last executing test programs: 3.362420092s ago: executing program 2 (id=716): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffc, 0x6, 0x1, @buffer={0x0, 0x0, 0x0}, &(0x7f00000003c0)='\x00\x00\x00\x00\x00\x00', 0xfffffffffffffffd, 0x4000, 0x14, 0x0, 0x0}) 3.289868794s ago: executing program 2 (id=717): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) (fail_nth: 26) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) 3.289338583s ago: executing program 1 (id=718): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000013c0)={0xffffffffffffffff, 0xe0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000100)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x40, &(0x7f00000001c0)=[{}, {}], 0x10, 0x10, &(0x7f0000001200), &(0x7f0000001240), 0x8, 0x80, 0x8, 0x8, &(0x7f0000001280)}}, 0x10) r0 = fsmount(0xffffffffffffffff, 0x0, 0x80) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{r0}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20) r1 = fsopen(&(0x7f0000000000)='jfs\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETSF(r3, 0x8910, &(0x7f0000000000)={0x8, 0x5, 0x3, 0x400, 0x19, "f9e94c251179186710f7964341fa3768303371"}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7000fe0000000000000008000300", @ANYRES32=r6, @ANYBLOB="06003600350000000a0006000802110000000000"], 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) r9 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r9, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}, 0x7}, 0x1c) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x2}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000740)=@filter={'filter\x00', 0x42, 0x4, 0x300, 0xffffffff, 0x98, 0x0, 0x1d0, 0xffffffff, 0xffffffff, 0x268, 0x268, 0x268, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x3e020000, 0x70, 0x98, 0x0, {0x88000000}}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xd8, 0x138, 0x0, {0x122}, [@common=@inet=@dscp={{0x28}, {0x9}}, @common=@set={{0x40}, {{0x0, [0x7, 0x4, 0x1, 0x4, 0x3, 0x5], 0x5}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360) writev(r9, &(0x7f00000000c0)=[{&(0x7f0000000100)='!', 0xffdf}], 0x1) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000001240)=ANY=[@ANYBLOB="5800000002060500000000000000000000e8ffff04000400"], 0x58}}, 0x0) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000001600)=0x65137a31, 0x4) r10 = dup2(r1, r1) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r11 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad2}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r11, 0xdb4, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f00000014c0)='jfs\x00', &(0x7f0000001500)='./file0\x00', r10) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) 2.889799102s ago: executing program 2 (id=721): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x30, 0xa, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4800}, 0x8090) r1 = socket(0x10, 0x3, 0x0) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000340)={{0xa, 0x1, 0x2, @mcast1, 0xfffffe01}, {0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x9738}, 0x0, {[0x1, 0xe61a, 0x3, 0x5, 0x6, 0x6f93, 0x722, 0x400]}}, 0x5c) syz_emit_ethernet(0x6e, &(0x7f0000000180)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb603e", 0x38, 0x3a, 0xff, @dev, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x5, '\x00', {0x6, 0x6, "3e17d0", 0x8, 0x2f, 0xfe, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, [@fragment={0x2e, 0x0, 0x4, 0x0, 0x0, 0x2, 0x64}]}}}}}}}, 0x0) getrandom(&(0x7f0000000080)=""/194, 0xc2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x8, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9f"}}}}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000004a00611400000000fdffffff0a00b600", @ANYBLOB="3145679c47"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') (async) read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) (async) sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x30, 0xa, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4800}, 0x8090) (async) socket(0x10, 0x3, 0x0) (async) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000340)={{0xa, 0x1, 0x2, @mcast1, 0xfffffe01}, {0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x9738}, 0x0, {[0x1, 0xe61a, 0x3, 0x5, 0x6, 0x6f93, 0x722, 0x400]}}, 0x5c) (async) syz_emit_ethernet(0x6e, &(0x7f0000000180)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb603e", 0x38, 0x3a, 0xff, @dev, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x5, '\x00', {0x6, 0x6, "3e17d0", 0x8, 0x2f, 0xfe, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, [@fragment={0x2e, 0x0, 0x4, 0x0, 0x0, 0x2, 0x64}]}}}}}}}, 0x0) (async) getrandom(&(0x7f0000000080)=""/194, 0xc2, 0x0) (async) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) (async) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x8, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9f"}}}}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000004a00611400000000fdffffff0a00b600", @ANYBLOB="3145679c47"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) 2.889584273s ago: executing program 2 (id=722): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xdddd1000, 0x1000, &(0x7f0000017000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xe) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000001f00)={0x30, r3, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0x80000000, 0x1, 0x1, 0x5}}}}, 0x30}}, 0x0) 2.720112741s ago: executing program 2 (id=724): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103383) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) (async) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r4, @ANYBLOB="00000016010000001800120008000100736974000c00020008000300", @ANYRES32=0xffffffffffffffff], 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000100039042cbd7000eaffffff000003e4", @ANYRES32=r5, @ANYBLOB="03000000cb1507003800128008000100736974002c00028008000100", @ANYRES32=r6, @ANYBLOB="08000300ac14141005000a00006bbe"], 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x80d0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000002c0)={0x0, {}, 0x0, {}, 0x9, 0xa, 0x16, 0x9, "4b8b3ea46929dfed0b2f34380d308f95a023d009855a94a9fe9549918ae7fd1f0ece5bc61375b108403362cfe0f4fccffb1b6a2115354d4df15d017a3f00", "2363f18d9acc6c25af21ca2af6d2e80e4caadd6d126cfb80c92dc817d44dcdec", [0x1, 0x80000200000007]}) (async) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r0) sendto$netrom(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={{0x6, @rose}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000040)=ANY=[]) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r8 = socket$rds(0x15, 0x5, 0x0) bind$rds(r8, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02c9308d12000e0005"], 0x17) (async) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) sendmsg$rds(r3, &(0x7f0000003080)={&(0x7f0000000640)={0x2, 0x4e21, @broadcast}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000680)=""/103, 0x67}, {&(0x7f0000000700)=""/101, 0x65}, {&(0x7f0000000780)=""/81, 0x51}, {&(0x7f0000001880)=""/133, 0x85}], 0x4, &(0x7f0000002f80)=[@rdma_args={0x48, 0x114, 0x1, {{0x1ff, 0x2}, {&(0x7f0000001940)=""/180, 0xb4}, &(0x7f0000001a80)=[{&(0x7f0000001a00)=""/74, 0x4a}], 0x1, 0x46}}, @rdma_args={0x48, 0x114, 0x1, {{0xff, 0x5}, {&(0x7f0000001ac0)=""/191, 0xbf}, &(0x7f0000002e80)=[{&(0x7f0000001b80)=""/179, 0xb3}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/196, 0xc4}, {&(0x7f0000002d40)=""/29, 0x1d}, {&(0x7f0000002d80)=""/219, 0xdb}], 0x5, 0x36, 0x2}}, @cswp={0x58, 0x114, 0x7, {{0x21, 0xffffffff}, &(0x7f0000002f00)=0x6, &(0x7f0000002f40)=0x3, 0x10001, 0x101, 0x8, 0x41160070, 0x40, 0x8}}], 0xe8, 0x4000000}, 0x24000089) r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) (async) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) (async) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e20, 0x61, @private2, 0xd5}}, [0x80000000, 0x55, 0x12d, 0xfffffffffffffffc, 0xf, 0x4, 0x0, 0x3, 0x1, 0x5, 0xffffffffffffffb7, 0x4, 0x2, 0x7f, 0x2a]}, &(0x7f0000000140)=0x100) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000180)={r12, 0x1000}, &(0x7f00000001c0)=0x8) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@fallback=r3, 0x4, 0x0, 0x7, &(0x7f00000003c0)=[0x0], 0x1, 0x0, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000600)={@ifindex=r4, 0xffffffffffffffff, 0xdf90cdf99fa275b9, 0x18, 0x0, @void, @value=r10, @void, @void, r13}, 0x20) sendmsg$rds(r8, &(0x7f00000002c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000880)=""/4089, 0xff9}], 0x1, 0x0, 0x0, 0x91}, 0x2000004b) ioctl$VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000000)={0x54, 0xa, 0xdf7b7a5625e873de, "d9c2955351f9acb1ee54ecc4b00f11f11867b5302c11500e8b8152682b7afe20"}) 2.670026268s ago: executing program 2 (id=726): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="540000001000010003000000fbdbdf2500000000", @ANYRES32=r3, @ANYBLOB="104e06000000000034003b3595efc34aefed54b8f43d0535b719800500060010000000150002002f6465762f76686f73742d76736f636b00000020080001000000000008000100040000004528050ca2f7d67b8bd90c9674974dfc17fb46be0e0345f7"], 0x54}, 0x1, 0x0, 0x0, 0x8040}, 0x6010) r4 = syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f00000006c0)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581", @ANYRES32=r1, @ANYRESHEX=r1, @ANYRESDEC=r0], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0) setreuid(0xee01, 0x0) syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000540)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x2179, 0x53, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x40, 0xd, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x2, {0x9, 0x21, 0x9, 0x8, 0x1, {0x22, 0xd42}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x5a, 0x2, 0xf6}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x8, 0x1, 0x6}}]}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x250, 0x83, 0x3, 0xf, 0x40, 0x1}, 0x19, &(0x7f0000000640)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0xe0, "9ca5a57b3acf135b66ece67b16fb4f9e"}]}, 0x2, [{0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0xfcff}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0xc04}}]}) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setresuid(0xee01, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x100) syz_usb_connect(0x5, 0x20f, &(0x7f0000000240)={{0x12, 0x1, 0x201, 0x36, 0x3, 0x54, 0x8, 0x1b3d, 0x1f5, 0x23a0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1fd, 0x1, 0x3, 0x9d, 0x80, 0x80, [{{0x9, 0x4, 0xbd, 0x4, 0x8, 0xf7, 0x95, 0xc0, 0x80, [], [{{0x9, 0x5, 0x4, 0x8, 0xb92c072ee1886767, 0x2, 0xfc, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x40, 0x54f4}, @generic={0xc, 0x21, "256a41744e571dbf8624"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x10, 0x5, 0x2, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xf2, 0x7f}]}}, {{0x9, 0x5, 0xa, 0x3, 0x10, 0x1, 0x3, 0x5}}, {{0x9, 0x5, 0x2, 0x4, 0x3ff, 0x4, 0x4, 0x7f}}, {{0x9, 0x5, 0x7, 0x10, 0x3ff, 0x8, 0xa, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x17, 0x6428}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0xd10}]}}, {{0x9, 0x5, 0x9, 0x1, 0x20, 0xc0, 0xe, 0x6, [@generic={0x65, 0x10, "d12c80a4b9418ef96b1beb08d1d55f5fa1fc460c6ceefebb84ef48cb5069b70fe5eb0c41eaa023cf1a3398c7471a9f672a0b3ffa53fd72394a612da757e102980751a02526225cfcdefdb54d6da81b4f58dd0f3a1a4b54d2947ba9071188977d8bc11e"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x0, 0xfd, 0x7, [@generic={0x35, 0x31, "b3c56373b318b94cd0b3139ab5c1280c9b0120dbbbd25f94bbd0eb03a233e47e0e0367591cd757a32a7e7fb74f6497a0df9a19"}, @generic={0xe1, 0x6, "faee0372a109cb4778368543707b44b30716e5f496d91e6bfa5aec438690691950d6cc351c5609bb70d4b1ceeb1ae1f6a4c3a8854e1291514e84fde82de222be2e7b893db3c2849ed60b74fbae3e75bad42207cc9d6b65d8d65a00c6bd9b8a9c9f2e5250f36a8c1fd885566f58da6847161538bd80c8e8cf804cac3a8769f33adc595e672653d0c06d8b94587212873d230c0c15e3d544381cf5bb2831eed68a86dfdc566709c98b93ad3fce7152fde6d4a881a547ed3ea221d3bd5b89aee52f73f347916298b044d843e9fa563d8368cd49b0b8058fec571267f9ca962d7c"}]}}, {{0x9, 0x5, 0xa, 0x3, 0x8, 0x0, 0x6, 0xc3}}]}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x9, 0xfb, 0x2, 0x20, 0x61}, 0x33, &(0x7f0000000080)={0x5, 0xf, 0x33, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x8, 0x4, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0xe, 0x8, 0x8, 0x401}, @ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x1, 0xf0f, 0x100}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0x1, 0x1}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x3, 0x0, 0x1800}]}, 0x3, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x2009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x44b}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x44c}}]}) syz_usb_disconnect(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000003d000d8632cd6bdccc8d0000047c0000040000000c00018006000600800a0000040002"], 0x28}}, 0xc800) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) connect$vsock_stream(r7, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f00000005c0)={0x0, r2}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@broadcast, @random="17043a73dbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa}}}}}}, 0x0) syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000080)=ANY=[], 0x0) 2.588781841s ago: executing program 1 (id=727): r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000e80)=@in6={0xa, 0x4e20, 0x0, @remote, 0x3}, 0x80, 0x0}, 0x8000) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a4fc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b87f7c40a1702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f600e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10f9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80729fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a85430600f1e49db5a5517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a00000000000000000000000047e628cd57cde4268f47c9aaec3a3dfe43e032b88ea53656a8740c1a4e0a99be5c97ba451d8b2b0f4e12ba96082e0f6b2dabe716699090058e61a38ce85611945106dd1309087d3a2cf3aaef6216ff3720c3917170544a509071166565eaa3c9285b5227f520cd47"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000480)="b9ffb2ed6844268cb89e14f0886411e0ff15661aaa50e7369dfbac141416e000004062079f4b", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f00000001c0), &(0x7f0000048000), 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) semget(0x0, 0x3, 0x200) semget(0x0, 0x4, 0x4e0) exit(0x0) sendmsg$inet(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000e00)="1d593ac7df1a4e5ab94055a4d902c041fd705d61b65eabbc3f7c22ce5218f0d0a74d1fe68ca2064b3a342fec1beb9f8618f6da754245a64f403b600011925ce9ed75e9fbeeba4562ec98d125b60cea84c43382a2ed491194642fc6253221", 0x5e}, {&(0x7f0000002a00)="8be7300504e940e2adbac20ccace78eb82bbf9ef52cb7e5804a888fe67b2a1d6bb9d9fbc020a9f69de256cad8d39cb262a69db5751100e921f793358a7bbadcb635f9fd47467b2d78c2a3ff4b57f77276716803b5f0085570df3e2f0c43ffb98384c4a774513151680eb4dcedd58e2448806980247ab59c943923f06178b1d1d3389bca2b7e857ec2b712fbd15b3268eef594cdf3d7a19ef95b5e499768bca69e60ca6816013e9b341993a5af779fc95156808ed52cad19bff565502c08a79d7e14b1db46bc2a1cb6aa5c7af0fd323ea1bb90d72271d89c1f5c259c37dccf5e0b4ce79229df59d95ebc53d70fb93bb9a580d15f299721a288e1330ca87d3c886106e0a72c2d990f927153cb16d5fbaee2710c33bd8cd4d167cd5372d3ebdd524c7e705dcabec69104889def2830f803ed150714dfc7e5fe7faca09567abff7b371b3505e12456023016c5bcec780586e3a7a8f1f0c3756b71c115aedbaaf01a4490dae71ef92cdb81a0229f64e29f1265030114d7093744561717b25655463a3d2579bc3cdb51bef09b9c36327b15a01de21fc7a2e8f980fff1c039b341962c81fc1553fd76bd8d223867619ff53870daed76651256431fd1a119a42d4aaa418f60874c666e8d933af3db162aa603dee2b70c6689f44316214d3e42ae6bfc9eaef897dbd233cdc2cebcb95cd03555996297f0c8695d418dd947ede9c1e36f0e24ea085dd02f37401212f1e5c98a2769781f587b323bd9ce9a1f1986dce0d403fcdad1bf52513aa1995ca0fbe7ccf30683de973681c57eaba64be96b868bc7bf4829e33d77da1483f942364940d6c6b37f6bd440831188e7a038e6f45881a38e4566b7f93094d190471df1d25bc339a845f42fc013d6eead160a20090a9efffadc3f0ed135710fd536bce1e095e317b8d0dadafedd3dc473a683d116b1ed57cbe617ef671e1e067253a3e10b81bac40c9df9ffcb4405dc3e5c606773a59faebbf5af84eab653b7ab1e867df789ab6ef2d1e8e0abb72c0b11dc5ee43c9edc87e7177e7127e51f6305dd44391f9de0c4eb8443c68ba383c2c72e1cf640b58cdbf3fa3cf016c997f875a76ced9d6161bcc064b578dd7a8d38e74587632dfe7127a58e39eaaf376c588068e68a1a740f2f85bf8db204313aed4a0dbef8d8d8a71b0e436b60c115db9edd580a12f914c2456d3019790cd4997cad753c4edeb67d5f37ca5003006e2c212b68f3f3fdca543085ff419a65860576396d9a90d5ce29257626b651fa8eea77f335b3f9584a0292dd1fd343ee992b6f7f71d752499c855e4ec415d0cc13234ff48a7c40bd9eb7743b738f19d03a938988436942ccb681c518ad78e11ec460e15dde7effcc5644a213cf06b45be3eda80dc22648d45cdfd5ac285ba51d8718dafbbd689516b7a48ca5d937461410dea063079d8dfc61340d46d7a997c4026100e50f858e8635edfdb6d17092126d0ca7ca26b1110ae80ba33c20ebf1df4bf81073db109d9dd402401a5c8a9074937a8289cda7393876709dce8e47698437fefdbbf6b71bc90e3e408d964423ca1e5769681545e3e4ec83c07a574877593c0be98eb077121868ddd6c74722db453c37eabb3a727ac0eeae583d60d100ecc6b0b71f960e867892b12fa954bdfce3b00d961e3f1f2f7fd401b1eaf6f310bbb8bdbf58b1b81093105348cdbaa85663edac1ae02d7160994f3235b9922b885a650c23c0a6354b9e9fe03a1b1cdd48f4f5a31e07580e880a6b464f7e42cdd7f9dce3b2debaa416deb76488b676f34a724b5b8c817f8e8f47040f7062cdb89e64322740f406f8a91fa725409b30d764dbd9deaf6d4566f93415e4a9f356565b486614b7c650a4a89ab6570e75251197b90b4719f", 0x537}, {0x0}, {0x0}], 0x4}, 0x20000020) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xac00, 0x0) get_robust_list(0xffffffffffffffff, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) r5 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r4, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r4, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_COPY(r3, 0x3b83, &(0x7f0000000040)={0x28, 0x2, r4, r4, 0x3, 0x2, 0x3fff}) 1.710236132s ago: executing program 1 (id=730): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) (fail_nth: 27) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) 1.199932294s ago: executing program 1 (id=739): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) (async) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="48040000", @ANYRESDEC, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r2, @ANYBLOB="2c043363b8d82fe76e6fe5b74000000001504650505050"], 0x448}, 0x1, 0x0, 0x0, 0x8811}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x3c, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWT_BPF_XMIT_HEADROOM={0x8, 0x12}}, @NHA_ID={0x8, 0x6, 0xf2}, @NHA_OIF={0x8, 0x5, r5}]}, 0x3c}}, 0x0) 1.109608986s ago: executing program 1 (id=741): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000f00), 0x600, 0x0) ioctl$sock_SIOCINQ(r0, 0x7040, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) 849.79913ms ago: executing program 0 (id=750): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000004f80)=[{0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000005380)="c700ae867af181dc0452ee584771c0c044dc3dedcc695e961e687c5c3eaa0fdc7268a494e27c05cad87d89aa6930693238e2c23cf0935850f3b8f7a9a440f102a14d42bb2fde965a5116a981f867bde50ac5fb96847616a773929a9c6caca05806a24ac429dcd4a17cb39c8468bdddee3d4fbc021b1a1f7a5cb3f27b95919e79a57129edbd734760a4856ca4a66ed8c2f76a29f1d95f7d3efd49155bf6ed7a19ae47c964bd05c956545e06b0c2cabc47fd53ad4952e055bcd4b3b541a355ec66070c4931d864", 0xc6}], 0x1}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000640)=""/34, 0x22}, {&(0x7f00000002c0)=""/163, 0xa3}], 0x2}}], 0x1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086eeac7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67e61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc51f8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r3 = socket(0x1d, 0x2, 0x6) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r3, 0x6a, 0x3, 0x0, &(0x7f00000000c0)=0xfffffffffffffd27) 790.266856ms ago: executing program 0 (id=751): r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r1, 0x2285, 0x0) r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x1000001000001, 0x2) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x10000, 0x10c, 0x8}, 0x18) mknodat$null(r3, &(0x7f0000000100)='./file0\x00', 0x200, 0x103) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000000)={0x980915, 0x8}) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0xffffffffffffff17) epoll_pwait2(0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000940), 0x0, 0xfffffffffffffe94) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f0000000140)={0x1}) r5 = fcntl$dupfd(r1, 0x0, r1) write$sndseq(r5, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time={0x0, 0x4}, {}, {0x0, 0xb5}, @raw32}, {0x1, 0x0, 0x0, 0x0, @tick=0xc, {}, {}, @quote}], 0x38) write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32={[0x200]}}, {0x0, 0x0, 0x0, 0x4, @tick, {0x2}, {}, @result={0x80000001}}, {0x0, 0x0, 0x0, 0x0, @time={0x4a136964}, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick=0xffffffff, {0x0, 0x4}, {0x4, 0x2}, @control={0x0, 0x1}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x800000}, {}, {0x9}, @connect={{0x0, 0x5}, {0x0, 0x21}}}, {0x80, 0x0, 0x0, 0x0, @time={0x3}, {}, {}, @note={0x9, 0xc, 0x0, 0x8, 0xffff}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffc}, {}, {}, @connect={{0x0, 0x1}}}], 0xc4) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000600)) ioctl$SG_GET_REQUEST_TABLE(r5, 0x2286, &(0x7f0000000480)) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000140)={0x19}) openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) (async) ioctl$SG_IO(r1, 0x2285, 0x0) (async) syz_open_dev$vim2m(&(0x7f00000002c0), 0x1000001000001, 0x2) (async) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x10000, 0x10c, 0x8}, 0x18) (async) mknodat$null(r3, &(0x7f0000000100)='./file0\x00', 0x200, 0x103) (async) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000000)={0x980915, 0x8}) (async) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0xffffffffffffff17) (async) epoll_pwait2(0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000940), 0x0, 0xfffffffffffffe94) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) (async) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f0000000140)={0x1}) (async) fcntl$dupfd(r1, 0x0, r1) (async) write$sndseq(r5, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time={0x0, 0x4}, {}, {0x0, 0xb5}, @raw32}, {0x1, 0x0, 0x0, 0x0, @tick=0xc, {}, {}, @quote}], 0x38) (async) write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32={[0x200]}}, {0x0, 0x0, 0x0, 0x4, @tick, {0x2}, {}, @result={0x80000001}}, {0x0, 0x0, 0x0, 0x0, @time={0x4a136964}, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick=0xffffffff, {0x0, 0x4}, {0x4, 0x2}, @control={0x0, 0x1}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x800000}, {}, {0x9}, @connect={{0x0, 0x5}, {0x0, 0x21}}}, {0x80, 0x0, 0x0, 0x0, @time={0x3}, {}, {}, @note={0x9, 0xc, 0x0, 0x8, 0xffff}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffc}, {}, {}, @connect={{0x0, 0x1}}}], 0xc4) (async) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000600)) (async) ioctl$SG_GET_REQUEST_TABLE(r5, 0x2286, &(0x7f0000000480)) (async) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000140)={0x19}) (async) 730.250299ms ago: executing program 0 (id=752): unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_int(r2, 0x101, 0x7, &(0x7f0000000000)=0x2, 0x4) setsockopt$ax25_int(r2, 0x101, 0x1, &(0x7f0000000040)=0x6, 0x4) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000100), 0x2012000, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@privport}, {@mmap}, {@fscache}, {@nodevmap}, {@aname={'aname', 0x3d, 'overlay\x00'}}, {@access_user}], [{@measure}, {@fsname={'fsname', 0x3d, 'wg0\x00'}}, {@uid_lt={'uid<', r3}}, {@measure}, {@fowner_gt}, {@hash}, {@context={'context', 0x3d, 'unconfined_u'}}, {@appraise}, {@subj_role={'subj_role', 0x3d, 'lowerdir'}}]}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180), 0xb) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x8010, r4, 0x0) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="80000000", @ANYRES16=r5, @ANYBLOB="37040000000000000000010000006400088030000080060005000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b392230000080060005000080000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b392208000100", @ANYRES32=r7], 0x80}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x11, 0x48001}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 560.311755ms ago: executing program 0 (id=753): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) (async) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x18, 0x5a, 0x1, 0x0, 0x0, {}, [@nested={0x4, 0x5}]}, 0x18}}, 0x0) (async) r2 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000000), 0x4282, 0x0) read$fb(r2, &(0x7f0000000140)=""/212, 0xd4) 560.077226ms ago: executing program 0 (id=754): socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="2400000000000000000000000700000001441009"], 0x28}, 0x0) socket(0x840000000002, 0x3, 0x100) r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x4c383, 0x0) ioctl$DVD_READ_STRUCT(r0, 0x5392, &(0x7f0000000880)=@bca={0x3, 0xbc, "69c3375265a53603aa943ebab5337c26e2662c6fd7b035f3c1b55331c5ae3f7f40b0733fd0c325b014474881fdd5abbeaacfc25bf6e6d8e3f23b8519f96e6d8cc7b712ff3228c04c5f2cd78ba779fed6cbfa7552030998ae65fe2a53989146eea90ac99cc4be2471ebe7ee7f1f054f8ed1b8d79136fff91df47f205ae8601ce30671edad41a63553114178aef1fec1f8f43993b9706c5672d7f47b156f1407ea8070da2240e1ba2baf1fda7781e3fdbc4fa10e01c7b99c16cb49c02c"}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x400, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x1c, 0xd}, {0xb, 0x4}, {0x10, 0x1}}}, 0x24}}, 0x0) 368.700836ms ago: executing program 0 (id=755): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000400000000001090224000100000000090400002203000000c3ed40ce00012205000905810300"/54], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0xdf, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_AIE_OFF(r0, 0x7002) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000062010c000000190095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) close(r1) socket$alg(0x26, 0x5, 0x0) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0x0, 0x0, @remote, 0xba}}]}, 0x190) syz_emit_ethernet(0x4e, &(0x7f0000000480)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x18, 0x3a, 0x0, @remote, @mcast2, {[], @mld={0x83, 0x0, 0x0, 0x0, 0x0, @private0}}}}}}, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x401) write$UHID_CREATE2(r1, &(0x7f0000000200)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x42, 0x0, 0x7, 0x7, 0x22a5411f, 0x5, "54c54c462b1ea8f257f1534fe27efe77dd83d76410e89d24aad970f764e0f5caca0669fc20d20ad35bf4d7e67c1ffd36c18e9e7e1881b01837c78e191d51cf30f09c"}}, 0x15a) ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'virt_wifi0\x00', @random}) 200.035994ms ago: executing program 3 (id=759): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = io_uring_setup(0x7892, &(0x7f0000000180)={0x0, 0x4bf7, 0x200, 0x1, 0x2e1}) io_uring_enter(r1, 0x16c9, 0x88b9, 0x1, &(0x7f0000000040)={[0x8]}, 0x8) (async) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xffffffffffffff4b, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1810039000000000bf0ffffff00000e000a000f000000028002002d1f", 0x2e}], 0x10000000000000b2}, 0x0) 199.829264ms ago: executing program 3 (id=760): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{}, {0x18}, 0x0, 0x7}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2, 0x0, 0x0, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r5, 0x126, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') read$FUSE(r6, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) pread64(r6, &(0x7f0000002240)=""/237, 0xed, 0x619) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xac00, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r8, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800}) ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r8, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_COPY(r7, 0x3b83, &(0x7f0000000040)={0x28, 0x2, r8, r8, 0x3, 0x2, 0x3fff}) 130.104645ms ago: executing program 3 (id=761): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="280000001800290200000000000000000200000008664e084f"], 0x28}}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) 129.733027ms ago: executing program 3 (id=762): r0 = syz_open_dev$sndpcmp(&(0x7f0000002440), 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x9) r2 = epoll_create(0x80) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)) mmap(&(0x7f0000839000/0xe000)=nil, 0xe000, 0x2, 0x12, r0, 0x6097000) 70.270113ms ago: executing program 3 (id=763): socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="2400000000000000000000000700000001441009"], 0x28}, 0x0) r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x4c383, 0x0) ioctl$DVD_READ_STRUCT(r0, 0x5392, &(0x7f0000000880)=@bca={0x3, 0xbc, "69c3375265a53603aa943ebab5337c26e2662c6fd7b035f3c1b55331c5ae3f7f40b0733fd0c325b014474881fdd5abbeaacfc25bf6e6d8e3f23b8519f96e6d8cc7b712ff3228c04c5f2cd78ba779fed6cbfa7552030998ae65fe2a53989146eea90ac99cc4be2471ebe7ee7f1f054f8ed1b8d79136fff91df47f205ae8601ce30671edad41a63553114178aef1fec1f8f43993b9706c5672d7f47b156f1407ea8070da2240e1ba2baf1fda7781e3fdbc4fa10e01c7b99c16cb49c02c"}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x400, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x1c, 0xd}, {0xb, 0x4}, {0x10, 0x1}}}, 0x24}}, 0x0) 241.484µs ago: executing program 3 (id=764): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) (fail_nth: 29) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) 0s ago: executing program 1 (id=765): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000340)={0x0, 0x80, 0x2, 0x670, 0x7, 0x5, 0x2, 0x616, {0x0, @in6={{0xa, 0x4e23, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}}, 0x5, 0x0, 0x2, 0x2, 0xb196}}, &(0x7f0000000200)=0xb0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000002c0)={r1, 0xfff8, 0xffff}, 0x8) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00004093'], 0x2a, 0xfffffffffffffffc) r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "a730b801"}, 0x0, 0x1, {0x0}}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000001c0)=@mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "c157f2f8"}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000041}, 0x40084) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ptrace$ARCH_SET_GS(0x1e, 0x0, 0x0, 0x1001) r6 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$sock_int(r6, 0x1, 0x23, &(0x7f0000000040)=0x80047c7, 0x4) bind$l2tp6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) recvfrom(r6, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x60}}, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r7 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000019c0)='s', 0x1, 0xfffffffffffffffe) keyctl$read(0xb, r7, &(0x7f0000000240)=""/112, 0x349b7f55) kernel console output (not intermixed with test programs): 0000000003 [ 57.066077][ T6620] RBP: 00007fa1e3e25090 R08: 0000000000000000 R09: 0000000000000000 [ 57.068386][ T6620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 57.070360][ T6620] R13: 0000000000000001 R14: 00007fa1e3176080 R15: 00007ffe956e4a08 [ 57.072303][ T6620] [ 57.073117][ C0] vkms_vblank_simulate: vblank timer overrun [ 57.138595][ T6613] block nbd1: shutting down sockets [ 57.247460][ T6645] batadv0: entered promiscuous mode [ 57.255545][ T6645] team0: entered promiscuous mode [ 57.256900][ T6645] team_slave_0: entered promiscuous mode [ 57.258795][ T6645] team_slave_1: entered promiscuous mode [ 57.261463][ T6645] hsr1: entered promiscuous mode [ 57.262769][ T6645] hsr1: entered allmulticast mode [ 57.264138][ T6645] batadv0: entered allmulticast mode [ 57.268472][ T6645] team0: entered allmulticast mode [ 57.269831][ T6645] team_slave_0: entered allmulticast mode [ 57.271320][ T6645] team_slave_1: entered allmulticast mode [ 57.292886][ T6649] xt_l2tp: missing protocol rule (udp|l2tpip) [ 57.495344][ T6665] block nbd1: Device being setup by another task [ 57.569722][ T6677] bond0: entered promiscuous mode [ 57.571145][ T6677] bond_slave_0: entered promiscuous mode [ 57.572689][ T6677] bond_slave_1: entered promiscuous mode [ 57.596435][ T6661] FAULT_INJECTION: forcing a failure. [ 57.596435][ T6661] name failslab, interval 1, probability 0, space 0, times 0 [ 57.600445][ T6661] CPU: 0 UID: 0 PID: 6661 Comm: syz.1.195 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 57.603833][ T6661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.607145][ T6661] Call Trace: [ 57.608191][ T6661] [ 57.609124][ T6661] dump_stack_lvl+0x16c/0x1f0 [ 57.610627][ T6661] should_fail_ex+0x497/0x5b0 [ 57.612138][ T6661] ? fs_reclaim_acquire+0xae/0x150 [ 57.613758][ T6661] should_failslab+0xc2/0x120 [ 57.615221][ T6661] __kmalloc_noprof+0xcb/0x510 [ 57.616741][ T6661] group_cpus_evenly+0x16b/0x680 [ 57.618307][ T6661] ? __pfx_group_cpus_evenly+0x10/0x10 [ 57.619985][ T6661] ? __raw_spin_lock_init+0x3a/0x110 [ 57.621643][ T6661] ? debug_mutex_init+0x37/0x70 [ 57.623224][ T6661] ? nbd_init_request+0x98/0xc0 [ 57.624789][ T6661] blk_mq_map_queues+0x4a/0x420 [ 57.626345][ T6661] blk_mq_update_queue_map+0x34b/0x3e0 [ 57.628053][ T6661] ? __blk_mq_alloc_map_and_rqs+0xdb/0x1f0 [ 57.629893][ T6661] __blk_mq_update_nr_hw_queues+0xa39/0x14e0 [ 57.631743][ T6661] ? __mutex_trylock_common+0xea/0x250 [ 57.633325][ T6661] ? __pfx___mutex_trylock_common+0x10/0x10 [ 57.635102][ T6661] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 57.636840][ T6661] ? rcu_is_watching+0x12/0xc0 [ 57.638312][ T6661] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 57.639780][ T6661] ? __pfx___mutex_trylock_common+0x10/0x10 [ 57.641122][ T6661] ? avc_has_perm_noaudit+0x61/0x3a0 [ 57.642365][ T6661] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 57.643638][ T6661] ? __pfx___mutex_lock+0x10/0x10 [ 57.644815][ T6661] ? trace_contention_end+0xee/0x140 [ 57.646046][ T6661] ? __mutex_lock+0x1cc/0xa60 [ 57.647122][ T6661] ? nbd_ioctl+0x151/0xfd0 [ 57.648207][ T6661] ? __pfx___mutex_lock+0x10/0x10 [ 57.649380][ T6661] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 57.650653][ T6661] nbd_start_device+0x15b/0xd70 [ 57.651753][ T6661] ? bpf_lsm_capable+0x9/0x10 [ 57.652812][ T6661] nbd_ioctl+0x21a/0xfd0 [ 57.653755][ T6661] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 57.655269][ T6661] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 57.656760][ T6661] ? __pfx_nbd_ioctl+0x10/0x10 [ 57.657876][ T6661] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 57.659447][ T6661] ? __pfx_lock_release+0x10/0x10 [ 57.660612][ T6661] ? __pfx_nbd_ioctl+0x10/0x10 [ 57.661755][ T6661] blkdev_ioctl+0x276/0x6d0 [ 57.662817][ T6661] ? __pfx_blkdev_ioctl+0x10/0x10 [ 57.664032][ T6661] ? selinux_file_ioctl+0x180/0x270 [ 57.665236][ T6661] ? selinux_file_ioctl+0xb4/0x270 [ 57.666464][ T6661] ? __pfx_blkdev_ioctl+0x10/0x10 [ 57.667629][ T6661] __x64_sys_ioctl+0x190/0x200 [ 57.668993][ T6661] do_syscall_64+0xcd/0x250 [ 57.670041][ T6661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.671372][ T6661] RIP: 0033:0x7fa1e2f85d29 [ 57.672372][ T6661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.676603][ T6661] RSP: 002b:00007fa1e3e46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.678427][ T6661] RAX: ffffffffffffffda RBX: 00007fa1e3175fa0 RCX: 00007fa1e2f85d29 [ 57.680241][ T6661] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 57.682042][ T6661] RBP: 00007fa1e3e46090 R08: 0000000000000000 R09: 0000000000000000 [ 57.683809][ T6661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 57.685681][ T6661] R13: 0000000000000000 R14: 00007fa1e3175fa0 R15: 00007ffe956e4a08 [ 57.687529][ T6661] [ 57.688326][ C0] vkms_vblank_simulate: vblank timer overrun [ 57.747672][ T6665] block nbd1: shutting down sockets [ 57.788339][ T6685] fuse: Bad value for 'user_id' [ 57.789641][ T6685] fuse: Bad value for 'user_id' [ 57.817925][ T6685] xt_hashlimit: size too large, truncated to 1048576 [ 58.080311][ T6713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.209'. [ 58.083725][ T6713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.209'. [ 58.329300][ C0] sr 2:0:0:0: [sr0] tag#7 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 58.332976][ C0] sr 2:0:0:0: [sr0] tag#7 CDB: Xdwrite(16) 80 a3 3c 25 fa d6 ec c2 82 8d 87 d5 92 20 41 0a [ 58.406394][ T6731] block nbd0: Device being setup by another task [ 58.520879][ T6731] FAULT_INJECTION: forcing a failure. [ 58.520879][ T6731] name failslab, interval 1, probability 0, space 0, times 0 [ 58.525437][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.0.211 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 58.529050][ T6731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.532716][ T6731] Call Trace: [ 58.533880][ T6731] [ 58.534899][ T6731] dump_stack_lvl+0x16c/0x1f0 [ 58.536530][ T6731] should_fail_ex+0x497/0x5b0 [ 58.538115][ T6731] ? fs_reclaim_acquire+0xae/0x150 [ 58.539798][ T6731] should_failslab+0xc2/0x120 [ 58.541426][ T6731] __kmalloc_noprof+0xcb/0x510 [ 58.543296][ T6731] __group_cpus_evenly+0x432/0x1310 [ 58.545124][ T6731] ? __pfx___group_cpus_evenly+0x10/0x10 [ 58.546944][ T6731] ? trace_kmalloc+0x2d/0xd0 [ 58.548542][ T6731] ? __kmalloc_noprof+0x23b/0x510 [ 58.550260][ T6731] group_cpus_evenly+0x218/0x680 [ 58.551552][ T6731] ? __pfx_group_cpus_evenly+0x10/0x10 [ 58.552991][ T6731] ? __raw_spin_lock_init+0x3a/0x110 [ 58.554286][ T6731] ? debug_mutex_init+0x37/0x70 [ 58.555516][ T6731] ? nbd_init_request+0x98/0xc0 [ 58.556775][ T6731] blk_mq_map_queues+0x4a/0x420 [ 58.558018][ T6731] blk_mq_update_queue_map+0x34b/0x3e0 [ 58.559367][ T6731] ? __blk_mq_alloc_map_and_rqs+0xdb/0x1f0 [ 58.560871][ T6731] __blk_mq_update_nr_hw_queues+0xa39/0x14e0 [ 58.562459][ T6731] ? __mutex_trylock_common+0xea/0x250 [ 58.563945][ T6731] ? __pfx___mutex_trylock_common+0x10/0x10 [ 58.565416][ T6731] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 58.566834][ T6731] ? rcu_is_watching+0x12/0xc0 [ 58.568024][ T6731] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 58.569885][ T6731] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 58.571313][ T6731] ? __pfx___mutex_lock+0x10/0x10 [ 58.572879][ T6731] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.574454][ T6731] ? __mutex_lock+0x1cc/0xa60 [ 58.575661][ T6731] ? nbd_ioctl+0x151/0xfd0 [ 58.576779][ T6731] ? __pfx___mutex_lock+0x10/0x10 [ 58.578058][ T6731] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 58.579444][ T6731] nbd_start_device+0x15b/0xd70 [ 58.580726][ T6731] ? bpf_lsm_capable+0x9/0x10 [ 58.581985][ T6731] nbd_ioctl+0x21a/0xfd0 [ 58.583267][ T6731] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 58.584965][ T6731] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 58.586612][ T6731] ? __pfx_nbd_ioctl+0x10/0x10 [ 58.587831][ T6731] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 58.589540][ T6731] ? __pfx_lock_release+0x10/0x10 [ 58.590846][ T6731] ? __pfx_nbd_ioctl+0x10/0x10 [ 58.592168][ T6731] blkdev_ioctl+0x276/0x6d0 [ 58.593381][ T6731] ? __pfx_blkdev_ioctl+0x10/0x10 [ 58.594718][ T6731] ? selinux_file_ioctl+0x180/0x270 [ 58.596426][ T6731] ? selinux_file_ioctl+0xb4/0x270 [ 58.597662][ T6731] ? __pfx_blkdev_ioctl+0x10/0x10 [ 58.598937][ T6731] __x64_sys_ioctl+0x190/0x200 [ 58.600148][ T6731] do_syscall_64+0xcd/0x250 [ 58.601326][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.603173][ T6731] RIP: 0033:0x7f290ab85d29 [ 58.604741][ T6731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.610378][ T6731] RSP: 002b:00007f290b974038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.612846][ T6731] RAX: ffffffffffffffda RBX: 00007f290ad76080 RCX: 00007f290ab85d29 [ 58.615192][ T6731] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 58.617171][ T6731] RBP: 00007f290b974090 R08: 0000000000000000 R09: 0000000000000000 [ 58.619157][ T6731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 58.621104][ T6731] R13: 0000000000000000 R14: 00007f290ad76080 R15: 00007ffe15c18b88 [ 58.623165][ T6731] [ 58.624367][ C0] vkms_vblank_simulate: vblank timer overrun [ 58.717958][ T6728] block nbd0: shutting down sockets [ 58.907669][ T6769] overlayfs: missing 'lowerdir' [ 58.933023][ T6771] netlink: 'syz.0.223': attribute type 3 has an invalid length. [ 58.936657][ T6771] netlink: 'syz.0.223': attribute type 1 has an invalid length. [ 58.940462][ T6771] netlink: 112865 bytes leftover after parsing attributes in process `syz.0.223'. [ 58.944090][ T6771] nbd: couldn't find device at index 63 [ 58.946272][ T6773] netlink: 'syz.0.223': attribute type 3 has an invalid length. [ 58.948961][ T6773] netlink: 'syz.0.223': attribute type 1 has an invalid length. [ 58.951630][ T6773] nbd: couldn't find device at index 63 [ 59.025691][ T6784] block nbd2: shutting down sockets [ 59.033114][ T6785] __nla_validate_parse: 1 callbacks suppressed [ 59.033123][ T6785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.226'. [ 59.108849][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.113476][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.122029][ T6798] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6798 comm=syz.0.232 [ 59.176235][ T6806] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 59.178452][ T6806] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 59.180602][ T6806] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 59.183047][ T6798] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6798 comm=syz.0.232 [ 59.211208][ T6813] netlink: 48 bytes leftover after parsing attributes in process `syz.1.236'. [ 59.238370][ T6819] netlink: 32 bytes leftover after parsing attributes in process `syz.3.237'. [ 59.286442][ T6829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.241'. [ 59.298406][ T832] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 59.445249][ T832] usb 7-1: Using ep0 maxpacket: 8 [ 59.448821][ T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 59.452425][ T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 59.455980][ T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 14385, setting to 1024 [ 59.459770][ T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 59.462919][ T832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 59.463226][ T6835] syz.0.243: vmalloc error: size 3383414784, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/ [ 59.467947][ T832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 59.468075][ T6835] ,mems_allowed=0-1 [ 59.472511][ T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.478039][ T6835] [ 59.478745][ T6835] CPU: 2 UID: 0 PID: 6835 Comm: syz.0.243 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 59.481380][ T6835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.484024][ T6835] Call Trace: [ 59.485014][ T6835] [ 59.485893][ T6835] dump_stack_lvl+0x16c/0x1f0 [ 59.487318][ T6835] warn_alloc+0x24d/0x3a0 [ 59.488528][ T6835] ? __pfx_warn_alloc+0x10/0x10 [ 59.489826][ T6835] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 59.491457][ T6835] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 59.492897][ T6835] ? kasan_save_stack+0x42/0x60 [ 59.494218][ T6835] ? kasan_save_stack+0x33/0x60 [ 59.495495][ T6835] ? kasan_save_track+0x14/0x30 [ 59.496765][ T6835] ? __kasan_kmalloc+0xaa/0xb0 [ 59.498169][ T6835] ? vb2_vmalloc_alloc+0xe2/0x3d0 [ 59.499503][ T6835] ? vb2_core_create_bufs+0x55d/0xab0 [ 59.500895][ T6835] ? vb2_create_bufs+0x566/0x780 [ 59.502212][ T6835] ? v4l_create_bufs+0x156/0x270 [ 59.503529][ T6835] __vmalloc_node_range_noprof+0x10df/0x1530 [ 59.505342][ T6835] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 59.506688][ T6835] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 59.508376][ T6835] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 59.509697][ T6835] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 59.511111][ T6835] vmalloc_user_noprof+0x6b/0x90 [ 59.512403][ T6835] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 59.513740][ T6835] vb2_vmalloc_alloc+0x11e/0x3d0 [ 59.515070][ T6835] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 59.516510][ T6835] __vb2_queue_alloc+0x896/0x1230 [ 59.517849][ T6835] vb2_core_create_bufs+0x55d/0xab0 [ 59.519318][ T6835] ? __pfx_vb2_core_create_bufs+0x10/0x10 [ 59.520804][ T6835] ? rcu_is_watching+0x12/0xc0 [ 59.522062][ T6835] ? trace_contention_end+0xee/0x140 [ 59.523438][ T6835] vb2_create_bufs+0x566/0x780 [ 59.524746][ T6835] ? __pfx_vb2_create_bufs+0x10/0x10 [ 59.526146][ T6835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 59.527683][ T6835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 59.529214][ T6835] v4l_create_bufs+0x156/0x270 [ 59.530474][ T6835] __video_do_ioctl+0xaf0/0xf00 [ 59.531747][ T6835] ? __pfx___video_do_ioctl+0x10/0x10 [ 59.533137][ T6835] ? __might_fault+0xe3/0x190 [ 59.534414][ T6835] video_usercopy+0x4d2/0x1620 [ 59.535695][ T6835] ? __pfx___video_do_ioctl+0x10/0x10 [ 59.537087][ T6835] ? __pfx_video_usercopy+0x10/0x10 [ 59.538475][ T6835] v4l2_ioctl+0x1ba/0x250 [ 59.539603][ T6835] ? __pfx_v4l2_ioctl+0x10/0x10 [ 59.540908][ T6835] __x64_sys_ioctl+0x190/0x200 [ 59.542176][ T6835] do_syscall_64+0xcd/0x250 [ 59.543376][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.544969][ T6835] RIP: 0033:0x7f290ab85d29 [ 59.546180][ T6835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.551265][ T6835] RSP: 002b:00007f290b995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.553421][ T6835] RAX: ffffffffffffffda RBX: 00007f290ad75fa0 RCX: 00007f290ab85d29 [ 59.555589][ T6835] RDX: 00000000200004c0 RSI: 00000000c100565c RDI: 0000000000000009 [ 59.557632][ T6835] RBP: 00007f290ac01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 59.559692][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.562455][ T6835] R13: 0000000000000000 R14: 00007f290ad75fa0 R15: 00007ffe15c18b88 [ 59.564964][ T6835] [ 59.569130][ T6835] Mem-Info: [ 59.570353][ T6835] active_anon:5832 inactive_anon:0 isolated_anon:0 [ 59.570353][ T6835] active_file:11846 inactive_file:38414 isolated_file:0 [ 59.570353][ T6835] unevictable:1768 dirty:1631 writeback:0 [ 59.570353][ T6835] slab_reclaimable:11848 slab_unreclaimable:70188 [ 59.570353][ T6835] mapped:25863 shmem:2445 pagetables:772 [ 59.570353][ T6835] sec_pagetables:297 bounce:0 [ 59.570353][ T6835] kernel_misc_reclaimable:0 [ 59.570353][ T6835] free:470455 free_pcp:3494 free_cma:0 [ 59.585353][ T6835] Node 0 active_anon:23452kB inactive_anon:0kB active_file:47384kB inactive_file:153580kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:103452kB dirty:6520kB writeback:0kB shmem:6244kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12272kB pagetables:3088kB sec_pagetables:1188kB all_unreclaimable? no [ 59.596738][ T6835] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 59.606677][ T6835] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 59.616675][ T6835] lowmem_reserve[]: 0 1212 0 0 0 [ 59.618352][ T6835] Node 0 DMA32 free:280612kB boost:0kB min:27608kB low:34508kB high:41408kB reserved_highatomic:0KB active_anon:23452kB inactive_anon:0kB active_file:47384kB inactive_file:153580kB unevictable:3536kB writepending:6520kB present:2080628kB managed:1269908kB mlocked:0kB bounce:0kB free_pcp:12780kB local_pcp:5672kB free_cma:0kB [ 59.635429][ T6833] block nbd3: shutting down sockets [ 59.636555][ T6835] lowmem_reserve[]: 0 0 0 0 0 [ 59.639620][ T6835] Node 1 Normal free:1585848kB boost:0kB min:39632kB low:49540kB high:59448kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB writepending:4kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:1320kB local_pcp:280kB free_cma:0kB [ 59.655183][ T6835] lowmem_reserve[]: 0 0 0 0 0 [ 59.656512][ T6835] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 59.659872][ T6835] Node 0 DMA32: 278*4kB (UME) 556*8kB (UME) 442*16kB (UME) 448*32kB (UME) 390*64kB (UM) 36*128kB (UME) 15*256kB (ME) 17*512kB (UME) 15*1024kB (UME) 6*2048kB (UM) 46*4096kB (M) = 285144kB [ 59.664909][ T6835] Node 1 Normal: 6*4kB (UE) 8*8kB (UME) 26*16kB (UME) 116*32kB (UME) 67*64kB (UME) 19*128kB (UME) 6*256kB (UE) 5*512kB (UM) 2*1024kB (UE) 2*2048kB (UM) 382*4096kB (M) = 1585848kB [ 59.669811][ T6835] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 59.672450][ T6835] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 59.674882][ T6835] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 59.677442][ T6835] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 59.679822][ T6835] 52705 total pagecache pages [ 59.681036][ T6835] 0 pages in swap cache [ 59.682118][ T6835] Free swap = 124988kB [ 59.683192][ T6835] Total swap = 124996kB [ 59.684313][ T6835] 1048443 pages RAM [ 59.685828][ T6835] 0 pages HighMem/MovableOnly [ 59.686690][ T832] usb 7-1: GET_CAPABILITIES returned 0 [ 59.687445][ T6835] 281645 pages reserved [ 59.688853][ T832] usbtmc 7-1:16.0: can't read capabilities [ 59.690249][ T6835] 0 pages cma reserved [ 59.715859][ T6790] Invalid ELF header magic: != ELF [ 59.815254][ T6856] netlink: 24 bytes leftover after parsing attributes in process `syz.0.248'. [ 59.828463][ T6846] netlink: 12 bytes leftover after parsing attributes in process `syz.3.245'. [ 59.831365][ T6846] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.245'. [ 59.833900][ T6846] openvswitch: netlink: Flow actions attr not present in new flow. [ 59.944083][ T6863] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 60.007104][ T6871] program syz.0.251 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 60.164775][ T6878] binder: 6877:6878 unknown command 0 [ 60.166759][ T6878] binder: 6877:6878 ioctl c0306201 20000080 returned -22 [ 60.262505][ T6883] netfs: Couldn't get user pages (rc=-14) [ 60.340213][ T6876] [U] V3Fپ"S/4:XTZWTLW= [ 60.448804][ T6876] block nbd1: shutting down sockets [ 60.453042][ T6875] [U] J"E:" [ 60.490910][ T6887] netlink: 12 bytes leftover after parsing attributes in process `syz.1.256'. [ 60.495856][ T1138] wlan0: Trigger new scan to find an IBSS to join [ 60.573316][ T6887] kvm: pic: non byte write [ 60.877662][ T6897] CUSE: info not properly terminated [ 61.437098][ T5946] Bluetooth: hci2: unexpected Set CIG Parameters response data [ 61.438337][ T6933] block nbd3: shutting down sockets [ 61.466942][ T3769] wlan0: Creating new IBSS network, BSSID 7e:eb:99:e0:7f:d4 [ 61.477086][ T39] kauditd_printk_skb: 63 callbacks suppressed [ 61.477096][ T39] audit: type=1400 audit(1734868895.538:427): avc: denied { relabelfrom } for pid=6939 comm="syz.3.269" name="" dev="pipefs" ino=16758 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 61.509957][ T45] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 61.607933][ T6946] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'. [ 61.612544][ T6946] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=52 sclass=netlink_tcpdiag_socket pid=6946 comm=syz.3.270 [ 61.620088][ T6951] ipvlan0: entered promiscuous mode [ 61.632036][ T39] audit: type=1400 audit(1734868895.688:428): avc: denied { setopt } for pid=6952 comm="syz.0.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 61.637303][ T39] audit: type=1400 audit(1734868895.698:429): avc: denied { write } for pid=6952 comm="syz.0.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 61.643835][ T39] audit: type=1400 audit(1734868895.698:430): avc: denied { ioctl } for pid=6952 comm="syz.0.273" path="socket:[16048]" dev="sockfs" ino=16048 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 61.650208][ T39] audit: type=1400 audit(1734868895.698:431): avc: denied { read } for pid=6952 comm="syz.0.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 61.659159][ T39] audit: type=1400 audit(1734868895.718:432): avc: denied { getopt } for pid=6954 comm="syz.3.274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 61.684686][ T6951] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6951 comm=syz.1.272 [ 61.718044][ T6962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.276'. [ 61.917524][ T39] audit: type=1400 audit(1734868895.978:433): avc: denied { load_policy } for pid=6971 comm="syz.3.279" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 61.917728][ T6972] SELinux: policydb string does not match my string SE Linux [ 61.924971][ T6972] SELinux: failed to load policy [ 61.999072][ T6970] block nbd1: shutting down sockets [ 62.031605][ T6976] bridge1: entered promiscuous mode [ 62.033116][ T6976] bridge1: entered allmulticast mode [ 62.084190][ T5977] usb 7-1: USB disconnect, device number 2 [ 62.139309][ T6986] pim6reg527: entered allmulticast mode [ 62.185270][ T57] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 62.200896][ T39] audit: type=1400 audit(1734868896.258:434): avc: denied { append } for pid=6981 comm="syz.2.284" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 62.206289][ T6994] overlayfs: failed to resolve './file2': -2 [ 62.208866][ T6992] autofs4:pid:6992:validate_dev_ioctl: path string terminator missing for cmd(0xc018937d) [ 62.209528][ T6992] overlayfs: failed to resolve 'fsname=-': -2 [ 62.210522][ T39] audit: type=1400 audit(1734868896.258:435): avc: denied { accept } for pid=6993 comm="syz.1.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 62.221280][ T6994] overlayfs: missing 'workdir' [ 62.355177][ T57] usb 8-1: Using ep0 maxpacket: 8 [ 62.358259][ T57] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 62.360744][ T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 62.363213][ T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 62.366940][ T57] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 62.371672][ T57] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 62.374112][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.583459][ T6998] block nbd1: shutting down sockets [ 62.588208][ T57] usb 8-1: usb_control_msg returned -32 [ 62.589702][ T57] usbtmc 8-1:16.0: can't read capabilities [ 62.627119][ T7007] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7007 comm=syz.0.292 [ 62.635321][ T39] audit: type=1400 audit(1734868896.688:436): avc: denied { watch } for pid=7006 comm="syz.0.292" path="/92/bus" dev="overlay" ino=549 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 62.662841][ T7013] overlayfs: invalid origin (0000) [ 62.677693][ T7016] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 62.707747][ T7012] pim6reg1: entered promiscuous mode [ 62.709191][ T7012] pim6reg1: entered allmulticast mode [ 62.882679][ T7023] Allocate new hctx on node 0 fails, fallback to previous one on node -1 [ 62.916954][ T7022] block nbd0: shutting down sockets [ 63.067290][ T7051] mmap: syz.1.304 (7051) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 63.448277][ T7069] FAULT_INJECTION: forcing a failure. [ 63.448277][ T7069] name failslab, interval 1, probability 0, space 0, times 0 [ 63.451431][ T7069] CPU: 3 UID: 0 PID: 7069 Comm: syz.0.311 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 63.454072][ T7069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.456670][ T7069] Call Trace: [ 63.457458][ T7069] [ 63.458226][ T7069] dump_stack_lvl+0x16c/0x1f0 [ 63.459430][ T7069] should_fail_ex+0x497/0x5b0 [ 63.460696][ T7069] ? fs_reclaim_acquire+0xae/0x150 [ 63.462021][ T7069] should_failslab+0xc2/0x120 [ 63.463195][ T7069] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 63.464626][ T7069] ? __d_alloc+0x31/0xaa0 [ 63.465790][ T7069] __d_alloc+0x31/0xaa0 [ 63.467136][ T7069] d_alloc+0x4a/0x1e0 [ 63.468177][ T7069] d_alloc_parallel+0xe9/0x12b0 [ 63.469389][ T7069] ? __pfx_d_alloc_parallel+0x10/0x10 [ 63.470705][ T7069] ? lockdep_init_map_type+0x16d/0x7d0 [ 63.472105][ T7069] ? mark_lock+0xb5/0xc60 [ 63.473412][ T7069] ? lockdep_init_map_type+0x16d/0x7d0 [ 63.474795][ T7069] __lookup_slow+0x194/0x460 [ 63.475968][ T7069] ? __pfx___lookup_slow+0x10/0x10 [ 63.477247][ T7069] ? __pfx_lock_release+0x10/0x10 [ 63.478533][ T7069] ? d_lookup+0xe9/0x180 [ 63.479588][ T7069] lookup_one_len+0x181/0x1b0 [ 63.480767][ T7069] ? __pfx_lookup_one_len+0x10/0x10 [ 63.482083][ T7069] ? mntput+0x10/0x90 [ 63.483270][ T7069] start_creating.part.0+0x12f/0x3a0 [ 63.484666][ T7069] __debugfs_create_file+0xa5/0x660 [ 63.486041][ T7069] debugfs_create_u32+0x70/0xa0 [ 63.487269][ T7069] nbd_start_device+0x3dc/0xd70 [ 63.488488][ T7069] ? bpf_lsm_capable+0x9/0x10 [ 63.489659][ T7069] nbd_ioctl+0x21a/0xfd0 [ 63.490752][ T7069] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 63.492365][ T7069] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 63.493971][ T7069] ? __pfx_nbd_ioctl+0x10/0x10 [ 63.495160][ T7069] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 63.496854][ T7069] ? __pfx_lock_release+0x10/0x10 [ 63.498097][ T7069] ? __pfx_nbd_ioctl+0x10/0x10 [ 63.499261][ T7069] blkdev_ioctl+0x276/0x6d0 [ 63.500396][ T7069] ? __pfx_blkdev_ioctl+0x10/0x10 [ 63.501633][ T7069] ? selinux_file_ioctl+0x180/0x270 [ 63.502933][ T7069] ? selinux_file_ioctl+0xb4/0x270 [ 63.504209][ T7069] ? __pfx_blkdev_ioctl+0x10/0x10 [ 63.505491][ T7069] __x64_sys_ioctl+0x190/0x200 [ 63.506747][ T7069] do_syscall_64+0xcd/0x250 [ 63.507902][ T7069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.509358][ T7069] RIP: 0033:0x7f290ab85d29 [ 63.510472][ T7069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.515011][ T7069] RSP: 002b:00007f290b995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.517162][ T7069] RAX: ffffffffffffffda RBX: 00007f290ad75fa0 RCX: 00007f290ab85d29 [ 63.519161][ T7069] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 63.521190][ T7069] RBP: 00007f290b995090 R08: 0000000000000000 R09: 0000000000000000 [ 63.523213][ T7069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 63.525213][ T7069] R13: 0000000000000000 R14: 00007f290ad75fa0 R15: 00007ffe15c18b88 [ 63.527247][ T7069] [ 63.579474][ T7077] block nbd0: shutting down sockets [ 63.944335][ T7112] program syz.2.322 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 64.125253][ T5997] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 64.276780][ T5997] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 64.279611][ T5997] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 64.282969][ T5997] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 64.286056][ T5997] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.290769][ T5997] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 64.293741][ T5997] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 64.296590][ T5997] usb 6-1: Product: syz [ 64.297965][ T5997] usb 6-1: Manufacturer: syz [ 64.306202][ T5997] cdc_wdm 6-1:1.0: skipping garbage [ 64.307892][ T5997] cdc_wdm 6-1:1.0: skipping garbage [ 64.311656][ T5997] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device [ 64.313631][ T5997] cdc_wdm 6-1:1.0: Unknown control protocol [ 64.510668][ T5978] usb 6-1: USB disconnect, device number 3 [ 64.657111][ T7117] FAULT_INJECTION: forcing a failure. [ 64.657111][ T7117] name failslab, interval 1, probability 0, space 0, times 0 [ 64.660399][ T7117] CPU: 0 UID: 0 PID: 7117 Comm: syz.0.324 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 64.663041][ T7117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.665983][ T7117] Call Trace: [ 64.667159][ T7117] [ 64.668174][ T7117] dump_stack_lvl+0x16c/0x1f0 [ 64.669356][ T7117] should_fail_ex+0x497/0x5b0 [ 64.670568][ T7117] ? fs_reclaim_acquire+0xae/0x150 [ 64.671840][ T7117] should_failslab+0xc2/0x120 [ 64.672973][ T7117] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 64.674351][ T7117] ? __pfx_lookup_one_len+0x10/0x10 [ 64.675800][ T7117] ? alloc_inode+0xbf/0x230 [ 64.676959][ T7117] alloc_inode+0xbf/0x230 [ 64.678078][ T7117] new_inode+0x22/0x210 [ 64.679171][ T7117] ? start_creating.part.0+0x25d/0x3a0 [ 64.680574][ T7117] __debugfs_create_file+0x11a/0x660 [ 64.682012][ T7117] debugfs_create_u32+0x70/0xa0 [ 64.683265][ T7117] nbd_start_device+0x3dc/0xd70 [ 64.684531][ T7117] ? bpf_lsm_capable+0x9/0x10 [ 64.686002][ T7117] nbd_ioctl+0x21a/0xfd0 [ 64.687613][ T7117] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 64.689444][ T7117] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 64.691009][ T7117] ? __pfx_nbd_ioctl+0x10/0x10 [ 64.692185][ T7117] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 64.693912][ T7117] ? __pfx_lock_release+0x10/0x10 [ 64.695201][ T7117] ? __pfx_nbd_ioctl+0x10/0x10 [ 64.696431][ T7117] blkdev_ioctl+0x276/0x6d0 [ 64.697581][ T7117] ? __pfx_blkdev_ioctl+0x10/0x10 [ 64.698914][ T7117] ? selinux_file_ioctl+0x180/0x270 [ 64.700260][ T7117] ? selinux_file_ioctl+0xb4/0x270 [ 64.701557][ T7117] ? __pfx_blkdev_ioctl+0x10/0x10 [ 64.702865][ T7117] __x64_sys_ioctl+0x190/0x200 [ 64.704050][ T7117] do_syscall_64+0xcd/0x250 [ 64.705265][ T7117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.707350][ T7117] RIP: 0033:0x7f290ab85d29 [ 64.708920][ T7117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.713814][ T7117] RSP: 002b:00007f290b995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.715965][ T7117] RAX: ffffffffffffffda RBX: 00007f290ad75fa0 RCX: 00007f290ab85d29 [ 64.717982][ T7117] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 64.720346][ T7117] RBP: 00007f290b995090 R08: 0000000000000000 R09: 0000000000000000 [ 64.722620][ T7117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 64.724546][ T7117] R13: 0000000000000000 R14: 00007f290ad75fa0 R15: 00007ffe15c18b88 [ 64.727045][ T7117] [ 64.728161][ C0] vkms_vblank_simulate: vblank timer overrun [ 64.729802][ T7117] debugfs: out of free dentries, can not create file 'timeout' [ 64.788184][ T7118] block nbd0: shutting down sockets [ 64.844139][ T5978] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 64.848342][ T5978] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 64.853957][ T5978] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.08 Device [syz0] on syz1 [ 64.968385][ T5941] usb 8-1: USB disconnect, device number 2 [ 65.184493][ T7144] __nla_validate_parse: 6 callbacks suppressed [ 65.184505][ T7144] netlink: 24 bytes leftover after parsing attributes in process `syz.3.331'. [ 65.237603][ T7144] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 65.246513][ T7144] fuse: Bad value for 'rootmode' [ 65.262287][ T7146] syz.2.332[7146] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.262332][ T7146] syz.2.332[7146] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.265866][ T7146] syz.2.332[7146] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.292165][ T57] libceph: connect (1)[c::]:6789 error -101 [ 65.296908][ T7152] binder: 7151:7152 ioctl c0306201 20000bc0 returned -14 [ 65.300821][ T57] libceph: mon0 (1)[c::]:6789 connect error [ 65.330924][ T7148] ceph: No mds server is up or the cluster is laggy [ 65.429845][ T7176] sg_write: data in/out 1937072651/113 bytes for SCSI command 0x9c-- guessing data in; [ 65.429845][ T7176] program syz.0.341 not setting count and/or reply_len properly [ 65.436182][ T7178] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 65.439611][ T7176] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 65.465932][ T5952] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 65.469092][ T5952] Bluetooth: hci2: Injecting HCI hardware error event [ 65.473053][ T5952] Bluetooth: hci2: hardware error 0x00 [ 65.478399][ T7185] netlink: 'syz.1.343': attribute type 32 has an invalid length. [ 65.481117][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.1.343'. [ 65.483417][ T7185] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 65.493615][ T7187] capability: warning: `syz.0.342' uses deprecated v2 capabilities in a way that may be insecure [ 65.522544][ T7190] XFS (nullb0): no-recovery mounts must be read-only. [ 65.526808][ T7190] fuse: Bad value for 'fd' [ 66.000428][ T7208] netlink: 36 bytes leftover after parsing attributes in process `syz.3.350'. [ 66.326997][ T7231] syzkaller1: entered promiscuous mode [ 66.328948][ T7231] syzkaller1: entered allmulticast mode [ 66.342944][ T7233] FAULT_INJECTION: forcing a failure. [ 66.342944][ T7233] name failslab, interval 1, probability 0, space 0, times 0 [ 66.347141][ T7233] CPU: 3 UID: 0 PID: 7233 Comm: syz.0.358 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 66.350545][ T7233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.353473][ T7233] Call Trace: [ 66.354610][ T7233] [ 66.355643][ T7233] dump_stack_lvl+0x16c/0x1f0 [ 66.356880][ T7233] should_fail_ex+0x497/0x5b0 [ 66.358132][ T7233] ? fs_reclaim_acquire+0xae/0x150 [ 66.359474][ T7233] should_failslab+0xc2/0x120 [ 66.360788][ T7233] __kmalloc_noprof+0xcb/0x510 [ 66.362392][ T7233] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 66.363981][ T7233] tomoyo_realpath_from_path+0xb9/0x720 [ 66.365383][ T7233] ? tomoyo_path_number_perm+0x235/0x590 [ 66.366840][ T7233] ? tomoyo_path_number_perm+0x235/0x590 [ 66.368420][ T7233] tomoyo_path_number_perm+0x248/0x590 [ 66.369827][ T7233] ? tomoyo_path_number_perm+0x235/0x590 [ 66.371224][ T7233] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 66.372929][ T7233] ? __pfx_lock_release+0x10/0x10 [ 66.374305][ T7233] ? trace_lock_acquire+0x14e/0x1f0 [ 66.376039][ T7233] ? lock_acquire+0x2f/0xb0 [ 66.377567][ T7233] ? __fget_files+0x40/0x3a0 [ 66.379110][ T7233] ? __fget_files+0x206/0x3a0 [ 66.380683][ T7233] security_file_ioctl+0x9b/0x240 [ 66.382028][ T7233] __x64_sys_ioctl+0xb7/0x200 [ 66.383200][ T7233] do_syscall_64+0xcd/0x250 [ 66.384514][ T7233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.386115][ T7233] RIP: 0033:0x7f290ab85d29 [ 66.387258][ T7233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.393396][ T7233] RSP: 002b:00007f290b995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.396053][ T7233] RAX: ffffffffffffffda RBX: 00007f290ad75fa0 RCX: 00007f290ab85d29 [ 66.398572][ T7233] RDX: 0000000020000040 RSI: 0000000000003b83 RDI: 0000000000000003 [ 66.401068][ T7233] RBP: 00007f290b995090 R08: 0000000000000000 R09: 0000000000000000 [ 66.403570][ T7233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.406116][ T7233] R13: 0000000000000000 R14: 00007f290ad75fa0 R15: 00007ffe15c18b88 [ 66.408627][ T7233] [ 66.412215][ T7233] ERROR: Out of memory at tomoyo_realpath_from_path. [ 66.498412][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.546584][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 66.546594][ T39] audit: type=1400 audit(1734868900.608:460): avc: denied { execute } for pid=7238 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 66.555067][ T39] audit: type=1400 audit(1734868900.608:461): avc: denied { execute_no_trans } for pid=7238 comm="syz-executor" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 66.610956][ T39] audit: type=1400 audit(1734868900.668:462): avc: denied { append } for pid=7241 comm="syz.3.363" name="nbd3" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 66.611100][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.667614][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.671422][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.676230][ T39] audit: type=1400 audit(1734868900.728:463): avc: denied { connect } for pid=7241 comm="syz.3.363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 66.676285][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.687414][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.689984][ T5942] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.692546][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.705246][ T39] audit: type=1400 audit(1734868900.758:464): avc: denied { mounton } for pid=7243 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 66.760196][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.787816][ T7243] chnl_net:caif_netlink_parms(): no params data found [ 66.836353][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.859537][ T7243] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.861389][ T7243] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.863363][ T7243] bridge_slave_0: entered allmulticast mode [ 66.866153][ T7243] bridge_slave_0: entered promiscuous mode [ 66.868562][ T7243] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.870385][ T7243] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.872208][ T7243] bridge_slave_1: entered allmulticast mode [ 66.874228][ T7243] bridge_slave_1: entered promiscuous mode [ 66.894562][ T7243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.899523][ T7243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.923279][ T7243] team0: Port device team_slave_0 added [ 66.928066][ T7243] team0: Port device team_slave_1 added [ 66.957906][ T7243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.960297][ T7243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.969654][ T7243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.980340][ T7243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.982643][ T7243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.991378][ T7243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.038044][ T12] bridge_slave_1: left allmulticast mode [ 67.039818][ T12] bridge_slave_1: left promiscuous mode [ 67.042611][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.049592][ T12] bridge_slave_0: left allmulticast mode [ 67.051689][ T12] bridge_slave_0: left promiscuous mode [ 67.053827][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.302250][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.306531][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.310113][ T12] bond0 (unregistering): Released all slaves [ 67.318521][ T7243] hsr_slave_0: entered promiscuous mode [ 67.321236][ T7243] hsr_slave_1: entered promiscuous mode [ 67.323486][ T7243] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.326315][ T7243] Cannot create hsr debugfs directory [ 67.535234][ T5952] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 67.668365][ T12] hsr_slave_0: left promiscuous mode [ 67.670301][ T12] hsr_slave_1: left promiscuous mode [ 67.672196][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.674782][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.678582][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.681307][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.700023][ T12] veth1_macvtap: left promiscuous mode [ 67.701599][ T12] veth0_macvtap: left promiscuous mode [ 67.703219][ T12] veth1_vlan: left promiscuous mode [ 67.704902][ T12] veth0_vlan: left promiscuous mode [ 68.218291][ T12] team0 (unregistering): Port device team_slave_1 removed [ 68.279023][ T12] team0 (unregistering): Port device team_slave_0 removed [ 68.745260][ T5952] Bluetooth: hci0: command tx timeout [ 68.904645][ T7243] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 68.910680][ T7243] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 68.921556][ T7243] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 68.926262][ T7243] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 68.952868][ T7243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.969961][ T7243] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.973944][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.975961][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.985922][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.988174][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.080615][ T7243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.096904][ T7243] veth0_vlan: entered promiscuous mode [ 69.100479][ T7243] veth1_vlan: entered promiscuous mode [ 69.112928][ T7243] veth0_macvtap: entered promiscuous mode [ 69.115879][ T7243] veth1_macvtap: entered promiscuous mode [ 69.121181][ T7243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.123877][ T7243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.126977][ T7243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.129630][ T7243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.132134][ T7243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.134799][ T7243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.138451][ T7243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.143482][ T7243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.147102][ T7243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.149664][ T7243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.152668][ T7243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.155784][ T7243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.158467][ T7243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.161506][ T7243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.165855][ T7243] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.168745][ T7243] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.171301][ T7243] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.174074][ T7243] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.207429][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.210099][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.221022][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.223627][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.230505][ T39] audit: type=1400 audit(1734868903.288:465): avc: denied { mounton } for pid=7243 comm="syz-executor" path="/syzkaller.o8mOXJ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 69.243778][ T39] audit: type=1400 audit(1734868903.298:466): avc: denied { mount } for pid=7243 comm="syz-executor" name="/" dev="gadgetfs" ino=9404 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 69.267574][ T39] audit: type=1400 audit(1734868903.328:467): avc: denied { setopt } for pid=7280 comm="syz.2.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 70.815256][ T5952] Bluetooth: hci0: command tx timeout [ 71.059096][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.061049][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.896622][ T5952] Bluetooth: hci0: command tx timeout [ 74.975357][ T5952] Bluetooth: hci0: command tx timeout [ 76.569497][ T39] audit: type=1400 audit(1734868910.628:468): avc: denied { ioctl } for pid=7285 comm="syz.0.364" path="socket:[18585]" dev="sockfs" ino=18585 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 76.582734][ T7288] team0: Device gtp0 is of different type [ 76.602684][ T7297] FAULT_INJECTION: forcing a failure. [ 76.602684][ T7297] name failslab, interval 1, probability 0, space 0, times 0 [ 76.607901][ T7297] CPU: 1 UID: 0 PID: 7297 Comm: syz.0.368 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 76.611589][ T7297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.615291][ T7297] Call Trace: [ 76.616507][ T7297] [ 76.617567][ T7297] dump_stack_lvl+0x16c/0x1f0 [ 76.619270][ T7297] should_fail_ex+0x497/0x5b0 [ 76.620939][ T7297] ? fs_reclaim_acquire+0xae/0x150 [ 76.622761][ T7297] should_failslab+0xc2/0x120 [ 76.624476][ T7297] __kmalloc_noprof+0xcb/0x510 [ 76.626222][ T7297] ? d_absolute_path+0x137/0x1b0 [ 76.627475][ T7297] ? rcu_is_watching+0x12/0xc0 [ 76.628701][ T7297] tomoyo_encode2+0x100/0x3e0 [ 76.629911][ T7297] tomoyo_encode+0x29/0x50 [ 76.631063][ T7297] tomoyo_realpath_from_path+0x19d/0x720 [ 76.632505][ T7297] tomoyo_path_number_perm+0x248/0x590 [ 76.633901][ T7297] ? tomoyo_path_number_perm+0x235/0x590 [ 76.635379][ T7297] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 76.636047][ T39] audit: type=1800 audit(1734868910.688:469): pid=7291 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.3.367" name="/newroot/111/file0" dev="tmpfs" ino=617 res=0 errno=0 [ 76.636997][ T7297] ? __pfx_lock_release+0x10/0x10 [ 76.640543][ T7292] kvm: emulating exchange as write [ 76.646097][ T7297] ? trace_lock_acquire+0x14e/0x1f0 [ 76.647426][ T7297] ? lock_acquire+0x2f/0xb0 [ 76.648635][ T7297] ? __fget_files+0x40/0x3a0 [ 76.650242][ T7297] ? __fget_files+0x206/0x3a0 [ 76.651931][ T7297] security_file_ioctl+0x9b/0x240 [ 76.653713][ T7297] __x64_sys_ioctl+0xb7/0x200 [ 76.655366][ T7297] do_syscall_64+0xcd/0x250 [ 76.656948][ T7297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.659053][ T7297] RIP: 0033:0x7f290ab85d29 [ 76.660648][ T7297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.667470][ T7297] RSP: 002b:00007f290b995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.670211][ T7297] RAX: ffffffffffffffda RBX: 00007f290ad75fa0 RCX: 00007f290ab85d29 [ 76.672205][ T7297] RDX: 0000000020000040 RSI: 0000000000003b83 RDI: 0000000000000003 [ 76.674262][ T7297] RBP: 00007f290b995090 R08: 0000000000000000 R09: 0000000000000000 [ 76.676283][ T7297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.678308][ T7297] R13: 0000000000000000 R14: 00007f290ad75fa0 R15: 00007ffe15c18b88 [ 76.680308][ T7297] [ 76.682851][ T7297] ERROR: Out of memory at tomoyo_realpath_from_path. [ 76.687168][ T7288] netlink: 28 bytes leftover after parsing attributes in process `syz.1.365'. [ 76.689443][ T7288] netlink: 28 bytes leftover after parsing attributes in process `syz.1.365'. [ 76.720637][ T7308] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 76.734254][ T7311] binder: Unknown parameter 'deܺ[Xft' [ 76.759847][ T39] audit: type=1400 audit(1734868910.818:470): avc: denied { create } for pid=7312 comm="syz.1.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.765200][ T39] audit: type=1400 audit(1734868910.818:471): avc: denied { write } for pid=7312 comm="syz.1.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.769950][ T39] audit: type=1400 audit(1734868910.818:472): avc: denied { getopt } for pid=7312 comm="syz.1.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.805941][ T39] audit: type=1400 audit(1734868910.868:473): avc: denied { open } for pid=7320 comm="syz.1.375" path="/dev/ptyq7" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 76.812430][ T39] audit: type=1400 audit(1734868910.868:474): avc: denied { ioctl } for pid=7320 comm="syz.1.375" path="/dev/ptyq7" dev="devtmpfs" ino=134 ioctlcmd=0x5414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 76.886747][ T39] audit: type=1400 audit(1734868910.948:475): avc: denied { mounton } for pid=7317 comm="syz.0.374" path="/proc/324/task" dev="proc" ino=17736 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 76.914770][ T7342] FAULT_INJECTION: forcing a failure. [ 76.914770][ T7342] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 76.919038][ T7342] CPU: 2 UID: 0 PID: 7342 Comm: syz.2.379 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 76.921753][ T7342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.924852][ T7342] Call Trace: [ 76.926108][ T7342] [ 76.927208][ T7342] dump_stack_lvl+0x16c/0x1f0 [ 76.928937][ T7342] should_fail_ex+0x497/0x5b0 [ 76.930673][ T7342] _copy_from_user+0x2e/0xd0 [ 76.932345][ T7342] iommufd_fops_ioctl+0x302/0x4f0 [ 76.934174][ T7342] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 76.935624][ T7342] ? __pfx_lock_release+0x10/0x10 [ 76.936933][ T7342] ? selinux_file_ioctl+0x180/0x270 [ 76.938300][ T7342] ? selinux_file_ioctl+0xb4/0x270 [ 76.939710][ T7342] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 76.941203][ T7342] __x64_sys_ioctl+0x190/0x200 [ 76.942515][ T7342] do_syscall_64+0xcd/0x250 [ 76.943701][ T7342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.945258][ T7342] RIP: 0033:0x7f3cca585d29 [ 76.946425][ T7342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.951348][ T7342] RSP: 002b:00007f3ccb3fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.953488][ T7342] RAX: ffffffffffffffda RBX: 00007f3cca775fa0 RCX: 00007f3cca585d29 [ 76.955837][ T7342] RDX: 0000000020000040 RSI: 0000000000003b83 RDI: 0000000000000003 [ 76.958087][ T7342] RBP: 00007f3ccb3fa090 R08: 0000000000000000 R09: 0000000000000000 [ 76.960157][ T7342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.962220][ T7342] R13: 0000000000000000 R14: 00007f3cca775fa0 R15: 00007ffe4a015cb8 [ 76.964290][ T7342] [ 77.029430][ T7351] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 77.224267][ T39] audit: type=1400 audit(1734868911.278:476): avc: denied { write } for pid=7371 comm="syz.3.387" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 77.235606][ T39] audit: type=1800 audit(1734868911.298:477): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.2.384" name="/newroot/5/file0" dev="tmpfs" ino=44 res=0 errno=0 [ 77.380766][ T7383] FAULT_INJECTION: forcing a failure. [ 77.380766][ T7383] name fail_iommufd, interval 1, probability 0, space 0, times 1 [ 77.385398][ T7383] CPU: 2 UID: 0 PID: 7383 Comm: syz.2.391 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 77.389138][ T7383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.392940][ T7383] Call Trace: [ 77.394224][ T7383] [ 77.395321][ T7383] dump_stack_lvl+0x16c/0x1f0 [ 77.396942][ T7383] should_fail_ex+0x497/0x5b0 [ 77.398183][ T7383] iommufd_get_object+0x7b/0x440 [ 77.399483][ T7383] ? __pfx_iommufd_get_object+0x10/0x10 [ 77.400991][ T7383] ? find_held_lock+0x2d/0x110 [ 77.402340][ T7383] ? iommufd_test_syz_conv_iova_id+0x64/0x220 [ 77.403903][ T7383] iommufd_ioas_copy+0x2a2/0x970 [ 77.405309][ T7383] ? __pfx_iommufd_ioas_copy+0x10/0x10 [ 77.406681][ T7383] ? __might_fault+0xe3/0x190 [ 77.407882][ T7383] ? __might_fault+0xe3/0x190 [ 77.409112][ T7383] iommufd_fops_ioctl+0x359/0x4f0 [ 77.410419][ T7383] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 77.411908][ T7383] ? __pfx_lock_release+0x10/0x10 [ 77.413733][ T7383] ? selinux_file_ioctl+0x180/0x270 [ 77.415588][ T7383] ? selinux_file_ioctl+0xb4/0x270 [ 77.417386][ T7383] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 77.419346][ T7383] __x64_sys_ioctl+0x190/0x200 [ 77.421061][ T7383] do_syscall_64+0xcd/0x250 [ 77.422695][ T7383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.424791][ T7383] RIP: 0033:0x7f3cca585d29 [ 77.426418][ T7383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.432617][ T7383] RSP: 002b:00007f3ccb3fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.434734][ T7383] RAX: ffffffffffffffda RBX: 00007f3cca775fa0 RCX: 00007f3cca585d29 [ 77.437159][ T7383] RDX: 0000000020000040 RSI: 0000000000003b83 RDI: 0000000000000003 [ 77.439796][ T7383] RBP: 00007f3ccb3fa090 R08: 0000000000000000 R09: 0000000000000000 [ 77.442582][ T7383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 77.445116][ T7383] R13: 0000000000000000 R14: 00007f3cca775fa0 R15: 00007ffe4a015cb8 [ 77.447875][ T7383] [ 77.477790][ T7385] overlayfs: empty lowerdir [ 77.530063][ T7391] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 77.794896][ T7411] netlink: 80 bytes leftover after parsing attributes in process `syz.2.402'. [ 77.900076][ T7420] netlink: 16 bytes leftover after parsing attributes in process `syz.2.404'. [ 77.980483][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.1.407'. [ 78.096551][ T6331] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 78.223528][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.225872][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.228015][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.229743][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.231817][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.233505][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.235243][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.236861][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.238509][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.240608][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.242253][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.244499][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.248202][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.250738][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.253043][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.255765][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.257811][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.259898][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.262031][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.264165][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.267301][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.269452][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.271584][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.273709][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.275741][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.277487][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.279149][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.279547][ T6331] usb 5-1: unable to get BOS descriptor or descriptor too short [ 78.280823][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.283379][ T6331] usb 5-1: not running at top speed; connect to a high speed hub [ 78.285140][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.287990][ T6331] usb 5-1: config 1 interface 0 has no altsetting 0 [ 78.288843][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.291919][ T6331] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 78.292660][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.294990][ T6331] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.297318][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297354][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297384][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297417][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297447][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297476][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297505][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297534][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297564][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297620][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297652][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297682][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297712][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.297742][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.299758][ T6331] usb 5-1: Product: syz [ 78.299770][ T6331] usb 5-1: Manufacturer: syz [ 78.299783][ T6331] usb 5-1: SerialNumber: syz [ 78.335291][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.337832][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.340195][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.342544][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.344947][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.350951][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.353271][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.355670][ T7458] netlink: 20 bytes leftover after parsing attributes in process `syz.2.414'. [ 78.356887][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.358761][ T7457] netlink: 20 bytes leftover after parsing attributes in process `syz.2.414'. [ 78.360403][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.364304][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.365291][ T7457] netlink: 16 bytes leftover after parsing attributes in process `syz.2.414'. [ 78.371112][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.372808][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.374522][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.376799][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.378795][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.380854][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.382827][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.384612][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.386764][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.390076][ T7450] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.507973][ T6331] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 78.520498][ T6331] usb 5-1: USB disconnect, device number 3 [ 78.664713][ T7495] netlink: 'syz.2.424': attribute type 21 has an invalid length. [ 78.673255][ T7495] netlink: 128 bytes leftover after parsing attributes in process `syz.2.424'. [ 78.677313][ T7495] netlink: 'syz.2.424': attribute type 5 has an invalid length. [ 78.680046][ T7495] netlink: 'syz.2.424': attribute type 6 has an invalid length. [ 78.682757][ T7495] netlink: 3 bytes leftover after parsing attributes in process `syz.2.424'. [ 78.905682][ T25] kernel write not supported for file /59/attr/prev (pid: 25 comm: kworker/2:0) [ 78.987708][ T7513] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.998757][ T7519] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 79.000984][ T7519] IPv6: NLM_F_CREATE should be set when creating new route [ 79.002889][ T7519] IPv6: NLM_F_CREATE should be set when creating new route [ 79.201895][ T7550] erofs (device loop2): cannot find valid erofs superblock [ 79.259097][ T7546] cdrom: dropping to single frame dma [ 79.418971][ T7585] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 79.423963][ T7585] Error validating options; rc = [-22] [ 79.573239][ T7603] TCP: TCP_TX_DELAY enabled [ 79.582310][ T7606] Bluetooth: MGMT ver 1.23 [ 79.624333][ T7613] binder: 7612:7613 ioctl 89f1 20000940 returned -22 [ 80.560682][ T7637] netlink: 'syz.0.463': attribute type 16 has an invalid length. [ 80.621128][ T7645] vcan0: MTU too low for tipc bearer [ 80.622621][ T7645] tipc: Enabling of bearer rejected, failed to enable media [ 80.700324][ T7651] netlink: 'syz.0.468': attribute type 3 has an invalid length. [ 80.702461][ T7651] netlink: 'syz.0.468': attribute type 1 has an invalid length. [ 80.704506][ T7651] NCSI netlink: No device for ifindex 33022 [ 80.748683][ T7657] vivid-000: ================= START STATUS ================= [ 80.751738][ T7657] vivid-000: Radio HW Seek Mode: Bounded [ 80.754246][ T7657] vivid-000: Radio Programmable HW Seek: false [ 80.756407][ T7657] vivid-000: RDS Rx I/O Mode: Block I/O [ 80.758004][ T7657] vivid-000: Generate RBDS Instead of RDS: false [ 80.760763][ T7657] vivid-000: RDS Reception: true [ 80.762529][ T7657] vivid-000: RDS Program Type: 0 inactive [ 80.764560][ T7657] vivid-000: RDS PS Name: inactive [ 80.767651][ T7657] vivid-000: RDS Radio Text: inactive [ 80.769604][ T7657] vivid-000: RDS Traffic Announcement: false inactive [ 80.771971][ T7657] vivid-000: RDS Traffic Program: false inactive [ 80.774178][ T7657] vivid-000: RDS Music: false inactive [ 80.776427][ T7657] vivid-000: ================== END STATUS ================== [ 81.099811][ T7674] vxcan1: tx drop: invalid sa for name 0x0000000000800000 [ 81.103028][ T7676] vxcan1: tx drop: invalid sa for name 0x0000000000800000 [ 81.298435][ T1018] cfg80211: failed to load regulatory.db [ 81.336363][ T7696] team0: No ports can be present during mode change [ 81.384648][ T7697] x_tables: ip_tables: icmp.0 match: invalid size 8 (kernel) != (user) 56 [ 81.475951][ T9] usb 7-1: new low-speed USB device number 3 using dummy_hcd [ 81.514480][ T7713] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.523264][ T7726] cgroup2: Unknown parameter 'euid' [ 81.523749][ T7722] block device autoloading is deprecated and will be removed. [ 81.527583][ T7722] bio_check_eod: 1 callbacks suppressed [ 81.527593][ T7722] syz.3.490: attempt to access beyond end of device [ 81.527593][ T7722] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 81.645191][ T9] usb 7-1: Invalid ep0 maxpacket: 64 [ 81.785293][ T9] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 81.791164][ T7748] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 81.799076][ T7746] netlink: 'syz.0.494': attribute type 21 has an invalid length. [ 81.801678][ T7746] __nla_validate_parse: 7 callbacks suppressed [ 81.801686][ T7746] netlink: 128 bytes leftover after parsing attributes in process `syz.0.494'. [ 81.807220][ T7746] netlink: 'syz.0.494': attribute type 4 has an invalid length. [ 81.809269][ T7746] netlink: 'syz.0.494': attribute type 5 has an invalid length. [ 81.811507][ T7746] netlink: 3 bytes leftover after parsing attributes in process `syz.0.494'. [ 81.841212][ T7759] 9pnet: Could not find request transport: fu [ 81.871735][ T7767] tmpfs: Bad value for 'huge' [ 81.936964][ T9] usb 7-1: Invalid ep0 maxpacket: 64 [ 81.939027][ T9] usb usb7-port1: attempt power cycle [ 81.981535][ T7779] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 7779 comm: syz.1.499) [ 81.984955][ T39] kauditd_printk_skb: 34 callbacks suppressed [ 81.984969][ T39] audit: type=1800 audit(1734868916.038:512): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.499" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=20004 res=0 errno=0 [ 82.028413][ T7784] ./bus: Can't lookup blockdev [ 82.072110][ T7787] xt_hashlimit: size too large, truncated to 1048576 [ 82.198605][ T39] audit: type=1400 audit(1734868916.258:513): avc: denied { watch } for pid=7795 comm="syz.3.502" path="/149/file0" dev="tmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 82.205308][ T39] audit: type=1400 audit(1734868916.258:514): avc: denied { watch_sb watch_reads } for pid=7795 comm="syz.3.502" path="/149/file0" dev="tmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 82.285630][ T9] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 82.305826][ T9] usb 7-1: Invalid ep0 maxpacket: 64 [ 82.435303][ T9] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 82.455632][ T9] usb 7-1: Invalid ep0 maxpacket: 64 [ 82.457367][ T9] usb usb7-port1: unable to enumerate USB device [ 82.518319][ T7810] xt_hashlimit: size too large, truncated to 1048576 [ 82.520262][ T7810] xt_hashlimit: max too large, truncated to 1048576 [ 82.589968][ T39] audit: type=1400 audit(1734868916.648:515): avc: denied { read append } for pid=7814 comm="syz.0.505" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 82.677875][ T39] audit: type=1400 audit(1734868916.738:516): avc: denied { bind } for pid=7817 comm="syz.1.506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 82.724799][ T7828] netlink: 'syz.0.509': attribute type 33 has an invalid length. [ 82.727792][ T7828] netlink: 152 bytes leftover after parsing attributes in process `syz.0.509'. [ 82.918826][ T39] audit: type=1400 audit(1734868916.978:517): avc: denied { getopt } for pid=7836 comm="syz.0.511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 83.057338][ T7838] block nbd0: shutting down sockets [ 83.210991][ T7845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.214663][ T7845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.219154][ T7845] bond0 (unregistering): Released all slaves [ 83.294231][ T7856] FAULT_INJECTION: forcing a failure. [ 83.294231][ T7856] name failslab, interval 1, probability 0, space 0, times 0 [ 83.299033][ T7856] CPU: 3 UID: 0 PID: 7856 Comm: syz.0.517 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 83.301831][ T7856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.304639][ T7856] Call Trace: [ 83.305543][ T7856] [ 83.306351][ T7856] dump_stack_lvl+0x16c/0x1f0 [ 83.307587][ T7856] should_fail_ex+0x497/0x5b0 [ 83.308827][ T7856] ? fs_reclaim_acquire+0xae/0x150 [ 83.310435][ T7856] should_failslab+0xc2/0x120 [ 83.312154][ T7856] __kmalloc_cache_noprof+0x68/0x410 [ 83.314091][ T7856] ? iopt_area_contig_next+0x188/0x220 [ 83.316070][ T7856] iopt_get_pages+0x291/0x5e0 [ 83.317793][ T7856] ? __pfx_iopt_get_pages+0x10/0x10 [ 83.319673][ T7856] ? find_held_lock+0x2d/0x110 [ 83.321414][ T7856] ? iommufd_test_syz_conv_iova_id+0x64/0x220 [ 83.323626][ T7856] iommufd_ioas_copy+0x313/0x970 [ 83.325400][ T7856] ? __pfx_iommufd_ioas_copy+0x10/0x10 [ 83.327419][ T7856] ? __might_fault+0xe3/0x190 [ 83.328968][ T7856] ? __might_fault+0xe3/0x190 [ 83.330295][ T7856] iommufd_fops_ioctl+0x359/0x4f0 [ 83.331639][ T7856] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 83.333072][ T7856] ? __pfx_lock_release+0x10/0x10 [ 83.334489][ T7856] ? selinux_file_ioctl+0x180/0x270 [ 83.335891][ T7856] ? selinux_file_ioctl+0xb4/0x270 [ 83.337453][ T7856] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 83.339469][ T7856] __x64_sys_ioctl+0x190/0x200 [ 83.341238][ T7856] do_syscall_64+0xcd/0x250 [ 83.342890][ T7856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.344991][ T7856] RIP: 0033:0x7f290ab85d29 [ 83.346616][ T7856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.352467][ T7856] RSP: 002b:00007f290b995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.354329][ T7859] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 83.354980][ T7856] RAX: ffffffffffffffda RBX: 00007f290ad75fa0 RCX: 00007f290ab85d29 [ 83.356839][ T7859] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 83.358931][ T7856] RDX: 0000000020000040 RSI: 0000000000003b83 RDI: 0000000000000003 [ 83.362946][ T7859] vhci_hcd vhci_hcd.0: Device attached [ 83.364397][ T7856] RBP: 00007f290b995090 R08: 0000000000000000 R09: 0000000000000000 [ 83.364406][ T7856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.364413][ T7856] R13: 0000000000000000 R14: 00007f290ad75fa0 R15: 00007ffe15c18b88 [ 83.364427][ T7856] [ 83.387608][ T7860] usbip_core: unknown command [ 83.389362][ T7860] vhci_hcd: unknown pdu 0 [ 83.390971][ T7860] usbip_core: unknown command [ 83.395610][ T1145] vhci_hcd: stop threads [ 83.397355][ T1145] vhci_hcd: release socket [ 83.398566][ T1145] vhci_hcd: disconnect device [ 83.418278][ T7866] mmap: syz.0.520 (7866): VmData 37462016 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data. [ 83.646097][ T7875] block nbd0: Device being setup by another task [ 84.016824][ T7877] kvm: pic: non byte write [ 84.250210][ T39] audit: type=1400 audit(1734868918.308:518): avc: denied { ioctl } for pid=7882 comm="syz.2.526" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 84.259915][ T7885] FAULT_INJECTION: forcing a failure. [ 84.259915][ T7885] name fail_iommufd, interval 1, probability 0, space 0, times 0 [ 84.263341][ T7885] CPU: 2 UID: 0 PID: 7885 Comm: syz.3.527 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 84.266009][ T7885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.268748][ T7885] Call Trace: [ 84.269622][ T7885] [ 84.270400][ T7885] dump_stack_lvl+0x16c/0x1f0 [ 84.271599][ T7885] should_fail_ex+0x497/0x5b0 [ 84.272789][ T7885] iommufd_get_object+0x7b/0x440 [ 84.274038][ T7885] ? __pfx_iommufd_get_object+0x10/0x10 [ 84.275468][ T7885] ? find_held_lock+0x2d/0x110 [ 84.276804][ T7885] ? iommufd_test_syz_conv_iova_id+0x64/0x220 [ 84.278417][ T7885] iommufd_ioas_copy+0x481/0x970 [ 84.279694][ T7885] ? __pfx_iommufd_ioas_copy+0x10/0x10 [ 84.281094][ T7885] ? __might_fault+0xe3/0x190 [ 84.282279][ T7885] ? __might_fault+0xe3/0x190 [ 84.283489][ T7885] iommufd_fops_ioctl+0x359/0x4f0 [ 84.284792][ T7885] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 84.286232][ T7885] ? __pfx_lock_release+0x10/0x10 [ 84.287532][ T7885] ? selinux_file_ioctl+0x180/0x270 [ 84.288871][ T7885] ? selinux_file_ioctl+0xb4/0x270 [ 84.290222][ T7885] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 84.291670][ T7885] __x64_sys_ioctl+0x190/0x200 [ 84.292928][ T7885] do_syscall_64+0xcd/0x250 [ 84.294133][ T7885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.295696][ T7885] RIP: 0033:0x7fd12eb85d29 [ 84.296865][ T7885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.301804][ T7885] RSP: 002b:00007fd12f8d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.303961][ T7885] RAX: ffffffffffffffda RBX: 00007fd12ed75fa0 RCX: 00007fd12eb85d29 [ 84.306042][ T7885] RDX: 0000000020000040 RSI: 0000000000003b83 RDI: 0000000000000003 [ 84.308088][ T7885] RBP: 00007fd12f8d7090 R08: 0000000000000000 R09: 0000000000000000 [ 84.310148][ T7885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.312194][ T7885] R13: 0000000000000000 R14: 00007fd12ed75fa0 R15: 00007ffeb9958d38 [ 84.314261][ T7885] [ 84.341840][ T7888] netlink: 12 bytes leftover after parsing attributes in process `syz.3.528'. [ 84.363123][ T5952] block nbd0: Receive control failed (result -32) [ 84.363214][ T7874] block nbd0: shutting down sockets [ 84.440184][ T39] audit: type=1400 audit(1734868918.498:519): avc: denied { execute } for pid=7897 comm="syz.3.531" path="/sys/kernel/debug/sync/info" dev="debugfs" ino=571 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 84.635897][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 84.680157][ T7925] input: syz1 as /devices/virtual/input/input6 [ 84.685369][ T39] audit: type=1400 audit(1734868918.738:520): avc: denied { read } for pid=5335 comm="acpid" name="event4" dev="devtmpfs" ino=2819 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 84.693659][ T39] audit: type=1400 audit(1734868918.738:521): avc: denied { open } for pid=5335 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2819 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 84.723403][ T7929] netlink: 1276 bytes leftover after parsing attributes in process `syz.0.540'. [ 84.726048][ T7929] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 84.733805][ T7929] netlink: 8 bytes leftover after parsing attributes in process `syz.0.540'. [ 84.815214][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 84.819590][ T9] usb 7-1: config 1 interface 0 altsetting 249 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.822558][ T9] usb 7-1: config 1 interface 0 has no altsetting 0 [ 84.828368][ T9] usb 7-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.40 [ 84.830982][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.833030][ T9] usb 7-1: Product: 逼ꠞ譀⧐ꉖ쥺ᘹ巆粍ዸφ♋Ñ輒雘뿰ųㅋ虾靟⒚빣뤼筇礼鬱逛钕権産氢룁瑗Ⴒ㡮筫¶昷琐⃈陓ᘬỲ⧦భ䰇㎲喴๽⬟ʗ錫꣐≦⩩茟麌❼蓞鍝䰮ﴈᆱꂋ䄽蒖 [ 84.839521][ T9] usb 7-1: Manufacturer: 䀆 [ 84.842620][ T9] usb 7-1: SerialNumber: 偨凄ᩇ遹殅棈ト㨟ꀱ芡룥벘㈟謞뻝큯먫൮ⷈ碙䓭ൗ蚞核⓾诠꒍ꢑԬ扅†쀷儀塞识ᆿ朼㇡ᒅⷙ뱁뭸룳ᰤލ㞒ㆶ䀺쾀헩ꃂꮶ灸땕吮䏫퉺 [ 85.058844][ T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/input/input7 [ 85.065585][ T5335] bcm5974 7-1:1.0: could not read from device [ 85.072136][ T9] usb 7-1: USB disconnect, device number 7 [ 85.074686][ T5335] bcm5974 7-1:1.0: could not read from device [ 85.365332][ T35] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 85.505945][ T7948] netlink: 64 bytes leftover after parsing attributes in process `syz.3.546'. [ 85.526020][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 85.529744][ T35] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 85.532324][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 85.535885][ T35] usb 6-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 85.538101][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.545588][ T35] usb 6-1: config 0 descriptor?? [ 85.548734][ T35] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 85.686391][ T7961] netlink: 20 bytes leftover after parsing attributes in process `syz.3.551'. [ 85.745682][ T7966] tmpfs: Unknown parameter 'usrquota' [ 85.749445][ T7945] netlink: 'syz.1.545': attribute type 11 has an invalid length. [ 85.751478][ T7945] netlink: 36 bytes leftover after parsing attributes in process `syz.1.545'. [ 85.767088][ T7945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.771666][ T7945] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.774892][ T7945] netlink: 256 bytes leftover after parsing attributes in process `syz.1.545'. [ 85.778568][ T35] usb 6-1: USB disconnect, device number 4 [ 85.816946][ T7972] block nbd2: shutting down sockets [ 85.842684][ T7974] FAULT_INJECTION: forcing a failure. [ 85.842684][ T7974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.846846][ T7974] CPU: 0 UID: 0 PID: 7974 Comm: syz.2.555 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 85.849501][ T7974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.852185][ T7974] Call Trace: [ 85.853048][ T7974] [ 85.853814][ T7974] dump_stack_lvl+0x16c/0x1f0 [ 85.855034][ T7974] should_fail_ex+0x497/0x5b0 [ 85.856247][ T7974] _copy_to_user+0x32/0xd0 [ 85.857348][ T7974] simple_read_from_buffer+0xd0/0x160 [ 85.858709][ T7974] proc_fail_nth_read+0x198/0x270 [ 85.859962][ T7974] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 85.861402][ T7974] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 85.862810][ T7974] vfs_read+0x1df/0xbe0 [ 85.863856][ T7974] ? __fget_files+0x1fc/0x3a0 [ 85.865236][ T7974] ? __pfx___mutex_lock+0x10/0x10 [ 85.866523][ T7974] ? __pfx_vfs_read+0x10/0x10 [ 85.867754][ T7974] ? __fget_files+0x206/0x3a0 [ 85.868976][ T7974] ksys_read+0x12b/0x250 [ 85.870069][ T7974] ? __pfx_ksys_read+0x10/0x10 [ 85.871284][ T7974] do_syscall_64+0xcd/0x250 [ 85.872431][ T7974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.873939][ T7974] RIP: 0033:0x7f3cca58473c [ 85.875141][ T7974] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 85.879765][ T7974] RSP: 002b:00007f3ccb3fa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 85.881841][ T7974] RAX: ffffffffffffffda RBX: 00007f3cca775fa0 RCX: 00007f3cca58473c [ 85.883802][ T7974] RDX: 000000000000000f RSI: 00007f3ccb3fa0a0 RDI: 0000000000000004 [ 85.885817][ T7974] RBP: 00007f3ccb3fa090 R08: 0000000000000000 R09: 0000000000000000 [ 85.887750][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.889698][ T7974] R13: 0000000000000000 R14: 00007f3cca775fa0 R15: 00007ffe4a015cb8 [ 85.891611][ T7974] [ 85.925591][ T7978] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.925645][ T7977] Cache volume key already in use (9p,syz,) [ 85.942704][ T7977] overlay: ./file1 is not a directory [ 86.082223][ T7992] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 86.136141][ T8000] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 86.196077][ T8004] block nbd3: shutting down sockets [ 86.213756][ T8010] kvm: user requested TSC rate below hardware speed [ 86.229907][ C2] ata1: illegal qc_active transition (00000000->00008000) [ 86.435347][ T35] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 86.455263][ T70] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 86.557309][ T1107] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 86.560213][ T1107] ata1.00: configured for UDMA/100 [ 86.585691][ T35] usb 7-1: Using ep0 maxpacket: 32 [ 86.589004][ T35] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 86.594037][ T35] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 86.596462][ T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.598500][ T35] usb 7-1: Product: syz [ 86.599565][ T35] usb 7-1: Manufacturer: syz [ 86.600756][ T35] usb 7-1: SerialNumber: syz [ 86.603659][ T35] usb 7-1: config 0 descriptor?? [ 86.605560][ T70] usb 5-1: Using ep0 maxpacket: 16 [ 86.607462][ T8009] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 86.609000][ T70] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 86.612565][ T35] hub 7-1:0.0: bad descriptor, ignoring hub [ 86.614136][ T35] hub 7-1:0.0: probe with driver hub failed with error -5 [ 86.616192][ T70] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.618720][ T70] usb 5-1: too many endpoints for config 1 interface 0 altsetting 4: 129, using maximum allowed: 30 [ 86.621418][ T70] usb 5-1: config 1 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 129 [ 86.624658][ T70] usb 5-1: config 1 interface 0 has no altsetting 0 [ 86.627379][ T35] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input8 [ 86.633992][ T70] usb 5-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.40 [ 86.637179][ T70] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.639967][ T70] usb 5-1: Product: 枅㛘쓯⯞肙ꗋ튥쬶鏊ᝅ芗⊁䕧ꥃ绩ᅪ풇툓蔁Ɜ䇁莊➟뽣鑊覶쁱露怊斲䡖恬ਚ굫逨鵩癳㭜䎘̨ꤳ너뙑籍琕汉쾧덞큤贔ꝍ䵁⺿ꁇ舵剤궼逛㌪谤辜濉軞⁲슍둸脢迅ၑ넯焹Ⅺ賙朐闘꯷隌斎诊⻫䪰렺㖃퉣뮠暻ᒩﲲ㕪窽㔡 [ 86.647844][ T70] usb 5-1: Manufacturer: Ь [ 86.649379][ T70] usb 5-1: SerialNumber: 홥굝ᦵ๙䠘㺔橐㠠횪榧鮕䃎᧞堖࡝悒鞒ㆊ恍 [ 86.705616][ T5941] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 86.798118][ T8039] libceph: resolve ' [ 86.798118][ T8039] -&fYǝa2i [ 86.798118][ T8039] .?&*&' (ret=-3): failed [ 86.814945][ T5977] usb 7-1: USB disconnect, device number 8 [ 86.815016][ C3] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 86.831514][ T8009] __nla_validate_parse: 3 callbacks suppressed [ 86.831562][ T8009] netlink: 20 bytes leftover after parsing attributes in process `syz.2.566'. [ 86.835894][ T5941] usb 6-1: device descriptor read/64, error -71 [ 86.864858][ T70] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 86.867540][ T70] usb 5-1: USB disconnect, device number 4 [ 87.085571][ T5941] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 87.216783][ T5941] usb 6-1: device descriptor read/64, error -71 [ 87.325364][ T5941] usb usb6-port1: attempt power cycle [ 87.439778][ T39] kauditd_printk_skb: 16 callbacks suppressed [ 87.439794][ T39] audit: type=1400 audit(1734868921.498:538): avc: denied { bind } for pid=8047 comm="syz.2.576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 87.448872][ T39] audit: type=1400 audit(1734868921.498:539): avc: denied { node_bind } for pid=8047 comm="syz.2.576" saddr=::ffff:10.1.1.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 87.610277][ T8057] ubi0: attaching mtd0 [ 87.611525][ T8057] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208) [ 87.665304][ T5941] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 87.686619][ T5941] usb 6-1: device descriptor read/8, error -71 [ 87.688952][ T8061] hub 2-0:1.0: USB hub found [ 87.690305][ T8061] hub 2-0:1.0: 2 ports detected [ 87.748673][ T8050] block nbd2: shutting down sockets [ 87.773532][ T8072] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 87.782449][ T8072] input: syz1 as /devices/virtual/input/input9 [ 87.818595][ T8075] CUSE: unknown device info "ame" [ 87.820009][ T8075] CUSE: DEVNAME unspecified [ 87.831338][ T8077] tmpfs: Group quota block hardlimit too large. [ 87.833545][ T8077] program syz.0.586 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.838435][ T8077] tmpfs: Group quota block hardlimit too large. [ 87.925499][ T5941] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 87.949201][ T39] audit: type=1400 audit(1734868922.008:540): avc: denied { nlmsg_write } for pid=8088 comm="syz.0.588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 87.957971][ T5941] usb 6-1: device descriptor read/8, error -71 [ 88.067143][ T5941] usb usb6-port1: unable to enumerate USB device [ 88.081271][ T8096] : renamed from hsr0 (while UP) [ 88.085294][ T8096] binder: 8095:8096 ioctl 40046205 0 returned -22 [ 88.741316][ T8107] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 88.743943][ T8107] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 88.747907][ T39] audit: type=1400 audit(1734868922.808:541): avc: denied { ioctl } for pid=8106 comm="syz.3.594" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 88.760293][ T8107] netlink: 12 bytes leftover after parsing attributes in process `syz.3.594'. [ 88.857971][ T8110] capability: warning: `syz.2.593' uses 32-bit capabilities (legacy support in use) [ 88.868374][ T8110] block nbd2: shutting down sockets [ 88.917460][ T39] audit: type=1400 audit(1734868922.978:542): avc: denied { bind } for pid=8111 comm="syz.3.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 88.923947][ T39] audit: type=1400 audit(1734868922.978:543): avc: denied { read write } for pid=8111 comm="syz.3.596" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 88.931911][ T39] audit: type=1400 audit(1734868922.978:544): avc: denied { open } for pid=8111 comm="syz.3.596" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 88.940603][ T39] audit: type=1400 audit(1734868922.978:545): avc: denied { map } for pid=8111 comm="syz.3.596" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 88.948990][ T39] audit: type=1400 audit(1734868922.978:546): avc: denied { execute } for pid=8111 comm="syz.3.596" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 88.987042][ T39] audit: type=1400 audit(1734868923.038:547): avc: denied { ioctl } for pid=8111 comm="syz.3.596" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.098586][ T8135] overlayfs: failed to resolve './file1': -2 [ 89.326299][ T8152] block nbd3: shutting down sockets [ 89.526231][ T8165] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 89.623010][ T8173] openvswitch: netlink: Flow actions attr not present in new flow. [ 89.627676][ T8173] netlink: 24 bytes leftover after parsing attributes in process `syz.1.616'. [ 89.661267][ T8176] Cannot find del_set index 4 as target [ 90.064357][ T8217] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=8217 comm=syz.2.627 [ 90.096437][ T8217] netlink: 'syz.2.627': attribute type 16 has an invalid length. [ 90.097650][ T8215] netlink: 'syz.2.627': attribute type 16 has an invalid length. [ 90.098555][ T8217] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.627'. [ 90.100567][ T8215] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.627'. [ 90.120575][ T8225] netlink: 32 bytes leftover after parsing attributes in process `syz.0.629'. [ 90.123182][ T8224] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 90.143780][ T8231] Invalid logical block size (585) [ 90.318428][ T8240] overlay: Unknown parameter 'audit' [ 90.323313][ T8240] netlink: 'syz.2.634': attribute type 1 has an invalid length. [ 90.325796][ T8240] netlink: 224 bytes leftover after parsing attributes in process `syz.2.634'. [ 90.510623][ T8258] autofs: Unknown parameter 'pRZXa2q@- EMVs%1T4Cϔ7)SlLtU' [ 90.576333][ T8258] netlink: 16 bytes leftover after parsing attributes in process `syz.2.639'. [ 90.883434][ T8272] binder: BINDER_SET_CONTEXT_MGR already set [ 90.885524][ T8272] binder: 8271:8272 ioctl 4018620d 20000040 returned -16 [ 91.475290][ T1145] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 91.859537][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.661'. [ 91.929542][ T8336] netlink: 172 bytes leftover after parsing attributes in process `syz.2.663'. [ 92.146599][ T5942] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 92.286031][ T8369] netlink: 56 bytes leftover after parsing attributes in process `syz.2.672'. [ 92.540829][ T8390] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8390 comm=syz.0.679 [ 92.544366][ T8390] sch_fq: defrate 2 ignored. [ 92.591062][ T8388] bridge_slave_0: left allmulticast mode [ 92.592561][ T8388] bridge_slave_0: left promiscuous mode [ 92.594065][ T8388] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.601080][ T8388] bridge_slave_1: left allmulticast mode [ 92.601869][ T8393] netlink: 'syz.0.680': attribute type 10 has an invalid length. [ 92.602713][ T8388] bridge_slave_1: left promiscuous mode [ 92.606427][ T8388] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.610015][ T8388] bond0: (slave bond_slave_0): Releasing backup interface [ 92.613324][ T8388] bond0: (slave bond_slave_1): Releasing backup interface [ 92.625855][ T8388] team0: Port device team_slave_0 removed [ 92.630700][ T8388] team0: Port device team_slave_1 removed [ 92.632645][ T8388] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.634542][ T8388] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 92.640092][ T8388] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.642668][ T8388] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.667500][ T8396] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.699970][ T8398] team0: Mode changed to "loadbalance" [ 92.733445][ T8396] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.793751][ T8402] netlink: 12 bytes leftover after parsing attributes in process `syz.2.683'. [ 92.796319][ T8402] netlink: 20 bytes leftover after parsing attributes in process `syz.2.683'. [ 92.832390][ T8396] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.912817][ T8396] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.935325][ T5941] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 92.991283][ T8396] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.998580][ T8396] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.003332][ T8396] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.009438][ T8396] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.014400][ T8397] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.059782][ T8397] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.086327][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.089146][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.091622][ T5941] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 93.094969][ T5941] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 93.097590][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.100731][ T5941] usb 5-1: config 0 descriptor?? [ 93.127315][ T8397] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.167662][ T8397] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.509999][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.512417][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.514329][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.516241][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.518023][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.519776][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.521590][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.523596][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.525827][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.527742][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.529646][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.531552][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.533369][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.535546][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.537557][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.539415][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.541266][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.543159][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.545301][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.547261][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.549254][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.551265][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.553168][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.555328][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.557239][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.559166][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.561128][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.563044][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.564947][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.567056][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.568977][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.570891][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.572846][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.574750][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.576714][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.578625][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.580512][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.582414][ T5941] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 93.585393][ T5941] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 93.595526][ T5941] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 94.000679][ T39] kauditd_printk_skb: 34 callbacks suppressed [ 94.000694][ T39] audit: type=1400 audit(1734868928.054:582): avc: denied { bind } for pid=8423 comm="syz.3.691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 94.160138][ T39] audit: type=1400 audit(1734868928.214:583): avc: denied { execstack } for pid=8431 comm="syz.3.693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 94.295667][ T8439] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2052 sclass=netlink_route_socket pid=8439 comm=syz.3.695 [ 94.425327][ T8442] block nbd3: Device being setup by another task [ 94.575421][ T45] wlan1: Trigger new scan to find an IBSS to join [ 94.585764][ T8442] block nbd3: shutting down sockets [ 94.614681][ T39] audit: type=1400 audit(1734868928.664:584): avc: denied { read } for pid=8443 comm="syz.3.697" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 94.621818][ T39] audit: type=1400 audit(1734868928.664:585): avc: denied { open } for pid=8443 comm="syz.3.697" path="/syzcgroup/unified/syz3" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 94.628226][ T39] audit: type=1400 audit(1734868928.674:586): avc: denied { write } for pid=8443 comm="syz.3.697" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 94.687038][ T8446] bridge_slave_0: left allmulticast mode [ 94.688538][ T8446] bridge_slave_0: left promiscuous mode [ 94.690121][ T8446] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.693015][ T8446] bridge_slave_1: left allmulticast mode [ 94.694493][ T8446] bridge_slave_1: left promiscuous mode [ 94.696608][ T8446] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.700190][ T8446] bond0: (slave bond_slave_0): Releasing backup interface [ 94.702221][ T8446] bond_slave_0: left promiscuous mode [ 94.705581][ T8446] bond0: (slave bond_slave_1): Releasing backup interface [ 94.709298][ T8446] bond_slave_1: left promiscuous mode [ 94.712176][ T8446] team_slave_0: left promiscuous mode [ 94.713629][ T8446] team_slave_0: left allmulticast mode [ 94.723271][ T8446] team0: Port device team_slave_0 removed [ 94.727099][ T8446] team_slave_1: left promiscuous mode [ 94.728619][ T8446] team_slave_1: left allmulticast mode [ 94.733569][ T8446] team0: Port device team_slave_1 removed [ 94.737971][ T8446] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.739919][ T8446] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.742451][ T8446] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.744419][ T8446] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.861811][ T39] audit: type=1400 audit(1734868928.914:587): avc: denied { view } for pid=8450 comm="syz.3.699" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 94.939106][ T8455] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 94.940983][ T8455] IPv6: NLM_F_CREATE should be set when creating new route [ 94.943337][ T8456] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 95.719215][ T5997] usb 5-1: USB disconnect, device number 5 [ 95.806699][ T39] audit: type=1400 audit(1734868929.864:588): avc: denied { ioctl } for pid=8461 comm="syz.3.703" path="socket:[25148]" dev="sockfs" ino=25148 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 95.894575][ T39] audit: type=1400 audit(1734868929.944:589): avc: denied { relabelfrom } for pid=8470 comm="syz.0.706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 95.895433][ T8471] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 95.901376][ T39] audit: type=1400 audit(1734868929.944:590): avc: denied { relabelto } for pid=8470 comm="syz.0.706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 95.911055][ T39] audit: type=1400 audit(1734868929.964:591): avc: denied { attach_queue } for pid=8470 comm="syz.0.706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 95.945254][ T8472] block nbd3: Device being setup by another task [ 96.006150][ T8472] FAULT_INJECTION: forcing a failure. [ 96.006150][ T8472] name failslab, interval 1, probability 0, space 0, times 0 [ 96.009441][ T8472] CPU: 3 UID: 0 PID: 8472 Comm: syz.3.705 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 96.012180][ T8472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.014960][ T8472] Call Trace: [ 96.015849][ T8472] [ 96.016637][ T8472] dump_stack_lvl+0x16c/0x1f0 [ 96.017892][ T8472] should_fail_ex+0x497/0x5b0 [ 96.019152][ T8472] ? fs_reclaim_acquire+0xae/0x150 [ 96.020493][ T8472] should_failslab+0xc2/0x120 [ 96.021743][ T8472] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 96.023228][ T8472] ? __d_alloc+0x31/0xaa0 [ 96.024376][ T8472] __d_alloc+0x31/0xaa0 [ 96.025484][ T8472] d_alloc+0x4a/0x1e0 [ 96.026538][ T8472] d_alloc_parallel+0xe9/0x12b0 [ 96.027830][ T8472] ? __pfx_d_alloc_parallel+0x10/0x10 [ 96.029326][ T8472] ? lockdep_init_map_type+0x16d/0x7d0 [ 96.030745][ T8472] ? mark_lock+0xb5/0xc60 [ 96.031871][ T8472] ? lockdep_init_map_type+0x16d/0x7d0 [ 96.033293][ T8472] __lookup_slow+0x194/0x460 [ 96.034550][ T8472] ? __pfx___lookup_slow+0x10/0x10 [ 96.035927][ T8472] ? __pfx_lock_release+0x10/0x10 [ 96.037285][ T8472] ? d_lookup+0xe9/0x180 [ 96.038539][ T8472] lookup_one_len+0x181/0x1b0 [ 96.040188][ T8472] ? __pfx_lookup_one_len+0x10/0x10 [ 96.041597][ T8472] ? mntput+0x10/0x90 [ 96.042652][ T8472] start_creating.part.0+0x12f/0x3a0 [ 96.044052][ T8472] __debugfs_create_file+0xa5/0x660 [ 96.045444][ T8472] debugfs_create_file_full+0x6d/0xa0 [ 96.046856][ T8472] nbd_start_device+0x415/0xd70 [ 96.048141][ T8472] ? bpf_lsm_capable+0x9/0x10 [ 96.049382][ T8472] nbd_ioctl+0x21a/0xfd0 [ 96.050511][ T8472] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 96.052206][ T8472] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 96.053907][ T8472] ? __pfx_nbd_ioctl+0x10/0x10 [ 96.055177][ T8472] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 96.056956][ T8472] ? __pfx_lock_release+0x10/0x10 [ 96.058304][ T8472] ? __pfx_nbd_ioctl+0x10/0x10 [ 96.059562][ T8472] blkdev_ioctl+0x276/0x6d0 [ 96.060759][ T8472] ? __pfx_blkdev_ioctl+0x10/0x10 [ 96.062083][ T8472] ? selinux_file_ioctl+0x180/0x270 [ 96.063453][ T8472] ? selinux_file_ioctl+0xb4/0x270 [ 96.064807][ T8472] ? __pfx_blkdev_ioctl+0x10/0x10 [ 96.066161][ T8472] __x64_sys_ioctl+0x190/0x200 [ 96.067418][ T8472] do_syscall_64+0xcd/0x250 [ 96.068626][ T8472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.070187][ T8472] RIP: 0033:0x7fd12eb85d29 [ 96.071361][ T8472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.076405][ T8472] RSP: 002b:00007fd12c9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.078566][ T8472] RAX: ffffffffffffffda RBX: 00007fd12ed76080 RCX: 00007fd12eb85d29 [ 96.080612][ T8472] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 96.082670][ T8472] RBP: 00007fd12c9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 96.084778][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 96.086854][ T8472] R13: 0000000000000000 R14: 00007fd12ed76080 R15: 00007ffeb9958d38 [ 96.088904][ T8472] [ 96.126646][ T8469] block nbd3: shutting down sockets [ 96.161064][ T8475] can0: slcan on ptm0. [ 96.266716][ T1018] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 96.395228][ T5997] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 96.555185][ T5997] usb 5-1: Using ep0 maxpacket: 8 [ 96.558366][ T5997] usb 5-1: config index 0 descriptor too short (expected 18482, got 45) [ 96.560581][ T5997] usb 5-1: config 255 has an invalid descriptor of length 72, skipping remainder of the config [ 96.563174][ T5997] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 13 [ 96.565792][ T5997] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 96.568308][ T5997] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.644965][ T8397] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.650010][ T8397] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.656440][ T8397] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.661169][ T8397] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.800673][ T5997] usb 5-1: string descriptor 0 read error: -71 [ 96.810168][ T5997] usb 5-1: USB disconnect, device number 6 [ 96.885772][ T8474] can0 (unregistered): slcan off ptm0. [ 97.326422][ T8520] xt_hashlimit: size too large, truncated to 1048576 [ 97.381207][ T8524] netlink: 'syz.1.718': attribute type 4 has an invalid length. [ 97.470305][ T8518] FAULT_INJECTION: forcing a failure. [ 97.470305][ T8518] name failslab, interval 1, probability 0, space 0, times 0 [ 97.473656][ T8518] CPU: 2 UID: 0 PID: 8518 Comm: syz.2.717 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 97.476451][ T8518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.479272][ T8518] Call Trace: [ 97.480160][ T8518] [ 97.480963][ T8518] dump_stack_lvl+0x16c/0x1f0 [ 97.482268][ T8518] should_fail_ex+0x497/0x5b0 [ 97.483507][ T8518] ? fs_reclaim_acquire+0xae/0x150 [ 97.485217][ T8518] should_failslab+0xc2/0x120 [ 97.486940][ T8518] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 97.488500][ T8518] ? security_inode_alloc+0x3b/0x2b0 [ 97.489910][ T8518] security_inode_alloc+0x3b/0x2b0 [ 97.491258][ T8518] inode_init_always_gfp+0xce4/0x1030 [ 97.492789][ T8518] alloc_inode+0x82/0x230 [ 97.494119][ T8518] new_inode+0x22/0x210 [ 97.495556][ T8518] ? start_creating.part.0+0x25d/0x3a0 [ 97.497456][ T8518] __debugfs_create_file+0x11a/0x660 [ 97.499294][ T8518] debugfs_create_file_full+0x6d/0xa0 [ 97.501096][ T8518] nbd_start_device+0x415/0xd70 [ 97.502471][ T8518] ? bpf_lsm_capable+0x9/0x10 [ 97.503723][ T8518] nbd_ioctl+0x21a/0xfd0 [ 97.504894][ T8518] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 97.506779][ T8518] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 97.508449][ T8518] ? __pfx_nbd_ioctl+0x10/0x10 [ 97.509905][ T8518] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 97.511774][ T8518] ? __pfx_lock_release+0x10/0x10 [ 97.513149][ T8518] ? __pfx_nbd_ioctl+0x10/0x10 [ 97.514628][ T8518] blkdev_ioctl+0x276/0x6d0 [ 97.516251][ T8518] ? __pfx_blkdev_ioctl+0x10/0x10 [ 97.518180][ T8518] ? selinux_file_ioctl+0x180/0x270 [ 97.519709][ T8518] ? selinux_file_ioctl+0xb4/0x270 [ 97.521151][ T8518] ? __pfx_blkdev_ioctl+0x10/0x10 [ 97.522551][ T8518] __x64_sys_ioctl+0x190/0x200 [ 97.523829][ T8518] do_syscall_64+0xcd/0x250 [ 97.525106][ T8518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.526694][ T8518] RIP: 0033:0x7f3cca585d29 [ 97.527898][ T8518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.533014][ T8518] RSP: 002b:00007f3ccb3fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 97.535656][ T1148] wlan1: Trigger new scan to find an IBSS to join [ 97.535724][ T8518] RAX: ffffffffffffffda RBX: 00007f3cca775fa0 RCX: 00007f3cca585d29 [ 97.539539][ T8518] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 97.541671][ T8518] RBP: 00007f3ccb3fa090 R08: 0000000000000000 R09: 0000000000000000 [ 97.543786][ T8518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 97.546181][ T8518] R13: 0000000000000000 R14: 00007f3cca775fa0 R15: 00007ffe4a015cb8 [ 97.548277][ T8518] [ 97.549203][ C2] vkms_vblank_simulate: vblank timer overrun [ 97.562344][ T8518] debugfs: out of free dentries, can not create file 'flags' [ 97.583036][ T8540] netlink: 68 bytes leftover after parsing attributes in process `syz.0.720'. [ 97.636326][ T8526] block nbd2: shutting down sockets [ 97.652305][ T8540] ebtables: ebtables: counters copy to user failed while replacing table [ 97.880725][ T8559] netlink: 16 bytes leftover after parsing attributes in process `syz.2.724'. [ 97.938655][ T8567] QAT: Stopping all acceleration devices. [ 97.950981][ T8569] bridge_slave_1: entered allmulticast mode [ 98.046377][ T70] IPVS: starting estimator thread 0... [ 98.123875][ T8591] netlink: 'syz.0.729': attribute type 10 has an invalid length. [ 98.146909][ T8582] IPVS: using max 38 ests per chain, 91200 per kthread [ 98.931748][ T8596] input: syz1 as /devices/virtual/input/input10 [ 99.025335][ T8597] block nbd1: Device being setup by another task [ 99.161981][ T8609] program syz.0.735 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 99.190029][ T8597] FAULT_INJECTION: forcing a failure. [ 99.190029][ T8597] name failslab, interval 1, probability 0, space 0, times 0 [ 99.193578][ T8597] CPU: 0 UID: 0 PID: 8597 Comm: syz.1.730 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 99.196364][ T8597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.199170][ T8597] Call Trace: [ 99.200052][ T8597] [ 99.200835][ T8597] dump_stack_lvl+0x16c/0x1f0 [ 99.202100][ T8597] should_fail_ex+0x497/0x5b0 [ 99.203342][ T8597] ? fs_reclaim_acquire+0xae/0x150 [ 99.204702][ T8597] should_failslab+0xc2/0x120 [ 99.206007][ T8597] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 99.207416][ T8597] ? __asan_memcpy+0x3c/0x60 [ 99.208617][ T8597] ? __kernfs_new_node+0xd3/0x890 [ 99.209975][ T8597] __kernfs_new_node+0xd3/0x890 [ 99.211265][ T8597] ? kfree_const+0x55/0x60 [ 99.212438][ T8597] ? blk_mq_register_hctx+0x264/0x470 [ 99.213870][ T8597] ? blk_mq_sysfs_register_hctxs+0x13b/0x190 [ 99.215466][ T8597] ? __pfx___kernfs_new_node+0x10/0x10 [ 99.216900][ T8597] ? hlock_class+0x4e/0x130 [ 99.218092][ T8597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.219683][ T8597] ? __pfx_mark_lock+0x10/0x10 [ 99.220962][ T8597] kernfs_new_node+0x186/0x240 [ 99.222242][ T8597] kernfs_create_dir_ns+0x4c/0x150 [ 99.223586][ T8597] sysfs_create_dir_ns+0x13b/0x2b0 [ 99.224935][ T8597] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 99.226631][ T8597] ? kfree+0x14f/0x4b0 [ 99.227717][ T8597] kobject_add_internal+0x2c8/0x990 [ 99.229153][ T8597] kobject_add+0x16f/0x240 [ 99.230346][ T8597] ? __pfx_kobject_add+0x10/0x10 [ 99.231637][ T8597] ? __pfx_xa_find+0x10/0x10 [ 99.232853][ T8597] blk_mq_register_hctx+0x264/0x470 [ 99.234247][ T8597] blk_mq_sysfs_register_hctxs+0x13b/0x190 [ 99.235791][ T8597] ? __pfx_blk_mq_sysfs_register_hctxs+0x10/0x10 [ 99.237472][ T8597] __blk_mq_update_nr_hw_queues+0x5b1/0x14e0 [ 99.239055][ T8597] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 99.240738][ T8597] ? nbd_ioctl+0x151/0xfd0 [ 99.241937][ T8597] ? __pfx___mutex_lock+0x10/0x10 [ 99.243265][ T8597] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 99.244715][ T8597] nbd_start_device+0x15b/0xd70 [ 99.246021][ T8597] ? bpf_lsm_capable+0x9/0x10 [ 99.247260][ T8597] nbd_ioctl+0x21a/0xfd0 [ 99.248377][ T8597] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 99.250092][ T8597] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 99.251800][ T8597] ? __pfx_nbd_ioctl+0x10/0x10 [ 99.252981][ T8597] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 99.254724][ T8597] ? __pfx_lock_release+0x10/0x10 [ 99.256086][ T8597] ? __pfx_nbd_ioctl+0x10/0x10 [ 99.257343][ T8597] blkdev_ioctl+0x276/0x6d0 [ 99.258564][ T8597] ? __pfx_blkdev_ioctl+0x10/0x10 [ 99.259885][ T8597] ? selinux_file_ioctl+0x180/0x270 [ 99.261249][ T8597] ? selinux_file_ioctl+0xb4/0x270 [ 99.262611][ T8597] ? __pfx_blkdev_ioctl+0x10/0x10 [ 99.263953][ T8597] __x64_sys_ioctl+0x190/0x200 [ 99.265229][ T8597] do_syscall_64+0xcd/0x250 [ 99.266450][ T8597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.267975][ T8597] RIP: 0033:0x7fa1e2f85d29 [ 99.269141][ T8597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.274018][ T8597] RSP: 002b:00007fa1e3e25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.276098][ T8597] RAX: ffffffffffffffda RBX: 00007fa1e3176080 RCX: 00007fa1e2f85d29 [ 99.278020][ T8597] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 99.280018][ T8597] RBP: 00007fa1e3e25090 R08: 0000000000000000 R09: 0000000000000000 [ 99.282054][ T8597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 99.284113][ T8597] R13: 0000000000000000 R14: 00007fa1e3176080 R15: 00007ffe956e4a08 [ 99.286193][ T8597] [ 99.294960][ T8597] kobject: kobject_add_internal failed for cpu4 (error: -12 parent: 0) [ 99.299134][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 99.299144][ T39] audit: type=1400 audit(1734868933.354:593): avc: denied { write } for pid=5332 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 99.307327][ T39] audit: type=1400 audit(1734868933.354:594): avc: denied { remove_name } for pid=5332 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 99.313037][ T39] audit: type=1400 audit(1734868933.354:595): avc: denied { add_name } for pid=5332 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 99.365871][ T8594] block nbd1: shutting down sockets [ 99.400084][ T39] audit: type=1400 audit(1734868933.454:596): avc: denied { setopt } for pid=8617 comm="syz.1.739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 99.497217][ T8624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.740'. [ 99.630477][ T8630] macsec1: entered promiscuous mode [ 99.725280][ T5977] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 99.797970][ T8653] binder: 8652:8653 ioctl c018620c 20000140 returned -22 [ 99.875199][ T5977] usb 6-1: Using ep0 maxpacket: 16 [ 99.880494][ T5977] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 99.882854][ T5977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.884926][ T5977] usb 6-1: Product: syz [ 99.886267][ T5977] usb 6-1: Manufacturer: syz [ 99.887510][ T5977] usb 6-1: SerialNumber: syz [ 99.891204][ T5977] r8152-cfgselector 6-1: Unknown version 0x0000 [ 99.892853][ T5977] r8152-cfgselector 6-1: config 0 descriptor?? [ 99.961306][ T39] audit: type=1400 audit(1734868934.014:597): avc: denied { setopt } for pid=8658 comm="syz.0.752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 99.970540][ T8659] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 100.061622][ T8647] FAULT_INJECTION: forcing a failure. [ 100.061622][ T8647] name failslab, interval 1, probability 0, space 0, times 0 [ 100.066113][ T8647] CPU: 3 UID: 0 PID: 8647 Comm: syz.3.748 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 100.069032][ T8647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.072363][ T8647] Call Trace: [ 100.073468][ T8647] [ 100.074435][ T8647] dump_stack_lvl+0x16c/0x1f0 [ 100.076094][ T8647] should_fail_ex+0x497/0x5b0 [ 100.077685][ T8647] ? fs_reclaim_acquire+0xae/0x150 [ 100.079250][ T8647] should_failslab+0xc2/0x120 [ 100.080841][ T8647] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 100.082891][ T8647] ? __pfx_stack_trace_save+0x10/0x10 [ 100.084739][ T8647] ? __pfx_mark_lock+0x10/0x10 [ 100.086418][ T8647] ? kstrdup_const+0x63/0x80 [ 100.087755][ T8647] kstrdup+0x53/0x100 [ 100.088907][ T8647] kstrdup_const+0x63/0x80 [ 100.090359][ T8647] __kernfs_new_node+0x9c/0x890 [ 100.091640][ T8647] ? kfree_const+0x55/0x60 [ 100.092769][ T8647] ? blk_mq_register_hctx+0x264/0x470 [ 100.094152][ T8647] ? blk_mq_sysfs_register_hctxs+0x13b/0x190 [ 100.095737][ T8647] ? __pfx___kernfs_new_node+0x10/0x10 [ 100.097156][ T8647] ? hlock_class+0x4e/0x130 [ 100.097273][ T5977] r8152-cfgselector 6-1: Unknown version 0x0000 [ 100.098345][ T8647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.100055][ T5977] r8152-cfgselector 6-1: bad CDC descriptors [ 100.101565][ T8647] ? __pfx_mark_lock+0x10/0x10 [ 100.104393][ T8647] kernfs_new_node+0x186/0x240 [ 100.105661][ T8647] kernfs_create_dir_ns+0x4c/0x150 [ 100.107005][ T8647] sysfs_create_dir_ns+0x13b/0x2b0 [ 100.108092][ T5977] r8152-cfgselector 6-1: USB disconnect, device number 9 [ 100.108338][ T8647] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 100.111618][ T8647] ? kfree+0x14f/0x4b0 [ 100.112660][ T8647] kobject_add_internal+0x2c8/0x990 [ 100.114012][ T8647] kobject_add+0x16f/0x240 [ 100.115115][ T8647] ? __pfx_kobject_add+0x10/0x10 [ 100.116391][ T8647] ? __pfx_xa_find+0x10/0x10 [ 100.117571][ T8647] blk_mq_register_hctx+0x264/0x470 [ 100.118903][ T8647] blk_mq_sysfs_register_hctxs+0x13b/0x190 [ 100.120396][ T8647] ? __pfx_blk_mq_sysfs_register_hctxs+0x10/0x10 [ 100.121996][ T8647] __blk_mq_update_nr_hw_queues+0x5b1/0x14e0 [ 100.123506][ T8647] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 100.125227][ T8647] ? nbd_ioctl+0x151/0xfd0 [ 100.126416][ T8647] ? __pfx___mutex_lock+0x10/0x10 [ 100.127740][ T8647] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 100.129190][ T8647] nbd_start_device+0x15b/0xd70 [ 100.130480][ T8647] ? bpf_lsm_capable+0x9/0x10 [ 100.131721][ T8647] nbd_ioctl+0x21a/0xfd0 [ 100.132838][ T8647] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 100.134540][ T8647] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 100.136232][ T8647] ? __pfx_nbd_ioctl+0x10/0x10 [ 100.137490][ T8647] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 100.139229][ T8647] ? __pfx_lock_release+0x10/0x10 [ 100.140552][ T8647] ? __pfx_nbd_ioctl+0x10/0x10 [ 100.141775][ T8647] blkdev_ioctl+0x276/0x6d0 [ 100.142949][ T8647] ? __pfx_blkdev_ioctl+0x10/0x10 [ 100.144244][ T8647] ? selinux_file_ioctl+0x180/0x270 [ 100.145555][ T8647] ? selinux_file_ioctl+0xb4/0x270 [ 100.146849][ T8647] ? __pfx_blkdev_ioctl+0x10/0x10 [ 100.148172][ T8647] __x64_sys_ioctl+0x190/0x200 [ 100.149434][ T8647] do_syscall_64+0xcd/0x250 [ 100.150634][ T8647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.152177][ T8647] RIP: 0033:0x7fd12eb85d29 [ 100.153345][ T8647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.158346][ T8647] RSP: 002b:00007fd12f8d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.160506][ T8647] RAX: ffffffffffffffda RBX: 00007fd12ed75fa0 RCX: 00007fd12eb85d29 [ 100.162550][ T8647] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 100.164561][ T8647] RBP: 00007fd12f8d7090 R08: 0000000000000000 R09: 0000000000000000 [ 100.166623][ T8647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 100.168632][ T8647] R13: 0000000000000000 R14: 00007fd12ed75fa0 R15: 00007ffeb9958d38 [ 100.170709][ T8647] [ 100.171579][ C3] vkms_vblank_simulate: vblank timer overrun [ 100.174165][ T8647] kobject: kobject_add_internal failed for cpu1 (error: -12 parent: 0) [ 100.235531][ T8654] block nbd3: shutting down sockets [ 100.298766][ T8674] syz.3.757: attempt to access beyond end of device [ 100.298766][ T8674] nbd3: rw=0, sector=8, nr_sectors = 8 limit=0 [ 100.302179][ T8674] VFS: unable to read V7 FS superblock on device nbd3. [ 100.304424][ T8674] VFS: could not find a valid V7 on nbd3. [ 100.455338][ T70] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 100.458147][ T8685] netlink: 12 bytes leftover after parsing attributes in process `syz.3.761'. [ 100.575374][ T1145] wlan1: Trigger new scan to find an IBSS to join [ 100.617566][ T70] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 100.619593][ T70] usb 5-1: can't read configurations, error -61 [ 100.686081][ T8693] trusted_key: encrypted_key: insufficient parameters specified [ 100.705219][ T8694] block nbd3: Device being setup by another task [ 100.755187][ T70] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 100.823756][ T39] audit: type=1400 audit(1734868934.874:598): avc: denied { read } for pid=8696 comm="syz.1.766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 100.824059][ T8697] netlink: 36 bytes leftover after parsing attributes in process `syz.1.766'. [ 100.837020][ T8694] ------------[ cut here ]------------ [ 100.839020][ T8694] kernfs: can not remove 'nr_tags', no directory [ 100.841465][ T8694] WARNING: CPU: 1 PID: 8694 at fs/kernfs/dir.c:1683 kernfs_remove_by_name_ns+0x110/0x130 [ 100.844965][ T8694] Modules linked in: [ 100.848161][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.3.764 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 100.853179][ T8694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.857110][ T8694] RIP: 0010:kernfs_remove_by_name_ns+0x110/0x130 [ 100.858867][ T8694] Code: 5f ff bb fe ff ff ff 89 d8 5b 5d 41 5c 41 5d c3 cc cc cc cc e8 61 fc 5f ff 90 48 c7 c7 e0 10 82 8b 4c 89 e6 e8 e1 35 20 ff 90 <0f> 0b 90 90 eb cd e8 15 a8 c2 ff e9 54 ff ff ff e8 0b a8 c2 ff e9 [ 100.863711][ T8694] RSP: 0018:ffffc900038ff840 EFLAGS: 00010282 [ 100.865383][ T8694] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a50d9 [ 100.867383][ T8694] RDX: ffff8880282e4880 RSI: ffffffff815a50e6 RDI: 0000000000000001 [ 100.869438][ T8694] RBP: ffffffff8ecbee20 R08: 0000000000000001 R09: 0000000000000000 [ 100.871479][ T8694] R10: 0000000000000000 R11: 0000000000000005 R12: ffffffff8bcf96a0 [ 100.873493][ T8694] R13: 0000000000000000 R14: ffffffff8bcf95c0 R15: 0000000000000004 [ 100.875563][ T8694] FS: 00007fd12c9f66c0(0000) GS:ffff88806a700000(0000) knlGS:0000000000000000 [ 100.877860][ T8694] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 100.879552][ T8694] CR2: 000000110c30136c CR3: 000000004fb4e000 CR4: 0000000000352ef0 [ 100.881562][ T8694] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 100.883594][ T8694] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 100.885713][ T8694] Call Trace: [ 100.886589][ T8694] [ 100.887366][ T8694] ? __warn+0xea/0x3c0 [ 100.888437][ T8694] ? kernfs_remove_by_name_ns+0x110/0x130 [ 100.889924][ T8694] ? report_bug+0x3c0/0x580 [ 100.891121][ T8694] ? handle_bug+0x54/0xa0 [ 100.892262][ T8694] ? exc_invalid_op+0x17/0x50 [ 100.893512][ T8694] ? asm_exc_invalid_op+0x1a/0x20 [ 100.894840][ T8694] ? __warn_printk+0x199/0x350 [ 100.896558][ T8694] ? __warn_printk+0x1a6/0x350 [ 100.897772][ T8694] ? kernfs_remove_by_name_ns+0x110/0x130 [ 100.899202][ T8694] remove_files+0x96/0x1c0 [ 100.900371][ T8694] sysfs_remove_group+0x8b/0x180 [ 100.901655][ T8694] sysfs_remove_groups+0x60/0xa0 [ 100.902894][ T8694] __kobject_del+0x89/0x1f0 [ 100.904091][ T8694] kobject_del+0x3f/0x60 [ 100.905232][ T8694] blk_mq_sysfs_unregister_hctxs+0x258/0x2d0 [ 100.906751][ T8694] ? __pfx_blk_mq_sysfs_unregister_hctxs+0x10/0x10 [ 100.908368][ T8694] ? __pfx_blk_mq_debugfs_unregister_hctxs+0x10/0x10 [ 100.910056][ T8694] ? __blk_mq_unfreeze_queue+0x161/0x210 [ 100.911510][ T8694] __blk_mq_update_nr_hw_queues+0x93f/0x14e0 [ 100.913064][ T8694] ? __mutex_trylock_common+0xea/0x250 [ 100.914482][ T8694] ? __pfx___mutex_trylock_common+0x10/0x10 [ 100.916128][ T8694] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 100.916789][ T70] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 100.917601][ T8694] ? rcu_is_watching+0x12/0xc0 [ 100.917621][ T8694] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 100.917637][ T8694] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 100.919737][ T70] usb 5-1: can't read configurations, error -61 [ 100.920839][ T8694] ? __pfx___mutex_lock+0x10/0x10 [ 100.922675][ T70] usb usb5-port1: attempt power cycle [ 100.923991][ T8694] ? lockdep_hardirqs_on+0x7c/0x110 [ 100.929680][ T8694] ? __mutex_lock+0x1cc/0xa60 [ 100.930914][ T8694] ? nbd_ioctl+0x151/0xfd0 [ 100.932083][ T8694] ? __pfx___mutex_lock+0x10/0x10 [ 100.933414][ T8694] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 100.934823][ T8694] nbd_start_device+0x15b/0xd70 [ 100.936140][ T8694] ? bpf_lsm_capable+0x9/0x10 [ 100.937373][ T8694] nbd_ioctl+0x21a/0xfd0 [ 100.938493][ T8694] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 100.940126][ T8694] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 100.941748][ T8694] ? __pfx_nbd_ioctl+0x10/0x10 [ 100.942993][ T8694] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 100.944728][ T8694] ? __pfx_lock_release+0x10/0x10 [ 100.946105][ T8694] ? __pfx_nbd_ioctl+0x10/0x10 [ 100.947352][ T8694] blkdev_ioctl+0x276/0x6d0 [ 100.948543][ T8694] ? __pfx_blkdev_ioctl+0x10/0x10 [ 100.949870][ T8694] ? selinux_file_ioctl+0x180/0x270 [ 100.951224][ T8694] ? selinux_file_ioctl+0xb4/0x270 [ 100.952565][ T8694] ? __pfx_blkdev_ioctl+0x10/0x10 [ 100.953886][ T8694] __x64_sys_ioctl+0x190/0x200 [ 100.955212][ T8694] do_syscall_64+0xcd/0x250 [ 100.956409][ T8694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.957953][ T8694] RIP: 0033:0x7fd12eb85d29 [ 100.959145][ T8694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.964100][ T8694] RSP: 002b:00007fd12c9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.966308][ T8694] RAX: ffffffffffffffda RBX: 00007fd12ed76080 RCX: 00007fd12eb85d29 [ 100.968342][ T8694] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 100.970365][ T8694] RBP: 00007fd12c9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 100.972328][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 100.974280][ T8694] R13: 0000000000000000 R14: 00007fd12ed76080 R15: 00007ffeb9958d38 [ 100.976363][ T8694] [ 100.977180][ T8694] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 100.979041][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.3.764 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0 [ 100.981611][ T8694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.984359][ T8694] Call Trace: [ 100.985239][ T8694] [ 100.986023][ T8694] dump_stack_lvl+0x3d/0x1f0 [ 100.987251][ T8694] panic+0x71d/0x800 [ 100.988252][ T8694] ? __pfx_panic+0x10/0x10 [ 100.989425][ T8694] ? show_trace_log_lvl+0x29d/0x3d0 [ 100.990782][ T8694] ? check_panic_on_warn+0x1f/0xb0 [ 100.992121][ T8694] ? kernfs_remove_by_name_ns+0x110/0x130 [ 100.993609][ T8694] check_panic_on_warn+0xab/0xb0 [ 100.994898][ T8694] __warn+0xf6/0x3c0 [ 100.995939][ T8694] ? kernfs_remove_by_name_ns+0x110/0x130 [ 100.997417][ T8694] report_bug+0x3c0/0x580 [ 100.998542][ T8694] handle_bug+0x54/0xa0 [ 100.999627][ T8694] exc_invalid_op+0x17/0x50 [ 101.000811][ T8694] asm_exc_invalid_op+0x1a/0x20 [ 101.002089][ T8694] RIP: 0010:kernfs_remove_by_name_ns+0x110/0x130 [ 101.003714][ T8694] Code: 5f ff bb fe ff ff ff 89 d8 5b 5d 41 5c 41 5d c3 cc cc cc cc e8 61 fc 5f ff 90 48 c7 c7 e0 10 82 8b 4c 89 e6 e8 e1 35 20 ff 90 <0f> 0b 90 90 eb cd e8 15 a8 c2 ff e9 54 ff ff ff e8 0b a8 c2 ff e9 [ 101.008651][ T8694] RSP: 0018:ffffc900038ff840 EFLAGS: 00010282 [ 101.010225][ T8694] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a50d9 [ 101.012253][ T8694] RDX: ffff8880282e4880 RSI: ffffffff815a50e6 RDI: 0000000000000001 [ 101.014287][ T8694] RBP: ffffffff8ecbee20 R08: 0000000000000001 R09: 0000000000000000 [ 101.016320][ T8694] R10: 0000000000000000 R11: 0000000000000005 R12: ffffffff8bcf96a0 [ 101.018343][ T8694] R13: 0000000000000000 R14: ffffffff8bcf95c0 R15: 0000000000000004 [ 101.020375][ T8694] ? __warn_printk+0x199/0x350 [ 101.021626][ T8694] ? __warn_printk+0x1a6/0x350 [ 101.022869][ T8694] remove_files+0x96/0x1c0 [ 101.024013][ T8694] sysfs_remove_group+0x8b/0x180 [ 101.025275][ T8694] sysfs_remove_groups+0x60/0xa0 [ 101.026590][ T8694] __kobject_del+0x89/0x1f0 [ 101.027775][ T8694] kobject_del+0x3f/0x60 [ 101.028889][ T8694] blk_mq_sysfs_unregister_hctxs+0x258/0x2d0 [ 101.030457][ T8694] ? __pfx_blk_mq_sysfs_unregister_hctxs+0x10/0x10 [ 101.032126][ T8694] ? __pfx_blk_mq_debugfs_unregister_hctxs+0x10/0x10 [ 101.033852][ T8694] ? __blk_mq_unfreeze_queue+0x161/0x210 [ 101.035315][ T8694] __blk_mq_update_nr_hw_queues+0x93f/0x14e0 [ 101.036862][ T8694] ? __mutex_trylock_common+0xea/0x250 [ 101.038279][ T8694] ? __pfx___mutex_trylock_common+0x10/0x10 [ 101.039797][ T8694] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 101.041262][ T8694] ? rcu_is_watching+0x12/0xc0 [ 101.042509][ T8694] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 101.044166][ T8694] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 101.045646][ T8694] ? __pfx___mutex_lock+0x10/0x10 [ 101.046925][ T8694] ? lockdep_hardirqs_on+0x7c/0x110 [ 101.048225][ T8694] ? __mutex_lock+0x1cc/0xa60 [ 101.049399][ T8694] ? nbd_ioctl+0x151/0xfd0 [ 101.050544][ T8694] ? __pfx___mutex_lock+0x10/0x10 [ 101.051856][ T8694] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 101.053283][ T8694] nbd_start_device+0x15b/0xd70 [ 101.054550][ T8694] ? bpf_lsm_capable+0x9/0x10 [ 101.055795][ T8694] nbd_ioctl+0x21a/0xfd0 [ 101.056903][ T8694] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 101.058581][ T8694] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 101.060254][ T8694] ? __pfx_nbd_ioctl+0x10/0x10 [ 101.061492][ T8694] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 101.063240][ T8694] ? __pfx_lock_release+0x10/0x10 [ 101.064496][ T8694] ? __pfx_nbd_ioctl+0x10/0x10 [ 101.065739][ T8694] blkdev_ioctl+0x276/0x6d0 [ 101.066922][ T8694] ? __pfx_blkdev_ioctl+0x10/0x10 [ 101.068232][ T8694] ? selinux_file_ioctl+0x180/0x270 [ 101.069583][ T8694] ? selinux_file_ioctl+0xb4/0x270 [ 101.070910][ T8694] ? __pfx_blkdev_ioctl+0x10/0x10 [ 101.072152][ T8694] __x64_sys_ioctl+0x190/0x200 [ 101.073337][ T8694] do_syscall_64+0xcd/0x250 [ 101.074441][ T8694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.076000][ T8694] RIP: 0033:0x7fd12eb85d29 [ 101.077167][ T8694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.082113][ T8694] RSP: 002b:00007fd12c9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.084263][ T8694] RAX: ffffffffffffffda RBX: 00007fd12ed76080 RCX: 00007fd12eb85d29 [ 101.086250][ T8694] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 101.088258][ T8694] RBP: 00007fd12c9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 101.090291][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 101.092321][ T8694] R13: 0000000000000000 R14: 00007fd12ed76080 R15: 00007ffeb9958d38 [ 101.094391][ T8694] [ 101.095632][ T8694] Kernel Offset: disabled [ 101.096766][ T8694] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:02:15 Registers: info registers vcpu 0 CPU#0 RAX=000000000011fb45 RBX=0000000000000000 RCX=ffffffff8b29c759 RDX=0000000000000000 RSI=ffffffff8b6cd860 RDI=ffffffff8bd1eca0 RBP=fffffbfff1bd2ef8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed100d4c6fed R10=ffff88806a637f6b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de977c0 R14=ffffffff905f3650 R15=0000000000000000 RIP=ffffffff8b29db3f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3d9d18 CR3=00000000344ea000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c1fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556d5edcf0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556d5e719d 000055556d5e6ed0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556d5e2986 000055556d5e27f0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7665642f01ffffff ffffffffffed080d 8003180800061000 20100006005bc60e ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300080004900303 ffffffff04048003 03ffffffff0405b9 f008000100000408 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 0106020000005802 a608058003058004 18800318800404a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5911aa8c46000c00 000000307a797300 0200090000000700 0100050000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d2c70693a687361 6800030011000000 0000040005000000 0152cb3decfdbe65 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100004800401 0000000806060147 94068180080004e0 0300100004d00300 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 100004c003021000 04b00301b0100018 9003000000000000 98454f011b36ff47 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f73587051be0a97f 2b0ae49ee7635e1c 005ebc7f36452c38 f1a9ddd2909a7cf0 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 770655ea679c5c00 00000a0005000500 0000006b72616d2c 70693a6873616800 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff851bc960 RDI=ffffffff9ab0fbe0 RBP=ffffffff9ab0fba0 RSP=ffffc900038ff1b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000009 R12=0000000000000000 R13=ffffffff9ab0fba0 R14=ffffffff9ab0fbf0 R15=0000000000000077 RIP=ffffffff851bc987 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd12c9f66c0 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c30136c CR3=000000004fb4e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a3a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a47 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a41 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a55 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002adb ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002bb9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e314b488 00007fa1e314b480 00007fa1e314b478 00007fa1e314b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3cad100 00007fa1e314b440 00007fa1e314b458 00007fa1e314b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e314b498 00007fa1e314b490 00007fa1e314b488 00007fa1e314b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000080 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000b1d19 RBX=0000000000000002 RCX=ffffffff8b29c759 RDX=0000000000000000 RSI=ffffffff8b6cd860 RDI=ffffffff8bd1eca0 RBP=ffffed1003ad4000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d506fed R10=ffff88806a837f6b R11=0000000000000000 R12=0000000000000002 R13=ffff88801d6a0000 R14=ffffffff905f3650 R15=0000000000000000 RIP=ffffffff8b29db3f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fa1e3177bac CR3=000000000df7e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe956e4da0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a3a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a47 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a41 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002a55 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002adb ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa1e3002bb9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000080 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000080 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000c7167 RBX=0000000000000003 RCX=ffffffff8b29c759 RDX=0000000000000000 RSI=ffffffff8b6cd860 RDI=ffffffff8bd1eca0 RBP=ffffed1003ad4488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d526fed R10=ffff88806a937f6b R11=0000000000000000 R12=0000000000000003 R13=ffff88801d6a2440 R14=ffffffff905f3650 R15=0000000000000000 RIP=ffffffff8b29db3f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000200019c0 CR3=00000000288f4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=9df2c45ae03b78ff 2282d14b2d6cb297 9df2c45ae03b78ff 2282d14b2d6cb297 9df2c45ae03b78ff 2282d14b2d6cb297 9df2c45ae03b78ff 2282d14b2d6cb297 ZMM18=9fe1eb198d5dd5fe 86fb8347ade050d8 9fe1eb198d5dd5fe 86fb8347ade050d8 9fe1eb198d5dd5fe 86fb8347ade050d8 9fe1eb198d5dd5fe 86fb8347ade050d8 ZMM19=4906000000000000 0000000000000005 4906000000000000 0000000000000004 4906000000000000 0000000000000003 4906000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=2282d14b2282d14b 2282d14b2282d14b 2282d14b2282d14b 2282d14b2282d14b 2282d14b2282d14b 2282d14b2282d14b 2282d14b2282d14b 2282d14b2282d14b ZMM22=e03b78ffe03b78ff e03b78ffe03b78ff e03b78ffe03b78ff e03b78ffe03b78ff e03b78ffe03b78ff e03b78ffe03b78ff e03b78ffe03b78ff e03b78ffe03b78ff ZMM23=9df2c45a9df2c45a 9df2c45a9df2c45a 9df2c45a9df2c45a 9df2c45a9df2c45a 9df2c45a9df2c45a 9df2c45a9df2c45a 9df2c45a9df2c45a 9df2c45a9df2c45a ZMM24=ade050d8ade050d8 ade050d8ade050d8 ade050d8ade050d8 ade050d8ade050d8 ade050d8ade050d8 ade050d8ade050d8 ade050d8ade050d8 ade050d8ade050d8 ZMM25=86fb834786fb8347 86fb834786fb8347 86fb834786fb8347 86fb834786fb8347 86fb834786fb8347 86fb834786fb8347 86fb834786fb8347 86fb834786fb8347 ZMM26=8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe 8d5dd5fe8d5dd5fe ZMM27=9fe1eb199fe1eb19 9fe1eb199fe1eb19 9fe1eb199fe1eb19 9fe1eb199fe1eb19 9fe1eb199fe1eb19 9fe1eb199fe1eb19 9fe1eb199fe1eb19 9fe1eb199fe1eb19 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=4806000048060000 4806000048060000 4806000048060000 4806000048060000 4806000048060000 4806000048060000 4806000048060000 4806000048060000