last executing test programs: 17.271537929s ago: executing program 1 (id=684): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x1, 0x4) (async) bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) (async) sendmmsg$inet(r0, &(0x7f0000001cc0)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000200)="882c30b45515bceb875fb878e0355865f77fffb43df005d0decdf42a50bb941f9c121fd2aaa34538", 0x28}], 0x1}}], 0x1, 0x48001) 17.268715459s ago: executing program 1 (id=687): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) fdatasync(r0) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) 17.201982652s ago: executing program 1 (id=688): r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2) r1 = userfaultfd(0x100000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000976000/0x3000)=nil, 0x3000}) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000280)={0x0, 0x2, 0x0, 0x40, 0x0, 0x7}) 17.031873564s ago: executing program 1 (id=692): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x18, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x24000050}, 0xc000) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000880)=""/4096, 0x1000}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000640)=@allocspi={0xf8, 0x16, 0x401, 0x40000000, 0x0, {{{@in=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0xc}, {@in=@private=0xa010100, 0x4d4, 0x33}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0x4}, {0x101, 0x0, 0x0, 0x800}, {0x0, 0x7ff, 0x400}, 0x870b929, 0x3502, 0xa, 0x0, 0xff, 0x94}, 0x0, 0x4b0}}, 0xf8}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x2d, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_GET_MSRS(r8, 0xc008ae88, &(0x7f0000000180)={0x1, 0x0, [{}]}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@delchain={0x2c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffffc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0) clock_gettime(0x7, &(0x7f0000000240)={0x0, 0x0}) clock_settime(0x0, &(0x7f0000009ac0)={r9, r10+10000000}) 16.899714005s ago: executing program 1 (id=694): creat(&(0x7f0000000280)='./bus\x00', 0x2) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0) preadv2(r0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/123, 0x7b}], 0x1, 0x1, 0xfffffffd, 0xe) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r1, 0x18000000000002a0, 0xeff, 0x0, &(0x7f0000001240)="b9ff03076804268c989e14f088a8657986dd", 0x0, 0x2100, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01) r2 = socket$nl_route(0x10, 0x3, 0x0) process_madvise(0xffffffffffffffff, &(0x7f0000002800)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x14, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2000}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xfd}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x400d4}, 0x84) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a80)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x29914}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x62795}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}]}) 16.831759721s ago: executing program 1 (id=696): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) mknod(&(0x7f0000000440)='./file0\x00', 0xc000, 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x34}]}, @NFT_MSG_DELOBJ={0x120, 0x14, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_USERDATA={0x7b, 0x8, "47827204733686e50550ac383675bc6d32e6f5a8278d9be666d191c57e3fe7643d37e72feeb8e6ecc4a7201a8d70133de702f62ec0d4f5f7ba6949f8fb28b0a96967eb80a6f9272472f029d97a7ed21bd298608a005334135818c94a32b9f01664204ecc1152d6a856fb3b5adcb6285d385ea3836f019f"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_USERDATA={0x2e, 0x8, "913e874e7d669e0d5e3180ed6a1814969b1a7a79318f1b617df966bd5216879a0ccda0f26c471633f16e"}]}, @NFT_MSG_DELSET={0x30, 0xb, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x68, 0x0, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0x28, 0x6, "316060aa9294e5f61e6ceff6a37579c7798cf7385683afe27aa339347f59a40a7cb48cea"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x20c}, 0x1, 0x0, 0x0, 0x4028000}, 0x20000001) chdir(&(0x7f0000000080)='./file0\x00') r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r1, &(0x7f0000000000)="fa", 0xfffffdef) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) fdatasync(r2) 16.587730264s ago: executing program 32 (id=696): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) mknod(&(0x7f0000000440)='./file0\x00', 0xc000, 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x34}]}, @NFT_MSG_DELOBJ={0x120, 0x14, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_USERDATA={0x7b, 0x8, "47827204733686e50550ac383675bc6d32e6f5a8278d9be666d191c57e3fe7643d37e72feeb8e6ecc4a7201a8d70133de702f62ec0d4f5f7ba6949f8fb28b0a96967eb80a6f9272472f029d97a7ed21bd298608a005334135818c94a32b9f01664204ecc1152d6a856fb3b5adcb6285d385ea3836f019f"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_USERDATA={0x2e, 0x8, "913e874e7d669e0d5e3180ed6a1814969b1a7a79318f1b617df966bd5216879a0ccda0f26c471633f16e"}]}, @NFT_MSG_DELSET={0x30, 0xb, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x68, 0x0, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0x28, 0x6, "316060aa9294e5f61e6ceff6a37579c7798cf7385683afe27aa339347f59a40a7cb48cea"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x20c}, 0x1, 0x0, 0x0, 0x4028000}, 0x20000001) chdir(&(0x7f0000000080)='./file0\x00') r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r1, &(0x7f0000000000)="fa", 0xfffffdef) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) fdatasync(r2) 1.191824026s ago: executing program 0 (id=987): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000002000000a003000005"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000040)="049a8663a8ea9490aa9211cc040000000000240022328995aa2ab514030c9c501f102275c4c50d9473", &(0x7f00000000c0)="a020f44b4577906146bb32b86701001068cb4e4e07c44a550073a65baff0a1a2902b1a29e586eb460b4cdb06b67a5e0dba398395476f0bb7b5a154a5bb7b", 0x6, r0, 0x4}, 0x38) (async) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r0, &(0x7f0000000080), &(0x7f0000000540)=""/240}, 0x20) 1.191160225s ago: executing program 0 (id=988): mkdir(&(0x7f0000000100)='./file1\x00', 0x11c) chdir(&(0x7f0000000040)='./file1\x00') r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, {@in=@loopback, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_val={0x10, 0xa, {0x70bd2d, 0x70bd28}}]}, 0x148}}, 0x0) mount(&(0x7f0000000000)=@sr0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000080)='efs\x00', 0xc9c0c, 0x0) 1.111222755s ago: executing program 0 (id=989): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xae) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r1, 0x107, 0xc, 0x0, &(0x7f0000000080)) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x30, r2, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x4}]}, 0x30}}, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) (async) r5 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000680)="bc", 0x1}], 0x1}, 0x0) (async) recvmmsg(r5, &(0x7f0000007300)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000005c0)=""/34, 0x22}], 0x1, &(0x7f0000000d40)=""/59, 0x3b}}], 0x1, 0x2000, 0x0) (async, rerun: 32) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0) (rerun: 32) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205647, &(0x7f0000000080)={0xf010004, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90d, 0x6, '\x00', @value64=0x31}}) (async) ioctl$TUNSETLINK(r3, 0x400454cd, 0x20) 762.00113ms ago: executing program 3 (id=1001): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_S_MODULATOR(r0, 0x80085665, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f00000000c0)={0x420, r1, 0x8, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x925}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}]}, @TIPC_NLA_LINK={0xf8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd835a17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x35c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x72e1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}]}]}, @TIPC_NLA_NODE={0x78, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "6640d0e365eca4b1491f7d859bb33fc9875ae97c947f5114468d"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x1d, 0x3, "e91fd558a2aff99544c603ce7d223345b3b10186e34a1cc787"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf5e}]}, @TIPC_NLA_NODE={0xc0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xba, 0x3, "8c7bc31772d0637e23865e54e5c0e0e59db275a0953834ba65e7d2edca5d150ada84f264d70f707347bcd2208bb457cdbb6d3d93e70bff7d442253acd51c451269f8e56efb8c23e9c9b4fe90b7bf3648ffff0cfb1f8454c9b017dce9206d33a630c8267d40397dcb7bf14a2a64d05459df3a484cb284624cc1ecc8707ca68755dc773b6049c9186294e4ec42035c8c33c78a9e6de632df6300df7c56519eaba208c241bb668d383074cbaa154a48e9f8ae6b230eb4cf"}]}, @TIPC_NLA_MEDIA={0xbc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x96}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x866}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x622cd9ec}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x77ee}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xea}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x48b1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0x98, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5790}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xf}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}]}]}, 0x420}, 0x1, 0x0, 0x0, 0x4000005}, 0x4004000) 761.273188ms ago: executing program 3 (id=1002): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 702.005058ms ago: executing program 3 (id=1003): openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xd0ab09364dde5ace) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="040e0c000714"], 0xf) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r0, 0x0, 0x40021) sendmsg$NL80211_CMD_AUTHENTICATE(r0, 0x0, 0x20000005) syz_genetlink_get_family_id$nl80211(0x0, r0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f0000003140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_read_accept_list_size={{0x3b}, {0xd, 0x2}}}}, 0x8) mount(0x0, &(0x7f0000000380)='./bus\x00', &(0x7f0000000080)='devtmpfs\x00', 0x4, &(0x7f0000000400)='usrquota') 461.334736ms ago: executing program 2 (id=1010): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f017, 0x2}) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000180)={0x0, 0x6, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x9909c8, 0x4, '\x00', @p_u16=&(0x7f0000000100)=0x1}}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@deltaction={0x14, 0x18, 0x100, 0x0, 0x25dfdbfe, {0xa}}, 0x14}}, 0x0) 461.144294ms ago: executing program 2 (id=1011): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 401.990679ms ago: executing program 2 (id=1012): mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000000)=0x4, 0x5d, 0x4) map_shadow_stack(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1) r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0xad9de14ae33da60f, 0x0) mmap$fb(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x6, 0x4010, r0, 0x94000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000007) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x118) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000000c0)={0x0, 0xd0, "9d4969b1fb7581542986968764dd195bfbebbd2aa8511f052ee30e6007b63e6ecabcad4ff62244fd8e793858ee03b079ee1fc648b5b2bff0c83293dc666de3b29b32099944c9e8466b8ae608962ad07c98b51a97e9e7b42a104542571eaf7c43dd48990ba29c5104d5242f8d803f80538fde35f94727f372099d27382ad910080e2ee6fe86cededee9ea832b1bd5ab052e948254f2199fb141c03c6c29d868f36b7c0cc9d3223c7241023256fec2bba2d9eba3c4ee465cbffb2f7fe53a009fec928bf6c7af6911889198c259d84e9aa0"}, &(0x7f00000001c0)=0xd8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000200)={r3, 0x4, 0x1, [0x2]}, 0xa) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffd000/0x2000)=nil) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x9, 0x3, 0x290, 0xf0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3, &(0x7f0000000240), {[{{@ipv6={@loopback, @empty, [0xffffff00, 0xff000000, 0x0, 0xff], [0xff, 0xffffff00, 0x0, 0xffffffff], 'ipvlan1\x00', 'tunl0\x00', {0xff}, {0xff}, 0x11, 0x9, 0x2, 0x72}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x9, 0x10001, 0xff}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0) read(r0, &(0x7f0000000580)=""/115, 0x73) ioctl$FBIOGETCMAP(r2, 0x4604, &(0x7f0000000700)={0x7, 0x3, &(0x7f0000000600)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) listen(r2, 0xfffffffb) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000001a40)={0x6, &(0x7f0000001980)=[{0x297e, 0x74, &(0x7f0000000740)="da124e611cabdbcb827fc376caad0f9c541967102389c5afb037a31429f5253e77dfdf0ab4772d48498e7188c145d3aa327e8098e6819eef6de45946351027185ae72b0ce770cbe6a3cab16aef5047ac5d19e2523c019a0f03bd71ca1697c0fdd46339c29267a5ae42c118ca560b754f38aa599c", 0x1, 0x1}, {0x9, 0xaf, &(0x7f00000007c0)="21c9e39ff06b010178f8e2e659407f3eab4e578f6ec1597f59263702cf661f867087b25332611c92c6d92dbdd076a1eed6959c271f84ffbf2dd7f146ffc25e79078a9c898743c0e68c6c6d8ce197534e215f00ce06e224feb89d183b1b02ea564dac10538a14bfed21d19b1cefd5b172642bccbd47f5767ef5c11e6d8242325b904d4206badd2974aeedbef10578fd030e5f0fbb40fcc74eb4f60cf69f44a9da603e17cc7295aa3edcb15b16032184", 0x1}, {0x3, 0x0, &(0x7f0000000880), 0x1}, {0xd, 0x44, &(0x7f00000008c0)="72cd9fedd8bf7cb284d2652b9c496fab89dd2fe781adef717624f399f6d747c111ff34f6208ce84b3ba11891abcb32bd015cc6f787a9c040ee560ffeccc98c88b786a50a", 0x1, 0x1}, {0xb68, 0x1c, &(0x7f0000000940)="98ab0a5715deadb0f38928cefa867f78f5983d856818f7b33ebe01a9", 0x0, 0x1}, {0x9, 0x1000, &(0x7f0000000980)="af4bdd39c59784753734d3c7549ff537dfa2613e869975caa44cc7c50c0325ee433f668396cf32973687d7d4151d3e10b29ba26f3965ba11af9c89a42b0d7ad6f73e2e96c6f98f37f93115c6191c8289d613ab466d3d737d0871b8bd677cdaabbafca46130aefb1bb746454a6bd9bf63122d12a81f9c95767a27e96d446076c1e4e595022b5093ebc1b64ecebbe0c6e707fefc48416234090840c53e95ea01bc0ef235241cb9c0b26522b81c1a6b437db48f060d873ba88572d8e1db59d55c44f2036f1a8c279221c169bb1ad33414a0875d3d9dda2e1e78d8db61732d7361f5dfd21c833d594d182da803bb68d961785323960769cbd4fa5f80473e346c3f7d99c46b52529f536b8691196bfdfd3b01d7a0b7de3b3e90665b90755205ffee4dc74e63bbbddfc0adcc73b3e74b7d8ad74175a183165ca9605507fd79c3ecb2db37d11fa12e673cab57af5ee81e3298175f7f82ef7c5265fdc3dbc868153b7c8358dcf5d04425da8bb82374a213b529ebff4511644e51809737a61bf7bdd0048c2159238826145db4e4fc691cc8d5adb9c89ec2be76da3e52dcc72f4cd1c93fd6a347fac396f5584100a7856e19f62818898088e063f96b1bc968443cbbc665119d33aafb2441744e79f0b6cd78076bdfbe4954f42bf825d3a5e215ff8da1d4017846d9f021ad934914224b0dfc0ba249778dc28dfa624de60f05efc4cd670d5799df0ce2430ae466a62ab20440903337044284ac41a9af5137501da22284a2450273e0d6f8f5a5a1b137fdeadf96a6fed7e3e60ec514f59e5a7c663d0f1a781157ba6a3ac09bc4c1570845bc7b6cf6616995755da2b4bf593f29fd3a593d6a48633db9478601c89d3197a21d080b735b25ba1b7c69baef7fd880e981a638a36c2b65c9a73480e9b61e0f7b3114fbe0b627c3c85cede0260c506da1952a43aca5f7f63489b706113883f28d4968545315e94e8e68000a7361b3b865ecebf4a1e3142ee1b88f5f1422610fb3af157a2a773eafdcc997b9b8ee75635dfa2eefc94fc4534b7f45bee4e68af4b0d0df5488db00748f1a5256b79c8ad961e0f7fdc8b13cadb1df47ba15b309c7220a3011e5c2e69fed941deb90563f88060bda9cd5253b745c11d3d4ca70baf26af1d6362429a34010ba05176d7e7d12aa2b5d408b85d1f4662468122d22465d38cf177092cb35eec2d405959624429f477a28bbe98f25d4e8c8fdf52045eb5894fb38953e42e81a1bf4861767232da7e9a71df6583aa98975d85c2967bcf28b6735ff3110e5e2cde8df03dde03ebd1c893e1dc7d717884765f7c42a8c7ebcae56c0c7c25a0c2579e6b1dc1d03d5134c5aa384e4d7abf2df1ed28ddb952b85275b79a214dfa0292592300a0ff64cc97d07707f1a074bd1623703def46e9cebdf7f26d0dca891ed8712c25a8410c0aeb940819a1f2a2c23fb382610ab98b7440f487ad620155131c48d15d9b2d5df1b4d03ddd0952282f6919a11d591390946f5567f13467c936e8f688709f8a77053cff1f792ab389c707c303268986082a1c820a736008a031294826087b6f93c283622063624c82cab42d005dfe9fb3d4ef4a4870b5bf2eed2aa802a72ac46589609fab77fdada41b5c8f114ea2bb8185b2b92c93ec3f5301d90983bec51c8c13958c9764f7742689f4c07a97bc89f384703d804aa142940adfea407ac8384cba7bae9b0fd320abd49dec16db2a4ba356cb66963aef840fd650d5b888c7d5a6eab6ea901b145810b06f3ccc6b1f3c6155c44af1b6c60d12e0f9abe25e40401be0a8c75a9697c81a0882210c9c86cbc94b33c02a9d6ee35137ab2633930830c4b70a9fc336f78032a7f137d1d74eed537eecefc1958fb0d6132d25b31cb8e80af6ca4ef846edd9641e7ba0fae46eddf316403a0d14c1b873911009783881f35ea5c02a817a5feb1c6b0c473c91b9c6902034b4052171ce7afcb98d6eef06f3f3ac655007f24e0812d622ebb53fe3c1d014b00fad1eea4047d81c683f62b57aa362b0556f009ca48c72484b5004e1a740e1f7227e0e7e242785661210c3e12ece1d78e7e01bf94a34e1596c7a1fccdc96f233cb521453c74f2d864d2488419c8e8dc565d865a0632ea87dbe6b7b1f4394cfa13a3a832c22a63d8efd3d0a491328432e583cde343785976749183507083bd6d604d3d6cc488a61a6ed3ece7cc41d0e00ddf878eae9927f39984f114c6af9173cb229e484f192d501243872c6b3a9eb5f53f7c345f46dfc369d63a26392b6b8feccbc060166f84c9f97d693257ae8deaa4853bf17647ab344926a72f20d779faa47d7f37ba4fe38a3dd94c7cf17b8450072911e8399fdd4166aaac802978862f1cd414c5a074f0bdcbb6c54ca5ad70d13df88d7d274075fab1f8eb8f8cda4bfe4bad8cf094cd5b5ba7e43cb647569d4541785e05b00eeeba276600f539503bd67c16895db28275f996c0394e43255f781ef435fc207d29bbca79bd743c3123136e1f9c4a5037507a1f16d3097ab673a5c389f21f752acaafdf984f9944ca79880ae92de10c8325581a7b3e07d43b2a7757104a6f7682d184dcdb8591a101ae864a718d7fceacff354e21116e6f345b001dccd4e4c95a1f201dd9f47af28097e26411abdc058e5579828fba3f27f835f80495353ce1b7f7a6d9c346d5eeec61c9ed4d5b29268ac25d9882572b3b6c4723f6d8ecf73be5cff6075a4e3a51286a534d21810cf69ad1b09c98753a00d9e52b1fa042f15be25baacc79fdb32bd61174720e44a8056052759135810bc577364da762528aa25a7d20ce7000d81f4a5ae885938f7bec5fda869015566f35741691d7fb3a6adee0e5a4b5eabe766c45706073f0e2d9019efef03ec1a5151e735c29695f296692175cd42f2064ed7d88d5e5cda471d562ed812bd0ecd7618526a208060ba9c2855b98bc1fbc780bd0435f672d795686e3695a365724609f598ade05e4d1cb94b2b833db1b06d305a8bc2e6ea3c5ff970f2c330ef3ed7d86ac77b27c6531f5ee545e04ca0b05df2ac2e56696454102f9c488d16679c6aa1217bfcd6fa975db0ac24d7d5ce289971ddacde0124694203b106835e13a8f87b975efde6093c955e153d55e3b86d6beaf656c68d1f6df005960dfab552835ab5462b9c1b5f9adffbbf0b1959b9b3964a2e23f71dacb269a0dda85e5bbfa1becf154a49a6211977bc81acaa040303c9580e8bca33266ebc1dbdece9db05a7b366423dd16ad58006d091a7698b0e82a5131ef6971a7d6f54fbd34ee7203b96cd6ac441ace165d2ca921e350a7a892d1e110b2c1fd1e1e8f685b45fa542e7d590bbb3130bc7e5b637576030d2424af14989dd07c9d4d25801b1bcb023352f1ee0f4dbb1b62f1f796e574c2d9dc13a74387c25026ffbd66931301727ab71f45490db466ec5cbda78fb1787b950dae42ff574c14c54617e136f5aab6c282cc7ef3f8075135cdfddf1b78e996308952ba2f0a7a3a0cd242723ea65a70a94ee0cb4015e5a89b646d672c1be211588684186e0b9a41c483af0355d62545b30e2d1ef264a00e2a6367b2b81ed5f2aa7ced1648553d19bff8e88393a37263eb7b3cd8a6779659cde7c3d2a9dd1cbd3a796929582e623b355188bc9da9726a6ceb2ae5693516a925b7190a2880f218b10f4174b944f6f79e0353aaeca79580bdd738bde8401785c852d41a58f9473c2a9f0a183bd07700a1902f6e3d3c761401fd63e55529b6102da506ac4ee7ae3327d6637256db8dd690002f95686b47624304adff7ea40de9f32e05c91055985c0a37d7dcbd55ddf8c6548a36fd1695e2d6cc65d3a29eb0d6f3cb2ae9accaa762e99e9ed251f9a0c37fa371c2deb38715c93f7d4038b6b7f1ed893774672cfbb975735ae6ab6bd7ca0e31a9af6925e06ae3be004bc38122590e332c25df5f9973c20ff1b7b60f3e6dee3ca9fcd3f32f3e278bb67c9d02cb2df81f8bb1d875f747c22702139655dd02c29fdea2d3023efc688fa19fd5ad901bfdeb4a35bc589923000886634a0b18551aff823fa5355b77fd6c095c60aa999b920114eb26b5c26021fe0875536929d328fab9bfdb33d815d9dafa854fa0f454174fe930dc4757ecadb2e68e3687182081d57bfcfc0c1b9da52b8fcf490320a8a4a75d5c3f8a4f9809eb977ee08f56cee6114c95326c9b93b139b431e779860eb445afedac7419a307fb7b796c3f6f2d7440f0ab05c896aa963b8f8ce29fb4bb26719b07a8527561f2dce6c0c7fb07ddf0aaf0cb88689f757195b8a3f35fd2c427ccd93860e1a176789100ffa31095e89f2615621b89155cf68e8de4afbd61743beb1bc574bc8a5fc87a45e686173cd7ff3b91ca5733e5a096a2f243297cfd78662f060bbeb5149683eda80fab6fee549eadee9f0ce29e4d322e2679c8ea1a42b882b23a5e7b2705f4ea8352b29ec458947a84a78e9819aedb5ed7aeede9c3f7bbebcd629df8f1128f430452b3b1db29a6a00c87d94fb2c3d8d79850c44d303ed79ae0a37dee24ccace69f491440fabeabf8514a03d50a0d7042a87fbef8141f21ba2ba58e79a8c532bb52f0015f7a289fe4b3ed2a23891ba16ae1d1a3224f9cd27bed3f92b3fbbd80faaee668707645bc56070473f0b4b8669fdb6565d4e4fa0bf674012120c5aaad487176f9d1579818b203d64ff5c47842dd64a39d54e788b3ca0fc22dc2ecfefa9461dfdd4f81e118acaefa78fcd2539e45bb7e9c3d09296137b0f9f752ed5b13f0899dae01470ca90fdf6f319f20f75583386b90cdc9fc88cad2cdffa556605c23e5dd890758097f627f852e8db94f91aa6620547dcbbc77202b5d1d86dfdbd5dd716e04caeb86969a8ea065dbf559a130e3daff44ccd914f0d6c9e07373b2cc5f3be25cdca34b3e5ada85d9d9662239b64300f3addb8cbfbfe377ffc5352b0b78b8fbe9e8cc3d1ada7a06d9668f82a02c41a290f6b3927888149034810f36ce87f81858bc43d0724d78ea4bae51a1e910c9f7e988181bed1ab2478ec288bea3fd1dbcf5bca3ca0b588ba66dbcb376e4617958f07fdf0cddc89faf4b6899cb73be56d0e20d815bc9a375148ac36c823a8921447f920ba753b4b3564ced5dc43085068279a31afad45202386196c85ef0cc947cfc80c56ed883483f51d31598885682dc7c26b668229d2ded5614014cefea08959aeb7c94f59b28f442b8ec82c9d791ed389055caf709ea83910226757ec7209aea024251b69da54d567972784649408e49ee996b860390e2ac7ec0a5e1f3d804cd761f5bcef095380001df5a0cbd08f59fb80570064467720f19731189e227a5e5addf8729e83c17feca791ec5a57ff4536c1f5a328410eddfe745e80e66d8bc6588fa1a6b52f1f5d9707bfd888859dd37e447c4133e64b51c99cff9014c7ddcb509dbc58537fe1a201682e63236517bb76ba77ff091b5cad2d4843a36558ffaf331aa54d6b6e308c88681ed7de87089b4f5d8c8fd5bb8264701a6c3630cea6b575d9d26f048532458274075a661438d4d5419de21db5a9735164b5775edf9203063ae6a32325f5bb04313fbe151c9e6e41bcc9440a395a0f0150c8bc785552d2a42bab702a703e2d67e5e3a650765cf9b310fec61950cd6ec7670c8fb7eb5d05c12ea223658d08f8702df1cc9c6d0620b267f9fbe4d76c4c6ba50700573de5c736a747d9132a284f8eef549effb502c6fd0337522b888a1f3f3231a4fa87f7f392045344a084ef060529a11474948349908d3387546d8cbcf3f92b4b4cb894d8b13710783f7b5647b52c4db71b9", 0x2, 0x1}]}) read$FUSE(r2, &(0x7f0000001a80)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000003ac0)={0x50, 0x0, r4, {0x7, 0x29, 0x2, 0x8000101, 0x8ef4, 0x4, 0x1, 0xd33, 0x0, 0x0, 0x80, 0x4}}, 0x50) ioctl$SNDCTL_SEQ_NRSYNTHS(r2, 0x8004510a, &(0x7f0000003b40)) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000003b80)={r2, 0x0, 0x25, 0x4, @val=@perf_event={0x5}}, 0x18) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000003dc0)={0x8c, 0x0, &(0x7f0000003cc0)=[@exit_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000003c00)={@fd={0x66642a85, 0x0, r5}, @fda={0x66646185, 0x3, 0x1, 0x2a}, @ptr={0x70742a85, 0x1, &(0x7f0000003bc0)=""/31, 0x1f, 0x1, 0x29}}, &(0x7f0000003c80)={0x0, 0x18, 0x38}}}, @register_looper, @clear_death={0x400c630f, 0x2}, @acquire_done={0x40106309, 0x3}, @acquire_done={0x40106309, 0x1}, @exit_looper, @register_looper], 0x3d, 0x0, &(0x7f0000003d80)="a2f9ce5dc892672c4f91c530a418f201d190ca19b99aebd270b0516e6f9444799f3117b0f35824173f599124034765bee0b8c9c1963e5c7ee903c0ade0"}) mmap$usbfs(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x300000d, 0x10, r2, 0x9) ioctl$SNDCTL_SEQ_NRSYNTHS(r2, 0x8004510a, &(0x7f0000003e00)) fchmod(r5, 0xc) writev(r0, &(0x7f00000042c0)=[{&(0x7f0000003e40)="7cae3f1fbff76bb7833120d1b840861a1bfa18cf8732ce893e049f9dc48a59a88038148a5e8db1e659ca7a76df326d3e9e847e209ff1558b2d67e91a6092db57f4c125086b72fd4d3ec241d482593c2a5823efa0ce45921c1f9f12501935937a0e15abed7062b47338524a0ec6cefe47192c29677e0a31c6141e064711a14d95c61038f30853536ba1116202ce85db44e9c6b4475f14b932e6cb7b7da5b02ab060151bb9abe1", 0xa6}, {&(0x7f0000003f00)="3b7bdfa4210030f960ad1f5516bf6f850542340b0ddd9cd4b456aa46d64084d7cb46818d7ce810f4a9e4cf1f6628980c098a15509e174f169a701d480411a47ed3be13db615a5418eba8c61d0a4529ddeca36a7d94fe1760e6824e6f41d956b4704fa4f4cc3f531e8a56860ade1431050934b51a3130493964ef12b21580a8c74fd2a76b96d09536893cf4efd62c8d3460c4fe", 0x93}, {&(0x7f0000003fc0)="0e260e2d537e49f364844ce5444c57a55664b4256b2f0ffb4c1c45949d3fcfe1f69f920930594bf8cf376736726707fec9e795916121f88118e64962e04af58021302cf42e4699709d3079ad3d107e73d861fdec24ee77744ce7a531b018793e40e512d133202bc253d158873da5ab41ae28ac00857f29d074f451d4da0cb8c509a1d73cc45cf8108dcc4d98aa615b9fa3cc79", 0x93}, {&(0x7f0000004080)="18660b9d91653254fe2d3a7e633d2949bf9840490061ae2d8ff7a8741ae1d6db28bdda6615121a92c4641a02f9693ed5f46d37f939153fdc1c49ab68e9430dabe8c6e26dc916165501a345e94d7b07957b7f1f743bffc0ff5983e90ab4650a54964a93e5104a0b0698053cc20ee6662d7b904110e5aa4cd08e98d4d0e9d76e5ef33e4de86a6483d0e1fd2205a4d4e4629ac77f7e3c164ddec5e9fdf1b762916228d537d3d604fbfdc0af7f01", 0xac}, {&(0x7f0000004140)="eed2dedbe361bf4112b7341fa5af4c93209b259d0419930ed0ebd6689a86055796ebc4b30e297ab40a55a39763d4b2a079b348e2f3e3a8a17239264fc4d39a71e7339c09c73e609ba80bffde35ca3ebbcf8dbe25abd395a94caef065b4056dd59cff84081d009333b83042170132ab9c3d03f17e0bc47d075f574058bd8fd48db7ecce5015e1f4b63c92f55e7baf19be549463f33d3c6d204dbab81d5fbf9489e4ec6d9eadb44ba4923e1198efcd1d9b6ebe148c29fe514f5f17a999847bd2ad0e663ac967a324256c61ec1e286bd4037072a56e2db44f28e0cfa5f9ba533747b03849f3bd380e58500f341cac5b2a", 0xef}, {&(0x7f0000004240)="cccc88b2f2317e0f0f2361e0ca14a6e2d09c86a57e7091cd55e6083ef010c61b60133ca8609770a6c65a2dd303cbdc1300a9eaea5edf6575423b1dbff235669138e1f8a3c6b983eb4c42296d050cec72827f4929560fa871020de55535bb6a694c8352291faa90292c300b2af984543f2aef9e5910a528", 0x77}], 0x6) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000004380)=@arm64_fp={0x6040000000100090, &(0x7f0000004340)=0x6}) openat$nullb(0xffffffffffffff9c, &(0x7f00000043c0), 0x1, 0x0) r6 = io_uring_setup(0x437b, &(0x7f0000004400)={0x0, 0xdc9, 0x2000, 0x3, 0x33d, 0x0, r2}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x2010, r6, 0x0) mincore(&(0x7f0000ffc000/0x3000)=nil, 0x3000, &(0x7f0000004480)=""/90) 401.804921ms ago: executing program 2 (id=1013): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) munmap(&(0x7f0000003000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000003000/0x3000)=nil, 0x3000) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40286608, 0x0) socket$netlink(0x10, 0x3, 0xa) (async) socket$netlink(0x10, 0x3, 0xa) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) fcntl$dupfd(r0, 0x0, r0) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x6, 0x0, 0x0, 0x1}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) 211.025802ms ago: executing program 4 (id=1015): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x70bd21, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}}, 0x24000004) mkdir(0x0, 0x25) 210.682632ms ago: executing program 2 (id=1016): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x70bd21, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}}, 0x24000004) (fail_nth: 2) mkdir(0x0, 0x25) 209.479533ms ago: executing program 4 (id=1017): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080), &(0x7f0000000180)=r2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r0}, &(0x7f0000000900), &(0x7f0000000940)=r2}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) (async) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000000), &(0x7f0000000040)='%pI4 \x00'}, 0x20) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r4}, 0x4) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000ac0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = socket$alg(0x26, 0x5, 0x0) clock_gettime(0x0, &(0x7f0000000480)) (async) clock_gettime(0x0, &(0x7f0000000480)={0x0, 0x0}) recvmmsg(r6, &(0x7f0000001200)=[{{&(0x7f0000000200)=@phonet, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000740)=""/246, 0xf6}, {&(0x7f00000002c0)=""/13, 0xd}, {&(0x7f0000000840)=""/100, 0x64}, {&(0x7f0000000a40)=""/68, 0x44}], 0x5}, 0x7}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000c40)=""/229, 0xe5}, {&(0x7f0000000d40)=""/221, 0xdd}, {&(0x7f0000000e40)=""/243, 0xf3}, {&(0x7f0000000f40)=""/190, 0xbe}], 0x4}, 0x10001}, {{&(0x7f0000001000)=@x25, 0x80, &(0x7f00000003c0)=[{&(0x7f0000001080)=""/181, 0xb5}], 0x1, &(0x7f0000001140)=""/146, 0x92}, 0x9}], 0x3, 0x40010040, &(0x7f00000008c0)={r7, r8+10000000}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x2f08, 0x10, 0x10, &(0x7f00000006c0)="feffffff00000005", &(0x7f0000000700)=""/8, 0x447, 0x6000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) socket$inet_udp(0x2, 0x2, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x6, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_emit_ethernet(0x8c, &(0x7f00000012c0)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @generic={{0x6, 0x4, 0x3, 0x8, 0x7e, 0x64, 0x0, 0xb5, 0x84, 0x0, @multicast1, @rand_addr=0x64010102, {[@end]}}, "7efca96ee63da5ff70c0b3d5ecc12e0958f7bf8e5f1a7860f98acfa0873f689bc850dea0673a5cbcbed0e57dc508e5b08205b12e711ea810201a365e5a9bf92fc49f364e466465a7cb0bcb70b0f953c0eee7f814b800be274b017616e4ba861571cd5115cdc8"}}}}, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) (async) connect$inet6(r9, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r9, 0x6, 0x1f, &(0x7f0000000540), 0x3c) (async) setsockopt$inet6_tcp_TCP_ULP(r9, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d3025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38) (async) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d3025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38) sendfile(r9, r10, &(0x7f0000000100)=0x6, 0x100000000010001) syz_emit_ethernet(0x69, &(0x7f0000001440)={@remote, @remote, @val={@val={0x88a8, 0x2, 0x1, 0x1}, {0x8100, 0x6, 0x1, 0x2}}, {@llc={0x4, {@llc={0x2b, 0x98, "44c7", "f9487b366894a211ea0d5950dc5a43f9a3f192a7bda415c12701b40c4620c6f8a198be9fbe06453b1345feb04e097185781c59507e130eb781e5b403bf56b56e46330f7f6695cb6754f1676d17158f"}}}}}, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) (async) r11 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) ioctl$DRM_IOCTL_GET_STATS(r11, 0x80f86406, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 208.076762ms ago: executing program 2 (id=1018): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x401}, 0x1c}}, 0x0) getsockopt$sock_buf(r2, 0x1, 0x37, 0x0, &(0x7f0000002480)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000580)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00') ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000001440)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = accept$alg(r6, 0x0, 0x0) write$binfmt_script(r7, &(0x7f0000004180), 0xff77) recvmmsg(r7, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001100)=""/215, 0xd7}], 0x1}, 0xc000000}], 0x1, 0x1143, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000000), 0x4) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c000000100001d1234236e2ba90bc15b09653b84d70630421bd00"/36, @ANYRES32=r5, @ANYBLOB="02800000000000001c00128009000100626f6e64000000000c0002800800030000000000"], 0x3c}}, 0x24000004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdir(0x0, 0x25) 207.80593ms ago: executing program 4 (id=1019): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYRESOCT=r0], 0xa8}, 0x1, 0x0, 0x0, 0x48891}, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000001400)={0x1, "fa02c8098000", 0xffffffffffffffff}) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xe) close_range(r3, r1, 0x2) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r2, 0xffffffffffffffff}) mprotect(&(0x7f000075e000/0x4000)=nil, 0x4000, 0x0) r6 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x121700, 0x19) ioctl$SYNC_IOC_FILE_INFO(r5, 0xc0383e04, &(0x7f00000005c0)={""/32, 0x0, 0x0, 0x6, 0x0, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}]}) r7 = mq_open(&(0x7f0000000140)='{\x00', 0x40, 0x8, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x24, 0x2a, 0xb, 0x70bd2d, 0x0, {0x6}, [@typed={0x4, 0x3}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x59, 0x0, 0x0, @ipv4=@local}]}]}, 0x24}}, 0x0) mq_notify(r7, &(0x7f0000000300)={0x0, 0x2b, 0x1, @thr={0x0, 0x0}}) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)={0x44, r9, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x44}}, 0x0) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r11, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r11, 0x0) preadv(r11, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r11, &(0x7f0000001980)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001940)={&(0x7f0000001900)={0x2c, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x1000}}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2d6d5c008164e674}, 0x5) r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x43, &(0x7f00000019c0)=ANY=[@ANYBLOB="1800000003000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000186300000a00000000000000000000001800000001000000000000002800000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000008520000002000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000ad711000ffffffffbc060000ffffffffb7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70500000800000085000000a50000008520000005000000b7080000000000007b8af8ff00000000b7080000c0ffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=0x1, @ANYBLOB="00009f8ad38ea015000000000000b70500000800007913560085000000a5000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000"], &(0x7f0000000340)='GPL\x00', 0x0, 0x1000, &(0x7f00000008c0)=""/4096, 0x41000, 0x69, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x9, 0x1, 0x8}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000006c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000700)=[{0x4, 0x3, 0x8, 0x4}, {0x1, 0x1, 0x2, 0x1}], 0x10, 0x80000001, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000300)='nmi_noise\x00', r12}, 0x18) sendmsg$DEVLINK_CMD_PORT_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xc8, r10, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x6}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x3}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x41}, 0x80) lsm_get_self_attr(0xf, 0x0, &(0x7f0000000080), 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r6, 0xc0406618, &(0x7f0000000100)={@desc={0x1, 0x0, @desc1}}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000080)={"000c00816800df00", r5}) 163.665857ms ago: executing program 3 (id=1020): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 163.489811ms ago: executing program 0 (id=1021): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xd5) fremovexattr(r0, &(0x7f0000000000)=@random={'security.', '[$(\x00'}) (async) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$sock_int(r1, 0x1, 0xc, &(0x7f0000000000)=0x4806, 0x4) (async) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0) 162.109462ms ago: executing program 3 (id=1022): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001bc0)={'wlan1\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r1, 0x1, 0xfffffffe, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}]}, 0x24}}, 0x8000) (async, rerun: 32) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x1) (async) ioctl$TIOCSRS485(r3, 0x8925, 0x0) 161.729479ms ago: executing program 0 (id=1023): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) (async) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) (async) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'hsr0\x00'}) (async) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'hsr0\x00'}) syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') (async) r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000000)=""/9, 0x2c}], 0x1, 0x5e, 0x0) r5 = dup3(r1, r0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r5, 0xcbff9000) (async) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r5, 0xcbff9000) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000b80)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@redirect_dir_off}], [{@obj_role={'obj_role', 0x3d, 'overlay\x00'}}]}) 78.138056ms ago: executing program 4 (id=1024): clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_settime(0x0, &(0x7f0000000040)={r0, r1+60000000}) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0xc0481, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xb, 0x1}) 1.268617ms ago: executing program 0 (id=1025): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) (async) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) (async) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r4, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) (async) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x3, 0x1d, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0), 0x226000, 0x0) (async) fcntl$setown(r5, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000500)={&(0x7f0000217000/0x3000)=nil, &(0x7f00002d0000/0x1000)=nil, 0x3000, 0x6a83cbac7a70bf20}) (async, rerun: 32) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r2}, 0x57) (async) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/fscaps', 0x1c200, 0x80) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r3, &(0x7f0000000280)="3a455a8020cd8e379c3115fdabee73491fc853bb4b9fb2585ff9dc414153c1b9da24a8d75067104e07e2d3feed217dc0979371369073f21f81b85cfaec95447f4d91c0c2da548fca3bdfef1175350bf930127e4719c45f0140fefa71450bdc530fc5ad410404946facdcdec51d28bc2334451130c4d59e3160", &(0x7f0000000340)=@tcp6=r6, 0x1}, 0x20) 989.973µs ago: executing program 4 (id=1026): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x70bd21, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}}, 0x24000004) mkdir(0x0, 0x25) 748.137µs ago: executing program 3 (id=1027): r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ppoll(&(0x7f0000004f80)=[{r0, 0x17}, {r0, 0x1000}], 0x2, 0x0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000000)) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r4, 0x80184153, &(0x7f0000000540)={0x0, 0x0}) r5 = socket(0x10, 0x803, 0x0) r6 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r7, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c"], 0x48}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x9, &(0x7f0000000680)=ANY=[@ANYBLOB="180800000000000000000000000000008510000005000000850000000f000000a70000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0x40186f40, 0x20000502) preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/100, 0x64}, {&(0x7f00000000c0)=""/32, 0x20}, {&(0x7f0000000100)=""/16, 0x10}, {&(0x7f0000000140)=""/154, 0x9a}, {&(0x7f0000000200)=""/238, 0xee}, {&(0x7f0000000300)=""/77, 0x4d}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/123, 0x7b}], 0x8, 0x7f, 0xcb) r8 = accept4$inet6(r6, &(0x7f0000001480), &(0x7f00000014c0)=0x1c, 0x800) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r5, 0xf503, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = dup(r11) ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b"]) dup(r8) 0s ago: executing program 4 (id=1028): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x70bd21, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}}, 0x24000004) (fail_nth: 3) mkdir(0x0, 0x25) kernel console output (not intermixed with test programs): 357][ T6463] ? fs_reclaim_acquire+0xae/0x150 [ 51.937371][ T6463] should_failslab+0xc2/0x120 [ 51.937381][ T6463] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 51.937390][ T6463] ? __pfx_selinux_socket_create+0x10/0x10 [ 51.937402][ T6463] ? sock_alloc_inode+0x25/0x1c0 [ 51.937415][ T6463] ? __pfx_sock_alloc_inode+0x10/0x10 [ 51.937425][ T6463] sock_alloc_inode+0x25/0x1c0 [ 51.937435][ T6463] alloc_inode+0x5d/0x230 [ 51.937446][ T6463] sock_alloc+0x40/0x280 [ 51.937456][ T6463] __sock_create+0xc1/0x8d0 [ 51.937470][ T6463] __sys_socketpair+0x1d9/0x5a0 [ 51.937483][ T6463] ? __pfx___sys_socketpair+0x10/0x10 [ 51.937495][ T6463] ? fput+0x67/0x440 [ 51.937506][ T6463] ? __pfx_ksys_write+0x10/0x10 [ 51.937521][ T6463] __x64_sys_socketpair+0x96/0x100 [ 51.937534][ T6463] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.937547][ T6463] do_syscall_64+0xcd/0x250 [ 51.937556][ T6463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.937569][ T6463] RIP: 0033:0x7f99b598cda9 [ 51.937577][ T6463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.937585][ T6463] RSP: 002b:00007f99b6745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 51.937594][ T6463] RAX: ffffffffffffffda RBX: 00007f99b5ba6080 RCX: 00007f99b598cda9 [ 51.937599][ T6463] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 51.937604][ T6463] RBP: 00007f99b6745090 R08: 0000000000000000 R09: 0000000000000000 [ 51.937609][ T6463] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 51.937614][ T6463] R13: 0000000000000000 R14: 00007f99b5ba6080 R15: 00007ffe73a476e8 [ 51.937624][ T6463] [ 51.937628][ T6463] socket: no more sockets [ 52.088015][ T6490] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 52.092971][ T6490] netlink: 12 bytes leftover after parsing attributes in process `syz.1.192'. [ 52.097719][ T6490] vlan0: entered promiscuous mode [ 52.169732][ T6498] netlink: 168 bytes leftover after parsing attributes in process `syz.3.194'. [ 52.220083][ T6506] openvswitch: netlink: Key type 29 is not supported [ 52.220140][ T6507] openvswitch: netlink: Key type 29 is not supported [ 52.225928][ T6506] netlink: 12 bytes leftover after parsing attributes in process `syz.3.198'. [ 52.243608][ T6509] ref_ctr going negative. vaddr: 0x20ffc002, curr val: -29824, delta: 1 [ 52.246186][ T6509] ref_ctr increment failed for inode: 0xe1 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888029710000 [ 52.360883][ T6515] FAULT_INJECTION: forcing a failure. [ 52.360883][ T6515] name failslab, interval 1, probability 0, space 0, times 0 [ 52.365425][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz.2.196 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 52.365436][ T6515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.365442][ T6515] Call Trace: [ 52.365445][ T6515] [ 52.365449][ T6515] dump_stack_lvl+0x16c/0x1f0 [ 52.365467][ T6515] should_fail_ex+0x50a/0x650 [ 52.365480][ T6515] ? fs_reclaim_acquire+0xae/0x150 [ 52.365494][ T6515] should_failslab+0xc2/0x120 [ 52.365504][ T6515] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 52.365513][ T6515] ? __pfx_selinux_socket_create+0x10/0x10 [ 52.365525][ T6515] ? sock_alloc_inode+0x25/0x1c0 [ 52.365538][ T6515] ? __pfx_sock_alloc_inode+0x10/0x10 [ 52.365549][ T6515] sock_alloc_inode+0x25/0x1c0 [ 52.365559][ T6515] alloc_inode+0x5d/0x230 [ 52.365575][ T6515] sock_alloc+0x40/0x280 [ 52.365585][ T6515] __sock_create+0xc1/0x8d0 [ 52.365599][ T6515] __sys_socketpair+0x1d9/0x5a0 [ 52.365616][ T6515] ? __pfx___sys_socketpair+0x10/0x10 [ 52.365629][ T6515] ? fput+0x67/0x440 [ 52.365639][ T6515] ? __pfx_ksys_write+0x10/0x10 [ 52.365655][ T6515] __x64_sys_socketpair+0x96/0x100 [ 52.365667][ T6515] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.365680][ T6515] do_syscall_64+0xcd/0x250 [ 52.365689][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.365702][ T6515] RIP: 0033:0x7efd5198cda9 [ 52.365709][ T6515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.365718][ T6515] RSP: 002b:00007efd527ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 52.365726][ T6515] RAX: ffffffffffffffda RBX: 00007efd51ba6080 RCX: 00007efd5198cda9 [ 52.365732][ T6515] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 52.365737][ T6515] RBP: 00007efd527ac090 R08: 0000000000000000 R09: 0000000000000000 [ 52.365741][ T6515] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 52.365746][ T6515] R13: 0000000000000000 R14: 00007efd51ba6080 R15: 00007fff838c8018 [ 52.365757][ T6515] [ 52.365761][ T6515] socket: no more sockets [ 52.543957][ T6542] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6542 comm=syz.0.211 [ 52.760447][ T6562] fuse: Bad value for 'fd' [ 52.978996][ T5948] Bluetooth: hci3: command tx timeout [ 53.058397][ T5948] Bluetooth: hci2: command tx timeout [ 53.348519][ T6539] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 53.350627][ T6539] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 53.359065][ T6539] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 53.362624][ T6539] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 53.364231][ T6539] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 53.367706][ T6539] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 53.371353][ T6539] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 53.373321][ T6539] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 53.376209][ T6539] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 53.380513][ T6539] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 53.382360][ T6539] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 53.384984][ T6539] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 53.425762][ T6571] netlink: 'syz.0.220': attribute type 1 has an invalid length. [ 53.436629][ T6571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.466163][ T6578] netlink: 16 bytes leftover after parsing attributes in process `syz.3.222'. [ 53.488744][ T6578] netlink: 16 bytes leftover after parsing attributes in process `syz.3.222'. [ 53.528781][ T6583] FAULT_INJECTION: forcing a failure. [ 53.528781][ T6583] name failslab, interval 1, probability 0, space 0, times 0 [ 53.538444][ T6583] CPU: 3 UID: 0 PID: 6583 Comm: syz.2.218 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 53.538457][ T6583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.538462][ T6583] Call Trace: [ 53.538478][ T6583] [ 53.538482][ T6583] dump_stack_lvl+0x16c/0x1f0 [ 53.538500][ T6583] should_fail_ex+0x50a/0x650 [ 53.538513][ T6583] ? fs_reclaim_acquire+0xae/0x150 [ 53.538537][ T6583] should_failslab+0xc2/0x120 [ 53.538550][ T6583] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 53.538560][ T6583] ? sk_prot_alloc+0x60/0x2a0 [ 53.538573][ T6583] sk_prot_alloc+0x60/0x2a0 [ 53.538585][ T6583] sk_alloc+0x36/0xb90 [ 53.538594][ T6583] unix_create1+0xa6/0x6c0 [ 53.538604][ T6583] unix_create+0x10e/0x1d0 [ 53.538617][ T6583] __sock_create+0x335/0x8d0 [ 53.538640][ T6583] __sys_socketpair+0x1d9/0x5a0 [ 53.538669][ T6583] ? __pfx___sys_socketpair+0x10/0x10 [ 53.538691][ T6583] ? fput+0x67/0x440 [ 53.538709][ T6583] ? __pfx_ksys_write+0x10/0x10 [ 53.538728][ T6583] __x64_sys_socketpair+0x96/0x100 [ 53.538740][ T6583] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.538753][ T6583] do_syscall_64+0xcd/0x250 [ 53.538762][ T6583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.538775][ T6583] RIP: 0033:0x7efd5198cda9 [ 53.538783][ T6583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.538791][ T6583] RSP: 002b:00007efd527ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 53.538800][ T6583] RAX: ffffffffffffffda RBX: 00007efd51ba6080 RCX: 00007efd5198cda9 [ 53.538805][ T6583] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 53.538810][ T6583] RBP: 00007efd527ac090 R08: 0000000000000000 R09: 0000000000000000 [ 53.538815][ T6583] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 53.538820][ T6583] R13: 0000000000000000 R14: 00007efd51ba6080 R15: 00007fff838c8018 [ 53.538830][ T6583] [ 53.647001][ T6602] netlink: 'syz.2.228': attribute type 1 has an invalid length. [ 53.649366][ T6602] netlink: 224 bytes leftover after parsing attributes in process `syz.2.228'. [ 53.699598][ T6607] openvswitch: netlink: IP tunnel dst address not specified [ 54.050119][ T6636] FAULT_INJECTION: forcing a failure. [ 54.050119][ T6636] name failslab, interval 1, probability 0, space 0, times 0 [ 54.053545][ T6636] CPU: 2 UID: 0 PID: 6636 Comm: syz.3.238 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 54.053557][ T6636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.053563][ T6636] Call Trace: [ 54.053566][ T6636] [ 54.053569][ T6636] dump_stack_lvl+0x16c/0x1f0 [ 54.053599][ T6636] should_fail_ex+0x50a/0x650 [ 54.053618][ T6636] ? fs_reclaim_acquire+0xae/0x150 [ 54.053632][ T6636] ? lsm_blob_alloc+0x68/0x90 [ 54.053645][ T6636] should_failslab+0xc2/0x120 [ 54.053656][ T6636] __kmalloc_noprof+0xcb/0x510 [ 54.053667][ T6636] lsm_blob_alloc+0x68/0x90 [ 54.053681][ T6636] security_sk_alloc+0x30/0x270 [ 54.053697][ T6636] sk_prot_alloc+0xfb/0x2a0 [ 54.053711][ T6636] sk_alloc+0x36/0xb90 [ 54.053720][ T6636] unix_create1+0xa6/0x6c0 [ 54.053730][ T6636] unix_create+0x10e/0x1d0 [ 54.053739][ T6636] __sock_create+0x335/0x8d0 [ 54.053753][ T6636] __sys_socketpair+0x1d9/0x5a0 [ 54.053766][ T6636] ? __pfx___sys_socketpair+0x10/0x10 [ 54.053779][ T6636] ? fput+0x67/0x440 [ 54.053790][ T6636] ? __pfx_ksys_write+0x10/0x10 [ 54.053805][ T6636] __x64_sys_socketpair+0x96/0x100 [ 54.053828][ T6636] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.053843][ T6636] do_syscall_64+0xcd/0x250 [ 54.053863][ T6636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.053877][ T6636] RIP: 0033:0x7fc41d38cda9 [ 54.053885][ T6636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.053893][ T6636] RSP: 002b:00007fc41e120038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 54.053902][ T6636] RAX: ffffffffffffffda RBX: 00007fc41d5a6080 RCX: 00007fc41d38cda9 [ 54.053908][ T6636] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 54.053913][ T6636] RBP: 00007fc41e120090 R08: 0000000000000000 R09: 0000000000000000 [ 54.053918][ T6636] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 54.053923][ T6636] R13: 0000000000000000 R14: 00007fc41d5a6080 R15: 00007ffe3494eae8 [ 54.053934][ T6636] [ 54.116989][ C2] vkms_vblank_simulate: vblank timer overrun [ 54.154378][ T6649] program syz.2.244 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 54.157065][ T6649] ata1.00: invalid command format 0 [ 54.349407][ T6678] input: syz1 as /devices/virtual/input/input6 [ 54.357499][ T5948] Bluetooth: hci1: unexpected event for opcode 0x0c22 [ 54.360605][ T6678] netlink: 'syz.3.254': attribute type 1 has an invalid length. [ 54.373932][ T6678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.380185][ T6678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6678 comm=syz.3.254 [ 54.501852][ T39] kauditd_printk_skb: 119 callbacks suppressed [ 54.501867][ T39] audit: type=1400 audit(1738206229.649:359): avc: denied { read } for pid=6695 comm="syz.0.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 54.504971][ T6692] FAULT_INJECTION: forcing a failure. [ 54.504971][ T6692] name failslab, interval 1, probability 0, space 0, times 0 [ 54.514522][ T6692] CPU: 0 UID: 0 PID: 6692 Comm: syz.2.255 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 54.514535][ T6692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.514540][ T6692] Call Trace: [ 54.514543][ T6692] [ 54.514547][ T6692] dump_stack_lvl+0x16c/0x1f0 [ 54.514574][ T6692] should_fail_ex+0x50a/0x650 [ 54.514590][ T6692] ? fs_reclaim_acquire+0xae/0x150 [ 54.514604][ T6692] should_failslab+0xc2/0x120 [ 54.514614][ T6692] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 54.514624][ T6692] ? __pfx_selinux_socket_create+0x10/0x10 [ 54.514639][ T6692] ? sock_alloc_inode+0x25/0x1c0 [ 54.514652][ T6692] ? __pfx_sock_alloc_inode+0x10/0x10 [ 54.514662][ T6692] sock_alloc_inode+0x25/0x1c0 [ 54.514672][ T6692] alloc_inode+0x5d/0x230 [ 54.514682][ T6692] sock_alloc+0x40/0x280 [ 54.514692][ T6692] __sock_create+0xc1/0x8d0 [ 54.514706][ T6692] __sys_socketpair+0x25d/0x5a0 [ 54.514719][ T6692] ? __pfx___sys_socketpair+0x10/0x10 [ 54.514731][ T6692] ? fput+0x67/0x440 [ 54.514742][ T6692] ? __pfx_ksys_write+0x10/0x10 [ 54.514757][ T6692] __x64_sys_socketpair+0x96/0x100 [ 54.514769][ T6692] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.514783][ T6692] do_syscall_64+0xcd/0x250 [ 54.514792][ T6692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.514804][ T6692] RIP: 0033:0x7efd5198cda9 [ 54.514812][ T6692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.514820][ T6692] RSP: 002b:00007efd527ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 54.514829][ T6692] RAX: ffffffffffffffda RBX: 00007efd51ba6080 RCX: 00007efd5198cda9 [ 54.514834][ T6692] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 54.514839][ T6692] RBP: 00007efd527ac090 R08: 0000000000000000 R09: 0000000000000000 [ 54.514844][ T6692] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 54.514849][ T6692] R13: 0000000000000000 R14: 00007efd51ba6080 R15: 00007fff838c8018 [ 54.514859][ T6692] [ 54.514864][ T6692] socket: no more sockets [ 54.554003][ T39] audit: type=1400 audit(1738206229.699:360): avc: denied { write } for pid=6695 comm="syz.0.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 54.554873][ T6704] tipc: Enabling of bearer rejected, failed to enable media [ 54.588382][ T39] audit: type=1400 audit(1738206229.699:361): avc: denied { getopt } for pid=6695 comm="syz.0.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 54.603599][ T6711] binder: BINDER_SET_CONTEXT_MGR already set [ 54.605486][ T6711] binder: 6710:6711 ioctl 4018620d 20000040 returned -16 [ 54.659281][ T5948] Bluetooth: hci0: command 0x0c1a tx timeout [ 54.665145][ T39] audit: type=1400 audit(1738206229.809:362): avc: denied { bind } for pid=6718 comm="syz.2.269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 54.676575][ T39] audit: type=1400 audit(1738206229.809:363): avc: denied { name_bind } for pid=6718 comm="syz.2.269" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 54.683044][ T39] audit: type=1400 audit(1738206229.809:364): avc: denied { node_bind } for pid=6718 comm="syz.2.269" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 54.689048][ T39] audit: type=1400 audit(1738206229.809:365): avc: denied { connect } for pid=6718 comm="syz.2.269" lport=512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 54.800613][ T6726] warning: `syz.3.268' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 54.879714][ T39] audit: type=1400 audit(1738206230.029:366): avc: denied { read } for pid=6727 comm="syz.3.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.888783][ T39] audit: type=1400 audit(1738206230.039:367): avc: denied { search } for pid=5331 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 55.072710][ T6731] FAULT_INJECTION: forcing a failure. [ 55.072710][ T6731] name failslab, interval 1, probability 0, space 0, times 0 [ 55.076561][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.3.274 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 55.076574][ T6731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.076580][ T6731] Call Trace: [ 55.076583][ T6731] [ 55.076587][ T6731] dump_stack_lvl+0x16c/0x1f0 [ 55.076611][ T6731] should_fail_ex+0x50a/0x650 [ 55.076624][ T6731] ? fs_reclaim_acquire+0xae/0x150 [ 55.076638][ T6731] should_failslab+0xc2/0x120 [ 55.076648][ T6731] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 55.076658][ T6731] ? security_inode_alloc+0x3b/0x2b0 [ 55.076670][ T6731] security_inode_alloc+0x3b/0x2b0 [ 55.076680][ T6731] inode_init_always_gfp+0xce4/0x1030 [ 55.076690][ T6731] alloc_inode+0x82/0x230 [ 55.076700][ T6731] sock_alloc+0x40/0x280 [ 55.076712][ T6731] __sock_create+0xc1/0x8d0 [ 55.076727][ T6731] __sys_socketpair+0x25d/0x5a0 [ 55.076740][ T6731] ? __pfx___sys_socketpair+0x10/0x10 [ 55.076752][ T6731] ? fput+0x67/0x440 [ 55.076763][ T6731] ? __pfx_ksys_write+0x10/0x10 [ 55.076778][ T6731] __x64_sys_socketpair+0x96/0x100 [ 55.076790][ T6731] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.076804][ T6731] do_syscall_64+0xcd/0x250 [ 55.076812][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.076825][ T6731] RIP: 0033:0x7fc41d38cda9 [ 55.076833][ T6731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.076841][ T6731] RSP: 002b:00007fc41e120038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 55.076851][ T6731] RAX: ffffffffffffffda RBX: 00007fc41d5a6080 RCX: 00007fc41d38cda9 [ 55.076858][ T6731] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 55.076863][ T6731] RBP: 00007fc41e120090 R08: 0000000000000000 R09: 0000000000000000 [ 55.076868][ T6731] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 55.076872][ T6731] R13: 0000000000000000 R14: 00007fc41d5a6080 R15: 00007ffe3494eae8 [ 55.076883][ T6731] [ 55.076898][ T6731] socket: no more sockets [ 55.173455][ T39] audit: type=1400 audit(1738206230.319:368): avc: denied { getopt } for pid=6732 comm="syz.3.275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 55.302929][ T6736] binder: BINDER_SET_CONTEXT_MGR already set [ 55.304982][ T6736] binder: 6735:6736 ioctl 4018620d 20000040 returned -16 [ 55.388363][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout [ 55.398809][ T6697] syz.0.260 (6697) used greatest stack depth: 21024 bytes left [ 55.468380][ T5948] Bluetooth: hci3: command 0x0c1a tx timeout [ 55.551192][ T6725] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 55.563041][ T6751] capability: warning: `syz.3.281' uses deprecated v2 capabilities in a way that may be insecure [ 55.666276][ T6767] binder: BINDER_SET_CONTEXT_MGR already set [ 55.669809][ T6767] binder: 6766:6767 ioctl 4018620d 20000040 returned -16 [ 55.772994][ T6774] FAULT_INJECTION: forcing a failure. [ 55.772994][ T6774] name failslab, interval 1, probability 0, space 0, times 0 [ 55.776603][ T6774] CPU: 0 UID: 0 PID: 6774 Comm: syz.1.284 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 55.776614][ T6774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.776620][ T6774] Call Trace: [ 55.776623][ T6774] [ 55.776627][ T6774] dump_stack_lvl+0x16c/0x1f0 [ 55.776645][ T6774] should_fail_ex+0x50a/0x650 [ 55.776657][ T6774] ? fs_reclaim_acquire+0xae/0x150 [ 55.776671][ T6774] should_failslab+0xc2/0x120 [ 55.776681][ T6774] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 55.776691][ T6774] ? security_inode_alloc+0x3b/0x2b0 [ 55.776702][ T6774] security_inode_alloc+0x3b/0x2b0 [ 55.776712][ T6774] inode_init_always_gfp+0xce4/0x1030 [ 55.776722][ T6774] alloc_inode+0x82/0x230 [ 55.776732][ T6774] sock_alloc+0x40/0x280 [ 55.776743][ T6774] __sock_create+0xc1/0x8d0 [ 55.776757][ T6774] __sys_socketpair+0x25d/0x5a0 [ 55.776770][ T6774] ? __pfx___sys_socketpair+0x10/0x10 [ 55.776782][ T6774] ? fput+0x67/0x440 [ 55.776793][ T6774] ? __pfx_ksys_write+0x10/0x10 [ 55.776808][ T6774] __x64_sys_socketpair+0x96/0x100 [ 55.776820][ T6774] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.776833][ T6774] do_syscall_64+0xcd/0x250 [ 55.776842][ T6774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.776855][ T6774] RIP: 0033:0x7f99b598cda9 [ 55.776862][ T6774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.776875][ T6774] RSP: 002b:00007f99b6745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 55.776884][ T6774] RAX: ffffffffffffffda RBX: 00007f99b5ba6080 RCX: 00007f99b598cda9 [ 55.776890][ T6774] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 55.776894][ T6774] RBP: 00007f99b6745090 R08: 0000000000000000 R09: 0000000000000000 [ 55.776899][ T6774] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 55.776904][ T6774] R13: 0000000000000000 R14: 00007f99b5ba6080 R15: 00007ffe73a476e8 [ 55.776915][ T6774] [ 55.776924][ T6774] socket: no more sockets [ 55.869116][ T6791] 9pnet_virtio: no channels available for device [ 55.934859][ T6803] FAULT_INJECTION: forcing a failure. [ 55.934859][ T6803] name failslab, interval 1, probability 0, space 0, times 0 [ 55.939056][ T6803] CPU: 0 UID: 0 PID: 6803 Comm: syz.0.299 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 55.939068][ T6803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.939074][ T6803] Call Trace: [ 55.939077][ T6803] [ 55.939080][ T6803] dump_stack_lvl+0x16c/0x1f0 [ 55.939098][ T6803] should_fail_ex+0x50a/0x650 [ 55.939111][ T6803] ? fs_reclaim_acquire+0xae/0x150 [ 55.939124][ T6803] should_failslab+0xc2/0x120 [ 55.939134][ T6803] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 55.939143][ T6803] ? __pfx_tcp_current_mss+0x10/0x10 [ 55.939155][ T6803] ? __alloc_skb+0x2b1/0x380 [ 55.939166][ T6803] __alloc_skb+0x2b1/0x380 [ 55.939174][ T6803] ? __pfx___alloc_skb+0x10/0x10 [ 55.939185][ T6803] ? hlock_class+0x4e/0x130 [ 55.939196][ T6803] tcp_stream_alloc_skb+0x34/0x570 [ 55.939207][ T6803] tcp_sendmsg_locked+0xf13/0x37c0 [ 55.939219][ T6803] ? __pfx___lock_acquire+0x10/0x10 [ 55.939232][ T6803] ? __pfx_avc_has_perm+0x10/0x10 [ 55.939249][ T6803] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 55.939261][ T6803] ? tcp_sendmsg+0x20/0x50 [ 55.939270][ T6803] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 55.939280][ T6803] ? mark_held_locks+0x9f/0xe0 [ 55.939292][ T6803] ? __local_bh_enable_ip+0xa4/0x120 [ 55.939306][ T6803] tcp_sendmsg+0x2e/0x50 [ 55.939315][ T6803] ? __pfx_tcp_sendmsg+0x10/0x10 [ 55.939325][ T6803] inet_sendmsg+0xb9/0x140 [ 55.939336][ T6803] __sys_sendto+0x42a/0x4f0 [ 55.939344][ T6803] ? __pfx___sys_sendto+0x10/0x10 [ 55.939362][ T6803] ? ksys_write+0x1ba/0x250 [ 55.939375][ T6803] ? __pfx_ksys_write+0x10/0x10 [ 55.939390][ T6803] __x64_sys_sendto+0xe0/0x1c0 [ 55.939397][ T6803] ? do_syscall_64+0x91/0x250 [ 55.939405][ T6803] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.939418][ T6803] do_syscall_64+0xcd/0x250 [ 55.939427][ T6803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.939439][ T6803] RIP: 0033:0x7f8bf678cda9 [ 55.939447][ T6803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.939455][ T6803] RSP: 002b:00007f8bf76a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 55.939464][ T6803] RAX: ffffffffffffffda RBX: 00007f8bf69a5fa0 RCX: 00007f8bf678cda9 [ 55.939469][ T6803] RDX: 0000000000000007 RSI: 00000000200004c0 RDI: 0000000000000003 [ 55.939474][ T6803] RBP: 00007f8bf76a8090 R08: 0000000000000000 R09: 0000000000000000 [ 55.939479][ T6803] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001 [ 55.939484][ T6803] R13: 0000000000000000 R14: 00007f8bf69a5fa0 R15: 00007ffcd7717cc8 [ 55.939495][ T6803] [ 56.288747][ T6826] FAULT_INJECTION: forcing a failure. [ 56.288747][ T6826] name failslab, interval 1, probability 0, space 0, times 0 [ 56.292912][ T6826] CPU: 3 UID: 0 PID: 6826 Comm: syz.3.305 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 56.292925][ T6826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.292930][ T6826] Call Trace: [ 56.292934][ T6826] [ 56.292938][ T6826] dump_stack_lvl+0x16c/0x1f0 [ 56.292967][ T6826] should_fail_ex+0x50a/0x650 [ 56.292985][ T6826] ? fs_reclaim_acquire+0xae/0x150 [ 56.292999][ T6826] should_failslab+0xc2/0x120 [ 56.293010][ T6826] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 56.293019][ T6826] ? sk_prot_alloc+0x60/0x2a0 [ 56.293033][ T6826] sk_prot_alloc+0x60/0x2a0 [ 56.293050][ T6826] sk_alloc+0x36/0xb90 [ 56.293065][ T6826] unix_create1+0xa6/0x6c0 [ 56.293081][ T6826] unix_create+0x10e/0x1d0 [ 56.293096][ T6826] __sock_create+0x335/0x8d0 [ 56.293120][ T6826] __sys_socketpair+0x25d/0x5a0 [ 56.293141][ T6826] ? __pfx___sys_socketpair+0x10/0x10 [ 56.293153][ T6826] ? fput+0x67/0x440 [ 56.293164][ T6826] ? __pfx_ksys_write+0x10/0x10 [ 56.293179][ T6826] __x64_sys_socketpair+0x96/0x100 [ 56.293192][ T6826] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.293205][ T6826] do_syscall_64+0xcd/0x250 [ 56.293214][ T6826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.293227][ T6826] RIP: 0033:0x7fc41d38cda9 [ 56.293235][ T6826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.293244][ T6826] RSP: 002b:00007fc41e120038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 56.293253][ T6826] RAX: ffffffffffffffda RBX: 00007fc41d5a6080 RCX: 00007fc41d38cda9 [ 56.293259][ T6826] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 56.293263][ T6826] RBP: 00007fc41e120090 R08: 0000000000000000 R09: 0000000000000000 [ 56.293268][ T6826] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 56.293273][ T6826] R13: 0000000000000000 R14: 00007fc41d5a6080 R15: 00007ffe3494eae8 [ 56.293284][ T6826] [ 56.505771][ T6853] efs: device does not support 512 byte blocks [ 56.507765][ T6853] device does not support 512 byte blocks [ 56.507765][ T6853] [ 56.695844][ T6862] __nla_validate_parse: 5 callbacks suppressed [ 56.695854][ T6862] netlink: 24 bytes leftover after parsing attributes in process `syz.0.321'. [ 56.738804][ T6865] FAULT_INJECTION: forcing a failure. [ 56.738804][ T6865] name failslab, interval 1, probability 0, space 0, times 0 [ 56.742957][ T6865] CPU: 1 UID: 0 PID: 6865 Comm: syz.1.320 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 56.742970][ T6865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.742975][ T6865] Call Trace: [ 56.742978][ T6865] [ 56.742981][ T6865] dump_stack_lvl+0x16c/0x1f0 [ 56.742999][ T6865] should_fail_ex+0x50a/0x650 [ 56.743012][ T6865] ? fs_reclaim_acquire+0xae/0x150 [ 56.743026][ T6865] should_failslab+0xc2/0x120 [ 56.743036][ T6865] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 56.743046][ T6865] ? __d_alloc+0x31/0xaa0 [ 56.743057][ T6865] __d_alloc+0x31/0xaa0 [ 56.743081][ T6865] d_alloc_pseudo+0x1c/0xc0 [ 56.743092][ T6865] alloc_file_pseudo+0xdc/0x210 [ 56.743103][ T6865] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 56.743114][ T6865] ? bpf_lsm_socket_post_create+0x9/0x10 [ 56.743131][ T6865] sock_alloc_file+0x50/0x1d0 [ 56.743143][ T6865] __sys_socketpair+0x31d/0x5a0 [ 56.743157][ T6865] ? __pfx___sys_socketpair+0x10/0x10 [ 56.743169][ T6865] ? fput+0x67/0x440 [ 56.743179][ T6865] ? __pfx_ksys_write+0x10/0x10 [ 56.743194][ T6865] __x64_sys_socketpair+0x96/0x100 [ 56.743206][ T6865] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.743220][ T6865] do_syscall_64+0xcd/0x250 [ 56.743228][ T6865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.743242][ T6865] RIP: 0033:0x7f99b598cda9 [ 56.743249][ T6865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.743258][ T6865] RSP: 002b:00007f99b6745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 56.743267][ T6865] RAX: ffffffffffffffda RBX: 00007f99b5ba6080 RCX: 00007f99b598cda9 [ 56.743272][ T6865] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 56.743277][ T6865] RBP: 00007f99b6745090 R08: 0000000000000000 R09: 0000000000000000 [ 56.743282][ T6865] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 56.743287][ T6865] R13: 0000000000000000 R14: 00007f99b5ba6080 R15: 00007ffe73a476e8 [ 56.743297][ T6865] [ 56.768965][ T6868] ebtables: ebtables: counters copy to user failed while replacing table [ 56.832708][ T6873] ebtables: ebtables: counters copy to user failed while replacing table [ 56.837149][ T6868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 56.841032][ T6868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 56.961997][ T6880] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.093988][ T6882] kvm: pic: non byte write [ 57.290344][ T6885] binder: BINDER_SET_CONTEXT_MGR already set [ 57.292404][ T6885] binder: 6884:6885 ioctl 4018620d 20000040 returned -16 [ 57.373690][ T6889] FAULT_INJECTION: forcing a failure. [ 57.373690][ T6889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.377648][ T6889] CPU: 1 UID: 0 PID: 6889 Comm: syz.0.329 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 57.377660][ T6889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.377666][ T6889] Call Trace: [ 57.377669][ T6889] [ 57.377672][ T6889] dump_stack_lvl+0x16c/0x1f0 [ 57.377700][ T6889] should_fail_ex+0x50a/0x650 [ 57.377720][ T6889] _copy_from_iter+0x2a1/0x1560 [ 57.377735][ T6889] ? trace_lock_acquire+0x14e/0x1f0 [ 57.377745][ T6889] ? __alloc_skb+0x1fe/0x380 [ 57.377756][ T6889] ? __pfx__copy_from_iter+0x10/0x10 [ 57.377768][ T6889] ? __virt_addr_valid+0x1a4/0x590 [ 57.377779][ T6889] ? __virt_addr_valid+0x5e/0x590 [ 57.377787][ T6889] ? __phys_addr+0xc6/0x150 [ 57.377795][ T6889] ? __phys_addr_symbol+0x30/0x80 [ 57.377803][ T6889] ? __check_object_size+0x488/0x710 [ 57.377815][ T6889] tcp_sendmsg_locked+0x1979/0x37c0 [ 57.377837][ T6889] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 57.377848][ T6889] ? tcp_sendmsg+0x20/0x50 [ 57.377858][ T6889] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 57.377868][ T6889] ? mark_held_locks+0x9f/0xe0 [ 57.377880][ T6889] ? __local_bh_enable_ip+0xa4/0x120 [ 57.377895][ T6889] tcp_sendmsg+0x2e/0x50 [ 57.377904][ T6889] ? __pfx_tcp_sendmsg+0x10/0x10 [ 57.377914][ T6889] inet_sendmsg+0xb9/0x140 [ 57.377925][ T6889] __sys_sendto+0x42a/0x4f0 [ 57.377934][ T6889] ? __pfx___sys_sendto+0x10/0x10 [ 57.377951][ T6889] ? ksys_write+0x1ba/0x250 [ 57.377965][ T6889] ? __pfx_ksys_write+0x10/0x10 [ 57.377979][ T6889] __x64_sys_sendto+0xe0/0x1c0 [ 57.377987][ T6889] ? do_syscall_64+0x91/0x250 [ 57.377995][ T6889] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.378008][ T6889] do_syscall_64+0xcd/0x250 [ 57.378018][ T6889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.378031][ T6889] RIP: 0033:0x7f8bf678cda9 [ 57.378039][ T6889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.378047][ T6889] RSP: 002b:00007f8bf76a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.378057][ T6889] RAX: ffffffffffffffda RBX: 00007f8bf69a5fa0 RCX: 00007f8bf678cda9 [ 57.378062][ T6889] RDX: 0000000000000007 RSI: 00000000200004c0 RDI: 0000000000000003 [ 57.378067][ T6889] RBP: 00007f8bf76a8090 R08: 0000000000000000 R09: 0000000000000000 [ 57.378072][ T6889] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001 [ 57.378077][ T6889] R13: 0000000000000000 R14: 00007f8bf69a5fa0 R15: 00007ffcd7717cc8 [ 57.378087][ T6889] [ 57.459323][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout [ 57.548422][ T5948] Bluetooth: hci3: command 0x0c1a tx timeout [ 57.555886][ T6891] tipc: Can't bind to reserved service type 0 [ 57.573684][ T6891] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=2149952964 (68798494848 ns) > initial count (536870912 ns). Using initial count to start timer. [ 57.660077][ T6904] FAULT_INJECTION: forcing a failure. [ 57.660077][ T6904] name failslab, interval 1, probability 0, space 0, times 0 [ 57.664838][ T6904] CPU: 1 UID: 0 PID: 6904 Comm: syz.0.333 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 57.664855][ T6904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.664864][ T6904] Call Trace: [ 57.664868][ T6904] [ 57.664874][ T6904] dump_stack_lvl+0x16c/0x1f0 [ 57.664901][ T6904] should_fail_ex+0x50a/0x650 [ 57.664922][ T6904] ? fs_reclaim_acquire+0xae/0x150 [ 57.664945][ T6904] should_failslab+0xc2/0x120 [ 57.664962][ T6904] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 57.664978][ T6904] ? alloc_empty_file+0x73/0x1e0 [ 57.664999][ T6904] alloc_empty_file+0x73/0x1e0 [ 57.665018][ T6904] alloc_file_pseudo+0x147/0x210 [ 57.665036][ T6904] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 57.665055][ T6904] ? bpf_lsm_socket_post_create+0x9/0x10 [ 57.665086][ T6904] sock_alloc_file+0x50/0x1d0 [ 57.665107][ T6904] __sys_socketpair+0x31d/0x5a0 [ 57.665132][ T6904] ? __pfx___sys_socketpair+0x10/0x10 [ 57.665154][ T6904] ? fput+0x67/0x440 [ 57.665174][ T6904] ? __pfx_ksys_write+0x10/0x10 [ 57.665203][ T6904] __x64_sys_socketpair+0x96/0x100 [ 57.665227][ T6904] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.665251][ T6904] do_syscall_64+0xcd/0x250 [ 57.665268][ T6904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.665291][ T6904] RIP: 0033:0x7f8bf678cda9 [ 57.665303][ T6904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.665318][ T6904] RSP: 002b:00007f8bf7687038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 57.665333][ T6904] RAX: ffffffffffffffda RBX: 00007f8bf69a6080 RCX: 00007f8bf678cda9 [ 57.665344][ T6904] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 57.665352][ T6904] RBP: 00007f8bf7687090 R08: 0000000000000000 R09: 0000000000000000 [ 57.665362][ T6904] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 57.665371][ T6904] R13: 0000000000000000 R14: 00007f8bf69a6080 R15: 00007ffcd7717cc8 [ 57.665391][ T6904] [ 57.814334][ T6913] binder: BINDER_SET_CONTEXT_MGR already set [ 57.818453][ T6913] binder: 6912:6913 ioctl 4018620d 20000040 returned -16 [ 57.872295][ T6920] FAULT_INJECTION: forcing a failure. [ 57.872295][ T6920] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.876020][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: syz.0.340 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 57.876032][ T6920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.876038][ T6920] Call Trace: [ 57.876042][ T6920] [ 57.876046][ T6920] dump_stack_lvl+0x16c/0x1f0 [ 57.876064][ T6920] should_fail_ex+0x50a/0x650 [ 57.876078][ T6920] _copy_to_user+0x32/0xd0 [ 57.876093][ T6920] simple_read_from_buffer+0xd0/0x160 [ 57.876107][ T6920] proc_fail_nth_read+0x198/0x270 [ 57.876119][ T6920] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 57.876132][ T6920] ? rw_verify_area+0xcf/0x680 [ 57.876144][ T6920] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 57.876156][ T6920] vfs_read+0x1df/0xbf0 [ 57.876169][ T6920] ? __fget_files+0x1fc/0x3a0 [ 57.876177][ T6920] ? __pfx___mutex_lock+0x10/0x10 [ 57.876191][ T6920] ? __pfx_vfs_read+0x10/0x10 [ 57.876206][ T6920] ? __fget_files+0x206/0x3a0 [ 57.876218][ T6920] ksys_read+0x12b/0x250 [ 57.876230][ T6920] ? __pfx_ksys_read+0x10/0x10 [ 57.876246][ T6920] do_syscall_64+0xcd/0x250 [ 57.876256][ T6920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.876268][ T6920] RIP: 0033:0x7f8bf678b7bc [ 57.876276][ T6920] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 57.876284][ T6920] RSP: 002b:00007f8bf76a8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 57.876293][ T6920] RAX: ffffffffffffffda RBX: 00007f8bf69a5fa0 RCX: 00007f8bf678b7bc [ 57.876299][ T6920] RDX: 000000000000000f RSI: 00007f8bf76a80a0 RDI: 0000000000000004 [ 57.876303][ T6920] RBP: 00007f8bf76a8090 R08: 0000000000000000 R09: 0000000000000000 [ 57.876308][ T6920] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001 [ 57.876313][ T6920] R13: 0000000000000000 R14: 00007f8bf69a5fa0 R15: 00007ffcd7717cc8 [ 57.876324][ T6920] [ 58.195833][ T6938] binder: BINDER_SET_CONTEXT_MGR already set [ 58.197642][ T6938] binder: 6937:6938 ioctl 4018620d 20000040 returned -16 [ 58.287018][ T5948] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 58.291212][ T6950] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 58.293952][ T6950] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 58.319485][ T6945] FAULT_INJECTION: forcing a failure. [ 58.319485][ T6945] name failslab, interval 1, probability 0, space 0, times 0 [ 58.324538][ T6945] CPU: 1 UID: 0 PID: 6945 Comm: syz.0.345 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 58.324559][ T6945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.324569][ T6945] Call Trace: [ 58.324574][ T6945] [ 58.324581][ T6945] dump_stack_lvl+0x16c/0x1f0 [ 58.324611][ T6945] should_fail_ex+0x50a/0x650 [ 58.324634][ T6945] ? fs_reclaim_acquire+0xae/0x150 [ 58.324658][ T6945] should_failslab+0xc2/0x120 [ 58.324677][ T6945] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 58.324695][ T6945] ? sk_prot_alloc+0x60/0x2a0 [ 58.324719][ T6945] sk_prot_alloc+0x60/0x2a0 [ 58.324742][ T6945] sk_alloc+0x36/0xb90 [ 58.324760][ T6945] unix_create1+0xa6/0x6c0 [ 58.324778][ T6945] unix_create+0x10e/0x1d0 [ 58.324795][ T6945] __sock_create+0x335/0x8d0 [ 58.324822][ T6945] __sys_socketpair+0x25d/0x5a0 [ 58.324847][ T6945] ? __pfx___sys_socketpair+0x10/0x10 [ 58.324870][ T6945] ? fput+0x67/0x440 [ 58.324892][ T6945] ? __pfx_ksys_write+0x10/0x10 [ 58.324929][ T6945] __x64_sys_socketpair+0x96/0x100 [ 58.324953][ T6945] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.324978][ T6945] do_syscall_64+0xcd/0x250 [ 58.324995][ T6945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.325017][ T6945] RIP: 0033:0x7f8bf678cda9 [ 58.325031][ T6945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.325046][ T6945] RSP: 002b:00007f8bf7687038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 58.325062][ T6945] RAX: ffffffffffffffda RBX: 00007f8bf69a6080 RCX: 00007f8bf678cda9 [ 58.325073][ T6945] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 58.325082][ T6945] RBP: 00007f8bf7687090 R08: 0000000000000000 R09: 0000000000000000 [ 58.325091][ T6945] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 58.325101][ T6945] R13: 0000000000000000 R14: 00007f8bf69a6080 R15: 00007ffcd7717cc8 [ 58.325122][ T6945] [ 58.807104][ T6984] CIFS: iocharset name too long [ 59.081005][ T7002] FAULT_INJECTION: forcing a failure. [ 59.081005][ T7002] name failslab, interval 1, probability 0, space 0, times 0 [ 59.086138][ T7002] CPU: 1 UID: 0 PID: 7002 Comm: syz.1.363 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 59.086159][ T7002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.086169][ T7002] Call Trace: [ 59.086174][ T7002] [ 59.086181][ T7002] dump_stack_lvl+0x16c/0x1f0 [ 59.086227][ T7002] should_fail_ex+0x50a/0x650 [ 59.086257][ T7002] ? fs_reclaim_acquire+0xae/0x150 [ 59.086286][ T7002] should_failslab+0xc2/0x120 [ 59.086305][ T7002] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 59.086323][ T7002] ? lockdep_init_map_type+0x16d/0x7d0 [ 59.086347][ T7002] ? __d_alloc+0x31/0xaa0 [ 59.086368][ T7002] __d_alloc+0x31/0xaa0 [ 59.086385][ T7002] ? file_init_path+0x501/0x770 [ 59.086407][ T7002] d_alloc_pseudo+0x1c/0xc0 [ 59.086429][ T7002] alloc_file_pseudo+0xdc/0x210 [ 59.086450][ T7002] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 59.086470][ T7002] ? bpf_lsm_socket_post_create+0x9/0x10 [ 59.086503][ T7002] sock_alloc_file+0x50/0x1d0 [ 59.086524][ T7002] __sys_socketpair+0x34f/0x5a0 [ 59.086551][ T7002] ? __pfx___sys_socketpair+0x10/0x10 [ 59.086579][ T7002] ? fput+0x67/0x440 [ 59.086600][ T7002] ? __pfx_ksys_write+0x10/0x10 [ 59.086631][ T7002] __x64_sys_socketpair+0x96/0x100 [ 59.086655][ T7002] ? lockdep_hardirqs_on+0x7c/0x110 [ 59.086680][ T7002] do_syscall_64+0xcd/0x250 [ 59.086698][ T7002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.086721][ T7002] RIP: 0033:0x7f99b598cda9 [ 59.086734][ T7002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.086750][ T7002] RSP: 002b:00007f99b6745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 59.086766][ T7002] RAX: ffffffffffffffda RBX: 00007f99b5ba6080 RCX: 00007f99b598cda9 [ 59.086777][ T7002] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 59.086786][ T7002] RBP: 00007f99b6745090 R08: 0000000000000000 R09: 0000000000000000 [ 59.086796][ T7002] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 59.086805][ T7002] R13: 0000000000000000 R14: 00007f99b5ba6080 R15: 00007ffe73a476e8 [ 59.086826][ T7002] [ 59.227246][ T7017] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7017 comm=syz.1.371 [ 59.533952][ T7046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.383'. [ 59.538492][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout [ 59.548720][ T7042] FAULT_INJECTION: forcing a failure. [ 59.548720][ T7042] name failslab, interval 1, probability 0, space 0, times 0 [ 59.558513][ T7042] CPU: 2 UID: 0 PID: 7042 Comm: syz.2.379 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 59.558527][ T7042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.558532][ T7042] Call Trace: [ 59.558535][ T7042] [ 59.558539][ T7042] dump_stack_lvl+0x16c/0x1f0 [ 59.558557][ T7042] should_fail_ex+0x50a/0x650 [ 59.558570][ T7042] ? fs_reclaim_acquire+0xae/0x150 [ 59.558584][ T7042] should_failslab+0xc2/0x120 [ 59.558594][ T7042] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 59.558603][ T7042] ? lockdep_init_map_type+0x16d/0x7d0 [ 59.558616][ T7042] ? __d_alloc+0x31/0xaa0 [ 59.558627][ T7042] __d_alloc+0x31/0xaa0 [ 59.558636][ T7042] ? file_init_path+0x501/0x770 [ 59.558651][ T7042] d_alloc_pseudo+0x1c/0xc0 [ 59.558663][ T7042] alloc_file_pseudo+0xdc/0x210 [ 59.558673][ T7042] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 59.558684][ T7042] ? bpf_lsm_socket_post_create+0x9/0x10 [ 59.558701][ T7042] sock_alloc_file+0x50/0x1d0 [ 59.558712][ T7042] __sys_socketpair+0x34f/0x5a0 [ 59.558726][ T7042] ? __pfx___sys_socketpair+0x10/0x10 [ 59.558738][ T7042] ? fput+0x67/0x440 [ 59.558748][ T7042] ? __pfx_ksys_write+0x10/0x10 [ 59.558763][ T7042] __x64_sys_socketpair+0x96/0x100 [ 59.558775][ T7042] ? lockdep_hardirqs_on+0x7c/0x110 [ 59.558788][ T7042] do_syscall_64+0xcd/0x250 [ 59.558797][ T7042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.558811][ T7042] RIP: 0033:0x7efd5198cda9 [ 59.558818][ T7042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.558826][ T7042] RSP: 002b:00007efd527ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 59.558835][ T7042] RAX: ffffffffffffffda RBX: 00007efd51ba6080 RCX: 00007efd5198cda9 [ 59.558840][ T7042] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 59.558845][ T7042] RBP: 00007efd527ac090 R08: 0000000000000000 R09: 0000000000000000 [ 59.558850][ T7042] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 59.558855][ T7042] R13: 0000000000000000 R14: 00007efd51ba6080 R15: 00007fff838c8018 [ 59.558865][ T7042] [ 59.618397][ T5948] Bluetooth: hci3: command 0x0c1a tx timeout [ 59.655888][ T7056] netlink: 12 bytes leftover after parsing attributes in process `syz.2.386'. [ 59.656041][ T39] kauditd_printk_skb: 42 callbacks suppressed [ 59.656050][ T39] audit: type=1400 audit(1738206234.799:411): avc: denied { nlmsg_read } for pid=7055 comm="syz.2.386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 59.700088][ T7063] input: syz1 as /devices/virtual/input/input8 [ 59.741825][ T39] audit: type=1400 audit(1738206234.889:412): avc: denied { append } for pid=7060 comm="syz.1.388" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 59.828455][ T57] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.837451][ T39] audit: type=1326 audit(1738206234.979:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.848453][ T39] audit: type=1326 audit(1738206234.979:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.854942][ T39] audit: type=1326 audit(1738206234.979:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.862037][ T39] audit: type=1326 audit(1738206234.979:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.868567][ T39] audit: type=1326 audit(1738206234.979:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.875330][ T39] audit: type=1326 audit(1738206234.979:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.881993][ T39] audit: type=1326 audit(1738206234.979:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.888485][ T39] audit: type=1326 audit(1738206234.979:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7074 comm="syz.2.392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5198cda9 code=0x50000 [ 59.998389][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 60.002402][ T57] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 60.005052][ T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 60.007925][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 60.012085][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 60.015152][ T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 60.022187][ T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 60.025655][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.236532][ T57] usb 5-1: usb_control_msg returned -32 [ 60.238348][ T57] usbtmc 5-1:16.0: can't read capabilities [ 60.390014][ T7094] FAULT_INJECTION: forcing a failure. [ 60.390014][ T7094] name failslab, interval 1, probability 0, space 0, times 0 [ 60.393609][ T7094] CPU: 1 UID: 0 PID: 7094 Comm: syz.1.395 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 60.393620][ T7094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.393626][ T7094] Call Trace: [ 60.393629][ T7094] [ 60.393632][ T7094] dump_stack_lvl+0x16c/0x1f0 [ 60.393665][ T7094] should_fail_ex+0x50a/0x650 [ 60.393685][ T7094] ? fs_reclaim_acquire+0xae/0x150 [ 60.393698][ T7094] should_failslab+0xc2/0x120 [ 60.393708][ T7094] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 60.393718][ T7094] ? rcu_is_watching+0x12/0xc0 [ 60.393727][ T7094] ? security_file_alloc+0x34/0x2b0 [ 60.393740][ T7094] security_file_alloc+0x34/0x2b0 [ 60.393751][ T7094] init_file+0x93/0x480 [ 60.393762][ T7094] alloc_empty_file+0x91/0x1e0 [ 60.393773][ T7094] alloc_file_pseudo+0x147/0x210 [ 60.393784][ T7094] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 60.393794][ T7094] ? bpf_lsm_socket_post_create+0x9/0x10 [ 60.393812][ T7094] sock_alloc_file+0x50/0x1d0 [ 60.393823][ T7094] __sys_socketpair+0x34f/0x5a0 [ 60.393836][ T7094] ? __pfx___sys_socketpair+0x10/0x10 [ 60.393848][ T7094] ? fput+0x67/0x440 [ 60.393858][ T7094] ? __pfx_ksys_write+0x10/0x10 [ 60.393873][ T7094] __x64_sys_socketpair+0x96/0x100 [ 60.393885][ T7094] ? lockdep_hardirqs_on+0x7c/0x110 [ 60.393898][ T7094] do_syscall_64+0xcd/0x250 [ 60.393907][ T7094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.393920][ T7094] RIP: 0033:0x7f99b598cda9 [ 60.393928][ T7094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.393936][ T7094] RSP: 002b:00007f99b6745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 60.393945][ T7094] RAX: ffffffffffffffda RBX: 00007f99b5ba6080 RCX: 00007f99b598cda9 [ 60.393951][ T7094] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 60.393955][ T7094] RBP: 00007f99b6745090 R08: 0000000000000000 R09: 0000000000000000 [ 60.393960][ T7094] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 60.393965][ T7094] R13: 0000000000000000 R14: 00007f99b5ba6080 R15: 00007ffe73a476e8 [ 60.393976][ T7094] [ 60.587085][ T7103] can0: slcan on ptm0. [ 60.660895][ T7104] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 60.829259][ T57] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 60.891360][ T833] usb 5-1: USB disconnect, device number 2 [ 60.978366][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 60.983634][ T57] usb 6-1: config 0 has no interfaces? [ 60.985711][ T57] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 60.992391][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.999232][ T57] usb 6-1: config 0 descriptor?? [ 61.207862][ T57] usb 6-1: USB disconnect, device number 3 [ 61.289401][ T7103] can0 (unregistered): slcan off ptm0. [ 61.388113][ T7131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.402'. [ 61.435813][ T5941] Bluetooth: hci1: unexpected event for opcode 0x040e [ 61.450838][ T7135] ax25_connect(): syz.3.403 uses autobind, please contact jreuter@yaina.de [ 61.458431][ T7135] netlink: 'syz.3.403': attribute type 12 has an invalid length. [ 61.555161][ T45] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 61.790677][ T7149] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194322 ns). Using initial count to start timer. [ 62.189653][ T7155] FAULT_INJECTION: forcing a failure. [ 62.189653][ T7155] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 62.194716][ T7155] CPU: 0 UID: 0 PID: 7155 Comm: syz.1.407 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 62.194748][ T7155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.194754][ T7155] Call Trace: [ 62.194759][ T7155] [ 62.194765][ T7155] dump_stack_lvl+0x16c/0x1f0 [ 62.194792][ T7155] should_fail_ex+0x50a/0x650 [ 62.194816][ T7155] _copy_to_user+0x32/0xd0 [ 62.194837][ T7155] simple_read_from_buffer+0xd0/0x160 [ 62.194860][ T7155] proc_fail_nth_read+0x198/0x270 [ 62.194881][ T7155] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 62.194902][ T7155] ? rw_verify_area+0xcf/0x680 [ 62.194921][ T7155] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 62.194936][ T7155] vfs_read+0x1df/0xbf0 [ 62.194958][ T7155] ? __fget_files+0x1fc/0x3a0 [ 62.194972][ T7155] ? __pfx___mutex_lock+0x10/0x10 [ 62.194995][ T7155] ? __pfx_vfs_read+0x10/0x10 [ 62.195016][ T7155] ? __fget_files+0x206/0x3a0 [ 62.195036][ T7155] ksys_read+0x12b/0x250 [ 62.195057][ T7155] ? __pfx_ksys_read+0x10/0x10 [ 62.195085][ T7155] do_syscall_64+0xcd/0x250 [ 62.195096][ T7155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.195116][ T7155] RIP: 0033:0x7f99b598b7bc [ 62.195128][ T7155] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 62.195141][ T7155] RSP: 002b:00007f99b6745030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 62.195155][ T7155] RAX: ffffffffffffffda RBX: 00007f99b5ba6080 RCX: 00007f99b598b7bc [ 62.195164][ T7155] RDX: 000000000000000f RSI: 00007f99b67450a0 RDI: 0000000000000003 [ 62.195173][ T7155] RBP: 00007f99b6745090 R08: 0000000000000000 R09: 0000000000000000 [ 62.195179][ T7155] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000002 [ 62.195184][ T7155] R13: 0000000000000000 R14: 00007f99b5ba6080 R15: 00007ffe73a476e8 [ 62.195204][ T7155] [ 62.377033][ T7164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.410'. [ 62.379771][ T7164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.410'. [ 62.382410][ T7164] netlink: 'syz.1.410': attribute type 12 has an invalid length. [ 62.433371][ T7171] netlink: 'syz.1.412': attribute type 1 has an invalid length. [ 62.459667][ T7171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.877007][ T7204] netlink: 'syz.3.421': attribute type 1 has an invalid length. [ 62.883065][ T7204] netlink: 'syz.3.421': attribute type 2 has an invalid length. [ 63.163572][ T7222] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 63.175307][ T7222] hub 6-0:1.0: USB hub found [ 63.177371][ T7222] hub 6-0:1.0: 1 port detected [ 63.220193][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout [ 63.568081][ T7233] ref_ctr going negative. vaddr: 0x20ffc002, curr val: -29824, delta: 1 [ 63.570670][ T7233] ref_ctr increment failed for inode: 0x312 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802376d000 [ 63.683634][ T7240] vxlan0: entered promiscuous mode [ 63.685280][ T7240] vxlan0: entered allmulticast mode [ 63.788653][ T7250] binder: 7249:7250 ioctl 4018620d 0 returned -22 [ 63.964148][ T7266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.443'. [ 64.091515][ T7270] process 'syz.1.440' launched './file0' with NULL argv: empty string added [ 64.097766][ T7270] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=25876 sclass=netlink_xfrm_socket pid=7270 comm=syz.1.440 [ 64.126014][ T7275] netlink: 'syz.3.445': attribute type 1 has an invalid length. [ 64.129502][ T7273] input: syz1 as /devices/virtual/input/input10 [ 64.144235][ T7275] 8021q: adding VLAN 0 to HW filter on device bond1 [ 64.153441][ T7275] bond1: (slave gretap1): making interface the new active one [ 64.156256][ T7275] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 64.319650][ T7300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.448'. [ 64.544205][ T7326] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 64.568248][ T7326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.572206][ T7326] bond0: (slave rose0): Enslaving as an active interface with an up link [ 64.603840][ T7332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.460'. [ 64.609445][ T7332] Invalid logical block size (585) [ 65.033289][ T7359] overlayfs: conflicting lowerdir path [ 65.070123][ T7364] netlink: 184 bytes leftover after parsing attributes in process `syz.3.468'. [ 65.077185][ T7362] vlan0: entered allmulticast mode [ 65.079278][ T7362] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 65.084129][ T7362] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 65.151177][ T7371] netlink: 12 bytes leftover after parsing attributes in process `syz.1.466'. [ 65.205758][ T39] kauditd_printk_skb: 33261 callbacks suppressed [ 65.205774][ T39] audit: type=1400 audit(1738206240.349:33682): avc: denied { read write } for pid=7372 comm="syz.0.470" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 65.214934][ T39] audit: type=1400 audit(1738206240.349:33683): avc: denied { open } for pid=7372 comm="syz.0.470" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 65.245962][ T7375] binder: 7374:7375 ioctl 4018620d 0 returned -22 [ 65.274324][ T7378] xt_bpf: check failed: parse error [ 65.278945][ T7378] netlink: 108 bytes leftover after parsing attributes in process `syz.3.472'. [ 65.557130][ T7406] Cannot find add_set index 0 as target [ 65.565085][ T7406] (syz.2.477,7406,3):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 65.567648][ T7406] (syz.2.477,7406,3):ocfs2_fill_super:1177 ERROR: status = -22 [ 65.963825][ T35] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=35 comm=kworker/3:0 [ 66.001630][ T7410] binder: BINDER_SET_CONTEXT_MGR already set [ 66.003486][ T7410] binder: 7409:7410 ioctl 4018620d 20000040 returned -16 [ 66.094461][ T7415] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7415 comm=syz.1.482 [ 66.100201][ T7415] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=7415 comm=syz.1.482 [ 66.278260][ T7420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.484'. [ 66.348750][ T39] audit: type=1400 audit(1738206241.499:33684): avc: denied { ioctl } for pid=7426 comm="syz.2.486" path="/dev/ptyq9" dev="devtmpfs" ino=136 ioctlcmd=0x4b4e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 66.409151][ T39] audit: type=1400 audit(1738206241.559:33685): avc: denied { bind } for pid=7438 comm="syz.2.489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 66.438609][ T7446] binder: BINDER_SET_CONTEXT_MGR already set [ 66.440440][ T7446] binder: 7444:7446 ioctl 4018620d 20000040 returned -16 [ 66.474870][ T39] audit: type=1400 audit(1738206241.619:33686): avc: denied { setopt } for pid=7447 comm="syz.2.491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 66.480666][ T39] audit: type=1400 audit(1738206241.629:33687): avc: denied { write } for pid=7447 comm="syz.2.491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 66.550037][ T39] audit: type=1400 audit(1738206241.699:33688): avc: denied { getopt } for pid=7452 comm="syz.1.492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 66.556033][ T39] audit: type=1400 audit(1738206241.699:33689): avc: denied { create } for pid=7452 comm="syz.1.492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 66.647201][ T39] audit: type=1400 audit(1738206241.789:33690): avc: denied { write } for pid=7468 comm="syz.2.498" name="ptype" dev="proc" ino=4026533171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 66.669756][ T39] audit: type=1400 audit(1738206241.809:33691): avc: denied { mount } for pid=7474 comm="syz.1.500" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 66.673481][ T7477] ufs: Invalid option: "grpquota" or missing value [ 66.679343][ T7477] ufs: wrong mount options [ 66.719027][ T7479] program syz.1.502 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.797042][ T7496] binder: 7495:7496 ioctl c0306201 0 returned -14 [ 67.004279][ T7539] netlink: 8 bytes leftover after parsing attributes in process `syz.1.516'. [ 67.047725][ T7543] binder: 7542:7543 ioctl c0306201 0 returned -14 [ 67.127149][ T7553] Illegal XDP return value 2546676274 on prog (id 63) dev N/A, expect packet loss! [ 67.202482][ T7563] xt_hashlimit: overflow, rate too high: 0 [ 67.217200][ T7563] xt_hashlimit: overflow, rate too high: 0 [ 67.273468][ T5941] Bluetooth: hci1: unknown advertising packet type: 0x65 [ 67.273506][ T5941] Bluetooth: hci1: Dropping invalid advertising data [ 67.277494][ T5941] Bluetooth: hci1: Dropping invalid advertising data [ 67.280186][ T5941] Bluetooth: hci1: Malformed LE Event: 0x02 [ 67.608158][ T7609] binder: 7608:7609 ioctl c0306201 0 returned -14 [ 67.626648][ T7611] __nla_validate_parse: 2 callbacks suppressed [ 67.626658][ T7611] netlink: 10 bytes leftover after parsing attributes in process `syz.1.531'. [ 67.667139][ T7615] block nbd1: Unsupported socket: shutdown callout must be supported. [ 67.972103][ T7630] syz.1.539: attempt to access beyond end of device [ 67.972103][ T7630] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 67.978516][ T7630] syz.1.539: attempt to access beyond end of device [ 67.978516][ T7630] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 67.982182][ T7630] Mount JFS Failure: -5 [ 67.983647][ T7630] jfs_mount failed w/return code = -5 [ 68.050359][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.052687][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.054821][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.057010][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.061302][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.063435][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.065857][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.067995][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.070634][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.072784][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.074946][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.077085][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.080009][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.082540][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.084709][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.086843][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.089725][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.092042][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.094201][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.096353][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.099576][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.101840][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.104021][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.106164][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.108659][ T832] hid-generic 0008:000F:0002.0002: unknown main item tag 0x0 [ 68.121295][ T832] hid-generic 0008:000F:0002.0002: hidraw1: HID v0.0c Device [syz1] on syz1 [ 68.273127][ T5941] Bluetooth: hci3: Malformed HCI Event [ 68.276156][ T7668] 9pnet_fd: Insufficient options for proto=fd [ 68.308959][ T35] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 68.322082][ T7673] overlay: filesystem on ./bus not supported [ 68.324817][ T7675] netlink: 12 bytes leftover after parsing attributes in process `syz.3.555'. [ 68.326335][ T7675] xfrm1: entered promiscuous mode [ 68.331604][ T7675] xfrm1: entered allmulticast mode [ 68.397338][ T7682] input: syz0 as /devices/virtual/input/input11 [ 68.428512][ T5948] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 68.460682][ T35] usb 7-1: config 0 has no interfaces? [ 68.462384][ T35] usb 7-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 68.465223][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.471065][ T35] usb 7-1: config 0 descriptor?? [ 68.590078][ T7693] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7693 comm=syz.1.561 [ 68.633873][ T7693] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=36 sclass=netlink_tcpdiag_socket pid=7693 comm=syz.1.561 [ 68.653404][ T7693] openvswitch: netlink: Duplicate key (type 32). [ 68.690297][ T7697] syzkaller1: entered promiscuous mode [ 68.692001][ T7697] syzkaller1: entered allmulticast mode [ 68.827553][ T7718] netlink: 16 bytes leftover after parsing attributes in process `syz.0.567'. [ 68.975710][ T7737] kvm: MWAIT instruction emulated as NOP! [ 69.068632][ T7744] netlink: 28 bytes leftover after parsing attributes in process `syz.3.576'. [ 69.072496][ T7744] netlink: 28 bytes leftover after parsing attributes in process `syz.3.576'. [ 69.079619][ T7744] erspan0: entered promiscuous mode [ 69.082222][ T7744] gretap0: entered promiscuous mode [ 69.086220][ T7744] hsr0: Slave A (erspan0) is not up; please bring it up to get a fully working HSR network [ 69.090559][ T7744] hsr0: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network [ 69.278887][ T7753] netlink: 20 bytes leftover after parsing attributes in process `syz.3.580'. [ 69.282212][ T7753] netlink: 48 bytes leftover after parsing attributes in process `syz.3.580'. [ 69.847388][ T7761] ubi0: attaching mtd0 [ 69.851726][ T7761] ubi0: scanning is finished [ 69.853639][ T7761] ubi0: empty MTD device detected [ 69.900412][ T7763] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 69.915902][ T7761] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 69.943111][ T7767] xt_l2tp: v2 doesn't support IP mode [ 70.053174][ T7782] No source specified [ 70.150774][ T7792] IPVS: set_ctl: invalid protocol: 50 0.0.0.0:0 [ 70.300495][ T39] kauditd_printk_skb: 30 callbacks suppressed [ 70.300505][ T39] audit: type=1400 audit(1738206245.449:33722): avc: denied { bind } for pid=7806 comm="syz.0.597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 70.312228][ T7807] netlink: 72 bytes leftover after parsing attributes in process `syz.0.597'. [ 70.345984][ T39] audit: type=1400 audit(1738206245.489:33723): avc: denied { map } for pid=7808 comm="syz.0.598" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 70.432396][ T7816] netlink: 20 bytes leftover after parsing attributes in process `syz.3.599'. [ 70.682550][ T7838] xt_cluster: you have exceeded the maximum number of cluster nodes (4095 > 32) [ 70.687229][ T7838] netlink: 'syz.3.608': attribute type 1 has an invalid length. [ 70.699288][ T7838] 8021q: adding VLAN 0 to HW filter on device bond2 [ 70.774335][ T39] audit: type=1400 audit(1738206245.919:33724): avc: denied { ioctl } for pid=7840 comm="syz.0.609" path="socket:[18438]" dev="sockfs" ino=18438 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 70.889483][ T39] audit: type=1400 audit(1738206246.039:33725): avc: denied { setopt } for pid=7845 comm="syz.0.611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 70.944339][ T39] audit: type=1400 audit(1738206246.089:33726): avc: denied { bind } for pid=7845 comm="syz.0.611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 70.985737][ T1241] Bluetooth: hci4: Frame reassembly failed (-84) [ 71.069244][ T5960] usb 7-1: USB disconnect, device number 3 [ 71.105510][ T39] audit: type=1400 audit(1738206246.249:33727): avc: denied { listen } for pid=7859 comm="syz.3.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 71.106019][ T39] audit: type=1400 audit(1738206246.249:33728): avc: denied { setopt } for pid=7859 comm="syz.3.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 71.300848][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.418921][ T7890] ALSA: mixer_oss: invalid OSS volume '¢' [ 71.500512][ T7905] binder: 7904:7905 ioctl 4018620d 0 returned -22 [ 71.535954][ T39] audit: type=1400 audit(1738206246.679:33729): avc: denied { watch } for pid=7908 comm="syz.2.628" path="/92" dev="tmpfs" ino=511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 71.547770][ T39] audit: type=1400 audit(1738206246.699:33730): avc: denied { watch_sb } for pid=7908 comm="syz.2.628" path="/92" dev="tmpfs" ino=511 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 71.589794][ T7917] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 71.608473][ T39] audit: type=1400 audit(1738206246.759:33731): avc: denied { write } for pid=7916 comm="syz.1.632" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 71.824850][ T7927] netlink: 'syz.2.635': attribute type 1 has an invalid length. [ 71.827209][ T7927] nbd: couldn't find a device at index 20 [ 71.830637][ T7927] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 71.967344][ T7945] binder: 7940:7945 ioctl 4018620d 0 returned -22 [ 72.012994][ T7949] netlink: 256 bytes leftover after parsing attributes in process `syz.2.642'. [ 72.159351][ T5941] Bluetooth: hci3: unexpected event 0x03 length: 17 > 11 [ 72.346360][ T7982] 9pnet_virtio: no channels available for device syz [ 72.863220][ T7985] __nla_validate_parse: 2 callbacks suppressed [ 72.863235][ T7985] netlink: 48 bytes leftover after parsing attributes in process `syz.3.656'. [ 72.869501][ T7985] netlink: 28 bytes leftover after parsing attributes in process `syz.3.656'. [ 72.877881][ T7985] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 73.038707][ T7992] fuse: Bad value for 'group_id' [ 73.040694][ T7992] fuse: Bad value for 'group_id' [ 73.050630][ T7990] syzkaller0: entered promiscuous mode [ 73.052248][ T7990] syzkaller0: entered allmulticast mode [ 73.056300][ T7990] 9pnet_virtio: no channels available for device [ 73.058473][ T5941] Bluetooth: hci4: command 0xfc11 tx timeout [ 73.061904][ T5948] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 73.105245][ T7997] binder: 7996:7997 ioctl c0306201 0 returned -14 [ 73.137691][ T8000] netlink: 'syz.0.662': attribute type 10 has an invalid length. [ 73.141941][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.662'. [ 73.145200][ T8000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.662'. [ 73.148930][ T8000] netlink: 'syz.0.662': attribute type 5 has an invalid length. [ 73.705964][ T8010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.665'. [ 73.967062][ T8019] netlink: 'syz.3.666': attribute type 1 has an invalid length. [ 73.970671][ T8019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.666'. [ 74.105099][ T8016] erspan0: default FDB implementation only supports local addresses [ 74.178393][ T5948] Bluetooth: hci3: command 0x0c1a tx timeout [ 74.270728][ T8048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.673'. [ 74.316054][ T8060] netlink: 32 bytes leftover after parsing attributes in process `syz.1.682'. [ 74.373955][ T8076] netlink: 32 bytes leftover after parsing attributes in process `syz.2.686'. [ 74.380039][ T8076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.686'. [ 74.730980][ T8104] lo: entered promiscuous mode [ 74.733002][ T8104] overlay: ./bus is not a directory [ 74.827267][ T8119] program syz.3.698 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 75.075540][ T8133] openvswitch: netlink: Tunnel attr 6 has unexpected len 16 expected 0 [ 75.146999][ T5941] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.155291][ T5941] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.163409][ T5941] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.167094][ T5941] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.170105][ T5941] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 75.172764][ T5941] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.244785][ T8143] syz.0.705: attempt to access beyond end of device [ 75.244785][ T8143] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 75.250788][ T1241] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.253067][ T8143] (syz.0.705,8143,3):ocfs2_get_sector:1714 ERROR: status = -5 [ 75.254569][ T1241] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.255230][ T8143] (syz.0.705,8143,3):ocfs2_sb_probe:753 ERROR: status = -5 [ 75.260260][ T8143] (syz.0.705,8143,3):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 75.260273][ T8143] (syz.0.705,8143,3):ocfs2_fill_super:1177 ERROR: status = -5 [ 75.273159][ T8144] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 75.276329][ T1241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.279233][ T1241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.319338][ T8153] program syz.2.708 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 75.322741][ T8153] netlink: 'syz.2.708': attribute type 1 has an invalid length. [ 75.355930][ T8160] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 75.361071][ T8160] bond0: (slave macvlan0): Opening slave failed [ 75.377152][ T8163] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 75.380643][ T8163] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 75.383488][ T8167] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 75.386121][ T8167] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 75.432799][ T8173] syz.3.712: attempt to access beyond end of device [ 75.432799][ T8173] loop3: rw=0, sector=1, nr_sectors = 1 limit=0 [ 75.436843][ T8173] VFS: could not find a valid V7 on loop3. [ 75.496270][ T39] kauditd_printk_skb: 86 callbacks suppressed [ 75.496284][ T39] audit: type=1400 audit(75.354:33818): avc: denied { module_request } for pid=8182 comm="syz.4.714" kmod="netdev-team0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 75.501730][ T8187] netlink: 'syz.2.716': attribute type 21 has an invalid length. [ 75.635547][ T39] audit: type=1400 audit(75.494:33819): avc: denied { getopt } for pid=8201 comm="syz.0.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 75.642490][ T8206] netlink: 'syz.4.720': attribute type 29 has an invalid length. [ 75.651982][ T8206] netlink: 'syz.4.720': attribute type 29 has an invalid length. [ 75.654529][ T8206] unsupported nla_type 58 [ 75.680173][ T35] IPVS: starting estimator thread 0... [ 75.701490][ T8216] IPVS: set_ctl: invalid protocol: 50 0.0.0.0:0 [ 75.751219][ T8218] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 75.778847][ T8214] IPVS: using max 38 ests per chain, 91200 per kthread [ 75.818336][ T39] audit: type=1400 audit(75.674:33820): avc: denied { setopt } for pid=8235 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 75.824535][ T39] audit: type=1400 audit(75.674:33821): avc: denied { write } for pid=8235 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 75.949445][ T8195] netlink: 'syz.3.718': attribute type 29 has an invalid length. [ 75.952906][ T8195] netlink: 'syz.3.718': attribute type 29 has an invalid length. [ 75.966081][ T8248] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=8248 comm=syz.4.730 [ 76.132703][ T5941] Bluetooth: hci1: unknown advertising packet type: 0x65 [ 76.519499][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.525842][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.558194][ T39] audit: type=1400 audit(76.414:33822): avc: denied { audit_write } for pid=8270 comm="syz.0.739" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 76.560906][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.569399][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.573003][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.576461][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.579926][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.583326][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 76.586926][ T8271] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8271 comm=syz.0.739 [ 77.068488][ T35] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 77.220755][ T35] usb 9-1: Using ep0 maxpacket: 16 [ 77.220772][ T5941] Bluetooth: hci4: command tx timeout [ 77.223365][ T35] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.227502][ T35] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.230361][ T35] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 77.234035][ T35] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 77.236620][ T35] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.245153][ T35] usb 9-1: config 0 descriptor?? [ 77.320598][ T39] audit: type=1800 audit(77.184:33823): pid=8282 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.743" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 77.423270][ T8298] ata1.00: invalid multi_count 128 ignored [ 77.608426][ T7128] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 77.655629][ T35] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 77.657755][ T35] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 77.660177][ T35] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 77.662204][ T35] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 77.664066][ T35] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 77.667529][ T35] input: HID 0955:7214 Haptics as /devices/virtual/input/input13 [ 77.684129][ T8311] binder: 8310:8311 ioctl c018620c 20000000 returned -22 [ 77.685293][ T35] shield 0003:0955:7214.0003: Registered Thunderstrike controller [ 77.687046][ T8311] binder: 8310:8311 ioctl c08c5335 20000680 returned -22 [ 77.689446][ T35] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 77.732184][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.734537][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.736880][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.739541][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.741920][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.744253][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.746582][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.749338][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.751775][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.754433][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.756760][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.759777][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.762161][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.765240][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.767607][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.770210][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.772866][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.775281][ T7128] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 77.775409][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.778271][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.779852][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.779877][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.782430][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.784719][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.787050][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.791154][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.795547][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.797618][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.797644][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.801292][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.803510][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.806680][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.809999][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.816617][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.817239][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.817263][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.817288][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.820872][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.820896][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.821916][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.823367][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.823391][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.826560][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.828833][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.832003][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.833882][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.833906][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.837221][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.838725][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.841023][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.844053][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.844076][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.846317][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.848186][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.848210][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.851483][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.854474][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.855761][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.857982][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.858007][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.858029][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.861848][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.864564][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.867167][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.868260][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.868358][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.870626][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.872839][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.872865][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.875372][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.891474][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.893497][ T7128] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.895095][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.895120][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.898678][ T7128] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.908977][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.910363][ T7128] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.912638][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.916971][ T7128] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 77.917399][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.917427][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.919896][ T7128] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 77.922920][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.922945][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.925196][ T7128] usb 7-1: Product: syz [ 77.927107][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.929472][ T7128] usb 7-1: Manufacturer: syz [ 77.932070][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.932095][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.934523][ T7128] usb 7-1: SerialNumber: syz [ 77.936610][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.936636][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.944765][ T7128] usb 7-1: config 0 descriptor?? [ 77.945178][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.950482][ T7128] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 77.950906][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 77.950934][ T8314] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 78.032854][ T39] audit: type=1400 audit(77.894:33824): avc: denied { module_load } for pid=8323 comm="syz.3.754" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="hugetlbfs" ino=19242 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=system permissive=1 [ 78.047074][ T8324] Invalid ELF header magic: != ELF [ 78.208243][ C3] usb 7-1: yurex_control_callback - control failed: -71 [ 78.208641][ T833] usb 7-1: USB disconnect, device number 4 [ 78.215123][ T833] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 78.348471][ T7128] usb 9-1: USB disconnect, device number 2 [ 78.356879][ T8299] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 78.364679][ T8299] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 78.371111][ T8299] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 78.374150][ T8299] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 78.430477][ T39] audit: type=1400 audit(78.284:33825): avc: denied { associate } for pid=8326 comm="syz.0.755" name="cpu.stat" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 78.461389][ T8291] MINIX-fs: blocksize too small for device [ 78.628691][ T39] audit: type=1400 audit(78.484:33826): avc: denied { write } for pid=8330 comm="syz.0.756" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 79.029057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.040819][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.081432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.084774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.088653][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.091386][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.098405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.100954][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.102132][ T39] audit: type=1107 audit(78.964:33827): pid=8341 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 79.103460][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.103902][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.110429][ T8349] binder: 8344:8349 ioctl c0306201 200001c0 returned -22 [ 79.117022][ T8349] binder: 8344:8349 ioctl 4030ae7b 200000c0 returned -22 [ 79.131408][ T8349] __nla_validate_parse: 17 callbacks suppressed [ 79.131418][ T8349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.760'. [ 79.298403][ T5941] Bluetooth: hci4: command tx timeout [ 79.547194][ T8371] netlink: 'syz.4.766': attribute type 21 has an invalid length. [ 79.552650][ T8371] netlink: 128 bytes leftover after parsing attributes in process `syz.4.766'. [ 79.556120][ T8371] netlink: 'syz.4.766': attribute type 4 has an invalid length. [ 79.559547][ T8371] netlink: 'syz.4.766': attribute type 5 has an invalid length. [ 79.561920][ T8371] netlink: 3 bytes leftover after parsing attributes in process `syz.4.766'. [ 79.692060][ T5941] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 80.082203][ T8424] netlink: 8 bytes leftover after parsing attributes in process `syz.4.782'. [ 80.087373][ T8424] 8021q: VLANs not supported on lo [ 80.093516][ T8426] netlink: 40 bytes leftover after parsing attributes in process `syz.0.783'. [ 80.252499][ T8434] netlink: 'syz.0.787': attribute type 1 has an invalid length. [ 80.322804][ T8436] ufs: You didn't specify the type of your ufs filesystem [ 80.322804][ T8436] [ 80.322804][ T8436] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 80.322804][ T8436] [ 80.322804][ T8436] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 80.328493][ T832] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 80.331984][ T8436] ufs: failed to set blocksize [ 80.478630][ T832] usb 9-1: Using ep0 maxpacket: 8 [ 80.482362][ T832] usb 9-1: config 0 has no interfaces? [ 80.483964][ T832] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 80.486665][ T832] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.490440][ T832] usb 9-1: config 0 descriptor?? [ 80.587156][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 80.587167][ T39] audit: type=1400 audit(80.444:33831): avc: denied { listen } for pid=8441 comm="syz.0.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 80.588231][ T8442] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 8442 comm: syz.0.789) [ 80.600230][ T39] audit: type=1800 audit(80.464:33832): pid=8442 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.789" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=9549 res=0 errno=0 [ 80.610694][ T8444] syz.3.788: attempt to access beyond end of device [ 80.610694][ T8444] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 80.615190][ T8444] syz.3.788: attempt to access beyond end of device [ 80.615190][ T8444] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 80.620737][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 80.623527][ T8444] getblk(): invalid block size 512 requested [ 80.625944][ T8444] logical block size: 1024 [ 80.627254][ T8444] CPU: 0 UID: 0 PID: 8444 Comm: syz.3.788 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 80.627267][ T8444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.627274][ T8444] Call Trace: [ 80.627277][ T8444] [ 80.627281][ T8444] dump_stack_lvl+0x16c/0x1f0 [ 80.627310][ T8444] __getblk_slow+0x4fe/0x5c0 [ 80.627322][ T8444] ? __pfx___might_resched+0x10/0x10 [ 80.627338][ T8444] ? fs_reclaim_acquire+0xae/0x150 [ 80.627353][ T8444] bdev_getblk+0xb1/0xc0 [ 80.627364][ T8444] __bread_gfp+0x86/0x340 [ 80.627374][ T8444] udf_read_tagged+0xae/0x740 [ 80.627394][ T8444] udf_check_anchor_block+0x8a/0x4b0 [ 80.627405][ T8444] ? udf_get_last_block+0x1cf/0x2b0 [ 80.627418][ T8444] ? __pfx_udf_check_anchor_block+0x10/0x10 [ 80.627429][ T8444] ? __brelse+0x8c/0xb0 [ 80.627445][ T8444] udf_load_vrs+0x668/0x1050 [ 80.627460][ T8444] ? __pfx_udf_load_vrs+0x10/0x10 [ 80.627470][ T8444] ? lockdep_init_map_type+0x16d/0x7d0 [ 80.627486][ T8444] ? __pfx_udf_get_last_session+0x10/0x10 [ 80.627504][ T8444] udf_fill_super+0x79b/0x1e00 [ 80.627517][ T8444] ? __pfx_udf_fill_super+0x10/0x10 [ 80.627526][ T8444] ? do_raw_spin_lock+0x12d/0x2c0 [ 80.627535][ T8444] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 80.627547][ T8444] ? set_blocksize+0x2a8/0x360 [ 80.627564][ T8444] ? sb_set_blocksize+0xf6/0x120 [ 80.627578][ T8444] ? setup_bdev_super+0x369/0x730 [ 80.627592][ T8444] get_tree_bdev_flags+0x38b/0x620 [ 80.627610][ T8444] ? __pfx_udf_fill_super+0x10/0x10 [ 80.627620][ T8444] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 80.627637][ T8444] ? bpf_lsm_capable+0x9/0x10 [ 80.627647][ T8444] ? security_capable+0x7e/0x260 [ 80.627658][ T8444] vfs_get_tree+0x8b/0x340 [ 80.627670][ T8444] path_mount+0x14e6/0x1f10 [ 80.627680][ T8444] ? kmem_cache_free+0x2e2/0x4d0 [ 80.627690][ T8444] ? __pfx_path_mount+0x10/0x10 [ 80.627702][ T8444] ? putname+0x13c/0x180 [ 80.627733][ T8444] __x64_sys_mount+0x28f/0x310 [ 80.627746][ T8444] ? __pfx___x64_sys_mount+0x10/0x10 [ 80.627758][ T8444] ? do_user_addr_fault+0x83d/0x13f0 [ 80.627775][ T8444] do_syscall_64+0xcd/0x250 [ 80.627787][ T8444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.627801][ T8444] RIP: 0033:0x7fc41d38cda9 [ 80.627810][ T8444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.627819][ T8444] RSP: 002b:00007fc41e0ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 80.627839][ T8444] RAX: ffffffffffffffda RBX: 00007fc41d5a6160 RCX: 00007fc41d38cda9 [ 80.627846][ T8444] RDX: 0000000020000040 RSI: 0000000020004a00 RDI: 0000000020000500 [ 80.627852][ T8444] RBP: 00007fc41d40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 80.627857][ T8444] R10: 0000000000008007 R11: 0000000000000246 R12: 0000000000000000 [ 80.627863][ T8444] R13: 0000000000000001 R14: 00007fc41d5a6160 R15: 00007ffe3494eae8 [ 80.627875][ T8444] [ 80.627891][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 80.699404][ T5960] usb 9-1: USB disconnect, device number 3 [ 80.701503][ T8444] syz.3.788: attempt to access beyond end of device [ 80.701503][ T8444] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 80.721030][ T8444] syz.3.788: attempt to access beyond end of device [ 80.721030][ T8444] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 80.721292][ T8439] nbd3: detected capacity change from 0 to 67108884 [ 80.724713][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 80.725867][ T8444] block nbd3: Send control failed (result -89) [ 80.731580][ T8444] block nbd3: Request send failed, requeueing [ 80.735269][ T5941] block nbd3: Receive control failed (result -32) [ 80.738058][ T1284] block nbd3: Dead connection, failed to find a fallback [ 80.740441][ T1284] block nbd3: shutting down sockets [ 80.742156][ T1284] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.746498][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=0, location=0 [ 80.747370][ T5955] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.758568][ T5955] Buffer I/O error on dev nbd3, logical block 0, async page read [ 80.762028][ T5955] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.765689][ T5955] Buffer I/O error on dev nbd3, logical block 1, async page read [ 80.772397][ T8444] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.776200][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=1, location=1 [ 80.778486][ T5955] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.779903][ T8444] I/O error, dev nbd3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.782574][ T5955] Buffer I/O error on dev nbd3, logical block 2, async page read [ 80.782664][ T5955] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.787886][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 80.788592][ T5955] Buffer I/O error on dev nbd3, logical block 3, async page read [ 80.798178][ T8444] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.798506][ T5955] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.800988][ T8444] I/O error, dev nbd3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 80.803286][ T5955] Buffer I/O error on dev nbd3, logical block 0, async page read [ 80.803344][ T5955] Buffer I/O error on dev nbd3, logical block 1, async page read [ 80.807040][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 80.810917][ T5955] Buffer I/O error on dev nbd3, logical block 0, async page read [ 80.814515][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16777220, location=16777220 [ 80.816601][ T5955] Buffer I/O error on dev nbd3, logical block 1, async page read [ 80.816713][ T5955] Buffer I/O error on dev nbd3, logical block 0, async page read [ 80.816755][ T5955] Buffer I/O error on dev nbd3, logical block 1, async page read [ 80.817043][ T5955] ldm_validate_partition_table(): Disk read failed. [ 80.818959][ T5955] Dev nbd3: unable to read RDB block 0 [ 80.819702][ T5955] nbd3: unable to read partition table [ 80.848754][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16776964, location=16776964 [ 80.849771][ T5955] ldm_validate_partition_table(): Disk read failed. [ 80.852914][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16777219, location=16777219 [ 80.857912][ T5955] Dev nbd3: unable to read RDB block 0 [ 80.861652][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16776963, location=16776963 [ 80.864406][ T5955] nbd3: unable to read partition table [ 80.868733][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16777218, location=16777218 [ 80.873514][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16776962, location=16776962 [ 80.873750][ T39] audit: type=1400 audit(80.734:33833): avc: denied { setopt } for pid=8461 comm="syz.0.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 80.876977][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16777070, location=16777070 [ 80.886289][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16776814, location=16776814 [ 80.891378][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16777068, location=16777068 [ 80.895491][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=16776812, location=16776812 [ 80.900941][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 80.906168][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 80.910067][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388609, location=8388609 [ 80.914029][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388353, location=8388353 [ 80.918190][ T8462] trusted_key: encrypted_key: insufficient parameters specified [ 80.919201][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388608, location=8388608 [ 80.925349][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388352, location=8388352 [ 80.925734][ T8462] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 80.929577][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388607, location=8388607 [ 80.929702][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388351, location=8388351 [ 80.929834][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388459, location=8388459 [ 80.929955][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388203, location=8388203 [ 80.949531][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388457, location=8388457 [ 80.953614][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=8388201, location=8388201 [ 80.957639][ T8444] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 80.960609][ T8444] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 80.988792][ T8464] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 81.224663][ T8470] kvm: emulating exchange as write [ 81.293519][ T8477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.795'. [ 81.296049][ T8477] netlink: 12 bytes leftover after parsing attributes in process `syz.4.795'. [ 81.378387][ T5941] Bluetooth: hci4: command tx timeout [ 81.541968][ T63] cfg80211: failed to load regulatory.db [ 81.558814][ T8497] overlay: Unknown parameter 'fowner<00000000000000060929' [ 81.562649][ T8497] overlay: Unknown parameter 'fowner<00000000000000060929' [ 81.566371][ T8497] overlay: Unknown parameter 'fowner<00000000000000060929' [ 81.568389][ T39] audit: type=1400 audit(81.424:33834): avc: denied { mounton } for pid=8496 comm="syz.0.802" path="/dev/net/tun" dev="devtmpfs" ino=720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1 [ 81.622260][ T39] audit: type=1400 audit(81.484:33835): avc: denied { getattr } for pid=8508 comm="syz.0.806" name="/" dev="9p" ino=35923068 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 81.624060][ T8509] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.640986][ T39] audit: type=1400 audit(81.504:33836): avc: denied { setcheckreqprot } for pid=8510 comm="syz.4.807" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 81.642662][ T8512] ptrace attach of "/syz-executor exec"[5939] was attempted by "/syz-executor exec"[8512] [ 81.646556][ T8511] SELinux: syz.4.807 (8511) set checkreqprot to 1. This is no longer supported. [ 81.784718][ T39] audit: type=1400 audit(81.644:33837): avc: denied { setattr } for pid=8522 comm="syz.2.811" name="pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.785156][ T8524] netlink: 24 bytes leftover after parsing attributes in process `syz.0.808'. [ 81.797368][ T8524] netlink: 'syz.0.808': attribute type 2 has an invalid length. [ 81.805049][ T8524] netlink: 28 bytes leftover after parsing attributes in process `syz.0.808'. [ 81.913336][ T8527] netlink: 16 bytes leftover after parsing attributes in process `syz.2.812'. [ 81.927397][ T8516] selinux_netlink_send: 122 callbacks suppressed [ 81.927408][ T8516] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8516 comm=syz.4.809 [ 82.047911][ T8532] binder: 8530:8532 ioctl c0a85320 200003c0 returned -22 [ 82.139786][ T8532] binder: 8530:8532 ioctl c0306201 20000500 returned -14 [ 82.368457][ T833] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 82.483612][ T39] audit: type=1804 audit(82.344:33838): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.817" name="/newroot/256/file0" dev="tmpfs" ino=1371 res=1 errno=0 [ 82.732500][ T8538] Set syz1 is full, maxelem 65536 reached [ 82.750744][ T39] audit: type=1400 audit(82.614:33839): avc: denied { connect } for pid=8558 comm="syz.0.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 82.784696][ T39] audit: type=1400 audit(82.644:33840): avc: denied { append } for pid=8565 comm="syz.4.826" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 82.936491][ T5941] Bluetooth: hci1: unexpected event for opcode 0x2029 [ 82.972213][ T8582] syzkaller0: entered promiscuous mode [ 82.974317][ T8582] syzkaller0: entered allmulticast mode [ 82.977710][ T8582] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487 [ 83.088589][ T833] usb 9-1: device descriptor read/64, error -71 [ 83.308543][ T8595] JFS: charset not found [ 83.358522][ T833] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 83.518401][ T833] usb 9-1: Using ep0 maxpacket: 8 [ 83.527572][ T833] usb 9-1: config 0 has no interfaces? [ 83.529492][ T833] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 83.532164][ T833] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.536095][ T833] usb 9-1: config 0 descriptor?? [ 83.740492][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.745373][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.748829][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.751379][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.754080][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.756674][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.759377][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.761872][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.764595][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.767085][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.781636][ T5960] usb 9-1: USB disconnect, device number 5 [ 84.398655][ T8616] netlink: 'syz.2.845': attribute type 1 has an invalid length. [ 84.401244][ T8616] __nla_validate_parse: 3 callbacks suppressed [ 84.401251][ T8616] netlink: 224 bytes leftover after parsing attributes in process `syz.2.845'. [ 84.405894][ T8633] netlink: 'syz.4.848': attribute type 2 has an invalid length. [ 84.440085][ T8640] PKCS8: Unsupported PKCS#8 version [ 84.442311][ T8640] netlink: 12 bytes leftover after parsing attributes in process `syz.2.850'. [ 84.455204][ T8644] bond2: entered promiscuous mode [ 84.456704][ T8644] bond2: entered allmulticast mode [ 84.459543][ T8644] 8021q: adding VLAN 0 to HW filter on device bond2 [ 84.471346][ T8647] xt_CT: You must specify a L4 protocol and not use inversions on it [ 84.572949][ T9] IPVS: starting estimator thread 0... [ 84.658396][ T8663] IPVS: using max 39 ests per chain, 93600 per kthread [ 85.180597][ T5941] Bluetooth: hci0: unexpected subevent 0x19 length: 67 > 28 [ 85.183823][ T5941] Bluetooth: hci0: Unable to find connection with handle 0x00c9 [ 85.319400][ T8725] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8725 comm=syz.2.874 [ 85.467097][ T8738] sp0: Synchronizing with TNC [ 85.470079][ T8738] ebt_among: dst integrity fail: 101 [ 85.756935][ T8762] netlink: 24 bytes leftover after parsing attributes in process `syz.3.885'. [ 85.782919][ T8767] binfmt_misc: register: failed to install interpreter file ./file0 [ 86.278496][ T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 86.301669][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 86.301679][ T39] audit: type=1400 audit(86.164:33858): avc: denied { accept } for pid=8802 comm="syz.0.898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 86.309482][ T39] audit: type=1400 audit(86.164:33859): avc: denied { connect } for pid=8804 comm="syz.2.899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 86.351611][ T39] audit: type=1400 audit(86.214:33860): avc: denied { bind } for pid=8809 comm="syz.2.900" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 86.458400][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 86.461104][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.465093][ T9] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 86.469333][ T9] usb 8-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 86.474348][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 86.479289][ T9] usb 8-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 86.482936][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.485330][ T9] usb 8-1: Product: syz [ 86.486630][ T9] usb 8-1: Manufacturer: syz [ 86.488030][ T9] usb 8-1: SerialNumber: syz [ 86.491333][ T9] usb 8-1: config 0 descriptor?? [ 86.703641][ T39] audit: type=1400 audit(86.564:33861): avc: denied { getopt } for pid=8788 comm="syz.3.893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 86.709564][ T9] usb 8-1: Can not set alternate setting to 1, error: -71 [ 86.711700][ T9] synaptics_usb 8-1:0.0: probe with driver synaptics_usb failed with error -71 [ 86.718845][ T9] usb 8-1: USB disconnect, device number 3 [ 86.721689][ T5955] udevd[5955]: setting owner of /dev/bus/usb/008/003 to uid=0, gid=0 failed: No such file or directory [ 87.114340][ T8872] netlink: 80 bytes leftover after parsing attributes in process `syz.4.908'. [ 87.117847][ T8872] netlink: 80 bytes leftover after parsing attributes in process `syz.4.908'. [ 87.120605][ T8872] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 87.197743][ T39] audit: type=1400 audit(87.054:33862): avc: denied { create } for pid=8878 comm="syz.0.911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 87.208503][ T8881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.909'. [ 87.213270][ T8881] netlink: 12 bytes leftover after parsing attributes in process `syz.4.909'. [ 87.428804][ T8903] binder: 8902:8903 ioctl c0306201 0 returned -14 [ 87.463144][ T8905] CUSE: unknown device info "/dev/cuse" [ 87.463155][ T8905] CUSE: DEVNAME unspecified [ 87.470215][ T8907] netlink: 32 bytes leftover after parsing attributes in process `syz.0.922'. [ 87.482474][ T8907] netlink: 20 bytes leftover after parsing attributes in process `syz.0.922'. [ 87.482887][ T8907] netlink: 12 bytes leftover after parsing attributes in process `syz.0.922'. [ 87.571704][ T8919] random: crng reseeded on system resumption [ 87.579135][ T39] audit: type=1400 audit(87.434:33863): avc: denied { write } for pid=8918 comm="syz.0.927" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 87.586125][ T39] audit: type=1400 audit(87.434:33864): avc: denied { ioctl } for pid=8918 comm="syz.0.927" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 87.685495][ T8927] binder: 8926:8927 ioctl c0306201 0 returned -14 [ 87.789744][ T8929] 9pnet_fd: Insufficient options for proto=fd [ 87.849267][ T39] audit: type=1400 audit(87.714:33865): avc: denied { watch } for pid=8932 comm="syz.3.932" path="/281/file1" dev="autofs" ino=23164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 87.934339][ T39] audit: type=1400 audit(87.794:33866): avc: denied { shutdown } for pid=8937 comm="syz.3.934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 87.949587][ T8940] kAFS: Can only specify source 'none' with -o dyn [ 88.023429][ T8949] binder: 8948:8949 ioctl c0306201 0 returned -14 [ 88.195333][ T8960] xt_l2tp: v2 doesn't support IP mode [ 88.215724][ T8960] syz.4.944 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 88.220260][ T8960] binder: 8959:8960 ioctl c0306201 20000480 returned -14 [ 88.318398][ T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 88.344345][ T39] audit: type=1800 audit(88.204:33867): pid=8963 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.945" name="file1" dev="tmpfs" ino=1318 res=0 errno=0 [ 88.448417][ T9] usb 7-1: device descriptor read/64, error -71 [ 88.515011][ T8983] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 88.520801][ T8983] overlayfs: missing 'lowerdir' [ 88.524742][ T8983] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 88.562901][ T8990] xt_CT: You must specify a L4 protocol and not use inversions on it [ 88.698383][ T9] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 88.838446][ T9] usb 7-1: device descriptor read/64, error -71 [ 88.958747][ T9] usb usb7-port1: attempt power cycle [ 89.218644][ T5941] Bluetooth: hci4: command tx timeout [ 89.318392][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 89.318453][ T7128] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 89.339459][ T9] usb 7-1: device descriptor read/8, error -71 [ 89.468439][ T7128] usb 8-1: Using ep0 maxpacket: 8 [ 89.471204][ T7128] usb 8-1: config 0 has no interfaces? [ 89.472811][ T7128] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 89.475304][ T7128] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.479243][ T7128] usb 8-1: config 0 descriptor?? [ 89.509320][ T9097] IPVS: set_ctl: invalid protocol: 3 172.20.20.45:20000 [ 89.582764][ T9111] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 89.588934][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 89.609458][ T9] usb 7-1: device descriptor read/8, error -71 [ 89.686846][ T9038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.690359][ T9038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.695484][ T8299] usb 8-1: USB disconnect, device number 4 [ 89.718523][ T9] usb usb7-port1: unable to enumerate USB device [ 89.774993][ T9124] __nla_validate_parse: 9 callbacks suppressed [ 89.775004][ T9124] netlink: 12 bytes leftover after parsing attributes in process `syz.4.980'. [ 90.248201][ T9126] netlink: 24 bytes leftover after parsing attributes in process `syz.3.981'. [ 90.251040][ T9126] netlink: 'syz.3.981': attribute type 1 has an invalid length. [ 90.329910][ T9130] NILFS (nbd3): device size too small [ 90.377977][ T9134] netlink: 36 bytes leftover after parsing attributes in process `syz.3.985'. [ 90.780209][ T9173] netlink: 12 bytes leftover after parsing attributes in process `syz.3.999'. [ 90.807431][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'. [ 90.905034][ T5941] Bluetooth: hci1: unexpected event for opcode 0x1407 [ 90.905786][ T9182] devtmpfs: Cannot enable quota on remount [ 90.907685][ T5941] Bluetooth: hci1: unexpected event for opcode 0x200f [ 90.997896][ T9189] FAULT_INJECTION: forcing a failure. [ 90.997896][ T9189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.002609][ T9189] CPU: 0 UID: 0 PID: 9189 Comm: syz.4.1006 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 91.002623][ T9189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.002630][ T9189] Call Trace: [ 91.002633][ T9189] [ 91.002637][ T9189] dump_stack_lvl+0x16c/0x1f0 [ 91.002669][ T9189] should_fail_ex+0x50a/0x650 [ 91.002690][ T9189] _copy_from_user+0x2e/0xd0 [ 91.002706][ T9189] copy_msghdr_from_user+0x99/0x160 [ 91.002717][ T9189] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 91.002734][ T9189] ___sys_sendmsg+0xff/0x1e0 [ 91.002744][ T9189] ? __pfx____sys_sendmsg+0x10/0x10 [ 91.002760][ T9189] ? __pfx_lock_release+0x10/0x10 [ 91.002773][ T9189] ? trace_lock_acquire+0x14e/0x1f0 [ 91.002788][ T9189] ? __fget_files+0x206/0x3a0 [ 91.002801][ T9189] __sys_sendmsg+0x16e/0x220 [ 91.002811][ T9189] ? __pfx___sys_sendmsg+0x10/0x10 [ 91.002829][ T9189] do_syscall_64+0xcd/0x250 [ 91.002839][ T9189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.002852][ T9189] RIP: 0033:0x7f5ed698cda9 [ 91.002861][ T9189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.002870][ T9189] RSP: 002b:00007f5ed47f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.002880][ T9189] RAX: ffffffffffffffda RBX: 00007f5ed6ba5fa0 RCX: 00007f5ed698cda9 [ 91.002886][ T9189] RDX: 0000000024000004 RSI: 0000000020000340 RDI: 0000000000000003 [ 91.002891][ T9189] RBP: 00007f5ed47f6090 R08: 0000000000000000 R09: 0000000000000000 [ 91.002897][ T9189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.002902][ T9189] R13: 0000000000000000 R14: 00007f5ed6ba5fa0 R15: 00007ffe10a4d328 [ 91.002914][ T9189] [ 91.355746][ T9217] FAULT_INJECTION: forcing a failure. [ 91.355746][ T9217] name failslab, interval 1, probability 0, space 0, times 0 [ 91.359736][ T9217] CPU: 2 UID: 0 PID: 9217 Comm: syz.2.1016 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 91.359750][ T9217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.359755][ T9217] Call Trace: [ 91.359759][ T9217] [ 91.359762][ T9217] dump_stack_lvl+0x16c/0x1f0 [ 91.359781][ T9217] should_fail_ex+0x50a/0x650 [ 91.359794][ T9217] ? fs_reclaim_acquire+0xae/0x150 [ 91.359807][ T9217] should_failslab+0xc2/0x120 [ 91.359818][ T9217] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 91.359828][ T9217] ? __alloc_skb+0x2b1/0x380 [ 91.359839][ T9217] __alloc_skb+0x2b1/0x380 [ 91.359848][ T9217] ? __pfx___alloc_skb+0x10/0x10 [ 91.359858][ T9217] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 91.359874][ T9217] netlink_alloc_large_skb+0x69/0x130 [ 91.359884][ T9217] netlink_sendmsg+0x689/0xd70 [ 91.359894][ T9217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.359907][ T9217] ____sys_sendmsg+0xaaf/0xc90 [ 91.359919][ T9217] ? copy_msghdr_from_user+0x10b/0x160 [ 91.359928][ T9217] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.359946][ T9217] ___sys_sendmsg+0x135/0x1e0 [ 91.359956][ T9217] ? __pfx____sys_sendmsg+0x10/0x10 [ 91.359970][ T9217] ? __pfx_lock_release+0x10/0x10 [ 91.359983][ T9217] ? trace_lock_acquire+0x14e/0x1f0 [ 91.359997][ T9217] ? __fget_files+0x206/0x3a0 [ 91.360009][ T9217] __sys_sendmsg+0x16e/0x220 [ 91.360019][ T9217] ? __pfx___sys_sendmsg+0x10/0x10 [ 91.360035][ T9217] do_syscall_64+0xcd/0x250 [ 91.360045][ T9217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.360058][ T9217] RIP: 0033:0x7efd5198cda9 [ 91.360066][ T9217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.360075][ T9217] RSP: 002b:00007efd527cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.360084][ T9217] RAX: ffffffffffffffda RBX: 00007efd51ba5fa0 RCX: 00007efd5198cda9 [ 91.360090][ T9217] RDX: 0000000024000004 RSI: 0000000020000340 RDI: 0000000000000003 [ 91.360095][ T9217] RBP: 00007efd527cd090 R08: 0000000000000000 R09: 0000000000000000 [ 91.360100][ T9217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.360105][ T9217] R13: 0000000000000000 R14: 00007efd51ba5fa0 R15: 00007fff838c8018 [ 91.360116][ T9217] [ 91.423064][ T9223] netlink: 'syz.4.1019': attribute type 1 has an invalid length. [ 91.424497][ C2] vkms_vblank_simulate: vblank timer overrun [ 91.508197][ T9227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1018'. [ 91.520921][ T9238] binder: BINDER_SET_CONTEXT_MGR already set [ 91.522720][ T9238] binder: 9236:9238 ioctl 4018620d 200001c0 returned -16 [ 91.676466][ T9271] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 91.690193][ T9265] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1027'. [ 91.690759][ T9265] ubi0: attaching mtd0 [ 91.691478][ T9265] ubi0: scanning is finished [ 91.691815][ T9265] ================================================================== [ 91.691823][ T9265] BUG: KASAN: slab-out-of-bounds in notifier_chain_register+0x3ac/0x420 [ 91.691839][ T9265] Read of size 4 at addr ffff88804da198d8 by task syz.3.1027/9265 [ 91.691847][ T9265] [ 91.691852][ T9265] CPU: 2 UID: 0 PID: 9265 Comm: syz.3.1027 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 91.691863][ T9265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.691869][ T9265] Call Trace: [ 91.691873][ T9265] [ 91.691876][ T9265] dump_stack_lvl+0x116/0x1f0 [ 91.691893][ T9265] print_report+0xc3/0x620 [ 91.691903][ T9265] ? __virt_addr_valid+0x5e/0x590 [ 91.691913][ T9265] ? __phys_addr+0xc6/0x150 [ 91.691922][ T9265] kasan_report+0xd9/0x110 [ 91.691932][ T9265] ? notifier_chain_register+0x3ac/0x420 [ 91.691943][ T9265] ? notifier_chain_register+0x3ac/0x420 [ 91.691955][ T9265] notifier_chain_register+0x3ac/0x420 [ 91.691966][ T9265] blocking_notifier_chain_register+0x76/0xd0 [ 91.691976][ T9265] ubi_wl_init+0x1018/0x17b0 [ 91.691991][ T9265] ubi_attach+0x1b92/0x4c00 [ 91.692007][ T9265] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 91.692021][ T9265] ? lockdep_init_map_type+0x16d/0x7d0 [ 91.692035][ T9265] ? __pfx_ubi_attach+0x10/0x10 [ 91.692048][ T9265] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 91.692064][ T9265] ubi_attach_mtd_dev+0x158f/0x3590 [ 91.692080][ T9265] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 91.692093][ T9265] ? __pfx_get_mtd_device+0x10/0x10 [ 91.692106][ T9265] ctrl_cdev_ioctl+0x339/0x3d0 [ 91.692114][ T9265] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 91.692123][ T9265] ? selinux_file_ioctl+0x180/0x270 [ 91.692136][ T9265] ? selinux_file_ioctl+0xb4/0x270 [ 91.692148][ T9265] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 91.692156][ T9265] __x64_sys_ioctl+0x190/0x200 [ 91.692169][ T9265] do_syscall_64+0xcd/0x250 [ 91.692178][ T9265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.692191][ T9265] RIP: 0033:0x7fc41d38cda9 [ 91.692198][ T9265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.692207][ T9265] RSP: 002b:00007fc41e141038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.692217][ T9265] RAX: ffffffffffffffda RBX: 00007fc41d5a5fa0 RCX: 00007fc41d38cda9 [ 91.692223][ T9265] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000004 [ 91.692229][ T9265] RBP: 00007fc41d40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 91.692234][ T9265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.692240][ T9265] R13: 0000000000000000 R14: 00007fc41d5a5fa0 R15: 00007ffe3494eae8 [ 91.692248][ T9265] [ 91.692251][ T9265] [ 91.692254][ T9265] Allocated by task 8136: [ 91.692258][ T9265] kasan_save_stack+0x33/0x60 [ 91.692267][ T9265] kasan_save_track+0x14/0x30 [ 91.692275][ T9265] __kasan_kmalloc+0xaa/0xb0 [ 91.692282][ T9265] mr_table_alloc+0x5f/0x2e0 [ 91.692295][ T9265] ipmr_net_init+0x3c4/0x4e0 [ 91.692306][ T9265] ops_init+0x1df/0x5f0 [ 91.692315][ T9265] setup_net+0x21f/0x860 [ 91.692325][ T9265] copy_net_ns+0x2b4/0x6c0 [ 91.692335][ T9265] create_new_namespaces+0x3ea/0xad0 [ 91.692348][ T9265] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 91.692362][ T9265] ksys_unshare+0x45d/0xa40 [ 91.692371][ T9265] __x64_sys_unshare+0x31/0x40 [ 91.692380][ T9265] do_syscall_64+0xcd/0x250 [ 91.692387][ T9265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.692399][ T9265] [ 91.692401][ T9265] The buggy address belongs to the object at ffff88804da18000 [ 91.692401][ T9265] which belongs to the cache kmalloc-8k of size 8192 [ 91.692408][ T9265] The buggy address is located 2240 bytes to the right of [ 91.692408][ T9265] allocated 4120-byte region [ffff88804da18000, ffff88804da19018) [ 91.692417][ T9265] [ 91.692419][ T9265] The buggy address belongs to the physical page: [ 91.692423][ T9265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4da18 [ 91.692432][ T9265] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.692439][ T9265] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 91.692448][ T9265] page_type: f5(slab) [ 91.692456][ T9265] raw: 00fff00000000040 ffff88801b043180 0000000000000000 0000000000000001 [ 91.692464][ T9265] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 91.692472][ T9265] head: 00fff00000000040 ffff88801b043180 0000000000000000 0000000000000001 [ 91.692480][ T9265] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 91.692488][ T9265] head: 00fff00000000003 ffffea0001368601 ffffffffffffffff 0000000000000000 [ 91.692496][ T9265] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 91.692501][ T9265] page dumped because: kasan: bad access detected [ 91.692506][ T9265] page_owner tracks the page as allocated [ 91.692509][ T9265] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7075, tgid 7074 (syz.2.392), ts 62753932343, free_ts 62743386440 [ 91.692525][ T9265] post_alloc_hook+0x181/0x1b0 [ 91.692538][ T9265] get_page_from_freelist+0xfce/0x2f80 [ 91.692555][ T9265] __alloc_frozen_pages_noprof+0x221/0x2470 [ 91.692565][ T9265] alloc_pages_mpol+0x1fc/0x540 [ 91.692575][ T9265] new_slab+0x23d/0x330 [ 91.692587][ T9265] ___slab_alloc+0xc5d/0x1720 [ 91.692600][ T9265] __slab_alloc.constprop.0+0x56/0xb0 [ 91.692614][ T9265] __kmalloc_cache_noprof+0xfa/0x410 [ 91.692628][ T9265] audit_log_d_path+0xce/0x1e0 [ 91.692641][ T9265] audit_log_d_path_exe+0x46/0x70 [ 91.692654][ T9265] audit_log_task+0x31e/0x3f0 [ 91.692668][ T9265] audit_seccomp+0x7a/0x280 [ 91.692677][ T9265] __seccomp_filter+0x670/0xf40 [ 91.692687][ T9265] __secure_computing+0x26c/0x3f0 [ 91.692696][ T9265] syscall_trace_enter+0x8b/0x260 [ 91.692709][ T9265] do_syscall_64+0x1ee/0x250 [ 91.692716][ T9265] page last free pid 7075 tgid 7074 stack trace: [ 91.692721][ T9265] free_frozen_pages+0x6db/0xfb0 [ 91.692729][ T9265] __put_partials+0x14c/0x170 [ 91.692741][ T9265] qlist_free_all+0x4e/0x120 [ 91.692754][ T9265] kasan_quarantine_reduce+0x195/0x1e0 [ 91.692767][ T9265] __kasan_slab_alloc+0x69/0x90 [ 91.692776][ T9265] kmem_cache_alloc_noprof+0x226/0x3d0 [ 91.692784][ T9265] audit_log_start+0x2bc/0x7e0 [ 91.692794][ T9265] audit_seccomp+0x61/0x280 [ 91.692803][ T9265] __seccomp_filter+0x670/0xf40 [ 91.692812][ T9265] __secure_computing+0x26c/0x3f0 [ 91.692821][ T9265] syscall_trace_enter+0x8b/0x260 [ 91.692834][ T9265] do_syscall_64+0x1ee/0x250 [ 91.692841][ T9265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.692853][ T9265] [ 91.692855][ T9265] Memory state around the buggy address: [ 91.692860][ T9265] ffff88804da19780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.692866][ T9265] ffff88804da19800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.692872][ T9265] >ffff88804da19880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.692877][ T9265] ^ [ 91.692882][ T9265] ffff88804da19900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.692888][ T9265] ffff88804da19980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.692893][ T9265] ================================================================== [ 91.692899][ T9265] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.692904][ T9265] CPU: 2 UID: 0 PID: 9265 Comm: syz.3.1027 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 91.692914][ T9265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.692920][ T9265] Call Trace: [ 91.692922][ T9265] [ 91.692926][ T9265] dump_stack_lvl+0x3d/0x1f0 [ 91.692940][ T9265] panic+0x71d/0x800 [ 91.692951][ T9265] ? __pfx_panic+0x10/0x10 [ 91.692961][ T9265] ? rcu_is_watching+0x12/0xc0 [ 91.692971][ T9265] ? __pfx_lock_release+0x10/0x10 [ 91.692987][ T9265] check_panic_on_warn+0xab/0xb0 [ 91.692998][ T9265] end_report+0x117/0x180 [ 91.693008][ T9265] kasan_report+0xe9/0x110 [ 91.693019][ T9265] ? notifier_chain_register+0x3ac/0x420 [ 91.693029][ T9265] ? notifier_chain_register+0x3ac/0x420 [ 91.693039][ T9265] notifier_chain_register+0x3ac/0x420 [ 91.693050][ T9265] blocking_notifier_chain_register+0x76/0xd0 [ 91.693060][ T9265] ubi_wl_init+0x1018/0x17b0 [ 91.693075][ T9265] ubi_attach+0x1b92/0x4c00 [ 91.693090][ T9265] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 91.693105][ T9265] ? lockdep_init_map_type+0x16d/0x7d0 [ 91.693118][ T9265] ? __pfx_ubi_attach+0x10/0x10 [ 91.693131][ T9265] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 91.693146][ T9265] ubi_attach_mtd_dev+0x158f/0x3590 [ 91.693162][ T9265] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 91.693176][ T9265] ? __pfx_get_mtd_device+0x10/0x10 [ 91.693188][ T9265] ctrl_cdev_ioctl+0x339/0x3d0 [ 91.693197][ T9265] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 91.693206][ T9265] ? selinux_file_ioctl+0x180/0x270 [ 91.693218][ T9265] ? selinux_file_ioctl+0xb4/0x270 [ 91.693230][ T9265] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 91.693239][ T9265] __x64_sys_ioctl+0x190/0x200 [ 91.693251][ T9265] do_syscall_64+0xcd/0x250 [ 91.693260][ T9265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.693272][ T9265] RIP: 0033:0x7fc41d38cda9 [ 91.693279][ T9265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.693288][ T9265] RSP: 002b:00007fc41e141038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.693297][ T9265] RAX: ffffffffffffffda RBX: 00007fc41d5a5fa0 RCX: 00007fc41d38cda9 [ 91.693303][ T9265] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000004 [ 91.693309][ T9265] RBP: 00007fc41d40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 91.693314][ T9265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.693320][ T9265] R13: 0000000000000000 R14: 00007fc41d5a5fa0 R15: 00007ffe3494eae8 [ 91.693328][ T9265] [ 91.693760][ T9265] Kernel Offset: disabled VM DIAGNOSIS: 03:04:27 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff815efd90 RDX=ffff8880293f8000 RSI=ffffffff815efdd8 RDI=ffffffff9380de60 RBP=0000000000000000 RSP=ffffc90000007fd0 R8 =0000000000000001 R9 =fffffbfff2701bcc R10=ffffffff9380de67 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff815efdd9 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f8bf7665f98 CR3=0000000028396000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000800000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc41d38346a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000095 0000000000000095 0000000000000000 0000a70000000f00 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc41e0dd100 00007fc41d57c440 00007fc41d570004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc41d57c498 00007fc41d57c490 00007fc41d57c488 00007fc41d57c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000010000 RBX=0000000000000000 RCX=ffffffff815efd90 RDX=ffff88803503a440 RSI=ffffffff815efdd8 RDI=ffffffff9380de60 RBP=0000000000000001 RSP=ffffc900006b0fd0 R8 =0000000000000001 R9 =fffffbfff2701bcc R10=ffffffff9380de67 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff815efdd9 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f8bf76876c0 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f8bf7666d58 CR3=0000000027862000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004000040 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe3494ee80 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000800000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc41d38346a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853fc005 RDI=ffffffff9ab777c0 RBP=ffffffff9ab77780 RSP=ffffc90006eef558 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000035 R14=ffffffff853fbfa0 R15=0000000000000000 RIP=ffffffff853fc02f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc41e1416c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055aca7dfd008 CR3=0000000030b36000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffe0000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000001f7011641 00000001db710641 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f116c36b00000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a4207ecf76fc316c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2ed2586dd86c8612 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000070 304430436d63702f 646e732f7665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000053 134413434e40530c 474d500c5546470c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff815efd90 RDX=ffff888040f2c880 RSI=ffffffff815efdd8 RDI=ffffffff9380de60 RBP=0000000000000003 RSP=ffffc90000708fd0 R8 =0000000000000001 R9 =fffffbfff2701bcc R10=ffffffff9380de67 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff815efdd9 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555556c15500 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffe10a4be18 CR3=0000000040868000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000020081 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe10a4c5d0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000800000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5ed698346a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 2074657365720064 656c696166202973 2528746174736c00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 0551405640570041 40494c4443050c56 000d514451564900 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000