_vblank_simulate: vblank timer overrun [ 77.923290][ T61] usb 5-1: USB disconnect, device number 3 [ 78.000923][ T5294] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.002427][ T6344] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.005231][ T5294] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.011314][ T5294] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.015296][ T5294] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.018816][ T5294] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.085486][ T6344] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.140753][ T7064] chnl_net:caif_netlink_parms(): no params data found [ 78.202659][ T7064] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.207818][ T7064] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.210532][ T7064] bridge_slave_0: entered allmulticast mode [ 78.214075][ T7064] bridge_slave_0: entered promiscuous mode [ 78.217111][ T7064] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.219322][ T7064] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.221556][ T7064] bridge_slave_1: entered allmulticast mode [ 78.224219][ T7064] bridge_slave_1: entered promiscuous mode [ 78.265250][ T7064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.269658][ T7064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.291012][ T7077] xt_hashlimit: size too large, truncated to 1048576 [ 78.358156][ T7064] team0: Port device team_slave_0 added [ 78.362188][ T7064] team0: Port device team_slave_1 added [ 78.442721][ T6344] bridge_slave_1: left allmulticast mode [ 78.447409][ T6344] bridge_slave_1: left promiscuous mode [ 78.450491][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.455981][ T6344] bridge_slave_0: left allmulticast mode [ 78.457882][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.730985][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 78.738065][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 78.741615][ T6344] bond0 (unregistering): Released all slaves [ 78.749801][ T7064] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.752052][ T7064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.759986][ T7064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.767089][ T7064] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.769288][ T7064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.777452][ T7064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.862522][ T7064] hsr_slave_0: entered promiscuous mode [ 78.865122][ T7064] hsr_slave_1: entered promiscuous mode [ 78.875561][ T7106] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 78.877592][ T7106] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 78.879901][ T7106] vhci_hcd vhci_hcd.0: Device attached [ 78.882762][ T5294] Bluetooth: hci3: unknown advertising packet type: 0x82 [ 78.882807][ T5294] Bluetooth: hci3: Malformed LE Event: 0x02 [ 78.884286][ T7107] vhci_hcd: connection closed [ 78.887677][ T6376] vhci_hcd: stop threads [ 78.890517][ T6376] vhci_hcd: release socket [ 78.892226][ T6376] vhci_hcd: disconnect device [ 78.965512][ T40] audit: type=1400 audit(1751037013.225:351): avc: denied { ioctl } for pid=7101 comm="syz.3.365" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x54a2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.204593][ T6344] hsr_slave_1: left promiscuous mode [ 79.207187][ T6344] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 79.209531][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 79.212214][ T6344] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 79.214630][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 79.244318][ T6344] veth1_macvtap: left promiscuous mode [ 79.246519][ T6344] veth0_macvtap: left promiscuous mode [ 79.248370][ T6344] veth1_vlan: left promiscuous mode [ 79.250101][ T6344] veth0_vlan: left promiscuous mode [ 79.583527][ T7132] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 79.752423][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 79.827409][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 79.835285][ T40] audit: type=1400 audit(1751037014.085:352): avc: denied { watch } for pid=7139 comm="syz.3.374" path="/97" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 79.836345][ T7140] capability: warning: `syz.3.374' uses 32-bit capabilities (legacy support in use) [ 79.888458][ T6015] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 79.892039][ T6015] hid-generic 0000:0000:0000.0006: hidraw1: HID v0.00 Device [syz1] on syz0 [ 79.913358][ T1026] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 80.043409][ T5294] Bluetooth: hci2: command tx timeout [ 80.065137][ T1026] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 80.069573][ T1026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 80.073321][ T1026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 80.077155][ T1026] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 80.081301][ T1026] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 80.084309][ T1026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.088339][ T1026] usb 5-1: config 0 descriptor?? [ 80.302912][ T5972] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 80.461035][ T5972] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.465138][ T5972] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 80.468022][ T5972] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 80.470875][ T5972] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.476376][ T5972] usb 8-1: config 0 descriptor?? [ 80.480269][ T5972] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 80.485273][ T5972] dvb-usb: bulk message failed: -22 (3/0) [ 80.490157][ T5972] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 80.493412][ T5972] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 80.494681][ T1026] plantronics 0003:047F:FFFF.0007: ignoring exceeding usage max [ 80.495564][ T5972] usb 8-1: media controller created [ 80.497135][ T5972] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 80.513444][ T1026] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 80.520592][ T5972] dvb-usb: bulk message failed: -22 (6/0) [ 80.524136][ T5972] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 80.529747][ T5972] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input6 [ 80.538238][ T7064] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.539531][ T5972] dvb-usb: schedule remote query interval to 150 msecs. [ 80.542765][ T5972] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 80.545185][ T40] audit: type=1400 audit(1751037014.795:353): avc: denied { read } for pid=5328 comm="acpid" name="event4" dev="devtmpfs" ino=2935 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 80.553019][ T40] audit: type=1400 audit(1751037014.795:354): avc: denied { open } for pid=5328 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2935 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 80.568909][ T7064] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.579333][ T7064] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.586199][ T7064] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.634594][ T7064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.642571][ T7064] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.648038][ T6354] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.650303][ T6354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.656991][ T6385] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.659216][ T6385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.687023][ T837] usb 8-1: USB disconnect, device number 8 [ 80.721522][ T837] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 80.756187][ T7135] __nla_validate_parse: 4 callbacks suppressed [ 80.756200][ T7135] netlink: 28 bytes leftover after parsing attributes in process `syz.0.372'. [ 80.765770][ T5972] usb 5-1: USB disconnect, device number 4 [ 80.811691][ T7064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.831965][ T7064] veth0_vlan: entered promiscuous mode [ 80.844067][ T7064] veth1_vlan: entered promiscuous mode [ 80.867570][ T7064] veth0_macvtap: entered promiscuous mode [ 80.874603][ T7064] veth1_macvtap: entered promiscuous mode [ 80.888124][ T7064] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.895856][ T7064] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.901380][ T7064] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.905169][ T7064] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.907962][ T7064] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.910626][ T7064] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.938248][ T6354] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.942665][ T6354] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.956337][ T6354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.958764][ T6354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.200603][ T7195] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 81.323026][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.337353][ T24] cfg80211: failed to load regulatory.db [ 81.347646][ T7207] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.416070][ T7214] loop6: detected capacity change from 0 to 63 [ 81.418330][ T7214] buffer_io_error: 14138 callbacks suppressed [ 81.418339][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.423006][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.426251][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.429212][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.432399][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.436390][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.439769][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.443512][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.447580][ T7214] ldm_validate_partition_table(): Disk read failed. [ 81.450429][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.455851][ T7214] Buffer I/O error on dev loop6, logical block 0, async page read [ 81.458607][ T7214] Dev loop6: unable to read RDB block 0 [ 81.461388][ T7214] loop6: unable to read partition table [ 81.470529][ T7214] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 81.486474][ T7218] kvm: kvm [7217]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x1a0000000003 [ 81.510556][ T7218] kvm: kvm [7217]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x1a0000000003 [ 81.514381][ T7218] kvm: kvm [7217]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3 [ 81.534564][ T7218] kvm_intel: kvm [7217]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x1d9) = 0x3 [ 81.598551][ T5343] ldm_validate_partition_table(): Disk read failed. [ 81.600889][ T5343] Dev loop6: unable to read RDB block 0 [ 81.602726][ T7224] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 81.603214][ T5343] loop6: unable to read partition table [ 81.604669][ T7224] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 81.606848][ T7224] vhci_hcd vhci_hcd.0: Device attached [ 81.623301][ T7225] vhci_hcd: connection closed [ 81.623472][ T6385] vhci_hcd: stop threads [ 81.624116][ T5294] Bluetooth: hci2: unknown advertising packet type: 0x82 [ 81.624909][ T6385] vhci_hcd: release socket [ 81.624919][ T6385] vhci_hcd: disconnect device [ 81.634640][ T5294] Bluetooth: hci2: Malformed LE Event: 0x02 [ 81.717190][ T7228] ======================================================= [ 81.717190][ T7228] WARNING: The mand mount option has been deprecated and [ 81.717190][ T7228] and is ignored by this kernel. Remove the mand [ 81.717190][ T7228] option from the mount to silence this warning. [ 81.717190][ T7228] ======================================================= [ 81.973049][ T34] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 82.122972][ T5294] Bluetooth: hci2: command tx timeout [ 82.137203][ T34] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 82.140658][ T34] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 82.145199][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 82.149344][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 82.156276][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 82.161437][ T34] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 82.165905][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.172660][ T34] usb 7-1: config 0 descriptor?? [ 82.215603][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 82.215615][ T40] audit: type=1400 audit(1751037016.475:368): avc: denied { write } for pid=7233 comm="syz.1.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 82.396127][ T7248] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 82.441558][ T7251] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 82.443669][ T7251] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 82.446417][ T7251] vhci_hcd vhci_hcd.0: Device attached [ 82.449873][ T5294] Bluetooth: hci3: unknown advertising packet type: 0x82 [ 82.449891][ T5294] Bluetooth: hci3: Malformed LE Event: 0x02 [ 82.450618][ T7252] vhci_hcd: connection closed [ 82.455287][ T6344] vhci_hcd: stop threads [ 82.458161][ T6344] vhci_hcd: release socket [ 82.459589][ T6344] vhci_hcd: disconnect device [ 82.580931][ T34] plantronics 0003:047F:FFFF.0008: reserved main item tag 0xd [ 82.591065][ T34] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 82.843746][ T40] audit: type=1400 audit(1751037017.105:369): avc: denied { ioctl } for pid=7227 comm="syz.2.391" path="socket:[17413]" dev="sockfs" ino=17413 ioctlcmd=0x4814 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 82.845333][ T34] usb 7-1: USB disconnect, device number 6 [ 82.978710][ T7257] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 83.092795][ T7264] netlink: 52 bytes leftover after parsing attributes in process `syz.0.405'. [ 83.315729][ T40] audit: type=1400 audit(1751037017.575:370): avc: denied { getopt } for pid=7279 comm="syz.0.410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 83.319525][ T7281] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62802 sclass=netlink_route_socket pid=7281 comm=syz.0.410 [ 83.340748][ T40] audit: type=1400 audit(1751037017.595:371): avc: denied { connect } for pid=7279 comm="syz.0.410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 83.354082][ T837] hid-generic 0005:10CF:0009.0009: unknown main item tag 0x0 [ 83.359974][ T837] hid-generic 0005:10CF:0009.0009: hidraw1: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa [ 83.389908][ T40] audit: type=1400 audit(1751037017.645:372): avc: denied { unmount } for pid=5930 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 83.418933][ T7290] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 83.421045][ T7290] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 83.425076][ T7290] vhci_hcd vhci_hcd.0: Device attached [ 83.427498][ T5294] Bluetooth: hci0: unknown advertising packet type: 0x82 [ 83.427516][ T5294] Bluetooth: hci0: unknown advertising packet type: 0x80 [ 83.429754][ T5294] Bluetooth: hci0: Malformed LE Event: 0x02 [ 83.434523][ T7292] vhci_hcd: connection closed [ 83.434930][ T6385] vhci_hcd: stop threads [ 83.437860][ T6385] vhci_hcd: release socket [ 83.439418][ T6385] vhci_hcd: disconnect device [ 83.938801][ T7302] netlink: 52 bytes leftover after parsing attributes in process `syz.3.414'. [ 83.963295][ T5294] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 83.966877][ T5294] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 83.966956][ T5294] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 83.973308][ T5294] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 83.983895][ T40] audit: type=1400 audit(1751037018.245:373): avc: denied { setopt } for pid=7306 comm="syz.3.416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 83.997407][ T5294] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 84.028746][ T7311] loop6: detected capacity change from 0 to 7 [ 84.034124][ T7311] FAULT_INJECTION: forcing a failure. [ 84.034124][ T7311] name failslab, interval 1, probability 0, space 0, times 0 [ 84.038180][ T7311] CPU: 0 UID: 0 PID: 7311 Comm: syz.2.417 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 84.038197][ T7311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.038204][ T7311] Call Trace: [ 84.038208][ T7311] [ 84.038213][ T7311] dump_stack_lvl+0x16c/0x1f0 [ 84.038251][ T7311] should_fail_ex+0x512/0x640 [ 84.038270][ T7311] ? __kmalloc_node_noprof+0xc5/0x500 [ 84.038288][ T7311] should_failslab+0xc2/0x120 [ 84.038304][ T7311] __kmalloc_node_noprof+0xd8/0x500 [ 84.038317][ T7311] ? __get_vm_area_node+0x208/0x330 [ 84.038328][ T7311] ? __vmalloc_node_range_noprof+0x3e5/0x14b0 [ 84.038342][ T7311] __vmalloc_node_range_noprof+0x3e5/0x14b0 [ 84.038358][ T7311] ? bdev_disk_changed+0x48d/0x1520 [ 84.038378][ T7311] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 84.038395][ T7311] ? bdev_disk_changed+0x48d/0x1520 [ 84.038410][ T7311] __vmalloc_node_noprof+0xad/0xf0 [ 84.038421][ T7311] ? bdev_disk_changed+0x48d/0x1520 [ 84.038438][ T7311] bdev_disk_changed+0x48d/0x1520 [ 84.038455][ T7311] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 84.038474][ T7311] ? __pfx_bdev_disk_changed+0x10/0x10 [ 84.038494][ T7311] loop_reread_partitions+0x70/0x140 [ 84.038513][ T7311] loop_configure+0x1230/0x1720 [ 84.038541][ T7311] ? __pfx_loop_configure+0x10/0x10 [ 84.038564][ T7311] lo_ioctl+0x1295/0x2760 [ 84.038575][ T7311] ? __lock_acquire+0xb8a/0x1c90 [ 84.038595][ T7311] ? __lock_acquire+0x622/0x1c90 [ 84.038616][ T7311] ? __pfx_lo_ioctl+0x10/0x10 [ 84.038627][ T7311] ? find_held_lock+0x2b/0x80 [ 84.038640][ T7311] ? avc_has_extended_perms+0x33a/0x1090 [ 84.038653][ T7311] ? avc_has_extended_perms+0x47c/0x1090 [ 84.038667][ T7311] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 84.038677][ T7311] ? kasan_quarantine_put+0x10a/0x240 [ 84.038690][ T7311] ? lockdep_hardirqs_on+0x7c/0x110 [ 84.038706][ T7311] ? find_held_lock+0x2b/0x80 [ 84.038722][ T7311] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 84.038736][ T7311] ? blkdev_common_ioctl+0x1dd/0x2480 [ 84.038762][ T7311] ? __pfx_lo_ioctl+0x10/0x10 [ 84.038773][ T7311] blkdev_ioctl+0x277/0x6d0 [ 84.038784][ T7311] ? __pfx_blkdev_ioctl+0x10/0x10 [ 84.038794][ T7311] ? selinux_file_ioctl+0x180/0x270 [ 84.038808][ T7311] ? selinux_file_ioctl+0xb4/0x270 [ 84.038823][ T7311] ? __pfx_blkdev_ioctl+0x10/0x10 [ 84.038834][ T7311] __x64_sys_ioctl+0x18b/0x210 [ 84.038848][ T7311] do_syscall_64+0xcd/0x4c0 [ 84.038865][ T7311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.038876][ T7311] RIP: 0033:0x7fe93b38e929 [ 84.038885][ T7311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.038896][ T7311] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.038907][ T7311] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 84.038914][ T7311] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 84.038920][ T7311] RBP: 00007fe93c1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 84.038926][ T7311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 84.038932][ T7311] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 84.038945][ T7311] [ 84.038950][ T7311] warn_alloc: 1 callbacks suppressed [ 84.038956][ T7311] syz.2.417: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 84.149234][ T7311] CPU: 0 UID: 0 PID: 7311 Comm: syz.2.417 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 84.149249][ T7311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.149256][ T7311] Call Trace: [ 84.149260][ T7311] [ 84.149264][ T7311] dump_stack_lvl+0x16c/0x1f0 [ 84.149284][ T7311] warn_alloc+0x248/0x3a0 [ 84.149299][ T7311] ? __pfx_warn_alloc+0x10/0x10 [ 84.149311][ T7311] ? dump_stack_lvl+0x185/0x1f0 [ 84.149325][ T7311] ? lockdep_hardirqs_on+0x7c/0x110 [ 84.149344][ T7311] ? rcu_is_watching+0x12/0xc0 [ 84.149358][ T7311] ? trace_kmalloc+0x2b/0xd0 [ 84.149373][ T7311] ? __get_vm_area_node+0x208/0x330 [ 84.149387][ T7311] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 84.149403][ T7311] ? bdev_disk_changed+0x48d/0x1520 [ 84.149423][ T7311] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 84.149440][ T7311] ? bdev_disk_changed+0x48d/0x1520 [ 84.149455][ T7311] __vmalloc_node_noprof+0xad/0xf0 [ 84.149466][ T7311] ? bdev_disk_changed+0x48d/0x1520 [ 84.149483][ T7311] bdev_disk_changed+0x48d/0x1520 [ 84.149501][ T7311] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 84.149525][ T7311] ? __pfx_bdev_disk_changed+0x10/0x10 [ 84.149545][ T7311] loop_reread_partitions+0x70/0x140 [ 84.149564][ T7311] loop_configure+0x1230/0x1720 [ 84.149585][ T7311] ? __pfx_loop_configure+0x10/0x10 [ 84.149609][ T7311] lo_ioctl+0x1295/0x2760 [ 84.149620][ T7311] ? __lock_acquire+0xb8a/0x1c90 [ 84.149639][ T7311] ? __lock_acquire+0x622/0x1c90 [ 84.149660][ T7311] ? __pfx_lo_ioctl+0x10/0x10 [ 84.149671][ T7311] ? find_held_lock+0x2b/0x80 [ 84.149684][ T7311] ? avc_has_extended_perms+0x33a/0x1090 [ 84.149697][ T7311] ? avc_has_extended_perms+0x47c/0x1090 [ 84.149711][ T7311] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 84.149721][ T7311] ? kasan_quarantine_put+0x10a/0x240 [ 84.149735][ T7311] ? lockdep_hardirqs_on+0x7c/0x110 [ 84.149751][ T7311] ? find_held_lock+0x2b/0x80 [ 84.149767][ T7311] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 84.149780][ T7311] ? blkdev_common_ioctl+0x1dd/0x2480 [ 84.149807][ T7311] ? __pfx_lo_ioctl+0x10/0x10 [ 84.149818][ T7311] blkdev_ioctl+0x277/0x6d0 [ 84.149829][ T7311] ? __pfx_blkdev_ioctl+0x10/0x10 [ 84.149839][ T7311] ? selinux_file_ioctl+0x180/0x270 [ 84.149853][ T7311] ? selinux_file_ioctl+0xb4/0x270 [ 84.149867][ T7311] ? __pfx_blkdev_ioctl+0x10/0x10 [ 84.149891][ T7311] __x64_sys_ioctl+0x18b/0x210 [ 84.149905][ T7311] do_syscall_64+0xcd/0x4c0 [ 84.149922][ T7311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.149933][ T7311] RIP: 0033:0x7fe93b38e929 [ 84.149942][ T7311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.149952][ T7311] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.149962][ T7311] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 84.149969][ T7311] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 84.149975][ T7311] RBP: 00007fe93c1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 84.149981][ T7311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 84.149987][ T7311] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 84.150001][ T7311] [ 84.150153][ T7311] Mem-Info: [ 84.150160][ T7311] active_anon:14236 inactive_anon:0 isolated_anon:0 [ 84.150160][ T7311] active_file:13632 inactive_file:40590 isolated_file:0 [ 84.150160][ T7311] unevictable:1768 dirty:581 writeback:0 [ 84.150160][ T7311] slab_reclaimable:11619 slab_unreclaimable:71197 [ 84.150160][ T7311] mapped:30223 shmem:7921 pagetables:1342 [ 84.150160][ T7311] sec_pagetables:305 bounce:0 [ 84.150160][ T7311] kernel_misc_reclaimable:0 [ 84.150160][ T7311] free:451893 free_pcp:14155 free_cma:0 [ 84.150187][ T7311] Node 0 active_anon:56944kB inactive_anon:0kB active_file:54328kB inactive_file:162152kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:120768kB dirty:2316kB writeback:0kB shmem:28148kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14384kB pagetables:5128kB sec_pagetables:1220kB all_unreclaimable? no Balloon:0kB [ 84.150216][ T7311] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:208kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:124kB dirty:8kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:240kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 84.150242][ T7311] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 84.150272][ T7311] lowmem_reserve[]: 0 1235 1235 1235 1235 [ 84.150293][ T7311] Node 0 DMA32 free:187672kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:56944kB inactive_anon:0kB active_file:54328kB inactive_file:162152kB unevictable:3536kB writepending:2316kB present:2080628kB managed:1264684kB mlocked:0kB bounce:0kB free_pcp:39468kB local_pcp:6788kB free_cma:0kB [ 84.150323][ T7311] lowmem_reserve[]: 0 0 0 0 0 [ 84.150343][ T7311] Node 1 Normal free:1604540kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:208kB unevictable:3536kB writepending:8kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:17152kB local_pcp:4016kB free_cma:0kB [ 84.150373][ T7311] lowmem_reserve[]: 0 0 0 0 0 [ 84.150392][ T7311] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 84.150457][ T7311] Node 0 DMA32: 1004*4kB (UE) 33*8kB (UM) 24*16kB (UME) 65*32kB (UE) 98*64kB (UME) 36*128kB (UME) 40*256kB (UM) 46*512kB (UM) 27*1024kB (UME) 9*2048kB (UM) 22*4096kB (UM) = 187608kB [ 84.150551][ T7311] Node 1 Normal: 5*4kB (ME) 5*8kB (ME) 10*16kB (UME) 5*32kB (E) 15*64kB (UE) 9*128kB (UME) 6*256kB (UE) 4*512kB (ME) 1*1024kB (U) 2*2048kB (UM) 389*4096kB (M) = 1604540kB [ 84.150640][ T7311] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 84.150649][ T7311] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 84.150657][ T7311] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 84.150666][ T7311] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 84.150674][ T7311] 62139 total pagecache pages [ 84.150678][ T7311] 0 pages in swap cache [ 84.150682][ T7311] Free swap = 124996kB [ 84.150686][ T7311] Total swap = 124996kB [ 84.150690][ T7311] 1048443 pages RAM [ 84.150694][ T7311] 0 pages HighMem/MovableOnly [ 84.150698][ T7311] 282943 pages reserved [ 84.150701][ T7311] 0 pages cma reserved [ 84.202690][ T7325] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 84.244720][ T5294] Bluetooth: hci2: command tx timeout [ 84.245621][ T7325] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 84.378446][ T7325] vhci_hcd vhci_hcd.0: Device attached [ 84.382810][ T5294] Bluetooth: hci1: unknown advertising packet type: 0x82 [ 84.382929][ T7326] vhci_hcd: connection closed [ 84.385140][ T5294] Bluetooth: hci1: unknown advertising packet type: 0x80 [ 84.386647][ T6374] vhci_hcd: stop threads [ 84.386650][ T5294] Bluetooth: hci1: Malformed LE Event: 0x02 [ 84.392592][ T6374] vhci_hcd: release socket [ 84.395098][ T6374] vhci_hcd: disconnect device [ 84.528717][ T7335] netlink: 52 bytes leftover after parsing attributes in process `syz.2.425'. [ 84.589000][ T40] audit: type=1400 audit(1751037018.845:374): avc: denied { bind } for pid=7338 comm="syz.2.427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 84.717389][ T40] audit: type=1400 audit(1751037018.975:375): avc: denied { recv } for pid=5918 comm="syz-executor" saddr=127.0.0.1 src=47612 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 84.741608][ T7354] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5) [ 84.761174][ T40] audit: type=1400 audit(1751037019.015:376): avc: denied { recv } for pid=5918 comm="syz-executor" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=47612 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 84.780218][ T7358] FAULT_INJECTION: forcing a failure. [ 84.780218][ T7358] name failslab, interval 1, probability 0, space 0, times 0 [ 84.785008][ T7358] CPU: 2 UID: 0 PID: 7358 Comm: syz.1.434 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 84.785025][ T7358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.785032][ T7358] Call Trace: [ 84.785035][ T7358] [ 84.785039][ T7358] dump_stack_lvl+0x16c/0x1f0 [ 84.785060][ T7358] should_fail_ex+0x512/0x640 [ 84.785074][ T7358] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 84.785091][ T7358] should_failslab+0xc2/0x120 [ 84.785106][ T7358] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 84.785120][ T7358] ? __alloc_skb+0x2b2/0x380 [ 84.785137][ T7358] __alloc_skb+0x2b2/0x380 [ 84.785150][ T7358] ? __pfx___alloc_skb+0x10/0x10 [ 84.785163][ T7358] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 84.785178][ T7358] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 84.785195][ T7358] netlink_alloc_large_skb+0x69/0x130 [ 84.785209][ T7358] netlink_sendmsg+0x6a1/0xdd0 [ 84.785222][ T7358] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.785237][ T7358] ____sys_sendmsg+0xa95/0xc70 [ 84.785249][ T7358] ? copy_msghdr_from_user+0x10a/0x160 [ 84.785264][ T7358] ? __pfx_____sys_sendmsg+0x10/0x10 [ 84.785282][ T7358] ___sys_sendmsg+0x134/0x1d0 [ 84.785298][ T7358] ? __pfx____sys_sendmsg+0x10/0x10 [ 84.785311][ T7358] ? __lock_acquire+0x622/0x1c90 [ 84.785343][ T7358] __sys_sendmsg+0x16d/0x220 [ 84.785358][ T7358] ? __pfx___sys_sendmsg+0x10/0x10 [ 84.785381][ T7358] do_syscall_64+0xcd/0x4c0 [ 84.785397][ T7358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.785408][ T7358] RIP: 0033:0x7ff417f8e929 [ 84.785417][ T7358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.785428][ T7358] RSP: 002b:00007ff418d39038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.785438][ T7358] RAX: ffffffffffffffda RBX: 00007ff4181b5fa0 RCX: 00007ff417f8e929 [ 84.785445][ T7358] RDX: 0000000020000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 84.785451][ T7358] RBP: 00007ff418d39090 R08: 0000000000000000 R09: 0000000000000000 [ 84.785458][ T7358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.785464][ T7358] R13: 0000000000000000 R14: 00007ff4181b5fa0 R15: 00007ffcf5ac05c8 [ 84.785476][ T7358] [ 85.087974][ T40] audit: type=1400 audit(1751037019.345:377): avc: denied { bind } for pid=7369 comm="syz.1.438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 85.271113][ T7380] fuse: Bad value for 'fd' [ 85.283115][ T61] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 85.409614][ T7387] netlink: 12 bytes leftover after parsing attributes in process `syz.1.445'. [ 85.454880][ T7391] netlink: 52 bytes leftover after parsing attributes in process `syz.3.446'. [ 85.462965][ T61] usb 5-1: Using ep0 maxpacket: 8 [ 85.465801][ T61] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 85.468909][ T61] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 85.471830][ T61] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 85.475066][ T61] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 85.478898][ T61] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 85.482392][ T61] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.521742][ T7396] netlink: 45 bytes leftover after parsing attributes in process `syz.1.449'. [ 85.587029][ T7394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.448'. [ 85.655462][ T7394] hsr_slave_1 (unregistering): left promiscuous mode [ 85.703929][ T7404] FAULT_INJECTION: forcing a failure. [ 85.703929][ T7404] name failslab, interval 1, probability 0, space 0, times 0 [ 85.704805][ T61] usb 5-1: usb_control_msg returned -32 [ 85.707951][ T7404] CPU: 0 UID: 0 PID: 7404 Comm: syz.2.452 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 85.707968][ T7404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.707975][ T7404] Call Trace: [ 85.707979][ T7404] [ 85.707983][ T7404] dump_stack_lvl+0x16c/0x1f0 [ 85.708020][ T7404] should_fail_ex+0x512/0x640 [ 85.708035][ T7404] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 85.708051][ T7404] should_failslab+0xc2/0x120 [ 85.708068][ T7404] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 85.708082][ T7404] ? __alloc_skb+0x2b2/0x380 [ 85.708098][ T7404] __alloc_skb+0x2b2/0x380 [ 85.708112][ T7404] ? __pfx___alloc_skb+0x10/0x10 [ 85.708127][ T7404] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 85.708141][ T7404] netlink_alloc_large_skb+0x69/0x130 [ 85.708152][ T7404] netlink_sendmsg+0x6a1/0xdd0 [ 85.708165][ T7404] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.708180][ T7404] ____sys_sendmsg+0xa95/0xc70 [ 85.708192][ T7404] ? copy_msghdr_from_user+0x10a/0x160 [ 85.708207][ T7404] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.708223][ T7404] ___sys_sendmsg+0x134/0x1d0 [ 85.708239][ T7404] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.708253][ T7404] ? __lock_acquire+0x622/0x1c90 [ 85.708285][ T7404] __sys_sendmsg+0x16d/0x220 [ 85.708300][ T7404] ? __pfx___sys_sendmsg+0x10/0x10 [ 85.708323][ T7404] do_syscall_64+0xcd/0x4c0 [ 85.708340][ T7404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.708351][ T7404] RIP: 0033:0x7fe93b38e929 [ 85.708362][ T7404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.708373][ T7404] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.708383][ T7404] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 85.708389][ T7404] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 85.708396][ T7404] RBP: 00007fe93c1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 85.708402][ T7404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.708408][ T7404] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 85.708420][ T7404] [ 85.779916][ T61] usbtmc 5-1:16.0: can't read capabilities [ 85.919783][ T7417] netlink: 52 bytes leftover after parsing attributes in process `syz.3.456'. [ 85.985903][ T7421] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 85.988059][ T7421] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 85.990545][ T7421] vhci_hcd vhci_hcd.0: Device attached [ 85.996087][ T5294] Bluetooth: hci1: unknown advertising packet type: 0x82 [ 85.996115][ T5294] Bluetooth: hci1: Malformed LE Event: 0x02 [ 85.999541][ T7422] vhci_hcd: connection closed [ 86.002968][ T6354] vhci_hcd: stop threads [ 86.006711][ T6354] vhci_hcd: release socket [ 86.008476][ T6354] vhci_hcd: disconnect device [ 86.032165][ T7425] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 86.034275][ T7425] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 86.036935][ T7425] vhci_hcd vhci_hcd.0: Device attached [ 86.040991][ T5294] Bluetooth: hci0: unknown advertising packet type: 0x82 [ 86.041017][ T5294] Bluetooth: hci0: unknown advertising packet type: 0x80 [ 86.041211][ T7426] vhci_hcd: connection closed [ 86.044250][ T5294] Bluetooth: hci0: Malformed LE Event: 0x02 [ 86.047324][ T6374] vhci_hcd: stop threads [ 86.053586][ T6374] vhci_hcd: release socket [ 86.055439][ T6374] vhci_hcd: disconnect device [ 86.058073][ T7428] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 86.060956][ T24] usb 5-1: USB disconnect, device number 5 [ 86.283020][ T5294] Bluetooth: hci2: command tx timeout [ 86.490115][ T7432] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 86.492382][ T7432] syzkaller1: linktype set to 6 [ 86.634924][ T7447] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 86.717619][ T7453] fuse: Bad value for 'fd' [ 86.785386][ T7455] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 86.827161][ T7457] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 86.829251][ T7457] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 86.831878][ T7457] vhci_hcd vhci_hcd.0: Device attached [ 86.836884][ T5294] Bluetooth: hci2: Malformed LE Event: 0x02 [ 86.836937][ T7458] vhci_hcd: connection closed [ 86.839307][ T6374] vhci_hcd: stop threads [ 86.843892][ T6374] vhci_hcd: release socket [ 86.845442][ T6374] vhci_hcd: disconnect device [ 87.393813][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 87.393823][ T40] audit: type=1400 audit(1751037021.655:387): avc: denied { append } for pid=7462 comm="syz.1.472" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 87.413072][ T7465] xt_hashlimit: size too large, truncated to 1048576 [ 87.498834][ T40] audit: type=1400 audit(1751037021.755:388): avc: denied { read } for pid=7472 comm="syz.1.477" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 87.499102][ T40] audit: type=1400 audit(1751037021.755:389): avc: denied { open } for pid=7472 comm="syz.1.477" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 87.502194][ T7474] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5135 sclass=netlink_route_socket pid=7474 comm=syz.1.477 [ 87.509832][ T7475] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 87.518363][ T40] audit: type=1400 audit(1751037021.775:390): avc: denied { create } for pid=7472 comm="syz.1.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 87.555161][ T7479] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 87.557502][ T7479] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 87.560832][ T7479] vhci_hcd vhci_hcd.0: Device attached [ 87.563947][ T5294] Bluetooth: hci2: Malformed LE Event: 0x02 [ 87.566090][ T7480] vhci_hcd: connection closed [ 87.566298][ T6376] vhci_hcd: stop threads [ 87.569157][ T6376] vhci_hcd: release socket [ 87.570546][ T6376] vhci_hcd: disconnect device [ 87.597391][ T7487] FAULT_INJECTION: forcing a failure. [ 87.597391][ T7487] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.601398][ T7487] CPU: 1 UID: 0 PID: 7487 Comm: syz.2.482 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 87.601413][ T7487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.601420][ T7487] Call Trace: [ 87.601424][ T7487] [ 87.601429][ T7487] dump_stack_lvl+0x16c/0x1f0 [ 87.601449][ T7487] should_fail_ex+0x512/0x640 [ 87.601465][ T7487] _copy_from_user+0x2e/0xd0 [ 87.601481][ T7487] input_event_from_user+0x133/0x3b0 [ 87.601496][ T7487] ? __pfx_input_event_from_user+0x10/0x10 [ 87.601511][ T7487] ? __pfx___might_resched+0x10/0x10 [ 87.601525][ T7487] ? input_inject_event+0x1a5/0x390 [ 87.601541][ T7487] evdev_write+0x37b/0x750 [ 87.601556][ T7487] ? __pfx_evdev_write+0x10/0x10 [ 87.601570][ T7487] ? bpf_lsm_file_permission+0x9/0x10 [ 87.601587][ T7487] ? security_file_permission+0x71/0x210 [ 87.601603][ T7487] ? rw_verify_area+0xcf/0x680 [ 87.601616][ T7487] ? __pfx_evdev_write+0x10/0x10 [ 87.601628][ T7487] vfs_write+0x2a0/0x1150 [ 87.601644][ T7487] ? __pfx_vfs_write+0x10/0x10 [ 87.601656][ T7487] ? find_held_lock+0x2b/0x80 [ 87.601670][ T7487] ? __fget_files+0x204/0x3c0 [ 87.601686][ T7487] ? __fget_files+0x20e/0x3c0 [ 87.601704][ T7487] ksys_write+0x1f8/0x250 [ 87.601717][ T7487] ? __pfx_ksys_write+0x10/0x10 [ 87.601734][ T7487] do_syscall_64+0xcd/0x4c0 [ 87.601750][ T7487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.601761][ T7487] RIP: 0033:0x7fe93b38e929 [ 87.601771][ T7487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.601781][ T7487] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 87.601792][ T7487] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 87.601799][ T7487] RDX: 000000000000ff0f RSI: 0000200000000040 RDI: 0000000000000003 [ 87.601805][ T7487] RBP: 00007fe93c1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 87.601811][ T7487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 87.601817][ T7487] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 87.601830][ T7487] [ 87.708870][ T7490] autofs4:pid:7490:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 87.732813][ T7492] kvm: kvm [7491]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3 [ 87.753623][ T7492] kvm: kvm [7491]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x3 [ 87.756567][ T7492] kvm: kvm [7491]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3 [ 87.773612][ T7492] kvm_intel: kvm [7491]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x1d9) = 0x3 [ 87.825643][ T7495] Invalid logical block size (52223) [ 87.912011][ T7501] FAULT_INJECTION: forcing a failure. [ 87.912011][ T7501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.916747][ T7501] CPU: 2 UID: 0 PID: 7501 Comm: syz.0.488 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 87.916765][ T7501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.916773][ T7501] Call Trace: [ 87.916777][ T7501] [ 87.916781][ T7501] dump_stack_lvl+0x16c/0x1f0 [ 87.916818][ T7501] should_fail_ex+0x512/0x640 [ 87.916840][ T7501] _copy_from_iter+0x29f/0x16f0 [ 87.916858][ T7501] ? __alloc_skb+0x200/0x380 [ 87.916873][ T7501] ? __pfx__copy_from_iter+0x10/0x10 [ 87.916890][ T7501] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 87.916907][ T7501] netlink_sendmsg+0x829/0xdd0 [ 87.916920][ T7501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 87.916937][ T7501] ____sys_sendmsg+0xa95/0xc70 [ 87.916949][ T7501] ? copy_msghdr_from_user+0x10a/0x160 [ 87.916964][ T7501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 87.916982][ T7501] ___sys_sendmsg+0x134/0x1d0 [ 87.916998][ T7501] ? __pfx____sys_sendmsg+0x10/0x10 [ 87.917013][ T7501] ? __lock_acquire+0x622/0x1c90 [ 87.917063][ T7501] __sys_sendmsg+0x16d/0x220 [ 87.917079][ T7501] ? __pfx___sys_sendmsg+0x10/0x10 [ 87.917104][ T7501] do_syscall_64+0xcd/0x4c0 [ 87.917122][ T7501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.917134][ T7501] RIP: 0033:0x7fb087d8e929 [ 87.917143][ T7501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.917155][ T7501] RSP: 002b:00007fb088c63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.917165][ T7501] RAX: ffffffffffffffda RBX: 00007fb087fb5fa0 RCX: 00007fb087d8e929 [ 87.917177][ T7501] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000004 [ 87.917184][ T7501] RBP: 00007fb088c63090 R08: 0000000000000000 R09: 0000000000000000 [ 87.917190][ T7501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.917197][ T7501] R13: 0000000000000000 R14: 00007fb087fb5fa0 R15: 00007ffc0866dd78 [ 87.917210][ T7501] [ 88.005739][ T40] audit: type=1400 audit(1751037022.265:391): avc: denied { read } for pid=7502 comm="syz.0.489" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 88.020773][ T40] audit: type=1400 audit(1751037022.275:392): avc: denied { open } for pid=7502 comm="syz.0.489" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 88.034850][ T7503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.489'. [ 88.037815][ T40] audit: type=1400 audit(1751037022.285:393): avc: denied { ioctl } for pid=7502 comm="syz.0.489" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 88.149908][ T7508] fuse: Bad value for 'fd' [ 88.164397][ T7510] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 88.742888][ T24] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 88.914078][ T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 88.916721][ T24] usb 6-1: config 0 has no interface number 0 [ 88.918659][ T24] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 88.922212][ T24] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 88.925382][ T24] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 88.928255][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.934662][ T24] usb 6-1: config 0 descriptor?? [ 88.938878][ T24] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 89.147145][ T7520] iowarrior 6-1:0.1: Error -90 while submitting URB [ 89.342947][ T10] usb 7-1: new low-speed USB device number 7 using dummy_hcd [ 89.402941][ T60] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 89.533944][ T5972] usb 6-1: USB disconnect, device number 7 [ 89.571076][ T60] usb 5-1: Using ep0 maxpacket: 16 [ 89.576564][ T60] usb 5-1: config 0 has no interfaces? [ 89.579896][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 89.583482][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 89.586514][ T60] usb 5-1: SerialNumber: syz [ 89.592949][ T60] usb 5-1: config 0 descriptor?? [ 89.626116][ T7548] netlink: 52 bytes leftover after parsing attributes in process `syz.3.507'. [ 89.769265][ T7550] netlink: 4 bytes leftover after parsing attributes in process `syz.3.508'. [ 89.797745][ T7542] usb 5-1: USB disconnect, device number 6 [ 89.833981][ T7550] hsr_slave_0 (unregistering): left promiscuous mode [ 89.942251][ T40] audit: type=1400 audit(1751037024.195:394): avc: denied { create } for pid=7553 comm="syz.3.509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 90.082364][ T7556] kvm: kvm [7555]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3 [ 90.085256][ T7557] block device autoloading is deprecated and will be removed. [ 90.109918][ T7556] kvm: kvm [7555]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x3 [ 90.114049][ T7556] kvm: kvm [7555]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3 [ 90.128490][ T7556] kvm_intel: kvm [7555]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x1d9) = 0x3 [ 90.134019][ T7537] md2: using deprecated bitmap file support [ 90.136054][ T7537] md2: error: bitmap file must be a regular file [ 90.178638][ T7564] fuse: Bad value for 'fd' [ 90.776841][ T7569] FAULT_INJECTION: forcing a failure. [ 90.776841][ T7569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.781108][ T7569] CPU: 1 UID: 0 PID: 7569 Comm: syz.0.514 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 90.781130][ T7569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.781137][ T7569] Call Trace: [ 90.781142][ T7569] [ 90.781146][ T7569] dump_stack_lvl+0x16c/0x1f0 [ 90.781184][ T7569] should_fail_ex+0x512/0x640 [ 90.781205][ T7569] _copy_from_user+0x2e/0xd0 [ 90.781220][ T7569] input_event_from_user+0x133/0x3b0 [ 90.781239][ T7569] ? __pfx_input_event_from_user+0x10/0x10 [ 90.781254][ T7569] ? __pfx___might_resched+0x10/0x10 [ 90.781268][ T7569] ? input_inject_event+0x1a5/0x390 [ 90.781283][ T7569] evdev_write+0x37b/0x750 [ 90.781299][ T7569] ? __pfx_evdev_write+0x10/0x10 [ 90.781313][ T7569] ? bpf_lsm_file_permission+0x9/0x10 [ 90.781330][ T7569] ? security_file_permission+0x71/0x210 [ 90.781346][ T7569] ? rw_verify_area+0xcf/0x680 [ 90.781358][ T7569] ? __pfx_evdev_write+0x10/0x10 [ 90.781371][ T7569] vfs_write+0x2a0/0x1150 [ 90.781387][ T7569] ? __pfx_vfs_write+0x10/0x10 [ 90.781399][ T7569] ? find_held_lock+0x2b/0x80 [ 90.781412][ T7569] ? __fget_files+0x204/0x3c0 [ 90.781429][ T7569] ? __fget_files+0x20e/0x3c0 [ 90.781446][ T7569] ksys_write+0x1f8/0x250 [ 90.781459][ T7569] ? __pfx_ksys_write+0x10/0x10 [ 90.781476][ T7569] do_syscall_64+0xcd/0x4c0 [ 90.781493][ T7569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.781504][ T7569] RIP: 0033:0x7fb087d8e929 [ 90.781512][ T7569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.781523][ T7569] RSP: 002b:00007fb088c63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 90.781534][ T7569] RAX: ffffffffffffffda RBX: 00007fb087fb5fa0 RCX: 00007fb087d8e929 [ 90.781541][ T7569] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000006 [ 90.781547][ T7569] RBP: 00007fb088c63090 R08: 0000000000000000 R09: 0000000000000000 [ 90.781553][ T7569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 90.781559][ T7569] R13: 0000000000000000 R14: 00007fb087fb5fa0 R15: 00007ffc0866dd78 [ 90.781572][ T7569] [ 90.958853][ T7573] netlink: 52 bytes leftover after parsing attributes in process `syz.0.516'. [ 91.482988][ T5716] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 91.632905][ T5716] usb 6-1: Using ep0 maxpacket: 16 [ 91.636594][ T5716] usb 6-1: config 0 has no interfaces? [ 91.639295][ T5716] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 91.642081][ T5716] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 91.645006][ T5716] usb 6-1: SerialNumber: syz [ 91.647693][ T5716] usb 6-1: config 0 descriptor?? [ 91.824427][ T10] usb 7-1: unable to get BOS descriptor or descriptor too short [ 91.828327][ T10] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 91.830833][ T10] usb 7-1: can't read configurations, error -71 [ 91.848182][ T7591] FAULT_INJECTION: forcing a failure. [ 91.848182][ T7591] name failslab, interval 1, probability 0, space 0, times 0 [ 91.852748][ T7591] CPU: 2 UID: 0 PID: 7591 Comm: syz.2.524 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 91.852764][ T7591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.852771][ T7591] Call Trace: [ 91.852775][ T7591] [ 91.852780][ T7591] dump_stack_lvl+0x16c/0x1f0 [ 91.852801][ T7591] should_fail_ex+0x512/0x640 [ 91.852825][ T7591] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 91.852842][ T7591] should_failslab+0xc2/0x120 [ 91.852858][ T7591] __kmalloc_cache_noprof+0x6a/0x3e0 [ 91.852870][ T7591] ? mark_held_locks+0x49/0x80 [ 91.852886][ T7591] ? ovs_ct_limit_cmd_set+0x30a/0xa90 [ 91.852900][ T7591] ovs_ct_limit_cmd_set+0x30a/0xa90 [ 91.852915][ T7591] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 91.852927][ T7591] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 91.852942][ T7591] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 91.852959][ T7591] genl_family_rcv_msg_doit+0x206/0x2f0 [ 91.852973][ T7591] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 91.852990][ T7591] ? bpf_lsm_capable+0x9/0x10 [ 91.853001][ T7591] ? security_capable+0x7e/0x260 [ 91.853014][ T7591] ? ns_capable+0xd7/0x110 [ 91.853027][ T7591] genl_rcv_msg+0x55c/0x800 [ 91.853042][ T7591] ? __pfx_genl_rcv_msg+0x10/0x10 [ 91.853054][ T7591] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 91.853071][ T7591] netlink_rcv_skb+0x155/0x420 [ 91.853082][ T7591] ? __pfx_genl_rcv_msg+0x10/0x10 [ 91.853095][ T7591] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 91.853112][ T7591] ? netlink_deliver_tap+0x1ae/0xd30 [ 91.853130][ T7591] genl_rcv+0x28/0x40 [ 91.853141][ T7591] netlink_unicast+0x53d/0x7f0 [ 91.853153][ T7591] ? __pfx_netlink_unicast+0x10/0x10 [ 91.853167][ T7591] ? __build_skb_around+0x278/0x3b0 [ 91.853190][ T7591] netlink_sendmsg+0x8d1/0xdd0 [ 91.853210][ T7591] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.853235][ T7591] ____sys_sendmsg+0xa95/0xc70 [ 91.853252][ T7591] ? copy_msghdr_from_user+0x10a/0x160 [ 91.853275][ T7591] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.853305][ T7591] ___sys_sendmsg+0x134/0x1d0 [ 91.853332][ T7591] ? __pfx____sys_sendmsg+0x10/0x10 [ 91.853356][ T7591] ? __lock_acquire+0x622/0x1c90 [ 91.853396][ T7591] __sys_sendmsg+0x16d/0x220 [ 91.853411][ T7591] ? __pfx___sys_sendmsg+0x10/0x10 [ 91.853441][ T7591] do_syscall_64+0xcd/0x4c0 [ 91.853458][ T7591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.853469][ T7591] RIP: 0033:0x7fe93b38e929 [ 91.853479][ T7591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.853489][ T7591] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.853500][ T7591] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 91.853506][ T7591] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000004 [ 91.853513][ T7591] RBP: 00007fe93c1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 91.853519][ T7591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 91.853525][ T7591] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 91.853538][ T7591] [ 91.853865][ T7542] usb 6-1: USB disconnect, device number 8 [ 91.929777][ T7599] netlink: 52 bytes leftover after parsing attributes in process `syz.0.528'. [ 91.938291][ T7601] loop6: detected capacity change from 0 to 7 [ 91.943498][ T7593] netlink: 'syz.3.525': attribute type 6 has an invalid length. [ 91.946114][ T7601] Dev loop6: unable to read RDB block 7 [ 91.960607][ T7601] loop6: unable to read partition table [ 91.962489][ T7601] loop6: partition table beyond EOD, truncated [ 91.968633][ T7601] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 92.023503][ T7600] netlink: 16 bytes leftover after parsing attributes in process `syz.3.525'. [ 92.027508][ T7600] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=69 sclass=netlink_route_socket pid=7600 comm=syz.3.525 [ 92.128215][ T7613] block device autoloading is deprecated and will be removed. [ 92.130933][ T7610] netlink: 12 bytes leftover after parsing attributes in process `syz.2.532'. [ 92.227083][ T7619] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=37 sclass=netlink_tcpdiag_socket pid=7619 comm=syz.2.534 [ 92.231788][ T40] audit: type=1400 audit(1751037026.485:395): avc: denied { read } for pid=7618 comm="syz.2.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 92.234746][ T7583] md2: using deprecated bitmap file support [ 92.241356][ T7583] md2: error: bitmap file must be a regular file [ 92.250899][ T40] audit: type=1400 audit(1751037026.505:396): avc: denied { watch } for pid=7618 comm="syz.2.534" path="/140/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="overlay" ino=777 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 92.357513][ T7619] syzkaller0: entered promiscuous mode [ 92.359887][ T7619] syzkaller0: entered allmulticast mode [ 92.978351][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 92.978364][ T40] audit: type=1400 audit(1751037027.235:398): avc: denied { module_request } for pid=7625 comm="syz.1.537" kmod="netdev-syzkaller1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 93.294741][ T7643] fuse: Bad value for 'fd' [ 93.446264][ T7649] netlink: 52 bytes leftover after parsing attributes in process `syz.1.543'. [ 93.599399][ T7659] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 93.683571][ T7661] netlink: 12 bytes leftover after parsing attributes in process `syz.2.548'. [ 93.687497][ T7661] FAULT_INJECTION: forcing a failure. [ 93.687497][ T7661] name failslab, interval 1, probability 0, space 0, times 0 [ 93.692593][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: syz.2.548 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 93.692617][ T7661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.692627][ T7661] Call Trace: [ 93.692634][ T7661] [ 93.692641][ T7661] dump_stack_lvl+0x16c/0x1f0 [ 93.692671][ T7661] should_fail_ex+0x512/0x640 [ 93.692692][ T7661] ? __kvmalloc_node_noprof+0x124/0x620 [ 93.692717][ T7661] should_failslab+0xc2/0x120 [ 93.692741][ T7661] __kvmalloc_node_noprof+0x137/0x620 [ 93.692763][ T7661] ? bucket_table_alloc.isra.0+0x83/0x460 [ 93.692790][ T7661] ? bucket_table_alloc.isra.0+0x83/0x460 [ 93.692809][ T7661] bucket_table_alloc.isra.0+0x83/0x460 [ 93.692847][ T7661] rhashtable_init_noprof+0x41a/0x7e0 [ 93.692870][ T7661] ? __pfx_br_dev_init+0x10/0x10 [ 93.692891][ T7661] br_dev_init+0x29/0x500 [ 93.692911][ T7661] ? kasan_save_track+0x14/0x30 [ 93.692930][ T7661] ? __pfx_br_dev_init+0x10/0x10 [ 93.692950][ T7661] register_netdevice+0x650/0x2270 [ 93.692983][ T7661] ? __pfx_validate_linkmsg+0x10/0x10 [ 93.693008][ T7661] ? __pfx_register_netdevice+0x10/0x10 [ 93.693041][ T7661] br_dev_newlink+0x6a/0x170 [ 93.693059][ T7661] ? __pfx_br_dev_newlink+0x10/0x10 [ 93.693081][ T7661] rtnl_newlink+0xc42/0x2000 [ 93.693113][ T7661] ? __pfx_rtnl_newlink+0x10/0x10 [ 93.693136][ T7661] ? find_held_lock+0x2b/0x80 [ 93.693158][ T7661] ? avc_has_perm_noaudit+0x117/0x3b0 [ 93.693184][ T7661] ? avc_has_perm_noaudit+0x149/0x3b0 [ 93.693204][ T7661] ? cred_has_capability.isra.0+0x193/0x2f0 [ 93.693244][ T7661] ? find_held_lock+0x2b/0x80 [ 93.693264][ T7661] ? __pfx_rtnl_newlink+0x10/0x10 [ 93.693286][ T7661] ? __pfx_rtnl_newlink+0x10/0x10 [ 93.693309][ T7661] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 93.693334][ T7661] ? __pfx_rtnl_newlink+0x10/0x10 [ 93.693360][ T7661] rtnetlink_rcv_msg+0x95b/0xe90 [ 93.693387][ T7661] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 93.693416][ T7661] ? __lock_acquire+0x622/0x1c90 [ 93.693446][ T7661] netlink_rcv_skb+0x155/0x420 [ 93.693463][ T7661] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 93.693490][ T7661] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 93.693517][ T7661] ? netlink_deliver_tap+0x1ae/0xd30 [ 93.693543][ T7661] ? is_vmalloc_addr+0x86/0xa0 [ 93.693569][ T7661] netlink_unicast+0x53d/0x7f0 [ 93.693589][ T7661] ? __pfx_netlink_unicast+0x10/0x10 [ 93.693614][ T7661] netlink_sendmsg+0x8d1/0xdd0 [ 93.693635][ T7661] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.693661][ T7661] ____sys_sendmsg+0xa95/0xc70 [ 93.693681][ T7661] ? copy_msghdr_from_user+0x10a/0x160 [ 93.693704][ T7661] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.693734][ T7661] ___sys_sendmsg+0x134/0x1d0 [ 93.693758][ T7661] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.693779][ T7661] ? __lock_acquire+0x622/0x1c90 [ 93.693834][ T7661] __sys_sendmsg+0x16d/0x220 [ 93.693859][ T7661] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.693898][ T7661] do_syscall_64+0xcd/0x4c0 [ 93.693924][ T7661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.693942][ T7661] RIP: 0033:0x7fe93b38e929 [ 93.693956][ T7661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.693973][ T7661] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.693989][ T7661] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 93.694002][ T7661] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 93.694011][ T7661] RBP: 00007fe93c1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 93.694022][ T7661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 93.694032][ T7661] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 93.694055][ T7661] [ 93.848236][ T7672] netlink: 52 bytes leftover after parsing attributes in process `syz.3.552'. [ 93.889655][ T7674] overlayfs: failed to resolve './file0': -2 [ 94.002063][ T7680] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 94.004432][ T7680] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 94.007051][ T7680] vhci_hcd vhci_hcd.0: Device attached [ 94.012629][ T7681] vhci_hcd: connection closed [ 94.015871][ T6343] vhci_hcd: stop threads [ 94.019805][ T6343] vhci_hcd: release socket [ 94.021674][ T6343] vhci_hcd: disconnect device [ 94.074464][ T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 94.223074][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 94.228616][ T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 94.231027][ T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 94.233986][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 94.236925][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 94.239829][ T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.244613][ T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 94.247273][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.253217][ T7687] netlink: 14560 bytes leftover after parsing attributes in process `syz.1.558'. [ 94.281997][ T7689] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 94.293849][ T7689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.559'. [ 94.459060][ T10] usb 7-1: GET_CAPABILITIES returned 0 [ 94.460941][ T10] usbtmc 7-1:16.0: can't read capabilities [ 94.461487][ T7693] loop9: detected capacity change from 0 to 63 [ 94.468475][ T5937] buffer_io_error: 1398 callbacks suppressed [ 94.468485][ T5937] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.474465][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.477554][ T5937] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.480365][ T5937] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.482943][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.485388][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.488150][ T5937] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.490832][ T5937] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.493636][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.496244][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read [ 94.552559][ T7697] mmap: syz.3.562 (7697) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.579138][ T40] audit: type=1400 audit(1751037028.835:399): avc: denied { ioctl } for pid=7696 comm="syz.3.562" path="socket:[19439]" dev="sockfs" ino=19439 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 94.587618][ T40] audit: type=1400 audit(1751037028.835:400): avc: denied { write } for pid=7696 comm="syz.3.562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 94.593540][ T40] audit: type=1400 audit(1751037028.835:401): avc: denied { read } for pid=7696 comm="syz.3.562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 94.632225][ T7698] netlink: 161716 bytes leftover after parsing attributes in process `syz.3.562'. [ 94.636300][ T7698] netlink: zone id is out of range [ 94.637894][ T7698] netlink: zone id is out of range [ 94.639441][ T7698] netlink: zone id is out of range [ 94.641038][ T7698] netlink: zone id is out of range [ 94.642591][ T7698] netlink: zone id is out of range [ 94.644290][ T7698] netlink: zone id is out of range [ 94.645906][ T7698] netlink: zone id is out of range [ 94.647465][ T7698] netlink: zone id is out of range [ 94.649054][ T7698] netlink: zone id is out of range [ 94.682018][ T10] usb 7-1: USB disconnect, device number 9 [ 95.002446][ T7711] loop6: detected capacity change from 0 to 7 [ 95.008208][ T7711] Dev loop6: unable to read RDB block 7 [ 95.010517][ T7711] loop6: unable to read partition table [ 95.012765][ T7711] loop6: partition table beyond EOD, truncated [ 95.015295][ T7711] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 95.070197][ T40] audit: type=1400 audit(1751037029.325:402): avc: denied { setopt } for pid=7712 comm="syz.0.566" lport=44839 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 95.079000][ T40] audit: type=1400 audit(1751037029.325:403): avc: denied { write } for pid=7712 comm="syz.0.566" lport=44839 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 95.292024][ T7717] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 95.297679][ T40] audit: type=1400 audit(1751037029.555:404): avc: denied { watch } for pid=7716 comm="syz.1.568" path="/59/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=348 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 95.312727][ T40] audit: type=1400 audit(1751037029.555:405): avc: denied { module_load } for pid=7716 comm="syz.1.568" path="/dmabuf:" dev="dmabuf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=system permissive=1 [ 95.332934][ T61] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 95.502931][ T61] usb 5-1: Using ep0 maxpacket: 32 [ 95.506595][ T61] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.509995][ T61] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.513324][ T61] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 95.516064][ T61] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.520911][ T61] usb 5-1: config 0 descriptor?? [ 95.934065][ T61] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 96.003751][ T7730] bridge: RTM_NEWNEIGH with invalid ether address [ 96.059860][ T7734] trusted_key: syz.2.573 sent an empty control message without MSG_MORE. [ 96.204936][ T61] usb 5-1: USB disconnect, device number 7 [ 96.320353][ T7748] overlayfs: failed to resolve './file1': -2 [ 96.350370][ T7752] __nla_validate_parse: 1 callbacks suppressed [ 96.350388][ T7752] netlink: 52 bytes leftover after parsing attributes in process `syz.1.580'. [ 96.636176][ T34] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 96.784187][ T34] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 96.787425][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.790396][ T34] usb 8-1: config 0 has no interfaces? [ 96.792794][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.806244][ T34] usb 8-1: config 0 has no interfaces? [ 96.808748][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.811915][ T34] usb 8-1: config 0 has no interfaces? [ 96.815165][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.818278][ T34] usb 8-1: config 0 has no interfaces? [ 96.820842][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.824045][ T34] usb 8-1: config 0 has no interfaces? [ 96.826453][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.829531][ T34] usb 8-1: config 0 has no interfaces? [ 96.832119][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.835401][ T34] usb 8-1: config 0 has no interfaces? [ 96.837818][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.841108][ T34] usb 8-1: config 0 has no interfaces? [ 96.844853][ T34] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 96.848407][ T34] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 96.851064][ T34] usb 8-1: Product: syz [ 96.852448][ T34] usb 8-1: Manufacturer: syz [ 96.854066][ T34] usb 8-1: SerialNumber: syz [ 96.858599][ T34] usb 8-1: config 0 descriptor?? [ 96.879710][ T7783] overlayfs: failed to resolve './file1': -2 [ 96.946744][ T837] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 96.951431][ T837] hid-generic 0000:0000:0000.000B: hidraw1: HID v0.00 Device [syz1] on syz0 [ 97.124335][ T837] usb 8-1: USB disconnect, device number 9 [ 97.473099][ T6015] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 97.485260][ T7792] netlink: 24 bytes leftover after parsing attributes in process `syz.1.593'. [ 97.626311][ T6015] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.629425][ T6015] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 97.632138][ T6015] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 97.635061][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.638836][ T6015] usb 7-1: config 0 descriptor?? [ 97.643953][ T7797] ip6tnl1: entered promiscuous mode [ 97.644610][ T6015] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 97.646034][ T7797] ip6tnl1: entered allmulticast mode [ 97.648042][ T6015] dvb-usb: bulk message failed: -22 (3/0) [ 97.663006][ T6015] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 97.666249][ T6015] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 97.669591][ T6015] usb 7-1: media controller created [ 97.672175][ T6015] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 97.677868][ T6015] dvb-usb: bulk message failed: -22 (6/0) [ 97.679667][ T6015] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 97.684127][ T6015] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input9 [ 97.692039][ T6015] dvb-usb: schedule remote query interval to 150 msecs. [ 97.694960][ T6015] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 97.749753][ T7802] netlink: 52 bytes leftover after parsing attributes in process `syz.0.597'. [ 97.821140][ T7808] overlayfs: failed to resolve './file1': -2 [ 97.854718][ T6015] dvb-usb: bulk message failed: -22 (1/0) [ 97.856560][ T6015] dvb-usb: error while querying for an remote control event. [ 97.862336][ T6015] usb 7-1: USB disconnect, device number 10 [ 97.896895][ T6015] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 97.926608][ T7818] FAULT_INJECTION: forcing a failure. [ 97.926608][ T7818] name failslab, interval 1, probability 0, space 0, times 0 [ 97.930892][ T7818] CPU: 3 UID: 0 PID: 7818 Comm: syz.1.599 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 97.930914][ T7818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.930925][ T7818] Call Trace: [ 97.930931][ T7818] [ 97.930938][ T7818] dump_stack_lvl+0x16c/0x1f0 [ 97.930988][ T7818] should_fail_ex+0x512/0x640 [ 97.931015][ T7818] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 97.931039][ T7818] should_failslab+0xc2/0x120 [ 97.931064][ T7818] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 97.931080][ T7818] ? __d_alloc+0x31/0xaa0 [ 97.931097][ T7818] __d_alloc+0x31/0xaa0 [ 97.931112][ T7818] ? lockdep_init_map_type+0x5c/0x280 [ 97.931130][ T7818] d_alloc_pseudo+0x1c/0xc0 [ 97.931142][ T7818] alloc_file_pseudo+0xcf/0x230 [ 97.931153][ T7818] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 97.931167][ T7818] sock_alloc_file+0x50/0x210 [ 97.931189][ T7818] do_accept+0x240/0x530 [ 97.931201][ T7818] ? do_raw_spin_lock+0x12c/0x2b0 [ 97.931213][ T7818] ? __pfx_do_accept+0x10/0x10 [ 97.931233][ T7818] __sys_accept4+0x100/0x1c0 [ 97.931246][ T7818] ? __pfx___sys_accept4+0x10/0x10 [ 97.931259][ T7818] ? __pfx_ksys_write+0x10/0x10 [ 97.931274][ T7818] __x64_sys_accept4+0x96/0x100 [ 97.931286][ T7818] ? lockdep_hardirqs_on+0x7c/0x110 [ 97.931301][ T7818] do_syscall_64+0xcd/0x4c0 [ 97.931318][ T7818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.931329][ T7818] RIP: 0033:0x7ff417f8e929 [ 97.931339][ T7818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.931350][ T7818] RSP: 002b:00007ff415df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 97.931360][ T7818] RAX: ffffffffffffffda RBX: 00007ff4181b6160 RCX: 00007ff417f8e929 [ 97.931367][ T7818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 97.931373][ T7818] RBP: 00007ff415df6090 R08: 0000000000000000 R09: 0000000000000000 [ 97.931379][ T7818] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001 [ 97.931385][ T7818] R13: 0000000000000001 R14: 00007ff4181b6160 R15: 00007ffcf5ac05c8 [ 97.931398][ T7818] [ 98.013808][ T7821] netlink: 20 bytes leftover after parsing attributes in process `syz.3.604'. [ 98.221512][ T7825] netlink: 52 bytes leftover after parsing attributes in process `syz.3.606'. [ 98.301135][ T10] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 98.306286][ T10] hid-generic 0000:0000:0000.000C: hidraw1: HID v0.00 Device [syz1] on syz0 [ 98.405167][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.414119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.416935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.419637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.487730][ T7835] overlayfs: failed to resolve './file1': -2 [ 98.516918][ T40] audit: type=1400 audit(1751037032.775:406): avc: denied { append } for pid=7836 comm="syz.2.611" name="event1" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 98.555749][ T7841] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=7841 comm=syz.2.612 [ 98.678684][ T7844] netlink: 52 bytes leftover after parsing attributes in process `syz.1.614'. [ 98.722661][ T7848] netlink: 52 bytes leftover after parsing attributes in process `syz.1.616'. [ 98.729834][ T6015] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 98.739637][ T6015] hid-generic 0000:0000:0000.000D: hidraw1: HID v0.00 Device [syz1] on syz0 [ 98.777316][ T7853] overlayfs: failed to resolve './file1': -2 [ 98.812552][ T40] audit: type=1400 audit(1751037033.065:407): avc: denied { bind } for pid=7856 comm="syz.0.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 98.819406][ T40] audit: type=1400 audit(1751037033.065:408): avc: denied { write } for pid=7856 comm="syz.0.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 99.103009][ T7875] netlink: 4 bytes leftover after parsing attributes in process `syz.1.627'. [ 99.106615][ T7875] tipc: Started in network mode [ 99.108597][ T7875] tipc: Node identity aaaaaaaaaaaa, cluster identity 4711 [ 99.111460][ T7875] tipc: Enabled bearer , priority 10 [ 99.116572][ T7875] netlink: 14 bytes leftover after parsing attributes in process `syz.1.627'. [ 99.120193][ T7875] tipc: Resetting bearer [ 99.130619][ T7875] tipc: Disabling bearer [ 99.172946][ T24] usb 8-1: new full-speed USB device number 10 using dummy_hcd [ 99.263267][ T7877] netlink: 52 bytes leftover after parsing attributes in process `syz.0.628'. [ 99.297708][ T7879] overlayfs: failed to resolve './file1': -2 [ 99.331435][ T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 99.334786][ T24] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 99.337457][ T24] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 99.337902][ T40] audit: type=1326 audit(1751037033.595:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7880 comm="syz.0.630" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb087d8e929 code=0x0 [ 99.340224][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.341395][ T24] usb 8-1: config 0 descriptor?? [ 99.357501][ T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 99.363156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.363361][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 99.370898][ T24] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 99.374607][ T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 99.376945][ T24] usb 8-1: media controller created [ 99.379495][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 99.395576][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 99.397487][ T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 99.406123][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input10 [ 99.412304][ T24] dvb-usb: schedule remote query interval to 150 msecs. [ 99.414829][ T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 99.568813][ T24] usb 8-1: USB disconnect, device number 10 [ 99.575342][ T4196] dvb-usb: bulk message failed: -22 (1/0) [ 99.577885][ T4196] dvb-usb: error while querying for an remote control event. [ 99.592619][ T24] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 99.662994][ T837] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 99.666597][ T6015] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 99.822955][ T837] usb 6-1: Using ep0 maxpacket: 32 [ 99.824886][ T6015] usb 7-1: Using ep0 maxpacket: 32 [ 99.828195][ T837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.828958][ T7887] loop2: detected capacity change from 0 to 7 [ 99.831715][ T837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.837842][ T837] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 99.838519][ T5947] Dev loop2: unable to read RDB block 7 [ 99.840821][ T837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.843240][ T5947] loop2: unable to read partition table [ 99.847747][ T837] usb 6-1: config 0 descriptor?? [ 99.848229][ T5947] loop2: partition table beyond EOD, truncated [ 99.856473][ T7887] Dev loop2: unable to read RDB block 7 [ 99.858964][ T7887] loop2: unable to read partition table [ 99.861425][ T7887] loop2: partition table beyond EOD, truncated [ 99.863557][ T7887] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 99.870376][ T6015] usb 7-1: unable to get BOS descriptor or descriptor too short [ 99.873173][ T6015] usb 7-1: too many configurations: 105, using maximum allowed: 8 [ 99.877192][ T6015] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 99.880263][ T6015] usb 7-1: can't read configurations, error -71 [ 100.264302][ T837] savu 0003:1E7D:2D5A.000E: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 100.395663][ T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 100.399249][ T24] hid-generic 0000:0000:0000.000F: hidraw2: HID v0.00 Device [syz1] on syz0 [ 100.460982][ T837] usb 6-1: USB disconnect, device number 9 [ 100.466240][ T40] audit: type=1400 audit(1751037034.725:410): avc: denied { mount } for pid=7911 comm="syz.2.643" name="/" dev="ramfs" ino=21271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 100.471294][ T7916] netlink: 'syz.2.643': attribute type 2 has an invalid length. [ 100.471319][ T7919] netlink: 'syz.2.643': attribute type 2 has an invalid length. [ 100.638422][ T40] audit: type=1400 audit(1751037034.895:411): avc: denied { map } for pid=7927 comm="syz.0.648" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 100.645953][ T40] audit: type=1400 audit(1751037034.895:412): avc: denied { call } for pid=7927 comm="syz.0.648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 100.803028][ T34] usb 8-1: new full-speed USB device number 11 using dummy_hcd [ 100.884017][ T61] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 100.932909][ T6015] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 100.964732][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 100.967813][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 100.973141][ T34] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 100.975965][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.981696][ T34] usb 8-1: config 0 descriptor?? [ 100.985837][ T34] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 100.987908][ T34] dvb-usb: bulk message failed: -22 (3/0) [ 100.991801][ T34] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 100.995919][ T34] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 100.998955][ T34] usb 8-1: media controller created [ 101.001285][ T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 101.006371][ T34] dvb-usb: bulk message failed: -22 (6/0) [ 101.008099][ T34] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 101.011548][ T34] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input11 [ 101.019161][ T34] dvb-usb: schedule remote query interval to 150 msecs. [ 101.021363][ T34] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 101.024584][ T61] usb 5-1: device descriptor read/64, error -71 [ 101.083226][ T6015] usb 7-1: Using ep0 maxpacket: 8 [ 101.086070][ T6015] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 101.088487][ T6015] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.091718][ T6015] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 101.094851][ T6015] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.097981][ T6015] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.102014][ T6015] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 101.104880][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.173883][ T34] dvb-usb: bulk message failed: -22 (1/0) [ 101.175719][ T34] dvb-usb: error while querying for an remote control event. [ 101.186825][ T4196] usb 8-1: USB disconnect, device number 11 [ 101.200512][ T4196] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 101.263349][ T61] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 101.302993][ T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 101.309893][ T6015] usb 7-1: GET_CAPABILITIES returned 0 [ 101.311689][ T6015] usbtmc 7-1:16.0: can't read capabilities [ 101.392974][ T61] usb 5-1: device descriptor read/64, error -71 [ 101.462933][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 101.466322][ T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.469296][ T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 101.472278][ T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.475415][ T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.479273][ T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 101.482074][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.503092][ T61] usb usb5-port1: attempt power cycle [ 101.536253][ T4196] usb 7-1: USB disconnect, device number 12 [ 101.689824][ T24] usb 6-1: usb_control_msg returned -32 [ 101.692244][ T24] usbtmc 6-1:16.0: can't read capabilities [ 101.723020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.842905][ T61] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 101.863295][ T61] usb 5-1: device descriptor read/8, error -71 [ 102.043968][ T7943] usbtmc 6-1:16.0: usb_control_msg returned -32 [ 102.051824][ T4196] usb 6-1: USB disconnect, device number 10 [ 102.122945][ T61] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 102.153511][ T61] usb 5-1: device descriptor read/8, error -71 [ 102.264685][ T61] usb usb5-port1: unable to enumerate USB device [ 102.403046][ T24] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 102.562920][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 102.566230][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.569666][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.572739][ T24] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 102.575653][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.579997][ T24] usb 7-1: config 0 descriptor?? [ 102.777820][ T4196] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 102.781387][ T4196] hid-generic 0000:0000:0000.0010: hidraw1: HID v0.00 Device [syz1] on syz0 [ 102.996581][ T7968] netlink: 52 bytes leftover after parsing attributes in process `syz.3.663'. [ 102.999536][ T24] savu 0003:1E7D:2D5A.0011: hiddev0,hidraw2: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 103.058361][ T7971] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 103.193762][ T24] usb 7-1: USB disconnect, device number 13 [ 103.272960][ T6015] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 103.425070][ T6015] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.429181][ T6015] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 103.432127][ T6015] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 103.435330][ T6015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.442264][ T6015] usb 6-1: config 0 descriptor?? [ 103.448684][ T6015] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 103.451056][ T6015] dvb-usb: bulk message failed: -22 (3/0) [ 103.455201][ T6015] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 103.459066][ T6015] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 103.461552][ T6015] usb 6-1: media controller created [ 103.464620][ T6015] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 103.470382][ T6015] dvb-usb: bulk message failed: -22 (6/0) [ 103.473073][ T6015] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 103.477665][ T6015] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input12 [ 103.488605][ T6015] dvb-usb: schedule remote query interval to 150 msecs. [ 103.490808][ T6015] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 103.521107][ T7989] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64016 sclass=netlink_route_socket pid=7989 comm=syz.3.670 [ 103.652551][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.655582][ T837] dvb-usb: bulk message failed: -22 (1/0) [ 103.668816][ T837] dvb-usb: error while querying for an remote control event. [ 103.673208][ T837] usb 6-1: USB disconnect, device number 11 [ 103.690109][ T7995] netlink: 52 bytes leftover after parsing attributes in process `syz.0.672'. [ 103.743465][ T837] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 103.903604][ T40] audit: type=1400 audit(1751037038.165:413): avc: denied { connect } for pid=8000 comm="syz.0.675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 103.910655][ T8001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.675'. [ 104.055040][ T7542] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 104.177965][ T8010] capability: warning: `syz.0.678' uses deprecated v2 capabilities in a way that may be insecure [ 104.212949][ T7542] usb 7-1: Using ep0 maxpacket: 8 [ 104.218801][ T7542] usb 7-1: config 2 interface 0 has no altsetting 0 [ 104.255163][ T7542] usb 7-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10 [ 104.258719][ T7542] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.261437][ T7542] usb 7-1: Product: syz [ 104.263071][ T7542] usb 7-1: Manufacturer: syz [ 104.264868][ T7542] usb 7-1: SerialNumber: syz [ 104.455881][ T8017] netlink: 52 bytes leftover after parsing attributes in process `syz.1.682'. [ 104.499379][ T7542] usb 7-1: USB disconnect, device number 14 [ 104.671936][ T8032] IPVS: length: 130 != 8 [ 104.740153][ T5716] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 104.744327][ T5716] hid-generic 0000:0000:0000.0012: hidraw1: HID v0.00 Device [syz1] on syz0 [ 104.782954][ T24] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 104.914290][ T61] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 104.952967][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 104.956601][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.960251][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.963957][ T24] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 104.966585][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.969891][ T24] usb 6-1: config 0 descriptor?? [ 105.082955][ T61] usb 5-1: Using ep0 maxpacket: 8 [ 105.091027][ T61] usb 5-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 105.094271][ T61] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 105.100281][ T61] usb 5-1: New USB device found, idVendor=1b96, idProduct=0014, bcdDevice= 0.40 [ 105.103227][ T61] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.103525][ T8038] net_ratelimit: 55 callbacks suppressed [ 105.103537][ T8038] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.105690][ T61] usb 5-1: Product: syz [ 105.111750][ T61] usb 5-1: Manufacturer: syz [ 105.113423][ T61] usb 5-1: SerialNumber: syz [ 105.142978][ T7542] usb 8-1: new full-speed USB device number 12 using dummy_hcd [ 105.294625][ T7542] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.297789][ T7542] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 105.300698][ T7542] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 105.304417][ T7542] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.308396][ T7542] usb 8-1: config 0 descriptor?? [ 105.311915][ T7542] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 105.314039][ T7542] dvb-usb: bulk message failed: -22 (3/0) [ 105.317019][ T7542] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 105.320884][ T7542] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 105.323989][ T7542] usb 8-1: media controller created [ 105.326620][ T7542] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 105.334311][ T7542] dvb-usb: bulk message failed: -22 (6/0) [ 105.336694][ T7542] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 105.340691][ T7542] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input14 [ 105.347339][ T7542] dvb-usb: schedule remote query interval to 150 msecs. [ 105.349539][ T7542] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 105.385788][ T24] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw2: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 105.502903][ T7542] dvb-usb: bulk message failed: -22 (1/0) [ 105.504784][ T7542] dvb-usb: error while querying for an remote control event. [ 105.514571][ T7542] usb 8-1: USB disconnect, device number 12 [ 105.535438][ T7542] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 105.542972][ T29] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 105.576682][ T34] usb 6-1: USB disconnect, device number 12 [ 105.702969][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 105.706029][ T29] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 105.708620][ T29] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 105.711652][ T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 105.714770][ T29] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 53280, setting to 1024 [ 105.718235][ T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 105.721373][ T29] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 105.725541][ T29] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 105.728351][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.934343][ T29] usb 7-1: usb_control_msg returned -32 [ 105.936210][ T29] usbtmc 7-1:16.0: can't read capabilities [ 106.105526][ T8045] netlink: 52 bytes leftover after parsing attributes in process `syz.1.691'. [ 106.286055][ T837] usb 7-1: USB disconnect, device number 15 [ 106.752955][ T837] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 106.903006][ T837] usb 7-1: Using ep0 maxpacket: 32 [ 106.907456][ T837] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.911783][ T837] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.915697][ T837] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 106.919227][ T837] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.928174][ T837] usb 7-1: config 0 descriptor?? [ 107.135404][ T29] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0 [ 107.143212][ T29] hid-generic 0000:0000:0000.0014: hidraw1: HID v0.00 Device [syz1] on syz0 [ 107.152045][ T8073] netlink: 52 bytes leftover after parsing attributes in process `syz.1.703'. [ 107.197986][ T8076] overlayfs: missing 'lowerdir' [ 107.250349][ T8078] loop6: detected capacity change from 0 to 7 [ 107.253006][ T8078] Dev loop6: unable to read RDB block 7 [ 107.254840][ T8078] loop6: unable to read partition table [ 107.256795][ T8078] loop6: partition table beyond EOD, truncated [ 107.258828][ T8078] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 107.322899][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 107.341875][ T837] usbhid 7-1:0.0: can't add hid device: -71 [ 107.343952][ T837] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 107.351031][ T837] usb 7-1: USB disconnect, device number 16 [ 107.365731][ T8087] FAULT_INJECTION: forcing a failure. [ 107.365731][ T8087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.369965][ T8087] CPU: 0 UID: 0 PID: 8087 Comm: syz.1.708 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 107.369980][ T8087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.369987][ T8087] Call Trace: [ 107.369991][ T8087] [ 107.369995][ T8087] dump_stack_lvl+0x16c/0x1f0 [ 107.370029][ T8087] should_fail_ex+0x512/0x640 [ 107.370051][ T8087] _copy_to_user+0x32/0xd0 [ 107.370067][ T8087] simple_read_from_buffer+0xcb/0x170 [ 107.370083][ T8087] proc_fail_nth_read+0x197/0x270 [ 107.370097][ T8087] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 107.370111][ T8087] ? rw_verify_area+0xcf/0x680 [ 107.370123][ T8087] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 107.370135][ T8087] vfs_read+0x1e1/0xc60 [ 107.370151][ T8087] ? __pfx___mutex_lock+0x10/0x10 [ 107.370167][ T8087] ? __pfx_vfs_read+0x10/0x10 [ 107.370183][ T8087] ? __fget_files+0x20e/0x3c0 [ 107.370201][ T8087] ksys_read+0x12a/0x250 [ 107.370213][ T8087] ? __pfx_ksys_read+0x10/0x10 [ 107.370227][ T8087] ? fput+0x70/0xf0 [ 107.370244][ T8087] do_syscall_64+0xcd/0x4c0 [ 107.370261][ T8087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.370272][ T8087] RIP: 0033:0x7ff417f8d33c [ 107.370280][ T8087] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 107.370291][ T8087] RSP: 002b:00007ff418d39030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 107.370305][ T8087] RAX: ffffffffffffffda RBX: 00007ff4181b5fa0 RCX: 00007ff417f8d33c [ 107.370312][ T8087] RDX: 000000000000000f RSI: 00007ff418d390a0 RDI: 0000000000000006 [ 107.370318][ T8087] RBP: 00007ff418d39090 R08: 0000000000000000 R09: 0000000000000000 [ 107.370324][ T8087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.370330][ T8087] R13: 0000000000000000 R14: 00007ff4181b5fa0 R15: 00007ffcf5ac05c8 [ 107.370343][ T8087] [ 107.436200][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.469023][ T8089] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 107.473500][ T8089] SELinux: security_context_str_to_sid (ramfs) failed with errno=-22 [ 107.478557][ T40] audit: type=1400 audit(1751037041.735:414): avc: denied { mount } for pid=8088 comm="syz.1.709" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 107.485583][ T40] audit: type=1400 audit(1751037041.735:415): avc: denied { execute } for pid=8088 comm="syz.1.709" path="/proc/250/task/251/net/icmp6" dev="proc" ino=4026533862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=file permissive=1 [ 107.573278][ T9] usb 8-1: new full-speed USB device number 13 using dummy_hcd [ 107.636067][ T61] usb 5-1: USB disconnect, device number 12 [ 107.680378][ T8096] netlink: 52 bytes leftover after parsing attributes in process `syz.1.712'. [ 107.716170][ T8100] overlayfs: missing 'lowerdir' [ 107.725841][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.729327][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 107.733321][ T9] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 107.736201][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.745225][ T9] usb 8-1: config 0 descriptor?? [ 107.750531][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 107.758399][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 107.763006][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 107.766294][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 107.768612][ T9] usb 8-1: media controller created [ 107.771277][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 107.776542][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 107.778494][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 107.782362][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input15 [ 107.791722][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 107.794621][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 107.914080][ T8108] ================================================================== [ 107.917385][ T8108] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x549/0x640 [ 107.920289][ T8108] Read of size 1 at addr ffff8880131fe830 by task syz.2.717/8108 [ 107.924191][ T8108] [ 107.925284][ T8108] CPU: 0 UID: 0 PID: 8108 Comm: syz.2.717 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 107.925299][ T8108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 107.925307][ T8108] Call Trace: [ 107.925312][ T8108] [ 107.925317][ T8108] dump_stack_lvl+0x116/0x1f0 [ 107.925336][ T8108] print_report+0xcd/0x680 [ 107.925352][ T8108] ? __virt_addr_valid+0x81/0x610 [ 107.925366][ T8108] ? __phys_addr+0xe8/0x180 [ 107.925379][ T8108] ? rose_get_neigh+0x549/0x640 [ 107.925392][ T8108] kasan_report+0xe0/0x110 [ 107.925408][ T8108] ? rose_get_neigh+0x549/0x640 [ 107.925425][ T8108] rose_get_neigh+0x549/0x640 [ 107.925440][ T8108] rose_connect+0x2d4/0x1540 [ 107.925451][ T8108] ? __pfx_rose_connect+0x10/0x10 [ 107.925462][ T8108] ? selinux_netlbl_socket_connect+0x30/0x40 [ 107.925484][ T8108] ? rcu_is_watching+0x12/0xc0 [ 107.925499][ T8108] ? __local_bh_enable_ip+0xa4/0x120 [ 107.925513][ T8108] ? lockdep_hardirqs_on+0x7c/0x110 [ 107.925529][ T8108] ? selinux_netlbl_socket_connect+0x30/0x40 [ 107.925543][ T8108] ? __local_bh_enable_ip+0xa4/0x120 [ 107.925557][ T8108] ? selinux_netlbl_socket_connect+0x30/0x40 [ 107.925572][ T8108] ? selinux_socket_connect+0x6b/0x80 [ 107.925585][ T8108] ? __pfx_rose_connect+0x10/0x10 [ 107.925596][ T8108] __sys_connect_file+0x141/0x1a0 [ 107.925610][ T8108] __sys_connect+0x13b/0x160 [ 107.925622][ T8108] ? __pfx___sys_connect+0x10/0x10 [ 107.925636][ T8108] ? dnotify_flush+0x79/0x4c0 [ 107.925653][ T8108] __x64_sys_connect+0x72/0xb0 [ 107.925665][ T8108] ? lockdep_hardirqs_on+0x7c/0x110 [ 107.925680][ T8108] do_syscall_64+0xcd/0x4c0 [ 107.925696][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.925707][ T8108] RIP: 0033:0x7fe93b38e929 [ 107.925718][ T8108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.925729][ T8108] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 107.925740][ T8108] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 107.925747][ T8108] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000b [ 107.925753][ T8108] RBP: 00007fe93b410b39 R08: 0000000000000000 R09: 0000000000000000 [ 107.925760][ T8108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.925766][ T8108] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 107.925776][ T8108] [ 107.925780][ T8108] [ 108.002495][ T8108] Allocated by task 7449: [ 108.003877][ T8108] kasan_save_stack+0x33/0x60 [ 108.005369][ T8108] kasan_save_track+0x14/0x30 [ 108.006969][ T8108] __kasan_kmalloc+0xaa/0xb0 [ 108.008807][ T8108] rose_rt_ioctl+0x87e/0x1d40 [ 108.010355][ T8108] rose_ioctl+0x64d/0x7d0 [ 108.011921][ T8108] sock_do_ioctl+0x115/0x280 [ 108.013465][ T8108] sock_ioctl+0x227/0x6b0 [ 108.014810][ T8108] __x64_sys_ioctl+0x18b/0x210 [ 108.016315][ T8108] do_syscall_64+0xcd/0x4c0 [ 108.017743][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.019598][ T8108] [ 108.020401][ T8108] Freed by task 8108: [ 108.021653][ T8108] kasan_save_stack+0x33/0x60 [ 108.023116][ T8108] kasan_save_track+0x14/0x30 [ 108.024602][ T8108] kasan_save_free_info+0x3b/0x60 [ 108.026180][ T8108] __kasan_slab_free+0x51/0x70 [ 108.027636][ T8108] kfree+0x2b4/0x4d0 [ 108.028858][ T8108] rose_remove_neigh+0x25e/0x370 [ 108.030434][ T8108] rose_rt_device_down+0x2aa/0x390 [ 108.032031][ T8108] rose_device_event+0xfc/0x120 [ 108.033587][ T8108] notifier_call_chain+0xb9/0x410 [ 108.035197][ T8108] call_netdevice_notifiers_info+0xbe/0x140 [ 108.037154][ T8108] __dev_notify_flags+0x1f7/0x2e0 [ 108.038734][ T8108] netif_change_flags+0x108/0x160 [ 108.040345][ T8108] dev_change_flags+0xba/0x250 [ 108.041857][ T8108] dev_ifsioc+0x1498/0x1f70 [ 108.043270][ T8108] dev_ioctl+0x223/0x10e0 [ 108.044634][ T8108] sock_do_ioctl+0x19d/0x280 [ 108.046506][ T8108] sock_ioctl+0x227/0x6b0 [ 108.047858][ T8108] __x64_sys_ioctl+0x18b/0x210 [ 108.049339][ T8108] do_syscall_64+0xcd/0x4c0 [ 108.050781][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.052615][ T8108] [ 108.053378][ T8108] The buggy address belongs to the object at ffff8880131fe800 [ 108.053378][ T8108] which belongs to the cache kmalloc-512 of size 512 [ 108.057931][ T8108] The buggy address is located 48 bytes inside of [ 108.057931][ T8108] freed 512-byte region [ffff8880131fe800, ffff8880131fea00) [ 108.062984][ T8108] [ 108.063734][ T8108] The buggy address belongs to the physical page: [ 108.065685][ T8108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880131fc000 pfn:0x131fc [ 108.068741][ T8108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 108.071331][ T8108] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 108.073951][ T8108] page_type: f5(slab) [ 108.075222][ T8108] raw: 00fff00000000240 ffff88801b842c80 ffffea0001588d10 ffffea0000934c10 [ 108.077845][ T8108] raw: ffff8880131fc000 000000000010000c 00000000f5000000 0000000000000000 [ 108.080553][ T8108] head: 00fff00000000240 ffff88801b842c80 ffffea0001588d10 ffffea0000934c10 [ 108.083154][ T8108] head: ffff8880131fc000 000000000010000c 00000000f5000000 0000000000000000 [ 108.086209][ T8108] head: 00fff00000000002 ffffea00004c7f01 00000000ffffffff 00000000ffffffff [ 108.088803][ T8108] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 108.091598][ T8108] page dumped because: kasan: bad access detected [ 108.093577][ T8108] page_owner tracks the page as allocated [ 108.095505][ T8108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5345, tgid 5345 (udevd), ts 26222674573, free_ts 26052147326 [ 108.102001][ T8108] post_alloc_hook+0x1c0/0x230 [ 108.103482][ T8108] get_page_from_freelist+0x1321/0x3890 [ 108.105168][ T8108] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 108.106984][ T8108] alloc_pages_mpol+0x1fb/0x550 [ 108.108505][ T8108] new_slab+0x23b/0x330 [ 108.109855][ T8108] ___slab_alloc+0xd9c/0x1940 [ 108.111388][ T8108] __slab_alloc.constprop.0+0x56/0xb0 [ 108.113396][ T8108] __kmalloc_cache_noprof+0xfb/0x3e0 [ 108.115040][ T8108] kernfs_fop_open+0x244/0xda0 [ 108.116577][ T8108] do_dentry_open+0x744/0x1c10 [ 108.118057][ T8108] vfs_open+0x82/0x3f0 [ 108.119341][ T8108] path_openat+0x1de4/0x2cb0 [ 108.120771][ T8108] do_filp_open+0x20b/0x470 [ 108.122321][ T8108] do_sys_openat2+0x11b/0x1d0 [ 108.124420][ T8108] __x64_sys_openat+0x174/0x210 [ 108.126365][ T8108] do_syscall_64+0xcd/0x4c0 [ 108.128218][ T8108] page last free pid 5352 tgid 5352 stack trace: [ 108.130479][ T8108] __free_frozen_pages+0x7fe/0x1180 [ 108.132073][ T8108] __put_partials+0x16d/0x1c0 [ 108.133525][ T8108] qlist_free_all+0x4d/0x120 [ 108.135007][ T8108] kasan_quarantine_reduce+0x195/0x1e0 [ 108.136738][ T8108] __kasan_slab_alloc+0x69/0x90 [ 108.138717][ T8108] __kmalloc_noprof+0x1d4/0x510 [ 108.140365][ T8108] tomoyo_realpath_from_path+0xc2/0x6e0 [ 108.142059][ T8108] tomoyo_path_perm+0x274/0x460 [ 108.143582][ T8108] security_inode_getattr+0x116/0x290 [ 108.145281][ T8108] vfs_fstat+0x4b/0xe0 [ 108.146567][ T8108] __do_sys_newfstat+0x87/0x100 [ 108.148051][ T8108] do_syscall_64+0xcd/0x4c0 [ 108.149492][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.151314][ T8108] [ 108.152100][ T8108] Memory state around the buggy address: [ 108.154245][ T8108] ffff8880131fe700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.157032][ T8108] ffff8880131fe780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.159683][ T8108] >ffff8880131fe800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 108.162677][ T8108] ^ [ 108.164453][ T8108] ffff8880131fe880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 108.167474][ T8108] ffff8880131fe900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 108.169996][ T8108] ================================================================== [ 108.172621][ C0] vkms_vblank_simulate: vblank timer overrun [ 108.172988][ T29] usb 6-1: new low-speed USB device number 13 using dummy_hcd [ 108.174535][ T8108] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 108.174547][ T8108] CPU: 0 UID: 0 PID: 8108 Comm: syz.2.717 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) [ 108.174563][ T8108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.174571][ T8108] Call Trace: [ 108.174575][ T8108] [ 108.174580][ T8108] dump_stack_lvl+0x3d/0x1f0 [ 108.174600][ T8108] panic+0x71c/0x800 [ 108.174618][ T8108] ? __pfx_panic+0x10/0x10 [ 108.174634][ T8108] ? irqentry_exit+0x3b/0x90 [ 108.174650][ T8108] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.174666][ T8108] ? rose_get_neigh+0x549/0x640 [ 108.174687][ T8108] ? rose_get_neigh+0x549/0x640 [ 108.174706][ T8108] check_panic_on_warn+0xab/0xb0 [ 108.174724][ T8108] end_report+0x107/0x170 [ 108.174739][ T8108] kasan_report+0xee/0x110 [ 108.174754][ T8108] ? rose_get_neigh+0x549/0x640 [ 108.174772][ T8108] rose_get_neigh+0x549/0x640 [ 108.174794][ T8108] rose_connect+0x2d4/0x1540 [ 108.174808][ T8108] ? __pfx_rose_connect+0x10/0x10 [ 108.174819][ T8108] ? selinux_netlbl_socket_connect+0x30/0x40 [ 108.174835][ T8108] ? rcu_is_watching+0x12/0xc0 [ 108.174848][ T8108] ? __local_bh_enable_ip+0xa4/0x120 [ 108.174861][ T8108] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.174876][ T8108] ? selinux_netlbl_socket_connect+0x30/0x40 [ 108.174890][ T8108] ? __local_bh_enable_ip+0xa4/0x120 [ 108.174903][ T8108] ? selinux_netlbl_socket_connect+0x30/0x40 [ 108.174918][ T8108] ? selinux_socket_connect+0x6b/0x80 [ 108.174932][ T8108] ? __pfx_rose_connect+0x10/0x10 [ 108.174942][ T8108] __sys_connect_file+0x141/0x1a0 [ 108.174957][ T8108] __sys_connect+0x13b/0x160 [ 108.174969][ T8108] ? __pfx___sys_connect+0x10/0x10 [ 108.174984][ T8108] ? dnotify_flush+0x79/0x4c0 [ 108.175003][ T8108] __x64_sys_connect+0x72/0xb0 [ 108.175015][ T8108] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.175033][ T8108] do_syscall_64+0xcd/0x4c0 [ 108.175050][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.175062][ T8108] RIP: 0033:0x7fe93b38e929 [ 108.175072][ T8108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.175084][ T8108] RSP: 002b:00007fe93c1c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 108.175101][ T8108] RAX: ffffffffffffffda RBX: 00007fe93b5b5fa0 RCX: 00007fe93b38e929 [ 108.175109][ T8108] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000b [ 108.175116][ T8108] RBP: 00007fe93b410b39 R08: 0000000000000000 R09: 0000000000000000 [ 108.175123][ T8108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.175129][ T8108] R13: 0000000000000000 R14: 00007fe93b5b5fa0 R15: 00007ffd9fa8e308 [ 108.175139][ T8108] [ 108.178164][ T8108] Kernel Offset: disabled VM DIAGNOSIS: 15:10:42 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bfa95 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc90006397688 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000031 R14=ffffffff9b0882e0 R15=ffffffff855bfa30 RIP=ffffffff855bfabf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fe93c1c56c0 ffffffff 00c00000 GS =0000 ffff8880d6752000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2b2195 CR3=0000000033f78000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b584488 00007fe93b584480 00007fe93b584478 00007fe93b584450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93c0ed100 00007fe93b584440 00007fe93b584458 00007fe93b5844a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b584498 00007fe93b584490 00007fe93b584488 00007fe93b584480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffffc90003eef1b8 RCX=ffffc90003eef04c RDX=1ffff920007dde38 RSI=ffffffff81f85a7f RDI=ffffc90003eef1c4 RBP=0000000000000001 RSP=ffffc90003eef0d8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=00000000000115ab R12=ffffffff81a78010 R13=ffffc90003eef1b8 R14=0000000000000000 R15=ffff888032c80000 RIP=ffffffff81a78083 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6852000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f8791ee7d60 CR3=0000000032ec4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f87913846a3 00007f87913846a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddeff3f10 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558b82b63f 000055558b82b490 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558b827d84 000055558b827d80 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558b82bb4f 000055558b82b8b0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0130808080808080 8080100002e81000 181000060174940f ffffffffffff040f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0400 1000021000080174 f200100002e81000 181000060174940f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff040b 800401dc10000210 00080174f6010800 0c86030519000001 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a4706000a000d00 00000000010f240d 6efa083405010006 2405000009020100 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0f80030fffffffff ffff040280801000 0280040380040010 000a0141d8007961 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8e5c4940 RBP=ffff88805ed2c880 RSP=ffffc90023dce418 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=000000000000a783 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81985778 RFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6952000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb088c61568 CR3=0000000055418000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=0000000000000007 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006800000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000f8000000000 00000f8000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000f8000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb087e11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb087e11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb087f84488 00007fb087f84480 00007fb087f84478 00007fb087f84450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb088aed100 00007fb087f84440 00007fb087f84458 00007fb087adc0de ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb087f84498 00007fb087f84490 00007fb087f84488 00007fb087f84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88806a4420a0 RCX=ffffffff81b001cd RDX=ffff8880223f0000 RSI=ffffffff81b001a9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc90022f67660 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000003 R14=ffffed100d488415 R15=ffff88806a73b580 RIP=ffffffff81b001ab RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a52000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fe93c1c4f98 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd9fa8e690 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe93b411c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000