last executing test programs: 27.020144233s ago: executing program 2 (id=1147): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SG_BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0xc, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001340)=""/102378, 0x7706c522012798af) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write$FUSE_INIT(r1, &(0x7f0000000340)={0x50}, 0x50) vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x500) fcntl$setpipe(r1, 0x407, 0x2000000) 21.594054276s ago: executing program 0 (id=1170): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x700, 0x1, &(0x7f0000000180)=[r1], &(0x7f00000000c0)=[0x2], 0x0, 0x0}) 21.391081269s ago: executing program 0 (id=1171): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) r2 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r3, &(0x7f0000000000)={0xa0000001}) epoll_wait(r6, &(0x7f0000000200)=[{}, {}], 0x2, 0xe1) r7 = getpid() process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000006180)=""/143, 0x8f}], 0x2, &(0x7f0000008640)=[{&(0x7f00000004c0)=""/109, 0x6d}], 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x3c, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000002a0009000026ffff58dc28250900002c"], 0x14}, 0x1, 0x3000000}, 0x4) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r8, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="280000002c0001"], 0x28}], 0x1}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x28, 0x5, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@newtfilter={0x24, 0x2e, 0x205, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x24}}, 0x0) sendmsg$kcm(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r8, {0x2, 0x4e22, @loopback}, 0x0, 0x3}}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)="1cfd5aacb6b937165ed822030dcde15aa1280d48b95af1d1da5994ec4c2a0d23c24faaeb50a3e66bb1822b61bbb01bc6ba9c0451f934ec4c4e659bd8bbf6c7d76a107a88452831ff5d8c792b78d27fc007fba7efa79e00c448dc849acd5f75d70438eeef40f9145ceb2ca0db7e9e95e8933e09b009d99658395ecf2759b0a115dc904b43a36ccee2255e110fcd74ad", 0x8f}, {&(0x7f0000000180)="1d289187e61aca9e597c2294955c17c77dc9eecbee1d5b90423cf3255caa236f012f2ee1a8a0739654bb21494791bf16924f0562a71a27968b7a825322348665437d32cea0bbea357a6a54fc3f6e2e8d95da41438ddb898237df40babcde4521e3a8ab8969d7d05962d4cfcdb53987a7f3b70d5a936d7983f9c274d29e4464df2d84cf9b96180cb298a6f2e5b449e9a1c7e50c6884360ae12c54451038accc336ff503a491d1411909db03c68f411b038c5fa126932e9c38ffd9b367b0c0790f5ddce72b865f42d723c0f261a6618784d9d5a17832b0c4fcf28b5ed131e9d7b761e0f7373a7320", 0xe7}, {&(0x7f0000000280)="ca3d8759fda486780a228a0e1ebc241d8b9fd0e717e10654918347eff11651a2089cbe8478024628bdd000c7e655e196cea302c547789e8c66fe3c0b4c8fb126", 0x40}, {&(0x7f0000000640)="1be316cde88762e553a053bffad7b212ed736c2384e78aac4bed8350d2417b43af61f57bd2ed5fc539ec775a5354b5201a189585a36e2e93d1a68c16e0b5cd1151dda17475c518ed5c36f596eaa41f653d1c91ebab7ccbf00fa99d790fcc1dbb346749cd8ec9ba7b2ad5a45ffd9b3faf856b57a75064d16dfa65261c7e6866d7086e4bb341246fdffd1dc623c88f9f3604d0751c22354d72f33d634f41eb83f6ccbdd3bb13951f41e53865db318dd4bc488a95cd922f92490c0a58e93fb66bf4f43981a3b283dea2ebf54b596cf0e50341f501f57facf66fd974ba95df1353773af8926a4c7cc382a47b6a41ca74885dc67f20f1eec6bd9548a36af0aef6437b06fd3667de857a5b2738ed6a30c4730f495aecc7d7c11dba1fb26f7b18aa78c8ef7ebeb0c6f0b56dd1aaff921d46efef4c977e1e0c5ad37a90d846f47ce8ea1237e2955e746e5c4cee62e9c80906127834c1ded1a3576eb861f38bb1b733ebb12454aee0f00e23e517a63518fc63ee524299abc7ff5c697566604f0eb3fadaaddd120132e993f1adf77d9c055d3825451d2952f35ecb8d46af577f9bf39645d9bdabc42d297dc9baec773726c4138ac85baceb578aaf2c374e97d10bcd17421da5ea527ad9fab4c953ee36ad2e4fee18c128a877a65614b0e304ff275c327f261e44826097a540250b1174944847c313f049566e52770323c57c9f2a332b1be9e54a58f59266f96e594496f64e80282c52be5f165f15bfee7b1fea2d356d4ccc0ceee065d1fa4c2cd9dbd68d06b77a60dfd08413424a38a45ee7fba19bba0573684edda7dbdd5b9b60e5b9ddc320eab059b08021c573aa68987e1310a630bb2d5b4b8fc658063dc159b4b285886a46d824917732c87bba6fd39af6075978a69eb338157eb45f22a262debaa263681af4c67298a4a01726c35384937dbb2a497623be9ec7b977b9ea7da5ed693f12fb82f54f9770aaf56dd8638af147f2e1cfbe30a57a7a21442b570df3f6cea70dc6c789fd91a2dfaa68af2e7a0ab5159527f6860ddbea9b163611cdaa28c7b6fc6984f79461a496e41833636f60b57fcc3e90d0c405690471b9e95c2a57d1b808e863747a17eb2525af0678b22dd5acba751d66d461119a3eb8abe4c778571d1b708ec20de36011c86925a09371b6a15a2fb559723bd09005cddc20c929c6152318cbf28840cb6d9973a33ecbd668d3069bf1ad90185ea740ced2a185e843d51a4005884812668876c05c73c92fca3001323556e3413d237ee88b19d22d134e4967f335325622d987d9b27aa8d3378b4e7b52d75bd10c12fd6315253d4c9d83cda37e38028f421f28301add0856a49d2bc320d6a430877ecddb857e99a3eeaae0331258db6c7ad78bba91b85c02aac881bba4d98b2f7a35d158602ccb8068ed3adb4420d8013ab5295ce6684d461b5efbd52630bcc28b225f9e04ab9a9524c90a94993cbc1c8f1931a907802d3625e8fa258e4dc6f5f1e6daee03f4af5f5c259ad236450e4b0868aeee9cafe4eed58a9d428fd3456e7a0551ee75361427b9fd656d1fffafe08d4894299259c0f35df1310dfd164b7dd3326708cde8d5c124e8fc33eeaf0ca77874672e4af28bb21eb021e74cf368ade461d5a39a374a563682aa621205dbf683875b2347731574c8ce53bccf4213d9310034223a983485965775fed402577d967fbd65fc93384df3ce3ffafecac7c9e8485ce989ce8f8ddf0fe303e8b24dd7f902383dae2074a0fd66517fe74a6e5920d9f92e1c6f73ff6513e3768116722fcf925c94abe4c0483b9237b1fe02bfa0bbb16e13d98b56b7862d5a7ecb76c72c6c808f37028f9ce1870598c9c43eb6363ed44488b6fa77fcdd33aec2af8bdf69d49c4e891d7eff6574f24c91594421f9e61e9ec0bc46d7aba5d1f3213a2434ea045f1e8551e497c9a7853bf53ee40419e5ff017d85bdb191ac65da9482782d36a3f8e16d817f16ab6edf5d199ac2111e41b62c1213126ae3d03921afa95ad7c9beadcafa432da900f890b160bb8441ab8689543843109cdb89ece61eaf5882de47cb73d761066f9c599df367ac651bb624d64e9007817b7c220e0e448247dd2e525f09b85d52fe59bee141185acbf38bfb77ebc356814d88ee46ce45b51aa09032a8b3aca9c442aa8bb48e354edde87e42ccf671b9e8315ecb0836b6e9009201bfe3e188f0e2e2fb54b1f17a5570a64faa3a5b15b69b328a8c6839ab21a0aa300dc98ed54013fc21c55fee529c3aba599ea5f4afb6e8fe6753aecd90b132455cae107b8429098df20aa0a71a52f6e6bf0c63fd2330ec79bb93b21ad431fa00943216a809fdb3f3d679a68b68e2486d1f1c7de7e56231df72d008b1945ea90e1986f0a5c8c1f7013f6d6d7bb182eec951cf109b4031585562fd5dfed15f6a65cff31ab3e7910404f9cdbbfae434fbd55510aed340c037c7938455d1e216b90d932b8c05998292349a2d43f55b37ebf4c18f2702a3f0a8a935dc6943541e35c17712579a32366cf5165742029e87c8f3d29067cbee45dd4ad80201b36338a55a7efe0032f205f135242c0a033480b1c97b4a1bcd6b577f70c10a38b5da2ca248a051e27709352a3c2ff1dee721f590facb0a07f7aa45b4136235a8d66f690e6a8aecfb39a093763139fa8a5fcc9371d2010d1d2355107fc01420641f72901922533f9b9b00b2cdcd01c12c7bde13e8313e68769f5f0375b0d10928693af4c1b141bb6b060463629653651d9a0ad880a2f53824b0620f99a3a611608fb5d5b6d9cdb0ed95ec24c821fde839523cb564834acef59839a44295b05ea74f7c5c6232794ef21b55c0d6e23673e16e6ba527d74f4a579e18abec7505d34ef39eb50eb4b36e5a2246d199a8a1c68dc9ffd860e148016790de42d3477f023e61b2f609a73a9e043e2df4b479a476f5685fc9535c7f554d903974816e57323b4f857c5ddf1bda53d42bbd56d92ea34c510fa5202e44173ca6ce8b83b32b75c0239d3b95202d74beb3a06f875e9e16c3de244c518dac57e26df288c4d4fd41304149cd257292e4efa61337f27a15c512de74e33768cc8e9ab0519ce5585a69fbd79d7fbe193e08f74ce07200977530f87b0575af1b50e7b01abced61cae90232ad4c3d1edc5005b3a9d96c9d8cad47b87be1acbc76e531ae10c6d89e84b4b0020d8436b6f8b66177fe96ed98190f57e91031c5c9824ef635d77e869f49b23e2476cd14b3415d3fef206010ac2ce3724f00758d7f6083c4099a539e27fca6fec45f296a3d2fd563b44e22e247cc143afc2296adcc5fb7e97245fe64bc48fdf947d87e18d6e6870b5ae612cca91b9b9b27968771701f6f43ddf7c4d3678bb597e7a06f456797419bb16edd3a80990a6e785eaa652e68b19440acf87dba60609fca2616caa7d08cad8ad472e4bee901074465c2fa97a1bdadb15bfd93a7b4844e7bed0b172bd7baaf06a4e67cd8144938511ccc2d798a2346ffa291948563cc1e0668e514df39074c2050ae331f9ac47462ff41bd0f1fea6d2809b9592db1ad12662a0bface10b581cdafc393a69f46e12be1216c67f5612d01d6020b9d692337c02405f3770b3ebafd3a3ae01cf3aed0d82f4e4db6a97a82f05230fab4533d430105d52c664c117159f6bf1cc025e4df5100148eee88fecafceef36577f82bbc89797ff8df45ada905c706d547f2bbdf68b37da6f02530dfaa7392ff42aeeeea8ec64c9626248ec96523c95e7b08514360e678d027b099a82c8fb1b082009c48cf2a55b30c6906b6d26da1adf75ed6560829ef6a272625d93dc449f353161b3c57cae120dab27b1182dc19546cd557d09f8b932b456feef656d42f692f048a095bee57624ea6fee2f9a01119f3247a8ffd2bb437a18c91eab913d972081cdcf5b5abcc672fa104da133c40abd34277c0f1db0d43639b9e4f321e4ba8ec010941b8c961df85a6fd5879e14803a213991cb3c699b40ec7f2eed5ba289baa06f5e17d246c6d2a07ae2d2bcabecd86619af5bee2b192a24c7ec08220cf5da175d5e7edd537cb86a4ea75c992db8b7f864f15cdbb3e497b2e3be381834da51efa31e05536c730e84d6420000b843e2c25203dea0454cbf6aae89864b9c1f15a220716a28a50b6fffc144df74e72f97d973a996a65d72113c45278fbd1d25df5f4571e2e8642c651ae3280c05090f20eeeb243d3de3c523f49f6580846b080df226d3e710fd1fbc3860ba065330fb00239720268055486caff3a3e8ef21ecb7954c444b614f55c072d391bbf2bf8985b0924215b78a66308ed4fb53511d0e85f5891f2adfcf2391a1d4ba4f4189a24bd35395a5d84f6da69a9ecfcfa0b76ce666f31a08498da79ed1614133e83ed47366f7a57e0bfe27c8d1575d737e423eb7f34740120cadd80a258cd4b6f45b476fde75601c90e419fc0e8d1eb4bcb9e78f4a2be1039d2aeb554b9e9381dbb646a99ccca0a10a4847eda62cf5572300538926a692243bf30ba18081b428e23d581163f025816b7183e3ffdc7103beab3eaf1a853c412ea5eb667c16e574002a71950b1d4c0d1ac2d32eb818eddf45250d3a0fcd9400a1f746276ce135b7cd2a42c893166cd24e9dff8ab5c2f373017e491b09f82412dbeb960efd1b60dac2f9f152a50abcc6ea67e1c832d0777df081e4bae77457bec3d98811684fed1924e653cbeb729307e402837a80914a1782481ca29473f9549b5e74480688be69d0c2469f3e1fe2ecc38cf7b057e00cd2717f6f56313643003ac26121e91ef89147790f62ef6f465dc2e0d401c40a8ff6abbeea07706290eca2aeec745bd404bcd93cf418b8ebe71d7d386bd7d47a7bef246570e708ead472f7d11ae858890fb1f31fe8c9a2c5f2805f452d30696c99d625e8177f7ec27ef2d4d839fe3297290a31775327141be21805133d9e5a3a4efdb8da7c51381912af699dc157f50a28fe878917df9c13ac3455eeb6b0d5f6677143dc3ff4e9147095875a0def4c0aa2686a2106128eb39eda704e0cd24424ab1df7f8d950a816ed953b06ccfcbb5adc8c870fa2d3a61bb195a288fd8ca0cdd071842cf455f2bf59a3f4f3bebbeb4aa79d588d484049b4aa89b9d3bb144bba71ad8bbd89dbdb726b542c195d7a93f9abff81fb052ff8834c0a8aa102eff6d47259ae460f04fbfe9a161ce67285e67e49c1805e0abd6b1608692c105577032ba3b56446235b0bd2e420ab14c74d3915be642e08d8e7eebe68d0711f99ec3fa60c7df421d7ec00e2d80f2e275f42bd4e238e316d47e5e4deef0fe6fec4387b415be5c418f69d52f51f8f42f068893cedcc2ab3ff74191dd8ba1ce7a17b7784fa515c0edb023e762e37e837519037428a1f59aeabfda3e50e95ec170b4dfdcbcd0e610398d020a7caf4bd705bb478e939a8ab38698dd46de423f8580e257515a93a11b18449b2a13a1c538ce8b06a6de6859d9bd6e5876c5f91a831e47e748edebda91ba19842486dd776655fd2b83fac9534a78d002ed6883945bc1de1804b1b679c8176b5eca450321fd402b27b3fd3fd97300211ea778f068e28906103272095dc099cf09f31646aa3c790586bffc1858487aad5517aeecfa7bd92d52f3d45e82fe39d6f1a2e31bea3a2d231730b383753e70394c74b57309ae00239134d3d34df4d1b74b84875bb91bed363201c7ffe3512b821bf794a128cb7aec83cf3a8dcf08034e68cf3f25ba1ee0299d3f084ac446be794a50468ae872d549209a3dc603531b61b6c7654017ab440f97084f4d73fd866cfe43c89d2f9c0adfa0", 0x1000}, {&(0x7f0000000340)="75175b4cac5fd80939d8629662a7f3e97b1aad953d5c64d6e624233a98650c557c979dbcbde9bece519023fd3ca7f213717da21b42705d73847c4622226ecdaca8d2d70eda845b42d744c790aacdb2797eeac244a5c0855e5d498c18f6349004571c434580499d122fb71d75c5c4dcecdee5951ed4a53dbee147782b4a416616f113", 0x82}, {&(0x7f0000000400)="0d3d642ebc10b1d6918d9457a2ae8bd579d6a3c3944b5c228577d81e599f60880b5e56d4d8162981f81970eb52d47d8dfde50eee7a2144a765bc035527b46132d926d7abda18efc0142a20cfb09692cc53b6cd2ccc187fed98a0cf2a07643c3a587dc77dcbe7c975f47d76", 0x6b}, {&(0x7f00000002c0)="9ac004b6563f869888964b1e0da9b58cf0422d95c0925ea392726fc7f52eb50f9cde8aea79d7b3", 0x27}, {&(0x7f0000000480)="b14d08a968cad17c9f40e25a5c3d", 0xe}], 0x8, &(0x7f0000000540)=[{0x18, 0x0, 0x2f64bb0f, "daf878"}, {0x60, 0x0, 0x5, "8a378eb1b50858602f6bb554b9c69bc858271fe205605494972e5e6eb8614b972cd593bfd49ce9de148b9bbc4642b7964efe05bdb2b0b77d98ff1a435a82b5253745a3af440aba606ae4"}], 0x78}, 0x20000000) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)}, 0x0) 19.910123275s ago: executing program 0 (id=1175): unshare(0x28000600) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r0) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="230400000000000000000300000014000100fc01002300"/34], 0x28}}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x20, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) accept4$ax25(r3, 0x0, &(0x7f0000000040), 0x80000) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x12) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000380), 0x40, 0x0) r5 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x567, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x28}}, 0x0) r8 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETNODEID(r8, 0x89e1, 0x0) socket$nl_route(0x10, 0x3, 0x0) 19.724900668s ago: executing program 0 (id=1176): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/124, 0x7c}], 0x1, 0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f00000000c0)) 19.175924579s ago: executing program 0 (id=1185): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f00000000c0)) 19.044569662s ago: executing program 0 (id=1178): socket$vsock_stream(0x28, 0x1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x0, &(0x7f0000006680)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1899c2, 0x9a) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in6=@ipv4={""/10, ""/2, @broadcast}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@local}}, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect(r2, &(0x7f0000000140)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x4, @mcast2, 0x5}}, 0x80) setuid(r1) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000040)={@remote, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x50}}, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f00000000c0)={0x2b2}) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00'}, 0x18) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x1e9000, 0x0, 0x200000006c832, 0xffffffffffffffff, 0x0) 18.647306989s ago: executing program 1 (id=1179): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x400, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x7f, &(0x7f0000000000)="02000000008002ff", 0x8) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, 0x0}) r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020662a, &(0x7f0000000240)={0x6, 0xffffffff000, 0x1, 0xffffffff, 0x4924924924922ca, [{0x2, 0x800, 0x101, '\x00', 0x200}, {0x100000000, 0xffffffffffff650e, 0x8a, '\x00', 0x2000}, {0xd, 0x6, 0x5, '\x00', 0x80}, {0x5, 0x95a, 0x400, '\x00', 0x1a03}, {0x1000, 0x7, 0x6}, {0x4, 0x8}, {0x3de4, 0x3ff, 0xfffffffffffffff2, '\x00', 0x988}, {0x7ff, 0x1ff, 0xfffffffffffffff7, '\x00', 0x80}, {0xf4db, 0x1, 0x200, '\x00', 0xa06}, {0xfffffffffffffffc, 0x6, 0xe, '\x00', 0x1002}]}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {}, {0x0, 0x9}}}, 0x24}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000008000008000f", 0x1f) r5 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) r6 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r6, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24) sendmmsg(r6, &(0x7f0000000680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000010000002400000000000000"], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x2, 0xfffe) 18.313835681s ago: executing program 1 (id=1180): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0xffff1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f0000000040)={0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000200000000000000ac14140000002300000000000000000000000000000000000a"], 0xb8}}, 0x4040080) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="ec000000210001000000000000000000ac1ee100000000002000000000000000403403f438bd9e28000000000000000000000000000000000a0000edffffff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011"], 0xec}}, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x10007fffffff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) r4 = open(0x0, 0x2, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0) openat(r4, 0x0, 0x20942, 0x0) socket$kcm(0x11, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r4, 0x58, &(0x7f0000000440)}, 0x10) mkdir(&(0x7f0000000600)='./file1\x00', 0x0) mount(&(0x7f00000009c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a00)='./file1\x00', 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) 18.122009184s ago: executing program 1 (id=1181): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x484, 0x65, 0x0, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffe0, 0x6}}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x43c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x37c, 0x6, [@m_connmark={0x168, 0x16, 0x0, 0x0, {{0xd}, {0x90, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x6, 0x20000000, 0x0, 0x2}, 0xfc00}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x101, 0x3, 0x0, 0x9, 0x80}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3ff, 0x0, 0x0, 0x6, 0x24}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x6, 0x0, 0xffffffffffffffff, 0x4, 0x100}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xa730, 0xfffffffb, 0x0, 0x7}}}]}, {0xa9, 0x6, "42012121cc9fbfe2407e02831c5ab0401ce076f76dab7bb6ae0a64154ae71554ba2ae0d8df2a4612ca446b0a5376b11c0dfcd0925ccc92b99fd4bd28ed20670675302955e2e004913edef6cf51a45329dc362c92e4346a7b2b6d38b7b9be61b2c971c007fd0d7c179286ea79cab9015fa32d7f163dcfd23b1a7501ccc936f04b0c6ffcee1637c651070a2a30b88a7f6bd55b9607eade4c41946fe2891559fb15e0575a80e5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0x98, 0x1a, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x708b, 0x8494, 0x7, 0x1, 0xf}, @multicast1, @multicast1, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xcf59, 0x9, 0x1, 0xff, 0x8}, @private=0xa010100, @private=0xa010101, 0xffffffff, 0x1}}]}, {0x1d, 0x6, "6bde160313c9196616ebf42e69c109a47d9dfb3746f1319249"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x5}}}}, @m_skbedit={0x38, 0x13, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x5, 0x101}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_gact={0x140, 0x19, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x385, 0x10000000}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x23fc, 0x5}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x2298, 0x5}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d5, 0x5}}]}, {0xe3, 0x6, "e465cbac503b2aa89a08d8f3e18e8adcf9874619697472960dda9a9386804c3a931659be9b934ccf3e8e328bf503fb5cc9f015200e1dfcb325f53c43702a1043c3fb90117c4a2095e9c7982e5bdda6f4c3492483e8a1b6fdb2d1047050ee7131bf26d3e1419836bfb7edfdbf222719d003add865b6717c358069497064a94dbd90aa6cd1a3bd9c6e8bc4248897913543c42f23697d3be146ce4655374fb7e7b92690738c5a5b5c11cc537774971763df98cfc01ff9181dce5775804e9025e2c9854e14b84b7e4c4b5da61cfd43c848d4bc89970e415d40c54a257375515be9"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}, @TCA_ROUTE4_ACT={0xac, 0x6, [@m_ife={0x74, 0xb, 0x0, 0x0, {{0x8}, {0x4c, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @broadcast}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}, @TCA_IFE_SMAC={0xa, 0x4, @random="03413659759d"}, @TCA_IFE_SMAC={0xa}, @TCA_IFE_DMAC={0xa}, @TCA_IFE_SMAC={0xa, 0x4, @local}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_connmark={0x34, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x484}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x28, 0x1, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f0000000b574e69392bf85edacab3"], 0x0}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSFLAG(r5, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r5, 0xc018480b, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x2, 0x0) epoll_create1(0x0) pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 12.407816784s ago: executing program 2 (id=1182): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e0bb24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{}], 0x8, 0x6b, &(0x7f0000002e00), &(0x7f0000000000), 0x8, 0x0, 0x8, 0x3f, 0x0}}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000013c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x5d8, 0x3f0, 0x210, 0x118, 0x300, 0x210, 0x508, 0x508, 0x508, 0x508, 0x508, 0x6, &(0x7f0000000140), {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, [0xffffffff, 0x0, 0xff000000, 0xffffffff], [0xffffff00, 0xffffffff, 0x0, 0xff000000], 'pimreg\x00', 'wlan0\x00', {0xff}, {0xff}, 0x4, 0xd, 0x1, 0x24}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@multicast2, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x12, 0x1c, 0x4}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x8, 0xd}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0xff, 0xff, 0xffffff00], [0xff, 0x0, 0xffffff00, 0xffffff00], 'veth1_to_bond\x00', 'team0\x00', {}, {0xff}, 0x87, 0x4b, 0x1, 0x5a}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@multicast1, @ipv6=@rand_addr=' \x01\x00', 0x24, 0x34, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4=@local, 0x2, 0x3a}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@ipv6header={{0x28}, {0x68, 0x54}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@multicast2, @ipv4=@loopback, 0x11, 0x7, 0xd}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x638) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0x66, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd48, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 12.405549458s ago: executing program 1 (id=1191): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x647c14fe, 0x2c0000) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) dup3(r1, r0, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r3 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0) ioctl$VIDIOC_DQEVENT(r3, 0x80885659, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000040)={0x3, 0x980914, 0x3}) 12.315475101s ago: executing program 2 (id=1183): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f96024fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe0500000000000000000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000002400), 0x20000, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$IOMMU_HWPT_ALLOC$TEST(r3, 0x3b89, &(0x7f00000025c0)={0x28, 0x4, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000002580)}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x5) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) creat(&(0x7f0000000440)='./file0\x00', 0x0) r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000040)) read$dsp(r5, &(0x7f0000000440)=""/171, 0xab) r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x400000000000000, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000000)={0xf0f026, 0x8d}) link(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)='./file1\x00') mount(&(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='ocfs2\x00', 0x0, &(0x7f0000000340)='\x00') 12.314834361s ago: executing program 1 (id=1184): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) r2 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r3, &(0x7f0000000000)={0xa0000001}) epoll_wait(r6, &(0x7f0000000200)=[{}, {}], 0x2, 0xe1) r7 = getpid() process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000006180)=""/143, 0x8f}], 0x2, &(0x7f0000008640)=[{&(0x7f00000004c0)=""/109, 0x6d}], 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x3c, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000002a0009000026ffff58dc28250900002c"], 0x14}, 0x1, 0x3000000}, 0x4) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r8, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="280000002c0001"], 0x28}], 0x1}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x28, 0x5, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@newtfilter={0x24, 0x2e, 0x205, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x24}}, 0x0) sendmsg$kcm(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r8, {0x2, 0x4e22, @loopback}, 0x0, 0x3}}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)="1cfd5aacb6b937165ed822030dcde15aa1280d48b95af1d1da5994ec4c2a0d23c24faaeb50a3e66bb1822b61bbb01bc6ba9c0451f934ec4c4e659bd8bbf6c7d76a107a88452831ff5d8c792b78d27fc007fba7efa79e00c448dc849acd5f75d70438eeef40f9145ceb2ca0db7e9e95e8933e09b009d99658395ecf2759b0a115dc904b43a36ccee2255e110fcd74ad", 0x8f}, {&(0x7f0000000180)="1d289187e61aca9e597c2294955c17c77dc9eecbee1d5b90423cf3255caa236f012f2ee1a8a0739654bb21494791bf16924f0562a71a27968b7a825322348665437d32cea0bbea357a6a54fc3f6e2e8d95da41438ddb898237df40babcde4521e3a8ab8969d7d05962d4cfcdb53987a7f3b70d5a936d7983f9c274d29e4464df2d84cf9b96180cb298a6f2e5b449e9a1c7e50c6884360ae12c54451038accc336ff503a491d1411909db03c68f411b038c5fa126932e9c38ffd9b367b0c0790f5ddce72b865f42d723c0f261a6618784d9d5a17832b0c4fcf28b5ed131e9d7b761e0f7373a7320", 0xe7}, {&(0x7f0000000280)="ca3d8759fda486780a228a0e1ebc241d8b9fd0e717e10654918347eff11651a2089cbe8478024628bdd000c7e655e196cea302c547789e8c66fe3c0b4c8fb126", 0x40}, {&(0x7f0000000640)="1be316cde88762e553a053bffad7b212ed736c2384e78aac4bed8350d2417b43af61f57bd2ed5fc539ec775a5354b5201a189585a36e2e93d1a68c16e0b5cd1151dda17475c518ed5c36f596eaa41f653d1c91ebab7ccbf00fa99d790fcc1dbb346749cd8ec9ba7b2ad5a45ffd9b3faf856b57a75064d16dfa65261c7e6866d7086e4bb341246fdffd1dc623c88f9f3604d0751c22354d72f33d634f41eb83f6ccbdd3bb13951f41e53865db318dd4bc488a95cd922f92490c0a58e93fb66bf4f43981a3b283dea2ebf54b596cf0e50341f501f57facf66fd974ba95df1353773af8926a4c7cc382a47b6a41ca74885dc67f20f1eec6bd9548a36af0aef6437b06fd3667de857a5b2738ed6a30c4730f495aecc7d7c11dba1fb26f7b18aa78c8ef7ebeb0c6f0b56dd1aaff921d46efef4c977e1e0c5ad37a90d846f47ce8ea1237e2955e746e5c4cee62e9c80906127834c1ded1a3576eb861f38bb1b733ebb12454aee0f00e23e517a63518fc63ee524299abc7ff5c697566604f0eb3fadaaddd120132e993f1adf77d9c055d3825451d2952f35ecb8d46af577f9bf39645d9bdabc42d297dc9baec773726c4138ac85baceb578aaf2c374e97d10bcd17421da5ea527ad9fab4c953ee36ad2e4fee18c128a877a65614b0e304ff275c327f261e44826097a540250b1174944847c313f049566e52770323c57c9f2a332b1be9e54a58f59266f96e594496f64e80282c52be5f165f15bfee7b1fea2d356d4ccc0ceee065d1fa4c2cd9dbd68d06b77a60dfd08413424a38a45ee7fba19bba0573684edda7dbdd5b9b60e5b9ddc320eab059b08021c573aa68987e1310a630bb2d5b4b8fc658063dc159b4b285886a46d824917732c87bba6fd39af6075978a69eb338157eb45f22a262debaa263681af4c67298a4a01726c35384937dbb2a497623be9ec7b977b9ea7da5ed693f12fb82f54f9770aaf56dd8638af147f2e1cfbe30a57a7a21442b570df3f6cea70dc6c789fd91a2dfaa68af2e7a0ab5159527f6860ddbea9b163611cdaa28c7b6fc6984f79461a496e41833636f60b57fcc3e90d0c405690471b9e95c2a57d1b808e863747a17eb2525af0678b22dd5acba751d66d461119a3eb8abe4c778571d1b708ec20de36011c86925a09371b6a15a2fb559723bd09005cddc20c929c6152318cbf28840cb6d9973a33ecbd668d3069bf1ad90185ea740ced2a185e843d51a4005884812668876c05c73c92fca3001323556e3413d237ee88b19d22d134e4967f335325622d987d9b27aa8d3378b4e7b52d75bd10c12fd6315253d4c9d83cda37e38028f421f28301add0856a49d2bc320d6a430877ecddb857e99a3eeaae0331258db6c7ad78bba91b85c02aac881bba4d98b2f7a35d158602ccb8068ed3adb4420d8013ab5295ce6684d461b5efbd52630bcc28b225f9e04ab9a9524c90a94993cbc1c8f1931a907802d3625e8fa258e4dc6f5f1e6daee03f4af5f5c259ad236450e4b0868aeee9cafe4eed58a9d428fd3456e7a0551ee75361427b9fd656d1fffafe08d4894299259c0f35df1310dfd164b7dd3326708cde8d5c124e8fc33eeaf0ca77874672e4af28bb21eb021e74cf368ade461d5a39a374a563682aa621205dbf683875b2347731574c8ce53bccf4213d9310034223a983485965775fed402577d967fbd65fc93384df3ce3ffafecac7c9e8485ce989ce8f8ddf0fe303e8b24dd7f902383dae2074a0fd66517fe74a6e5920d9f92e1c6f73ff6513e3768116722fcf925c94abe4c0483b9237b1fe02bfa0bbb16e13d98b56b7862d5a7ecb76c72c6c808f37028f9ce1870598c9c43eb6363ed44488b6fa77fcdd33aec2af8bdf69d49c4e891d7eff6574f24c91594421f9e61e9ec0bc46d7aba5d1f3213a2434ea045f1e8551e497c9a7853bf53ee40419e5ff017d85bdb191ac65da9482782d36a3f8e16d817f16ab6edf5d199ac2111e41b62c1213126ae3d03921afa95ad7c9beadcafa432da900f890b160bb8441ab8689543843109cdb89ece61eaf5882de47cb73d761066f9c599df367ac651bb624d64e9007817b7c220e0e448247dd2e525f09b85d52fe59bee141185acbf38bfb77ebc356814d88ee46ce45b51aa09032a8b3aca9c442aa8bb48e354edde87e42ccf671b9e8315ecb0836b6e9009201bfe3e188f0e2e2fb54b1f17a5570a64faa3a5b15b69b328a8c6839ab21a0aa300dc98ed54013fc21c55fee529c3aba599ea5f4afb6e8fe6753aecd90b132455cae107b8429098df20aa0a71a52f6e6bf0c63fd2330ec79bb93b21ad431fa00943216a809fdb3f3d679a68b68e2486d1f1c7de7e56231df72d008b1945ea90e1986f0a5c8c1f7013f6d6d7bb182eec951cf109b4031585562fd5dfed15f6a65cff31ab3e7910404f9cdbbfae434fbd55510aed340c037c7938455d1e216b90d932b8c05998292349a2d43f55b37ebf4c18f2702a3f0a8a935dc6943541e35c17712579a32366cf5165742029e87c8f3d29067cbee45dd4ad80201b36338a55a7efe0032f205f135242c0a033480b1c97b4a1bcd6b577f70c10a38b5da2ca248a051e27709352a3c2ff1dee721f590facb0a07f7aa45b4136235a8d66f690e6a8aecfb39a093763139fa8a5fcc9371d2010d1d2355107fc01420641f72901922533f9b9b00b2cdcd01c12c7bde13e8313e68769f5f0375b0d10928693af4c1b141bb6b060463629653651d9a0ad880a2f53824b0620f99a3a611608fb5d5b6d9cdb0ed95ec24c821fde839523cb564834acef59839a44295b05ea74f7c5c6232794ef21b55c0d6e23673e16e6ba527d74f4a579e18abec7505d34ef39eb50eb4b36e5a2246d199a8a1c68dc9ffd860e148016790de42d3477f023e61b2f609a73a9e043e2df4b479a476f5685fc9535c7f554d903974816e57323b4f857c5ddf1bda53d42bbd56d92ea34c510fa5202e44173ca6ce8b83b32b75c0239d3b95202d74beb3a06f875e9e16c3de244c518dac57e26df288c4d4fd41304149cd257292e4efa61337f27a15c512de74e33768cc8e9ab0519ce5585a69fbd79d7fbe193e08f74ce07200977530f87b0575af1b50e7b01abced61cae90232ad4c3d1edc5005b3a9d96c9d8cad47b87be1acbc76e531ae10c6d89e84b4b0020d8436b6f8b66177fe96ed98190f57e91031c5c9824ef635d77e869f49b23e2476cd14b3415d3fef206010ac2ce3724f00758d7f6083c4099a539e27fca6fec45f296a3d2fd563b44e22e247cc143afc2296adcc5fb7e97245fe64bc48fdf947d87e18d6e6870b5ae612cca91b9b9b27968771701f6f43ddf7c4d3678bb597e7a06f456797419bb16edd3a80990a6e785eaa652e68b19440acf87dba60609fca2616caa7d08cad8ad472e4bee901074465c2fa97a1bdadb15bfd93a7b4844e7bed0b172bd7baaf06a4e67cd8144938511ccc2d798a2346ffa291948563cc1e0668e514df39074c2050ae331f9ac47462ff41bd0f1fea6d2809b9592db1ad12662a0bface10b581cdafc393a69f46e12be1216c67f5612d01d6020b9d692337c02405f3770b3ebafd3a3ae01cf3aed0d82f4e4db6a97a82f05230fab4533d430105d52c664c117159f6bf1cc025e4df5100148eee88fecafceef36577f82bbc89797ff8df45ada905c706d547f2bbdf68b37da6f02530dfaa7392ff42aeeeea8ec64c9626248ec96523c95e7b08514360e678d027b099a82c8fb1b082009c48cf2a55b30c6906b6d26da1adf75ed6560829ef6a272625d93dc449f353161b3c57cae120dab27b1182dc19546cd557d09f8b932b456feef656d42f692f048a095bee57624ea6fee2f9a01119f3247a8ffd2bb437a18c91eab913d972081cdcf5b5abcc672fa104da133c40abd34277c0f1db0d43639b9e4f321e4ba8ec010941b8c961df85a6fd5879e14803a213991cb3c699b40ec7f2eed5ba289baa06f5e17d246c6d2a07ae2d2bcabecd86619af5bee2b192a24c7ec08220cf5da175d5e7edd537cb86a4ea75c992db8b7f864f15cdbb3e497b2e3be381834da51efa31e05536c730e84d6420000b843e2c25203dea0454cbf6aae89864b9c1f15a220716a28a50b6fffc144df74e72f97d973a996a65d72113c45278fbd1d25df5f4571e2e8642c651ae3280c05090f20eeeb243d3de3c523f49f6580846b080df226d3e710fd1fbc3860ba065330fb00239720268055486caff3a3e8ef21ecb7954c444b614f55c072d391bbf2bf8985b0924215b78a66308ed4fb53511d0e85f5891f2adfcf2391a1d4ba4f4189a24bd35395a5d84f6da69a9ecfcfa0b76ce666f31a08498da79ed1614133e83ed47366f7a57e0bfe27c8d1575d737e423eb7f34740120cadd80a258cd4b6f45b476fde75601c90e419fc0e8d1eb4bcb9e78f4a2be1039d2aeb554b9e9381dbb646a99ccca0a10a4847eda62cf5572300538926a692243bf30ba18081b428e23d581163f025816b7183e3ffdc7103beab3eaf1a853c412ea5eb667c16e574002a71950b1d4c0d1ac2d32eb818eddf45250d3a0fcd9400a1f746276ce135b7cd2a42c893166cd24e9dff8ab5c2f373017e491b09f82412dbeb960efd1b60dac2f9f152a50abcc6ea67e1c832d0777df081e4bae77457bec3d98811684fed1924e653cbeb729307e402837a80914a1782481ca29473f9549b5e74480688be69d0c2469f3e1fe2ecc38cf7b057e00cd2717f6f56313643003ac26121e91ef89147790f62ef6f465dc2e0d401c40a8ff6abbeea07706290eca2aeec745bd404bcd93cf418b8ebe71d7d386bd7d47a7bef246570e708ead472f7d11ae858890fb1f31fe8c9a2c5f2805f452d30696c99d625e8177f7ec27ef2d4d839fe3297290a31775327141be21805133d9e5a3a4efdb8da7c51381912af699dc157f50a28fe878917df9c13ac3455eeb6b0d5f6677143dc3ff4e9147095875a0def4c0aa2686a2106128eb39eda704e0cd24424ab1df7f8d950a816ed953b06ccfcbb5adc8c870fa2d3a61bb195a288fd8ca0cdd071842cf455f2bf59a3f4f3bebbeb4aa79d588d484049b4aa89b9d3bb144bba71ad8bbd89dbdb726b542c195d7a93f9abff81fb052ff8834c0a8aa102eff6d47259ae460f04fbfe9a161ce67285e67e49c1805e0abd6b1608692c105577032ba3b56446235b0bd2e420ab14c74d3915be642e08d8e7eebe68d0711f99ec3fa60c7df421d7ec00e2d80f2e275f42bd4e238e316d47e5e4deef0fe6fec4387b415be5c418f69d52f51f8f42f068893cedcc2ab3ff74191dd8ba1ce7a17b7784fa515c0edb023e762e37e837519037428a1f59aeabfda3e50e95ec170b4dfdcbcd0e610398d020a7caf4bd705bb478e939a8ab38698dd46de423f8580e257515a93a11b18449b2a13a1c538ce8b06a6de6859d9bd6e5876c5f91a831e47e748edebda91ba19842486dd776655fd2b83fac9534a78d002ed6883945bc1de1804b1b679c8176b5eca450321fd402b27b3fd3fd97300211ea778f068e28906103272095dc099cf09f31646aa3c790586bffc1858487aad5517aeecfa7bd92d52f3d45e82fe39d6f1a2e31bea3a2d231730b383753e70394c74b57309ae00239134d3d34df4d1b74b84875bb91bed363201c7ffe3512b821bf794a128cb7aec83cf3a8dcf08034e68cf3f25ba1ee0299d3f084ac446be794a50468ae872d549209a3dc603531b61b6c7654017ab440f97084f4d73fd866cfe43c89d2f9c0adfa0", 0x1000}, {&(0x7f0000000340)="75175b4cac5fd80939d8629662a7f3e97b1aad953d5c64d6e624233a98650c557c979dbcbde9bece519023fd3ca7f213717da21b42705d73847c4622226ecdaca8d2d70eda845b42d744c790aacdb2797eeac244a5c0855e5d498c18f6349004571c434580499d122fb71d75c5c4dcecdee5951ed4a53dbee147782b4a416616f113", 0x82}, {&(0x7f0000000400)="0d3d642ebc10b1d6918d9457a2ae8bd579d6a3c3944b5c228577d81e599f60880b5e56d4d8162981f81970eb52d47d8dfde50eee7a2144a765bc035527b46132d926d7abda18efc0142a20cfb09692cc53b6cd2ccc187fed98a0cf2a07643c3a587dc77dcbe7c975f47d76", 0x6b}, {&(0x7f00000002c0)="9ac004b6563f869888964b1e0da9b58cf0422d95c0925ea392726fc7f52eb50f9cde8aea79d7b3", 0x27}, {&(0x7f0000000480)="b14d08a968cad17c9f40e25a5c3d", 0xe}], 0x8, &(0x7f0000000540)=[{0x18, 0x0, 0x2f64bb0f, "daf878"}, {0x60, 0x0, 0x5, "8a378eb1b50858602f6bb554b9c69bc858271fe205605494972e5e6eb8614b972cd593bfd49ce9de148b9bbc4642b7964efe05bdb2b0b77d98ff1a435a82b5253745a3af440aba606ae4"}], 0x78}, 0x20000000) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)}, 0x0) 12.31453208s ago: executing program 3 (id=1186): unshare(0x28000600) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r0) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="230400000000000000000300000014000100fc01002300"/34], 0x28}}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x20, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) accept4$ax25(r3, 0x0, &(0x7f0000000040), 0x80000) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x12) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000380), 0x40, 0x0) r5 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x567, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x28}}, 0x0) r8 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETNODEID(r8, 0x89e1, 0x0) socket$nl_route(0x10, 0x3, 0x0) 12.272822528s ago: executing program 3 (id=1187): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f00000000c0)) 10.451175913s ago: executing program 1 (id=1188): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x216002, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = dup2(r2, r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10) get_mempolicy(0x0, 0x0, 0x1, &(0x7f0000003000/0x1000)=nil, 0x6) ioctl$IOMMU_GET_HW_INFO(r1, 0x3b8a, &(0x7f0000000180)={0x28, 0x0, 0x0, 0x0, 0x0}) keyctl$update(0x2, 0x0, 0x0, 0x2) syz_open_dev$vim2m(&(0x7f00000003c0), 0x2d2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket(0x27, 0xa, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0xa, 0x7) r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x90f, 0x102) ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000080)={0xa1, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000380)={0x9, &(0x7f0000000300)=[{0x3, 0x10, 0x9, 0x8d8}, {0x155, 0x7, 0x12, 0xaa}, {0x7, 0xfd, 0x2, 0x401}, {0xf3, 0x71, 0x7f}, {0x4, 0xc0, 0x9, 0xdb}, {0x0, 0x1, 0x5, 0x3}, {0xfffa, 0x5, 0x0, 0x58e7}, {0x7, 0xf9, 0x7, 0xe6c}, {0x7, 0x1, 0x5, 0x1}]}, 0x10) sendto$inet6(r5, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a0000dd3c0d02"], 0x17) r8 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) sendmsg$inet(r8, &(0x7f00000015c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)='z', 0x1}], 0x1, &(0x7f0000001340)=ANY=[], 0x280}, 0xc0c0) accept$unix(r8, 0x0, 0x0) 10.451055018s ago: executing program 3 (id=1189): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0x120) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) r6 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r6, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x100000000000000) 9.545263173s ago: executing program 3 (id=1190): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0xffff1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f0000000040)={0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000200000000000000ac14140000002300000000000000000000000000000000000a"], 0xb8}}, 0x4040080) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="ec000000210001000000000000000000ac1ee100000000002000000000000000403403f438bd9e28000000000000000000000000000000000a0000edffffff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011"], 0xec}}, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x10007fffffff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) r4 = open(0x0, 0x2, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0) openat(r4, 0x0, 0x20942, 0x0) socket$kcm(0x11, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r4, 0x58, &(0x7f0000000440)}, 0x10) mkdir(&(0x7f0000000600)='./file1\x00', 0x0) mount(&(0x7f00000009c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a00)='./file1\x00', 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) 8.754303755s ago: executing program 2 (id=1194): pipe2(&(0x7f0000001440), 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f0000000180), 0x2000003, 0x0) io_uring_setup(0xd60, 0x0) mknodat$loop(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') pread64(r0, &(0x7f0000002180)=""/4105, 0x1009, 0x0) pipe2$9p(0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000080), 0xc) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0x2, 0x4000}, 0xc) write$binfmt_script(r2, &(0x7f0000002180), 0xb) recvmmsg(r1, &(0x7f0000004580)=[{{0x0, 0x0, 0x0}}], 0x300, 0x10062, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000080)=0x4, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18) unshare(0x10060280) sendmsg$sock(0xffffffffffffffff, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) 8.650421487s ago: executing program 3 (id=1195): openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x3, 0x94) landlock_create_ruleset(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x100000000000000, 0x0, 0x0) 8.585954378s ago: executing program 3 (id=1196): syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="02c80010000c000100030508000000000004fc000061b71808419bd7b9166299d65da957dfa518f797dc651316c182f93a2563ffb1ad684c557aef73142c3508ae9b84dfc88ea0bfcdc86d86eec53f9fdb9a001165a5b4c540"], 0x15) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="04310600ee"], 0x9) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) preadv(r0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000200)=""/73, 0x49}, {&(0x7f0000000280)=""/25, 0x19}], 0x3, 0x337070cc, 0x9) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="041c0500c90002003f955ab1cbefb865ef62ec9855c770a556918219350e9f4885c83bb1bc8e193ee5e43e19584e672762bb9aff5894c0f4ae6ff85fc48126e567cbb9c34a0c8b4f56c2d5ab0000f718034d8e685885e19fc23d64e7213193eae57cd6ee1be1c1"], 0x8) socket(0xa, 0x6, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x14, &(0x7f0000000040), 0x50) listen(0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000880)=""/102388, 0x18ff4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1a, 0xfffffffe, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 5.40428ms ago: executing program 2 (id=1198): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f00000000c0)) 0s ago: executing program 2 (id=1204): r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) getpid() socket$inet6(0xa, 0x2, 0x8) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0, 0xc00}}], 0x40001b6, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_emit_ethernet(0x2a, 0x0, 0x0) kernel console output (not intermixed with test programs): 271.881485][ T9163] ? __fget_files+0x40/0x3f0 [ 271.882728][ T9163] ? fdget+0x176/0x210 [ 271.883820][ T9163] __sys_sendmsg+0x117/0x1f0 [ 271.885077][ T9163] ? __pfx___sys_sendmsg+0x10/0x10 [ 271.886439][ T9163] ? __fget_files+0x244/0x3f0 [ 271.887716][ T9163] do_syscall_64+0xcd/0x250 [ 271.888924][ T9163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.890477][ T9163] RIP: 0033:0x7f26bf97dff9 [ 271.891653][ T9163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.896632][ T9163] RSP: 002b:00007f26c079f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 271.898815][ T9163] RAX: ffffffffffffffda RBX: 00007f26bfb35f80 RCX: 00007f26bf97dff9 [ 271.900880][ T9163] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 271.902949][ T9163] RBP: 00007f26c079f090 R08: 0000000000000000 R09: 0000000000000000 [ 271.904998][ T9163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.907185][ T9163] R13: 0000000000000000 R14: 00007f26bfb35f80 R15: 00007fff3f501128 [ 271.909274][ T9163] [ 272.265357][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 272.273686][ T9175] netlink: 20 bytes leftover after parsing attributes in process `syz.0.968'. [ 272.313820][ T9178] netlink: 8 bytes leftover after parsing attributes in process `syz.0.969'. [ 272.676444][ T5350] Bluetooth: hci3: command tx timeout [ 272.688844][ T9185] FAULT_INJECTION: forcing a failure. [ 272.688844][ T9185] name failslab, interval 1, probability 0, space 0, times 0 [ 272.692092][ T9185] CPU: 3 UID: 0 PID: 9185 Comm: syz.0.971 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 272.694804][ T9185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 272.697646][ T9185] Call Trace: [ 272.698752][ T9185] [ 272.699705][ T9185] dump_stack_lvl+0x16c/0x1f0 [ 272.701191][ T9185] should_fail_ex+0x497/0x5b0 [ 272.702745][ T9185] ? fs_reclaim_acquire+0xae/0x160 [ 272.704191][ T9185] should_failslab+0xc2/0x120 [ 272.705584][ T9185] kmem_cache_alloc_node_noprof+0x71/0x310 [ 272.707153][ T9185] ? __alloc_skb+0x2b1/0x380 [ 272.708382][ T9185] __alloc_skb+0x2b1/0x380 [ 272.709551][ T9185] ? __pfx___alloc_skb+0x10/0x10 [ 272.710975][ T9185] ? selinux_socket_getpeersec_dgram+0x1a5/0x370 [ 272.712657][ T9185] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 272.714548][ T9185] netlink_alloc_large_skb+0x69/0x130 [ 272.716148][ T9185] netlink_sendmsg+0x689/0xd70 [ 272.717449][ T9185] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.718967][ T9185] ? __import_iovec+0x1fd/0x6e0 [ 272.720281][ T9185] ____sys_sendmsg+0xaaf/0xc90 [ 272.721654][ T9185] ? copy_msghdr_from_user+0x10b/0x160 [ 272.723271][ T9185] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.724647][ T9185] ? hlock_class+0x4e/0x130 [ 272.726190][ T9185] ? __lock_acquire+0x163e/0x3ce0 [ 272.727548][ T9185] ___sys_sendmsg+0x135/0x1e0 [ 272.728792][ T9185] ? __pfx____sys_sendmsg+0x10/0x10 [ 272.730283][ T9185] ? __pfx___lock_acquire+0x10/0x10 [ 272.731664][ T9185] ? __pfx___might_resched+0x10/0x10 [ 272.733049][ T9185] ? __might_fault+0xe3/0x190 [ 272.734207][ T9185] __sys_sendmmsg+0x1a1/0x450 [ 272.735385][ T9185] ? __pfx___sys_sendmmsg+0x10/0x10 [ 272.737116][ T9185] ? vfs_write+0x14d/0x1140 [ 272.738771][ T9185] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 272.740851][ T9185] ? fput+0x30/0x390 [ 272.742215][ T9185] ? ksys_write+0x1ad/0x260 [ 272.743789][ T9185] ? __pfx_ksys_write+0x10/0x10 [ 272.745516][ T9185] __x64_sys_sendmmsg+0x9c/0x100 [ 272.747342][ T9185] ? lockdep_hardirqs_on+0x7c/0x110 [ 272.749231][ T9185] do_syscall_64+0xcd/0x250 [ 272.750859][ T9185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.752992][ T9185] RIP: 0033:0x7f26bf97dff9 [ 272.754169][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.759122][ T9185] RSP: 002b:00007f26c079f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 272.761351][ T9185] RAX: ffffffffffffffda RBX: 00007f26bfb35f80 RCX: 00007f26bf97dff9 [ 272.763342][ T9185] RDX: 0000000004924b68 RSI: 0000000020000140 RDI: 0000000000000003 [ 272.765531][ T9185] RBP: 00007f26c079f090 R08: 0000000000000000 R09: 0000000000000000 [ 272.767648][ T9185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.769712][ T9185] R13: 0000000000000000 R14: 00007f26bfb35f80 R15: 00007fff3f501128 [ 272.771762][ T9185] [ 273.305365][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 274.345370][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 274.638853][ T39] kauditd_printk_skb: 63 callbacks suppressed [ 274.638865][ T39] audit: type=1400 audit(1728078926.566:900): avc: denied { create } for pid=9205 comm="syz.0.979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 274.745438][ T5350] Bluetooth: hci3: command tx timeout [ 274.885471][ T5343] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 275.018805][ T5343] usb 5-1: device descriptor read/64, error -71 [ 275.255415][ T5343] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 275.385350][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 275.387357][ T5343] usb 5-1: device descriptor read/64, error -71 [ 275.496542][ T5343] usb usb5-port1: attempt power cycle [ 275.835379][ T5343] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 275.856077][ T5343] usb 5-1: device descriptor read/8, error -71 [ 276.097609][ T5343] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 276.116155][ T5343] usb 5-1: device descriptor read/8, error -71 [ 276.225570][ T5343] usb usb5-port1: unable to enumerate USB device [ 276.425366][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 276.825420][ T5350] Bluetooth: hci3: command tx timeout [ 277.465373][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 277.811156][ T9210] netlink: 40 bytes leftover after parsing attributes in process `syz.0.981'. [ 277.813573][ T9210] netlink: 40 bytes leftover after parsing attributes in process `syz.0.981'. [ 278.112654][ T35] IPVS: starting estimator thread 0... [ 278.205478][ T9228] IPVS: using max 35 ests per chain, 84000 per kthread [ 278.505344][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 278.972317][ T39] audit: type=1400 audit(1728078930.896:901): avc: denied { compute_member } for pid=9231 comm="syz.0.988" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 279.084537][ T5341] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 279.089485][ T5341] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 279.092775][ T5341] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 279.095387][ T1109] bridge_slave_1: left allmulticast mode [ 279.096707][ T5341] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 279.096863][ T1109] bridge_slave_1: left promiscuous mode [ 279.099810][ T5341] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 279.100696][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.103182][ T5341] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 279.109459][ T1109] bridge_slave_0: left allmulticast mode [ 279.111034][ T1109] bridge_slave_0: left promiscuous mode [ 279.112491][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.399040][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.405002][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.410134][ T1109] bond0 (unregistering): Released all slaves [ 279.492126][ T9234] chnl_net:caif_netlink_parms(): no params data found [ 279.519755][ T1109] tipc: Left network mode [ 279.558318][ T9234] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.561906][ T9234] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.564442][ T9234] bridge_slave_0: entered allmulticast mode [ 279.569020][ T9234] bridge_slave_0: entered promiscuous mode [ 279.592815][ T9234] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.595095][ T9234] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.597528][ T9234] bridge_slave_1: entered allmulticast mode [ 279.600279][ T9234] bridge_slave_1: entered promiscuous mode [ 279.629430][ T9234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 279.634561][ T9234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.673263][ T9234] team0: Port device team_slave_0 added [ 279.696954][ T9234] team0: Port device team_slave_1 added [ 279.715118][ T9234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.717809][ T9234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.724368][ T9234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.728049][ T9234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.729890][ T9234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.737152][ T9234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.752494][ T1109] hsr_slave_0: left promiscuous mode [ 279.755036][ T1109] hsr_slave_1: left promiscuous mode [ 279.757397][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 279.759291][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 279.761492][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 279.763313][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 279.781579][ T1109] veth1_macvtap: left promiscuous mode [ 279.783593][ T1109] veth0_macvtap: left promiscuous mode [ 279.785797][ T1109] veth1_vlan: left promiscuous mode [ 279.787330][ T1109] veth0_vlan: left promiscuous mode [ 280.619646][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 280.699691][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 281.082479][ T5341] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 281.093137][ T5341] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 281.111989][ T5341] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 281.127782][ T5345] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 281.135114][ T5345] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 281.140154][ T5345] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 281.140187][ T4771] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.144898][ T5345] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 281.151133][ T4771] Bluetooth: hci0: command tx timeout [ 281.152660][ T5345] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 281.163069][ T4771] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 281.173049][ T5345] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 281.180342][ T5345] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 281.445718][ T9268] FAULT_INJECTION: forcing a failure. [ 281.445718][ T9268] name failslab, interval 1, probability 0, space 0, times 0 [ 281.448841][ T9268] CPU: 2 UID: 0 PID: 9268 Comm: syz.0.995 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 281.451360][ T9268] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 281.454090][ T9268] Call Trace: [ 281.454958][ T9268] [ 281.455774][ T9268] dump_stack_lvl+0x16c/0x1f0 [ 281.457144][ T9268] should_fail_ex+0x497/0x5b0 [ 281.458590][ T9268] ? fs_reclaim_acquire+0xae/0x160 [ 281.460087][ T9268] should_failslab+0xc2/0x120 [ 281.461303][ T9268] __kmalloc_cache_noprof+0x6b/0x300 [ 281.462584][ T9268] ? tcf_action_init_1+0x27a/0x6c0 [ 281.463827][ T9268] tcf_action_init_1+0x27a/0x6c0 [ 281.465071][ T9268] ? tc_lookup_action_n+0xc9/0xf0 [ 281.466297][ T9268] ? __pfx_tcf_action_init_1+0x10/0x10 [ 281.467838][ T9268] ? __pfx_tc_action_load_ops+0x10/0x10 [ 281.469313][ T9268] ? __nla_parse+0x40/0x60 [ 281.470447][ T9268] tcf_action_init+0x501/0x810 [ 281.471634][ T9268] ? __pfx_tcf_action_init+0x10/0x10 [ 281.472970][ T9268] ? __pfx_mark_lock+0x10/0x10 [ 281.474177][ T9268] ? lock_acquire.part.0+0x11b/0x380 [ 281.475453][ T9268] ? __pfx___lock_acquire+0x10/0x10 [ 281.476820][ T9268] ? __pfx_lock_release+0x10/0x10 [ 281.478122][ T9268] ? trace_lock_acquire+0x14a/0x1d0 [ 281.479481][ T9268] tcf_action_add+0xfd/0x5d0 [ 281.480712][ T9268] ? __pfx_tcf_action_add+0x10/0x10 [ 281.482071][ T9268] ? __pfx_lock_release+0x10/0x10 [ 281.483348][ T9268] ? __nla_parse+0x40/0x60 [ 281.484445][ T9268] tc_ctl_action+0x35d/0x470 [ 281.485607][ T9268] ? __pfx_tc_ctl_action+0x10/0x10 [ 281.486874][ T9268] ? __pfx_tc_ctl_action+0x10/0x10 [ 281.488229][ T9268] rtnetlink_rcv_msg+0x3c7/0xea0 [ 281.489451][ T9268] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 281.490763][ T9268] netlink_rcv_skb+0x16b/0x440 [ 281.491930][ T9268] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 281.493246][ T9268] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 281.494564][ T9268] ? netlink_deliver_tap+0x1ae/0xd90 [ 281.495841][ T9268] netlink_unicast+0x53c/0x7f0 [ 281.497124][ T9268] ? __pfx_netlink_unicast+0x10/0x10 [ 281.498657][ T9268] netlink_sendmsg+0x8b8/0xd70 [ 281.499847][ T9268] ? __pfx_netlink_sendmsg+0x10/0x10 [ 281.501197][ T9268] ? __import_iovec+0x1fd/0x6e0 [ 281.502625][ T9268] ____sys_sendmsg+0xaaf/0xc90 [ 281.503994][ T9268] ? copy_msghdr_from_user+0x10b/0x160 [ 281.505347][ T9268] ? __pfx_____sys_sendmsg+0x10/0x10 [ 281.506694][ T9268] ? __pfx___lock_acquire+0x10/0x10 [ 281.508013][ T9268] ___sys_sendmsg+0x135/0x1e0 [ 281.509384][ T9268] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.510876][ T9268] ? lock_acquire+0x2f/0xb0 [ 281.511966][ T9268] ? __fget_files+0x40/0x3f0 [ 281.513138][ T9268] ? fdget+0x176/0x210 [ 281.514233][ T9268] __sys_sendmsg+0x117/0x1f0 [ 281.515395][ T9268] ? __pfx___sys_sendmsg+0x10/0x10 [ 281.516708][ T9268] ? __fget_files+0x244/0x3f0 [ 281.517944][ T9268] do_syscall_64+0xcd/0x250 [ 281.519106][ T9268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.520684][ T9268] RIP: 0033:0x7f26bf97dff9 [ 281.521925][ T9268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.526676][ T9268] RSP: 002b:00007f26c077e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 281.528942][ T9268] RAX: ffffffffffffffda RBX: 00007f26bfb36058 RCX: 00007f26bf97dff9 [ 281.530918][ T9268] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 281.532927][ T9268] RBP: 00007f26c077e090 R08: 0000000000000000 R09: 0000000000000000 [ 281.535109][ T9268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.537422][ T9268] R13: 0000000000000000 R14: 00007f26bfb36058 R15: 00007fff3f501128 [ 281.540228][ T9268] [ 281.596570][ T9275] FAULT_INJECTION: forcing a failure. [ 281.596570][ T9275] name failslab, interval 1, probability 0, space 0, times 0 [ 281.601179][ T9275] CPU: 2 UID: 0 PID: 9275 Comm: syz.0.998 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 281.604949][ T9275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 281.608820][ T9275] Call Trace: [ 281.610039][ T9275] [ 281.611144][ T9275] dump_stack_lvl+0x16c/0x1f0 [ 281.612876][ T9275] should_fail_ex+0x497/0x5b0 [ 281.614287][ T9275] ? fs_reclaim_acquire+0xae/0x160 [ 281.615640][ T9275] should_failslab+0xc2/0x120 [ 281.616935][ T9275] kmem_cache_alloc_node_noprof+0x71/0x310 [ 281.618555][ T9275] ? __alloc_skb+0x2b1/0x380 [ 281.619761][ T9275] __alloc_skb+0x2b1/0x380 [ 281.620955][ T9275] ? __pfx___alloc_skb+0x10/0x10 [ 281.622254][ T9275] ? rtnetlink_rcv_msg+0x3e6/0xea0 [ 281.623812][ T9275] netlink_ack+0x164/0xb90 [ 281.624949][ T9275] netlink_rcv_skb+0x348/0x440 [ 281.626199][ T9275] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 281.627612][ T9275] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 281.628915][ T9275] ? netlink_deliver_tap+0x1ae/0xd90 [ 281.630263][ T9275] netlink_unicast+0x53c/0x7f0 [ 281.631469][ T9275] ? __pfx_netlink_unicast+0x10/0x10 [ 281.632926][ T9275] netlink_sendmsg+0x8b8/0xd70 [ 281.634604][ T9275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 281.636485][ T9275] ? __import_iovec+0x1fd/0x6e0 [ 281.638224][ T9275] ____sys_sendmsg+0xaaf/0xc90 [ 281.639892][ T9275] ? copy_msghdr_from_user+0x10b/0x160 [ 281.641837][ T9275] ? __pfx_____sys_sendmsg+0x10/0x10 [ 281.643702][ T9275] ? __pfx___lock_acquire+0x10/0x10 [ 281.645604][ T9275] ___sys_sendmsg+0x135/0x1e0 [ 281.647285][ T9275] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.649093][ T9275] ? lock_acquire+0x2f/0xb0 [ 281.650609][ T9275] ? __fget_files+0x40/0x3f0 [ 281.652199][ T9275] ? fdget+0x176/0x210 [ 281.653667][ T9275] __sys_sendmmsg+0x1a1/0x450 [ 281.654958][ T9275] ? __pfx___sys_sendmmsg+0x10/0x10 [ 281.656301][ T9275] ? vfs_write+0x14d/0x1140 [ 281.657751][ T9275] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 281.659842][ T9275] ? fput+0x30/0x390 [ 281.661129][ T9275] ? ksys_write+0x1ad/0x260 [ 281.662306][ T9275] ? __pfx_ksys_write+0x10/0x10 [ 281.663576][ T9275] __x64_sys_sendmmsg+0x9c/0x100 [ 281.664860][ T9275] ? lockdep_hardirqs_on+0x7c/0x110 [ 281.666180][ T9275] do_syscall_64+0xcd/0x250 [ 281.667358][ T9275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.668836][ T9275] RIP: 0033:0x7f26bf97dff9 [ 281.670009][ T9275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.675022][ T9275] RSP: 002b:00007f26c079f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 281.677242][ T9275] RAX: ffffffffffffffda RBX: 00007f26bfb35f80 RCX: 00007f26bf97dff9 [ 281.679808][ T9275] RDX: 0000000004924b68 RSI: 0000000020000140 RDI: 0000000000000004 [ 281.682581][ T9275] RBP: 00007f26c079f090 R08: 0000000000000000 R09: 0000000000000000 [ 281.685300][ T9275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.687921][ T9275] R13: 0000000000000000 R14: 00007f26bfb35f80 R15: 00007fff3f501128 [ 281.690546][ T9275] [ 281.694766][ T9234] hsr_slave_0: entered promiscuous mode [ 281.700948][ T9234] hsr_slave_1: entered promiscuous mode [ 281.791447][ T39] audit: type=1400 audit(1728078933.716:902): avc: denied { read } for pid=9276 comm="syz.0.999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 281.823168][ T9284] netlink: 'syz.0.1000': attribute type 3 has an invalid length. [ 281.825261][ T9284] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1000'. [ 281.825440][ T9283] netlink: 'syz.0.1000': attribute type 3 has an invalid length. [ 281.835955][ T9283] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1000'. [ 281.870947][ T9234] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.926943][ T9270] chnl_net:caif_netlink_parms(): no params data found [ 281.962762][ T9234] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.974489][ T9272] chnl_net:caif_netlink_parms(): no params data found [ 282.048550][ T9270] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.051065][ T9270] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.053786][ T9270] bridge_slave_0: entered allmulticast mode [ 282.056455][ T9270] bridge_slave_0: entered promiscuous mode [ 282.119367][ T9234] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.124232][ T9270] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.126510][ T9270] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.128417][ T9270] bridge_slave_1: entered allmulticast mode [ 282.130344][ T9270] bridge_slave_1: entered promiscuous mode [ 282.166628][ T9270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.169099][ T9272] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.171307][ T9272] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.173198][ T9272] bridge_slave_0: entered allmulticast mode [ 282.175264][ T9272] bridge_slave_0: entered promiscuous mode [ 282.179167][ T5341] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 282.186371][ T9303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.193248][ T9234] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.199077][ T9270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.201464][ T9272] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.203321][ T9272] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.205087][ T9272] bridge_slave_1: entered allmulticast mode [ 282.207368][ T9272] bridge_slave_1: entered promiscuous mode [ 282.250305][ T9272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.254500][ T9272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.255350][ T9303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.267115][ T9270] team0: Port device team_slave_0 added [ 282.308013][ T1109] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.317384][ T9303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.321076][ T9270] team0: Port device team_slave_1 added [ 282.325076][ T9272] team0: Port device team_slave_0 added [ 282.337436][ T9272] team0: Port device team_slave_1 added [ 282.373670][ T1109] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.379521][ T9270] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.381621][ T9270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.389519][ T9270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.409305][ T9270] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.411070][ T9270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.417609][ T9270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.421014][ T9272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.422866][ T9272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.430897][ T9272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.457239][ T1109] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.462136][ T9272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.463894][ T9272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.470831][ T9272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.510749][ T9270] hsr_slave_0: entered promiscuous mode [ 282.512832][ T9270] hsr_slave_1: entered promiscuous mode [ 282.514547][ T9270] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.516541][ T9270] Cannot create hsr debugfs directory [ 282.564003][ T1109] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.570315][ T9234] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 282.575757][ T9272] hsr_slave_0: entered promiscuous mode [ 282.578262][ T9272] hsr_slave_1: entered promiscuous mode [ 282.580699][ T9272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.582592][ T9272] Cannot create hsr debugfs directory [ 282.584815][ T9234] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 282.601544][ T9234] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 282.625834][ T9234] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 282.735503][ T1109] bridge_slave_1: left allmulticast mode [ 282.737109][ T1109] bridge_slave_1: left promiscuous mode [ 282.738661][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.741721][ T1109] bridge_slave_0: left allmulticast mode [ 282.743080][ T1109] bridge_slave_0: left promiscuous mode [ 282.745796][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.752062][ T1109] bridge_slave_1: left allmulticast mode [ 282.754003][ T1109] bridge_slave_1: left promiscuous mode [ 282.756314][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.760287][ T1109] bridge_slave_0: left allmulticast mode [ 282.762047][ T1109] bridge_slave_0: left promiscuous mode [ 282.763814][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.225689][ T5341] Bluetooth: hci0: command tx timeout [ 283.227683][ T5345] Bluetooth: hci2: command tx timeout [ 283.227911][ T4771] Bluetooth: hci1: command tx timeout [ 283.276578][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.280462][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.285898][ T1109] bond0 (unregistering): Released all slaves [ 283.370622][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.374528][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.378947][ T1109] bond0 (unregistering): Released all slaves [ 283.459826][ T9234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.473899][ T9234] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.479989][ T1109] tipc: Disabling bearer [ 283.484411][ T1109] tipc: Left network mode [ 283.512637][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.514535][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.541719][ T89] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.543950][ T89] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.670967][ T9234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.725663][ T9234] veth0_vlan: entered promiscuous mode [ 283.761286][ T9234] veth1_vlan: entered promiscuous mode [ 283.780774][ T9234] veth0_macvtap: entered promiscuous mode [ 283.788531][ T9234] veth1_macvtap: entered promiscuous mode [ 283.797969][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.801695][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.805159][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.809376][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.811917][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.814542][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.817280][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.820008][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.824184][ T9234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.830211][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.833122][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.836482][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.839159][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.841732][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.844416][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.847200][ T9234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.849898][ T9234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.854300][ T9234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.878982][ T9234] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.881686][ T9234] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.884358][ T9234] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.887331][ T9234] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.940825][ T9270] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 283.946188][ T9270] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 283.984460][ T9272] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.997956][ T9270] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 284.013105][ T1109] hsr_slave_0: left promiscuous mode [ 284.014886][ T1109] hsr_slave_1: left promiscuous mode [ 284.016970][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.018924][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.021080][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.023000][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.025154][ T1109] batman_adv: batadv0: Removing interface: ipvlan1 [ 284.029133][ T1109] hsr_slave_0: left promiscuous mode [ 284.030976][ T1109] hsr_slave_1: left promiscuous mode [ 284.032819][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.034784][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.037733][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.040363][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.091422][ T1109] veth0_macvtap: left promiscuous mode [ 284.092984][ T1109] veth1_vlan: left promiscuous mode [ 284.094389][ T1109] veth0_vlan: left promiscuous mode [ 284.101562][ T1109] veth1_macvtap: left promiscuous mode [ 284.103073][ T1109] veth0_macvtap: left promiscuous mode [ 284.104547][ T1109] veth1_vlan: left promiscuous mode [ 284.106799][ T1109] veth0_vlan: left promiscuous mode [ 284.893155][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 285.064273][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 285.258304][ T9365] FAULT_INJECTION: forcing a failure. [ 285.258304][ T9365] name failslab, interval 1, probability 0, space 0, times 0 [ 285.261475][ T9365] CPU: 0 UID: 0 PID: 9365 Comm: syz.0.1011 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 285.264050][ T9365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 285.266840][ T9365] Call Trace: [ 285.267723][ T9365] [ 285.268595][ T9365] dump_stack_lvl+0x16c/0x1f0 [ 285.270328][ T9365] should_fail_ex+0x497/0x5b0 [ 285.271572][ T9365] ? fs_reclaim_acquire+0xae/0x160 [ 285.272924][ T9365] should_failslab+0xc2/0x120 [ 285.274164][ T9365] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 285.275565][ T9365] ? getname_flags.part.0+0x4c/0x550 [ 285.276976][ T9365] getname_flags.part.0+0x4c/0x550 [ 285.278326][ T9365] getname_flags+0x93/0xf0 [ 285.279513][ T9365] user_path_at+0x24/0x60 [ 285.280915][ T9365] __x64_sys_mount+0x1fc/0x320 [ 285.282531][ T9365] ? __pfx___x64_sys_mount+0x10/0x10 [ 285.283910][ T9365] do_syscall_64+0xcd/0x250 [ 285.285349][ T9365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.287155][ T9365] RIP: 0033:0x7f26bf97dff9 [ 285.288319][ T9365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.293226][ T9365] RSP: 002b:00007f26c079f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 285.295333][ T9365] RAX: ffffffffffffffda RBX: 00007f26bfb35f80 RCX: 00007f26bf97dff9 [ 285.297386][ T9365] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000020100000 [ 285.299527][ T9365] RBP: 00007f26c079f090 R08: 0000000020002c00 R09: 0000000000000000 [ 285.302266][ T9365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.304788][ T9365] R13: 0000000000000001 R14: 00007f26bfb35f80 R15: 00007fff3f501128 [ 285.305551][ T4771] Bluetooth: hci2: command tx timeout [ 285.307378][ T9365] [ 285.310895][ T4771] Bluetooth: hci1: command tx timeout [ 285.317699][ T4771] Bluetooth: hci0: command tx timeout [ 286.433566][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 286.510894][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 287.093321][ T9270] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 287.114030][ T9272] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.124348][ T9375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1014'. [ 287.127841][ T9375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1014'. [ 287.180216][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.182364][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.247280][ T9272] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.257052][ T9270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.261072][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.263943][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.272814][ T9270] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.279196][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.281754][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.290893][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.293415][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.345600][ T9385] 9pnet_fd: Insufficient options for proto=fd [ 287.351839][ T9272] bond0: (slave netdevsim0): Releasing backup interface [ 287.355729][ T9272] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.385433][ T4771] Bluetooth: hci1: command tx timeout [ 287.387644][ T5341] Bluetooth: hci0: command tx timeout [ 287.395503][ T5341] Bluetooth: hci2: command tx timeout [ 287.442016][ T9270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.461017][ T9270] veth0_vlan: entered promiscuous mode [ 287.465586][ T9270] veth1_vlan: entered promiscuous mode [ 287.479560][ T9270] veth0_macvtap: entered promiscuous mode [ 287.483004][ T9270] veth1_macvtap: entered promiscuous mode [ 287.491281][ T9270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.494051][ T9270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.496935][ T9270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.499613][ T9270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.502137][ T9270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.504804][ T9270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.509046][ T9270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.514065][ T9270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.519502][ T9270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.522038][ T9270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.525043][ T9270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.527905][ T9270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.530585][ T9270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.533830][ T9270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.546136][ T9270] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.548420][ T9270] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.550678][ T9270] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.552940][ T9270] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.556081][ T9389] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 287.599081][ T9272] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 287.603350][ T9272] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 287.618749][ T9272] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 287.627766][ T9272] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 287.682819][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.688609][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.722614][ T39] audit: type=1400 audit(1728078939.646:903): avc: denied { bind } for pid=9396 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 287.729282][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.729297][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.729785][ C2] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 287.733272][ T39] audit: type=1400 audit(1728078939.666:904): avc: denied { listen } for pid=9396 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 287.751909][ T39] audit: type=1400 audit(1728078939.676:905): avc: denied { accept } for pid=9396 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 287.772335][ T9272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.786568][ T9272] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.792793][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.794698][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.803889][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.805870][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.854740][ T39] audit: type=1804 audit(1728078939.776:906): pid=9403 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.996" name="/newroot/0/bus/file0" dev="overlay" ino=25 res=1 errno=0 [ 287.901789][ T9272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.918246][ T9272] veth0_vlan: entered promiscuous mode [ 287.925059][ T9272] veth1_vlan: entered promiscuous mode [ 287.947270][ T9272] veth0_macvtap: entered promiscuous mode [ 287.950467][ T9272] veth1_macvtap: entered promiscuous mode [ 287.958472][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.961527][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.964371][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.967895][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.970453][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.973153][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.975989][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.978856][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.982351][ T9272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.986046][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.988800][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.991307][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.993998][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.996808][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.999645][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 288.003335][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 288.006686][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 288.010205][ T9272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.016952][ T9272] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.019610][ T9272] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.021955][ T9272] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.024259][ T9272] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.052589][ T9414] FAULT_INJECTION: forcing a failure. [ 288.052589][ T9414] name failslab, interval 1, probability 0, space 0, times 0 [ 288.056599][ T9414] CPU: 1 UID: 0 PID: 9414 Comm: syz.1.1023 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 288.058718][ T1109] IPVS: stop unused estimator thread 0... [ 288.059495][ T9414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 288.064310][ T9414] Call Trace: [ 288.064317][ T9414] [ 288.064323][ T9414] dump_stack_lvl+0x16c/0x1f0 [ 288.064342][ T9414] should_fail_ex+0x497/0x5b0 [ 288.064358][ T9414] ? fs_reclaim_acquire+0xae/0x160 [ 288.064688][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.064714][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.074191][ T9414] should_failslab+0xc2/0x120 [ 288.075207][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.075460][ T9414] __kmalloc_noprof+0xcb/0x400 [ 288.075475][ T9414] ? d_absolute_path+0x137/0x1b0 [ 288.075487][ T9414] tomoyo_encode2+0x100/0x3e0 [ 288.075501][ T9414] tomoyo_encode+0x29/0x50 [ 288.075511][ T9414] tomoyo_realpath_from_path+0x19d/0x720 [ 288.078370][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.079686][ T9414] tomoyo_path_number_perm+0x245/0x590 [ 288.088926][ T9414] ? tomoyo_path_number_perm+0x232/0x590 [ 288.090442][ T9414] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 288.092128][ T9414] ? trace_lock_acquire+0x14a/0x1d0 [ 288.093592][ T9414] ? lock_acquire+0x2f/0xb0 [ 288.094881][ T9414] ? __fget_files+0x40/0x3f0 [ 288.096151][ T9414] ? __fget_files+0x244/0x3f0 [ 288.097463][ T9414] security_file_ioctl+0x9b/0x240 [ 288.098844][ T9414] __x64_sys_ioctl+0xbb/0x220 [ 288.100157][ T9414] do_syscall_64+0xcd/0x250 [ 288.101441][ T9414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.103027][ T9414] RIP: 0033:0x7f301c17dff9 [ 288.104256][ T9414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.109486][ T9414] RSP: 002b:00007f301d006038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.111781][ T9414] RAX: ffffffffffffffda RBX: 00007f301c335f80 RCX: 00007f301c17dff9 [ 288.114352][ T9414] RDX: 0000000020000740 RSI: 00000000c05064a7 RDI: 0000000000000003 [ 288.116597][ T9414] RBP: 00007f301d006090 R08: 0000000000000000 R09: 0000000000000000 [ 288.118877][ T9414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.121064][ T9414] R13: 0000000000000000 R14: 00007f301c335f80 R15: 00007ffc88fb1608 [ 288.123249][ T9414] [ 288.126044][ T9414] ERROR: Out of memory at tomoyo_realpath_from_path. [ 288.175277][ T39] audit: type=1400 audit(1728078940.096:907): avc: denied { read } for pid=9417 comm="syz.1.1025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 288.199995][ T9423] capability: warning: `syz.0.1024' uses deprecated v2 capabilities in a way that may be insecure [ 288.448125][ T9435] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9435 comm=syz.3.1029 [ 288.523413][ T39] audit: type=1400 audit(1728078940.446:908): avc: denied { append } for pid=9439 comm="syz.0.1031" name="cec0" dev="devtmpfs" ino=894 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 288.545471][ T830] usb 6-1: new low-speed USB device number 12 using dummy_hcd [ 288.598290][ T39] audit: type=1400 audit(1728078940.526:909): avc: denied { map } for pid=9441 comm="syz.3.1032" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 288.605621][ T39] audit: type=1400 audit(1728078940.526:910): avc: denied { execute } for pid=9441 comm="syz.3.1032" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 288.613908][ T39] audit: type=1400 audit(1728078940.536:911): avc: denied { ioctl } for pid=9441 comm="syz.3.1032" path="/dev/nullb0" dev="devtmpfs" ino=691 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 288.675690][ T830] usb 6-1: device descriptor read/64, error -71 [ 288.810459][ T9448] netlink: 134744 bytes leftover after parsing attributes in process `syz.2.1034'. [ 288.925497][ T830] usb 6-1: new low-speed USB device number 13 using dummy_hcd [ 289.055489][ T830] usb 6-1: device descriptor read/64, error -71 [ 289.165586][ T830] usb usb6-port1: attempt power cycle [ 289.476441][ T5341] Bluetooth: hci2: command tx timeout [ 289.476541][ T4771] Bluetooth: hci1: command tx timeout [ 289.505367][ T830] usb 6-1: new low-speed USB device number 14 using dummy_hcd [ 289.525954][ T830] usb 6-1: device descriptor read/8, error -71 [ 289.765472][ T830] usb 6-1: new low-speed USB device number 15 using dummy_hcd [ 289.789856][ T830] usb 6-1: device descriptor read/8, error -71 [ 289.895624][ T830] usb usb6-port1: unable to enumerate USB device [ 290.052453][ T9469] FAULT_INJECTION: forcing a failure. [ 290.052453][ T9469] name failslab, interval 1, probability 0, space 0, times 0 [ 290.056012][ T9469] CPU: 3 UID: 0 PID: 9469 Comm: syz.0.1041 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 290.059123][ T9469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 290.062194][ T9469] Call Trace: [ 290.063123][ T9469] [ 290.063937][ T9469] dump_stack_lvl+0x16c/0x1f0 [ 290.065225][ T9469] should_fail_ex+0x497/0x5b0 [ 290.066504][ T9469] ? fs_reclaim_acquire+0xae/0x160 [ 290.067886][ T9469] should_failslab+0xc2/0x120 [ 290.069170][ T9469] __kmalloc_cache_noprof+0x6b/0x300 [ 290.070604][ T9469] ? rtnl_newlink+0x49/0xa0 [ 290.071839][ T9469] rtnl_newlink+0x49/0xa0 [ 290.073020][ T9469] ? __pfx_rtnl_newlink+0x10/0x10 [ 290.074378][ T9469] rtnetlink_rcv_msg+0x3c7/0xea0 [ 290.075623][ T9469] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 290.077125][ T9469] netlink_rcv_skb+0x16b/0x440 [ 290.078435][ T9469] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 290.079959][ T9469] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 290.081512][ T9469] ? netlink_deliver_tap+0x1ae/0xd90 [ 290.083093][ T9469] netlink_unicast+0x53c/0x7f0 [ 290.084471][ T9469] ? __pfx_netlink_unicast+0x10/0x10 [ 290.085908][ T9469] netlink_sendmsg+0x8b8/0xd70 [ 290.087212][ T9469] ? __pfx_netlink_sendmsg+0x10/0x10 [ 290.088642][ T9469] ? __import_iovec+0x1fd/0x6e0 [ 290.089950][ T9469] ____sys_sendmsg+0xaaf/0xc90 [ 290.091163][ T9469] ? copy_msghdr_from_user+0x10b/0x160 [ 290.092623][ T9469] ? __pfx_____sys_sendmsg+0x10/0x10 [ 290.094057][ T9469] ? __pfx___lock_acquire+0x10/0x10 [ 290.095457][ T9469] ___sys_sendmsg+0x135/0x1e0 [ 290.096748][ T9469] ? __pfx____sys_sendmsg+0x10/0x10 [ 290.098157][ T9469] ? lock_acquire+0x2f/0xb0 [ 290.099383][ T9469] ? __fget_files+0x40/0x3f0 [ 290.100643][ T9469] ? fdget+0x176/0x210 [ 290.101759][ T9469] __sys_sendmsg+0x117/0x1f0 [ 290.103016][ T9469] ? __pfx___sys_sendmsg+0x10/0x10 [ 290.104435][ T9469] ? __fget_files+0x244/0x3f0 [ 290.105766][ T9469] do_syscall_64+0xcd/0x250 [ 290.107047][ T9469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.108737][ T9469] RIP: 0033:0x7f26bf97dff9 [ 290.110007][ T9469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.115168][ T9469] RSP: 002b:00007f26c079f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 290.117442][ T9469] RAX: ffffffffffffffda RBX: 00007f26bfb35f80 RCX: 00007f26bf97dff9 [ 290.119546][ T9469] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 290.121672][ T9469] RBP: 00007f26c079f090 R08: 0000000000000000 R09: 0000000000000000 [ 290.123801][ T9469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.125950][ T9469] R13: 0000000000000000 R14: 00007f26bfb35f80 R15: 00007fff3f501128 [ 290.128123][ T9469] [ 290.317139][ T9472] netlink: 2048 bytes leftover after parsing attributes in process `syz.0.1042'. [ 290.319491][ T9472] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1042'. [ 290.493782][ T39] audit: type=1400 audit(1728078942.416:912): avc: denied { setopt } for pid=9476 comm="syz.2.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 290.510682][ T9477] Cannot find add_set index 1 as target [ 290.861528][ T9485] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1046'. [ 291.137744][ T9493] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1047'. [ 291.140307][ T9493] FAULT_INJECTION: forcing a failure. [ 291.140307][ T9493] name failslab, interval 1, probability 0, space 0, times 0 [ 291.144725][ T9493] CPU: 2 UID: 0 PID: 9493 Comm: syz.0.1047 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 291.148384][ T9493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.152100][ T9493] Call Trace: [ 291.153281][ T9493] [ 291.154349][ T9493] dump_stack_lvl+0x16c/0x1f0 [ 291.156003][ T9493] should_fail_ex+0x497/0x5b0 [ 291.157736][ T9493] ? fs_reclaim_acquire+0xae/0x160 [ 291.159570][ T9493] should_failslab+0xc2/0x120 [ 291.161380][ T9493] __kmalloc_node_noprof+0xd1/0x430 [ 291.163279][ T9493] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 291.165295][ T9493] __kvmalloc_node_noprof+0xad/0x1a0 [ 291.167337][ T9493] alloc_netdev_mqs+0xd1/0x1420 [ 291.169137][ T9493] ? __pfx_vlan_setup+0x10/0x10 [ 291.170872][ T9493] rtnl_create_link+0xc10/0xfa0 [ 291.172622][ T9493] __rtnl_newlink+0x10ae/0x1920 [ 291.174359][ T9493] ? __pfx___rtnl_newlink+0x10/0x10 [ 291.176167][ T9493] rtnl_newlink+0x67/0xa0 [ 291.177747][ T9493] ? __pfx_rtnl_newlink+0x10/0x10 [ 291.179316][ T9493] rtnetlink_rcv_msg+0x3c7/0xea0 [ 291.181055][ T9493] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 291.182956][ T9493] netlink_rcv_skb+0x16b/0x440 [ 291.184366][ T9493] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 291.186334][ T9493] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 291.188273][ T9493] ? netlink_deliver_tap+0x1ae/0xd90 [ 291.189965][ T9493] netlink_unicast+0x53c/0x7f0 [ 291.191406][ T9493] ? __pfx_netlink_unicast+0x10/0x10 [ 291.192812][ T9493] netlink_sendmsg+0x8b8/0xd70 [ 291.194121][ T9493] ? __pfx_netlink_sendmsg+0x10/0x10 [ 291.195817][ T9493] ? __import_iovec+0x1fd/0x6e0 [ 291.197314][ T9493] ____sys_sendmsg+0xaaf/0xc90 [ 291.198591][ T9493] ? copy_msghdr_from_user+0x10b/0x160 [ 291.200019][ T9493] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.201493][ T9493] ? __pfx___lock_acquire+0x10/0x10 [ 291.202859][ T9493] ___sys_sendmsg+0x135/0x1e0 [ 291.204102][ T9493] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.205487][ T9493] ? lock_acquire+0x2f/0xb0 [ 291.206691][ T9493] ? __fget_files+0x40/0x3f0 [ 291.207925][ T9493] ? fdget+0x176/0x210 [ 291.209026][ T9493] __sys_sendmsg+0x117/0x1f0 [ 291.210255][ T9493] ? __pfx___sys_sendmsg+0x10/0x10 [ 291.211675][ T9493] ? __fget_files+0x244/0x3f0 [ 291.212920][ T9493] do_syscall_64+0xcd/0x250 [ 291.214100][ T9493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.215643][ T9493] RIP: 0033:0x7f26bf97dff9 [ 291.216831][ T9493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.221881][ T9493] RSP: 002b:00007f26c079f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 291.224081][ T9493] RAX: ffffffffffffffda RBX: 00007f26bfb35f80 RCX: 00007f26bf97dff9 [ 291.226146][ T9493] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 291.228249][ T9493] RBP: 00007f26c079f090 R08: 0000000000000000 R09: 0000000000000000 [ 291.230306][ T9493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.232720][ T9493] R13: 0000000000000000 R14: 00007f26bfb35f80 R15: 00007fff3f501128 [ 291.234771][ T9493] [ 291.478902][ T9502] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1051'. [ 291.668266][ T9513] FAULT_INJECTION: forcing a failure. [ 291.668266][ T9513] name failslab, interval 1, probability 0, space 0, times 0 [ 291.671709][ T9513] CPU: 2 UID: 0 PID: 9513 Comm: syz.3.1055 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 291.674500][ T9513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.677340][ T9513] Call Trace: [ 291.678223][ T9513] [ 291.679013][ T9513] dump_stack_lvl+0x16c/0x1f0 [ 291.680265][ T9513] should_fail_ex+0x497/0x5b0 [ 291.681536][ T9513] ? fs_reclaim_acquire+0xae/0x160 [ 291.682883][ T9513] should_failslab+0xc2/0x120 [ 291.684132][ T9513] kmem_cache_alloc_node_noprof+0x71/0x310 [ 291.685706][ T9513] ? __alloc_skb+0x2b1/0x380 [ 291.686939][ T9513] __alloc_skb+0x2b1/0x380 [ 291.688133][ T9513] ? __pfx___alloc_skb+0x10/0x10 [ 291.689462][ T9513] ? rtnetlink_rcv_msg+0x3e6/0xea0 [ 291.690813][ T9513] netlink_ack+0x164/0xb90 [ 291.692000][ T9513] netlink_rcv_skb+0x348/0x440 [ 291.693278][ T9513] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 291.694720][ T9513] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 291.696115][ T9513] ? rcu_is_watching+0x12/0xc0 [ 291.697402][ T9513] netlink_unicast+0x53c/0x7f0 [ 291.698674][ T9513] ? __pfx_netlink_unicast+0x10/0x10 [ 291.700070][ T9513] netlink_sendmsg+0x8b8/0xd70 [ 291.701355][ T9513] ? __pfx_netlink_sendmsg+0x10/0x10 [ 291.702752][ T9513] ? __import_iovec+0x1fd/0x6e0 [ 291.704046][ T9513] ____sys_sendmsg+0xaaf/0xc90 [ 291.705318][ T9513] ? copy_msghdr_from_user+0x10b/0x160 [ 291.706763][ T9513] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.708155][ T9513] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 291.709729][ T9513] ? __pfx___lock_acquire+0x10/0x10 [ 291.711116][ T9513] ___sys_sendmsg+0x135/0x1e0 [ 291.712368][ T9513] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.713767][ T9513] ? lock_acquire+0x2f/0xb0 [ 291.714967][ T9513] ? __fget_files+0x40/0x3f0 [ 291.716316][ T9513] ? fdget+0x176/0x210 [ 291.717422][ T9513] __sys_sendmsg+0x117/0x1f0 [ 291.718682][ T9513] ? __pfx___sys_sendmsg+0x10/0x10 [ 291.720033][ T9513] ? __fget_files+0x244/0x3f0 [ 291.721300][ T9513] do_syscall_64+0xcd/0x250 [ 291.722514][ T9513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.724079][ T9513] RIP: 0033:0x7fb676f7dff9 [ 291.725269][ T9513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.730322][ T9513] RSP: 002b:00007fb677d99038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 291.732515][ T9513] RAX: ffffffffffffffda RBX: 00007fb677135f80 RCX: 00007fb676f7dff9 [ 291.734582][ T9513] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 291.736669][ T9513] RBP: 00007fb677d99090 R08: 0000000000000000 R09: 0000000000000000 [ 291.738733][ T9513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.740813][ T9513] R13: 0000000000000000 R14: 00007fb677135f80 R15: 00007ffd9c194838 [ 291.742944][ T9513] [ 291.822014][ T9516] FAULT_INJECTION: forcing a failure. [ 291.822014][ T9516] name failslab, interval 1, probability 0, space 0, times 0 [ 291.827033][ T9516] CPU: 1 UID: 0 PID: 9516 Comm: syz.1.1056 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 291.829996][ T9516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.832777][ T9516] Call Trace: [ 291.833653][ T9516] [ 291.834440][ T9516] dump_stack_lvl+0x16c/0x1f0 [ 291.835689][ T9516] should_fail_ex+0x497/0x5b0 [ 291.836955][ T9516] ? fs_reclaim_acquire+0xae/0x160 [ 291.838303][ T9516] should_failslab+0xc2/0x120 [ 291.839924][ T9516] __kmalloc_noprof+0xcb/0x400 [ 291.841197][ T9516] tomoyo_encode2+0x100/0x3e0 [ 291.842446][ T9516] tomoyo_encode+0x29/0x50 [ 291.843630][ T9516] tomoyo_realpath_from_path+0x19d/0x720 [ 291.845114][ T9516] tomoyo_check_open_permission+0x2a7/0x3b0 [ 291.846659][ T9516] ? __lock_acquire+0x163e/0x3ce0 [ 291.847980][ T9516] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 291.849683][ T9516] ? __pfx___lock_acquire+0x10/0x10 [ 291.851050][ T9516] ? __pfx_hook_file_open+0x10/0x10 [ 291.852408][ T9516] ? path_get+0x61/0x80 [ 291.853519][ T9516] tomoyo_file_open+0xcf/0x100 [ 291.854786][ T9516] security_file_open+0x64c/0x9d0 [ 291.856111][ T9516] do_dentry_open+0x57c/0x1530 [ 291.857395][ T9516] ? inode_permission+0xdd/0x5f0 [ 291.858771][ T9516] vfs_open+0x82/0x3f0 [ 291.859931][ T9516] ? may_open+0x1f2/0x400 [ 291.861084][ T9516] path_openat+0x1e6a/0x2d60 [ 291.862309][ T9516] ? __pfx_path_openat+0x10/0x10 [ 291.863723][ T9516] ? __pfx___lock_acquire+0x10/0x10 [ 291.865102][ T9516] do_filp_open+0x1dc/0x430 [ 291.866304][ T9516] ? __pfx_do_filp_open+0x10/0x10 [ 291.867749][ T9516] ? find_held_lock+0x2d/0x110 [ 291.869517][ T9516] ? _raw_spin_unlock+0x28/0x50 [ 291.871243][ T9516] ? alloc_fd+0x2d7/0x6c0 [ 291.872861][ T9516] do_sys_openat2+0x17a/0x1e0 [ 291.874583][ T9516] ? __pfx_do_sys_openat2+0x10/0x10 [ 291.876493][ T9516] ? __fget_files+0x244/0x3f0 [ 291.878220][ T9516] __x64_sys_openat+0x175/0x210 [ 291.880023][ T9516] ? __pfx___x64_sys_openat+0x10/0x10 [ 291.881468][ T9516] ? ksys_write+0x1ad/0x260 [ 291.882678][ T9516] do_syscall_64+0xcd/0x250 [ 291.883884][ T9516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.885441][ T9516] RIP: 0033:0x7f301c17dff9 [ 291.886617][ T9516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.891657][ T9516] RSP: 002b:00007f301cfe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 291.893913][ T9516] RAX: ffffffffffffffda RBX: 00007f301c336058 RCX: 00007f301c17dff9 [ 291.895974][ T9516] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 291.898044][ T9516] RBP: 00007f301cfe5090 R08: 0000000000000000 R09: 0000000000000000 [ 291.900515][ T9516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.902558][ T9516] R13: 0000000000000000 R14: 00007f301c336058 R15: 00007ffc88fb1608 [ 291.904741][ T9516] [ 291.910929][ T9516] ERROR: Out of memory at tomoyo_realpath_from_path. [ 291.917683][ T9527] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.1058'. [ 291.920232][ T9527] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1058'. [ 291.922689][ T9528] fuse: Unknown parameter '0x0000000000000006' [ 292.252400][ T1109] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.296422][ T5341] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 292.300355][ T5341] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 292.303051][ T5341] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 292.310224][ T5341] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 292.319747][ T5341] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 292.323385][ T5341] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 292.343893][ T1109] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.404959][ T9535] chnl_net:caif_netlink_parms(): no params data found [ 292.422955][ T1109] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.488129][ T9535] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.490767][ T9535] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.493050][ T9535] bridge_slave_0: entered allmulticast mode [ 292.496478][ T9535] bridge_slave_0: entered promiscuous mode [ 292.500427][ T9535] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.503047][ T9535] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.506296][ T9535] bridge_slave_1: entered allmulticast mode [ 292.509227][ T9535] bridge_slave_1: entered promiscuous mode [ 292.524495][ T1109] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.550874][ T9535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 292.557085][ T9535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.583354][ T9535] team0: Port device team_slave_0 added [ 292.586727][ T9535] team0: Port device team_slave_1 added [ 292.605611][ T9535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 292.607560][ T9535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.615209][ T9535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 292.621967][ T9535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 292.624702][ T9535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.634502][ T9535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.660661][ T9535] hsr_slave_0: entered promiscuous mode [ 292.663394][ T9535] hsr_slave_1: entered promiscuous mode [ 292.665789][ T9535] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 292.667865][ T9535] Cannot create hsr debugfs directory [ 292.759037][ T9547] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1065'. [ 292.761948][ T1109] bridge_slave_1: left allmulticast mode [ 292.763437][ T1109] bridge_slave_1: left promiscuous mode [ 292.765030][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.770815][ T1109] bridge_slave_0: left allmulticast mode [ 292.772421][ T1109] bridge_slave_0: left promiscuous mode [ 292.774110][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.774997][ T9544] kvm: pic: non byte write [ 292.994432][ T9560] x_tables: ip_tables: ah match: only valid for protocol 51 [ 293.128527][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.133922][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.140840][ T1109] bond0 (unregistering): Released all slaves [ 293.172602][ T9565] netlink: 2048 bytes leftover after parsing attributes in process `syz.3.1072'. [ 293.175330][ T9565] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1072'. [ 293.557509][ T1109] hsr_slave_0: left promiscuous mode [ 293.560240][ T1109] hsr_slave_1: left promiscuous mode [ 293.563284][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.565446][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.568333][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.570612][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.600217][ T1109] veth1_macvtap: left promiscuous mode [ 293.602157][ T1109] veth0_macvtap: left promiscuous mode [ 293.604271][ T1109] veth1_vlan: left promiscuous mode [ 293.606382][ T1109] veth0_vlan: left promiscuous mode [ 293.722725][ T39] kauditd_printk_skb: 5 callbacks suppressed [ 293.722743][ T39] audit: type=1400 audit(1728078945.646:918): avc: denied { map } for pid=9581 comm="syz.0.1074" path="socket:[34508]" dev="sockfs" ino=34508 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 293.734685][ T9583] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1074'. [ 293.736251][ T39] audit: type=1400 audit(1728078945.666:919): avc: denied { read } for pid=9581 comm="syz.0.1074" path="socket:[34508]" dev="sockfs" ino=34508 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 293.978971][ T39] audit: type=1400 audit(1728078945.906:920): avc: denied { block_suspend } for pid=9586 comm="syz.3.1075" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 294.195473][ T5343] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 294.325400][ T5343] usb 5-1: device descriptor read/64, error -71 [ 294.355648][ T4771] Bluetooth: hci0: command tx timeout [ 294.533836][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 294.565402][ T5343] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 294.635463][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 294.695467][ T5343] usb 5-1: device descriptor read/64, error -71 [ 294.807314][ T5343] usb usb5-port1: attempt power cycle [ 295.145379][ T5343] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 295.166017][ T5343] usb 5-1: device descriptor read/8, error -71 [ 295.273424][ T9580] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1073'. [ 295.379996][ T9535] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 295.384699][ T9535] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 295.389309][ T9535] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 295.393552][ T9535] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 295.415361][ T5343] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 295.436127][ T5343] usb 5-1: device descriptor read/8, error -71 [ 295.477207][ T9535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 295.491920][ T9535] 8021q: adding VLAN 0 to HW filter on device team0 [ 295.515182][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.517798][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.527027][ T89] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.529769][ T89] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.545917][ T5343] usb usb5-port1: unable to enumerate USB device [ 295.557209][ T9535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 295.628108][ T9535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 295.642553][ T9535] veth0_vlan: entered promiscuous mode [ 295.652962][ T9535] veth1_vlan: entered promiscuous mode [ 295.664523][ T9535] veth0_macvtap: entered promiscuous mode [ 295.669810][ T9535] veth1_macvtap: entered promiscuous mode [ 295.675651][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.678479][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.681031][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.683842][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.686648][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.689402][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.691927][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.694710][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.698680][ T9535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.701758][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.704506][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.707586][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.710314][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.712875][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.715670][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.718234][ T9535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.720946][ T9535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.724218][ T9535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.728787][ T9535] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.733530][ T9535] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.735922][ T9535] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.738414][ T9535] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.792343][ T89] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.794417][ T89] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.804950][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.807141][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.876155][ T1109] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.880489][ T5341] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 295.884623][ T5341] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 295.887992][ T5341] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 295.890504][ T5341] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 295.893154][ T5341] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 295.895337][ T5341] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 295.934105][ T9625] sch_fq: defrate 0 ignored. [ 296.002447][ T1109] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.008450][ T9622] chnl_net:caif_netlink_parms(): no params data found [ 296.083501][ T1109] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.114828][ T9622] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.117536][ T9622] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.119520][ T9622] bridge_slave_0: entered allmulticast mode [ 296.121561][ T9622] bridge_slave_0: entered promiscuous mode [ 296.124277][ T9622] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.126801][ T9622] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.128769][ T9622] bridge_slave_1: entered allmulticast mode [ 296.130843][ T9622] bridge_slave_1: entered promiscuous mode [ 296.150296][ T9622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.153993][ T9622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.171431][ T1109] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.195463][ T1951] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 296.211411][ T9622] team0: Port device team_slave_0 added [ 296.215118][ T9622] team0: Port device team_slave_1 added [ 296.243891][ T9622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 296.246496][ T9622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.257027][ T9622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.263782][ T9622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.265870][ T9622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.272635][ T9622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.305510][ T9622] hsr_slave_0: entered promiscuous mode [ 296.307691][ T9622] hsr_slave_1: entered promiscuous mode [ 296.366998][ T1951] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 296.370107][ T1951] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 296.373104][ T1951] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 296.376397][ T1951] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 296.379786][ T1951] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 296.382238][ T1951] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.395669][ T1951] usb 8-1: config 0 descriptor?? [ 296.409001][ T1109] bridge_slave_1: left allmulticast mode [ 296.410981][ T1109] bridge_slave_1: left promiscuous mode [ 296.412789][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.416427][ T1109] bridge_slave_0: left allmulticast mode [ 296.417930][ T1109] bridge_slave_0: left promiscuous mode [ 296.419461][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.435549][ T4771] Bluetooth: hci0: command tx timeout [ 296.724590][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 296.736392][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 296.748324][ T1109] bond0 (unregistering): Released all slaves [ 296.808296][ T1951] plantronics 0003:047F:FFFF.0011: ignoring exceeding usage max [ 296.821966][ T1951] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 296.851966][ T1951] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 297.159076][ T1109] hsr_slave_0: left promiscuous mode [ 297.161158][ T1109] hsr_slave_1: left promiscuous mode [ 297.163457][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.166050][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.169510][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.171613][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.191175][ T1109] veth1_macvtap: left promiscuous mode [ 297.193066][ T1109] veth0_macvtap: left promiscuous mode [ 297.195006][ T1109] veth1_vlan: left promiscuous mode [ 297.197588][ T1109] veth0_vlan: left promiscuous mode [ 297.950471][ T4771] Bluetooth: hci1: command tx timeout [ 298.115989][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 298.236465][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 298.515525][ T4771] Bluetooth: hci0: command tx timeout [ 298.517081][ T1951] usb 8-1: reset high-speed USB device number 22 using dummy_hcd [ 299.019185][ T9677] sch_fq: defrate 0 ignored. [ 299.094780][ T9686] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1092'. [ 299.128951][ T9690] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1095'. [ 299.159066][ T9622] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 299.162540][ T9622] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 299.172297][ T9622] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 299.180231][ T9622] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 299.223419][ T9622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.231815][ T9622] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.248121][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.250806][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.288193][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.290672][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.399609][ T9622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.429467][ T9622] veth0_vlan: entered promiscuous mode [ 299.433797][ T9622] veth1_vlan: entered promiscuous mode [ 299.450305][ T9622] veth0_macvtap: entered promiscuous mode [ 299.453683][ T9622] veth1_macvtap: entered promiscuous mode [ 299.454919][ T39] audit: type=1400 audit(1728078951.376:921): avc: denied { map } for pid=9715 comm="syz.1.1101" path="/dev/usbmon0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 299.464554][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.467605][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.470129][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.472819][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.475335][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.477962][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.480530][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.483224][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.487506][ T9622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.491964][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.494684][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.497282][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.499980][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.502503][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.505189][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.507780][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.510504][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.513822][ T9622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.518778][ T9622] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.521116][ T9622] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.523375][ T9622] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.526541][ T9622] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.553032][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.556622][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.569662][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.572158][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.752802][ T39] audit: type=1400 audit(1728078951.676:922): avc: denied { read write } for pid=9719 comm="syz.2.1082" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 299.761707][ T39] audit: type=1400 audit(1728078951.676:923): avc: denied { open } for pid=9719 comm="syz.2.1082" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 299.765464][ T1951] usb 8-1: device descriptor read/64, error -71 [ 299.768453][ T39] audit: type=1400 audit(1728078951.676:924): avc: denied { ioctl } for pid=9719 comm="syz.2.1082" path="/dev/ndctl0" dev="devtmpfs" ino=109 ioctlcmd=0x640a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 299.963065][ T9725] sch_fq: defrate 0 ignored. [ 300.035442][ T4771] Bluetooth: hci1: command tx timeout [ 300.066727][ T1951] usb 8-1: reset high-speed USB device number 22 using dummy_hcd [ 300.363930][ T39] audit: type=1400 audit(1728078952.286:925): avc: denied { mounton } for pid=9738 comm="syz.1.1107" path="/9/file0" dev="tmpfs" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 300.367970][ T9739] ntfs3: nullb0: Primary boot signature is not NTFS. [ 300.373089][ T9739] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 300.496047][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 300.505081][ T9745] 9pnet_fd: Insufficient options for proto=fd [ 300.595370][ T4771] Bluetooth: hci0: command tx timeout [ 300.645579][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 300.649068][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 300.652274][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 300.656378][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 300.659638][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 300.663955][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 300.667331][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.876165][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 300.877945][ T9] usbtmc 5-1:16.0: can't read capabilities [ 300.989800][ T1951] usb 8-1: USB disconnect, device number 22 [ 301.082392][ T9732] 9pnet_fd: Insufficient options for proto=fd [ 301.088445][ T9] usb 5-1: USB disconnect, device number 21 [ 301.308454][ T9751] netlink: 'syz.1.1111': attribute type 3 has an invalid length. [ 301.383393][ T9757] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9757 comm=syz.2.1113 [ 301.389090][ T9757] netlink: 'syz.2.1113': attribute type 1 has an invalid length. [ 301.449422][ T9760] FAULT_INJECTION: forcing a failure. [ 301.449422][ T9760] name failslab, interval 1, probability 0, space 0, times 0 [ 301.453534][ T9760] CPU: 1 UID: 0 PID: 9760 Comm: syz.2.1113 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 301.456920][ T9760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 301.460359][ T9760] Call Trace: [ 301.461590][ T9760] [ 301.462705][ T9760] dump_stack_lvl+0x16c/0x1f0 [ 301.464673][ T9760] should_fail_ex+0x497/0x5b0 [ 301.466450][ T9760] ? fs_reclaim_acquire+0xae/0x160 [ 301.468411][ T9760] should_failslab+0xc2/0x120 [ 301.469994][ T9760] __kmalloc_node_noprof+0xd1/0x430 [ 301.471728][ T9760] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 301.473544][ T9760] __kvmalloc_node_noprof+0xad/0x1a0 [ 301.475312][ T9760] alloc_netdev_mqs+0xd1/0x1420 [ 301.477012][ T9760] ? __pfx_vlan_setup+0x10/0x10 [ 301.478620][ T9760] rtnl_create_link+0xc10/0xfa0 [ 301.480249][ T9760] __rtnl_newlink+0x10ae/0x1920 [ 301.481869][ T9760] ? __pfx___rtnl_newlink+0x10/0x10 [ 301.483613][ T9760] rtnl_newlink+0x67/0xa0 [ 301.485225][ T9760] ? __pfx_rtnl_newlink+0x10/0x10 [ 301.487140][ T9760] rtnetlink_rcv_msg+0x3c7/0xea0 [ 301.488948][ T9760] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 301.490953][ T9760] netlink_rcv_skb+0x16b/0x440 [ 301.492651][ T9760] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 301.494533][ T9760] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 301.496368][ T9760] ? netlink_deliver_tap+0x1ae/0xd90 [ 301.498241][ T9760] netlink_unicast+0x53c/0x7f0 [ 301.499920][ T9760] ? __pfx_netlink_unicast+0x10/0x10 [ 301.501696][ T9760] netlink_sendmsg+0x8b8/0xd70 [ 301.503469][ T9760] ? __pfx_netlink_sendmsg+0x10/0x10 [ 301.505575][ T9760] ? __import_iovec+0x1fd/0x6e0 [ 301.507582][ T9760] ____sys_sendmsg+0xaaf/0xc90 [ 301.509285][ T9760] ? copy_msghdr_from_user+0x10b/0x160 [ 301.511081][ T9760] ? __pfx_____sys_sendmsg+0x10/0x10 [ 301.512856][ T9760] ? __pfx___lock_acquire+0x10/0x10 [ 301.514742][ T9760] ___sys_sendmsg+0x135/0x1e0 [ 301.516415][ T9760] ? __pfx____sys_sendmsg+0x10/0x10 [ 301.518243][ T9760] ? lock_acquire+0x2f/0xb0 [ 301.519833][ T9760] ? __fget_files+0x40/0x3f0 [ 301.521483][ T9760] ? fdget+0x176/0x210 [ 301.522801][ T9760] __sys_sendmsg+0x117/0x1f0 [ 301.524429][ T9760] ? __pfx___sys_sendmsg+0x10/0x10 [ 301.526212][ T9760] ? __fget_files+0x244/0x3f0 [ 301.528074][ T9760] do_syscall_64+0xcd/0x250 [ 301.530029][ T9760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.532675][ T9760] RIP: 0033:0x7f128ff7dff9 [ 301.534419][ T9760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.541088][ T9760] RSP: 002b:00007f1290d33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 301.543974][ T9760] RAX: ffffffffffffffda RBX: 00007f1290136058 RCX: 00007f128ff7dff9 [ 301.546632][ T9760] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 301.549200][ T9760] RBP: 00007f1290d33090 R08: 0000000000000000 R09: 0000000000000000 [ 301.551899][ T9760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.554800][ T9760] R13: 0000000000000000 R14: 00007f1290136058 R15: 00007ffc2da4e008 [ 301.557747][ T9760] [ 301.622699][ T9764] Illegal XDP return value 4294967274 on prog (id 257) dev N/A, expect packet loss! [ 301.715222][ T9770] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'. [ 301.718893][ T9770] netlink: 'syz.3.1114': attribute type 25 has an invalid length. [ 301.725263][ T9770] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.728453][ T9770] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.731506][ T9770] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.734549][ T9770] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.836984][ T9776] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9776 comm=syz.0.1119 [ 301.840518][ T9776] netlink: 'syz.0.1119': attribute type 1 has an invalid length. [ 301.887272][ T9776] 8021q: adding VLAN 0 to HW filter on device bond1 [ 301.908002][ T9776] bond1: (slave ip6gretap1): making interface the new active one [ 301.911981][ T9776] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 301.921337][ T9776] vlan2: entered promiscuous mode [ 301.922772][ T9776] bond1: entered promiscuous mode [ 301.924160][ T9776] ip6gretap1: entered promiscuous mode [ 301.928010][ T9776] vlan2: entered allmulticast mode [ 301.929466][ T9776] bond1: entered allmulticast mode [ 301.930883][ T9776] ip6gretap1: entered allmulticast mode [ 302.029872][ T9789] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 302.105909][ T4771] Bluetooth: hci1: command tx timeout [ 302.215462][ T1302] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 302.380570][ T1302] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 302.384624][ T1302] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 302.388443][ T1302] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 302.391776][ T1302] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 302.396317][ T1302] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 302.399373][ T1302] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.403726][ T1302] usb 6-1: config 0 descriptor?? [ 302.486476][ T9799] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 302.491939][ T9799] FAULT_INJECTION: forcing a failure. [ 302.491939][ T9799] name failslab, interval 1, probability 0, space 0, times 0 [ 302.497643][ T9799] CPU: 1 UID: 0 PID: 9799 Comm: syz.3.1127 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 302.501295][ T9799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 302.504881][ T9799] Call Trace: [ 302.506037][ T9799] [ 302.507067][ T9799] dump_stack_lvl+0x16c/0x1f0 [ 302.508813][ T9799] should_fail_ex+0x497/0x5b0 [ 302.510188][ T9799] ? fs_reclaim_acquire+0xae/0x160 [ 302.511661][ T9799] should_failslab+0xc2/0x120 [ 302.513006][ T9799] __kmalloc_noprof+0xcb/0x400 [ 302.514324][ T9799] ? hlock_class+0x4e/0x130 [ 302.515626][ T9799] ovl_lookup+0x116a/0x21f0 [ 302.516954][ T9799] ? __pfx_ovl_lookup+0x10/0x10 [ 302.518417][ T9799] ? lock_acquire.part.0+0x11b/0x380 [ 302.519951][ T9799] ? find_held_lock+0x2d/0x110 [ 302.521612][ T9799] ? d_alloc+0x176/0x1e0 [ 302.523265][ T9799] ? __pfx_lock_release+0x10/0x10 [ 302.525208][ T9799] ? do_raw_spin_lock+0x12d/0x2c0 [ 302.527119][ T9799] ? do_raw_spin_unlock+0x172/0x230 [ 302.529037][ T9799] ? _raw_spin_unlock+0x28/0x50 [ 302.530402][ T9799] lookup_one_qstr_excl+0x11d/0x190 [ 302.531803][ T9799] ? mnt_want_write+0x161/0x450 [ 302.533215][ T9799] do_renameat2+0x532/0xdd0 [ 302.534526][ T9799] ? __pfx_do_renameat2+0x10/0x10 [ 302.535996][ T9799] ? trace_lock_acquire+0x14a/0x1d0 [ 302.537505][ T9799] ? lock_acquire+0x2f/0xb0 [ 302.538770][ T9799] ? __might_fault+0xe3/0x190 [ 302.540106][ T9799] ? __might_fault+0xe3/0x190 [ 302.541741][ T9799] ? getname_flags.part.0+0x1c5/0x550 [ 302.543295][ T9799] __x64_sys_renameat2+0xe7/0x130 [ 302.544708][ T9799] do_syscall_64+0xcd/0x250 [ 302.546097][ T9799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.547722][ T9799] RIP: 0033:0x7fb676f7dff9 [ 302.549015][ T9799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.554734][ T9799] RSP: 002b:00007fb677d99038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 302.557335][ T9799] RAX: ffffffffffffffda RBX: 00007fb677135f80 RCX: 00007fb676f7dff9 [ 302.559442][ T9799] RDX: ffffffffffffff9c RSI: 0000000020000a00 RDI: ffffffffffffff9c [ 302.561865][ T9799] RBP: 00007fb677d99090 R08: 0000000000000002 R09: 0000000000000000 [ 302.564139][ T9799] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000001 [ 302.566454][ T9799] R13: 0000000000000000 R14: 00007fb677135f80 R15: 00007ffd9c194838 [ 302.568725][ T9799] [ 302.811207][ T1302] plantronics 0003:047F:FFFF.0012: ignoring exceeding usage max [ 302.815133][ T1302] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 302.821021][ T9807] netlink: 'syz.0.1130': attribute type 2 has an invalid length. [ 302.835011][ T1302] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 303.482283][ T55] usb 6-1: USB disconnect, device number 16 [ 303.724209][ T9818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1132'. [ 303.728795][ T9818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1132'. [ 303.949838][ T9826] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 304.169665][ T9828] FAULT_INJECTION: forcing a failure. [ 304.169665][ T9828] name failslab, interval 1, probability 0, space 0, times 0 [ 304.173673][ T9828] CPU: 3 UID: 0 PID: 9828 Comm: syz.1.1136 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 304.177210][ T9828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.180826][ T9828] Call Trace: [ 304.181977][ T9828] [ 304.182999][ T9828] dump_stack_lvl+0x16c/0x1f0 [ 304.184629][ T9828] should_fail_ex+0x497/0x5b0 [ 304.185526][ T4771] Bluetooth: hci1: command tx timeout [ 304.186134][ T9828] should_failslab+0xc2/0x120 [ 304.189193][ T9828] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 304.191032][ T9828] ? skb_clone+0x190/0x3f0 [ 304.192569][ T9828] skb_clone+0x190/0x3f0 [ 304.194018][ T9828] netlink_deliver_tap+0xab3/0xd90 [ 304.195769][ T9828] netlink_unicast+0x5e1/0x7f0 [ 304.197444][ T9828] ? __pfx_netlink_unicast+0x10/0x10 [ 304.199262][ T9828] netlink_sendmsg+0x8b8/0xd70 [ 304.200933][ T9828] ? __pfx_netlink_sendmsg+0x10/0x10 [ 304.202727][ T9828] ? __import_iovec+0x1fd/0x6e0 [ 304.204374][ T9828] ____sys_sendmsg+0xaaf/0xc90 [ 304.206026][ T9828] ? copy_msghdr_from_user+0x10b/0x160 [ 304.207903][ T9828] ? __pfx_____sys_sendmsg+0x10/0x10 [ 304.209726][ T9828] ? __pfx___lock_acquire+0x10/0x10 [ 304.211504][ T9828] ___sys_sendmsg+0x135/0x1e0 [ 304.213115][ T9828] ? __pfx____sys_sendmsg+0x10/0x10 [ 304.214889][ T9828] ? lock_acquire+0x2f/0xb0 [ 304.216438][ T9828] ? __fget_files+0x40/0x3f0 [ 304.218045][ T9828] ? fdget+0x176/0x210 [ 304.219429][ T9828] __sys_sendmsg+0x117/0x1f0 [ 304.221016][ T9828] ? __pfx___sys_sendmsg+0x10/0x10 [ 304.222750][ T9828] ? __fget_files+0x244/0x3f0 [ 304.224361][ T9828] do_syscall_64+0xcd/0x250 [ 304.225931][ T9828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.227927][ T9828] RIP: 0033:0x7fe1b677dff9 [ 304.229460][ T9828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.235711][ T9828] RSP: 002b:00007fe1b74d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 304.238434][ T9828] RAX: ffffffffffffffda RBX: 00007fe1b6935f80 RCX: 00007fe1b677dff9 [ 304.241139][ T9828] RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003 [ 304.243780][ T9828] RBP: 00007fe1b74d6090 R08: 0000000000000000 R09: 0000000000000000 [ 304.246270][ T9828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.248922][ T9828] R13: 0000000000000000 R14: 00007fe1b6935f80 R15: 00007ffd6af89cc8 [ 304.251575][ T9828] [ 304.386596][ T9838] FAULT_INJECTION: forcing a failure. [ 304.386596][ T9838] name failslab, interval 1, probability 0, space 0, times 0 [ 304.389889][ T9838] CPU: 2 UID: 0 PID: 9838 Comm: syz.2.1140 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 304.392695][ T9838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.395471][ T9838] Call Trace: [ 304.396369][ T9838] [ 304.397309][ T9838] dump_stack_lvl+0x16c/0x1f0 [ 304.399050][ T9838] should_fail_ex+0x497/0x5b0 [ 304.400796][ T9838] ? fs_reclaim_acquire+0xae/0x160 [ 304.402664][ T9838] should_failslab+0xc2/0x120 [ 304.404224][ T9838] __kmalloc_cache_noprof+0x6b/0x300 [ 304.405606][ T9838] ? __nla_parse+0x40/0x60 [ 304.406769][ T9838] ? tcf_ife_init+0x216/0x14f0 [ 304.408015][ T9838] tcf_ife_init+0x216/0x14f0 [ 304.409235][ T9838] ? __pfx_tcf_ife_init+0x10/0x10 [ 304.410556][ T9838] ? tcf_action_init_1+0x2d4/0x6c0 [ 304.411922][ T9838] ? __asan_memcpy+0x3c/0x60 [ 304.413143][ T9838] tcf_action_init_1+0x45f/0x6c0 [ 304.414436][ T9838] ? __pfx_tcf_action_init_1+0x10/0x10 [ 304.415863][ T9838] ? __nla_parse+0x40/0x60 [ 304.417047][ T9838] tcf_action_init+0x501/0x810 [ 304.418313][ T9838] ? __pfx_tcf_action_init+0x10/0x10 [ 304.419704][ T9838] ? lock_acquire.part.0+0x11b/0x380 [ 304.421102][ T9838] ? is_bpf_text_address+0x94/0x1a0 [ 304.422508][ T9838] ? hlock_class+0x4e/0x130 [ 304.423710][ T9838] ? __pfx___lock_acquire+0x10/0x10 [ 304.425070][ T9838] ? hlock_class+0x4e/0x130 [ 304.426267][ T9838] ? __lock_acquire+0xbdd/0x3ce0 [ 304.427586][ T9838] tcf_action_add+0xfd/0x5d0 [ 304.428909][ T9838] ? __pfx_tcf_action_add+0x10/0x10 [ 304.430490][ T9838] ? __pfx_lock_release+0x10/0x10 [ 304.432099][ T9838] ? __nla_parse+0x40/0x60 [ 304.432116][ T9838] tc_ctl_action+0x35d/0x470 [ 304.432127][ T9838] ? __pfx_tc_ctl_action+0x10/0x10 [ 304.432141][ T9838] ? __pfx_tc_ctl_action+0x10/0x10 [ 304.437696][ T9838] rtnetlink_rcv_msg+0x3c7/0xea0 [ 304.439006][ T9838] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 304.440444][ T9838] netlink_rcv_skb+0x16b/0x440 [ 304.441719][ T9838] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 304.443176][ T9838] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 304.444612][ T9838] ? netlink_deliver_tap+0x1ae/0xd90 [ 304.446116][ T9838] netlink_unicast+0x53c/0x7f0 [ 304.447470][ T9838] ? __pfx_netlink_unicast+0x10/0x10 [ 304.448880][ T9838] netlink_sendmsg+0x8b8/0xd70 [ 304.450146][ T9838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 304.451517][ T9838] ? __import_iovec+0x1fd/0x6e0 [ 304.452826][ T9838] ____sys_sendmsg+0xaaf/0xc90 [ 304.453520][ T9840] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 304.454064][ T9838] ? copy_msghdr_from_user+0x10b/0x160 [ 304.457493][ T9838] ? __pfx_____sys_sendmsg+0x10/0x10 [ 304.458842][ T9838] ? __pfx___lock_acquire+0x10/0x10 [ 304.460192][ T9838] ___sys_sendmsg+0x135/0x1e0 [ 304.461442][ T9838] ? __pfx____sys_sendmsg+0x10/0x10 [ 304.462852][ T9838] ? lock_acquire+0x2f/0xb0 [ 304.464046][ T9838] ? __fget_files+0x40/0x3f0 [ 304.465396][ T9838] ? fdget+0x176/0x210 [ 304.466480][ T9838] __sys_sendmsg+0x117/0x1f0 [ 304.467756][ T9838] ? __pfx___sys_sendmsg+0x10/0x10 [ 304.469125][ T9838] ? __fget_files+0x244/0x3f0 [ 304.470371][ T9838] do_syscall_64+0xcd/0x250 [ 304.471570][ T9838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.473119][ T9838] RIP: 0033:0x7f128ff7dff9 [ 304.474286][ T9838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.479258][ T9838] RSP: 002b:00007f1290d54038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 304.481573][ T9838] RAX: ffffffffffffffda RBX: 00007f1290135f80 RCX: 00007f128ff7dff9 [ 304.483721][ T9838] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 304.485772][ T9838] RBP: 00007f1290d54090 R08: 0000000000000000 R09: 0000000000000000 [ 304.487833][ T9838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.489888][ T9838] R13: 0000000000000000 R14: 00007f1290135f80 R15: 00007ffc2da4e008 [ 304.491982][ T9838] [ 304.529220][ T39] audit: type=1400 audit(1728078956.456:926): avc: denied { connect } for pid=9849 comm="syz.2.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 304.613067][ T39] audit: type=1400 audit(1728078956.536:927): avc: denied { read } for pid=9851 comm="syz.2.1146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 304.786083][ T7840] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 304.865248][ T9864] tty tty22: ldisc open failed (-12), clearing slot 21 [ 305.008980][ T7840] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 305.021495][ T7840] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 305.035256][ T7840] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 305.047417][ T7840] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 305.066410][ T7840] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 305.078079][ T7840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.179275][ T7840] usb 5-1: config 0 descriptor?? [ 305.454325][ T39] audit: type=1400 audit(1728078957.376:928): avc: denied { accept } for pid=9870 comm="syz.1.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 305.461245][ T39] audit: type=1400 audit(1728078957.386:929): avc: denied { create } for pid=9870 comm="syz.1.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 305.474209][ T39] audit: type=1400 audit(1728078957.396:930): avc: denied { read } for pid=9870 comm="syz.1.1150" path="socket:[38352]" dev="sockfs" ino=38352 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 305.607208][ T7840] plantronics 0003:047F:FFFF.0013: ignoring exceeding usage max [ 305.611095][ T7840] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 305.627360][ T7840] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 305.696825][ T39] audit: type=1400 audit(1728078957.626:931): avc: denied { watch } for pid=9876 comm="syz.3.1153" path="/39/file0" dev="tmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 306.085103][ T9883] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 306.101747][ T39] audit: type=1326 audit(1728078958.026:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9882 comm="syz.3.1155" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb676f7dff9 code=0x7ffc0000 [ 306.112024][ T39] audit: type=1326 audit(1728078958.036:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9882 comm="syz.3.1155" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb676f7dff9 code=0x7ffc0000 [ 306.121958][ T39] audit: type=1326 audit(1728078958.036:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9882 comm="syz.3.1155" exe="/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fb676f7dff9 code=0x7ffc0000 [ 306.129775][ T39] audit: type=1326 audit(1728078958.036:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9882 comm="syz.3.1155" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb676f7dff9 code=0x7ffc0000 [ 306.238869][ T35] usb 5-1: USB disconnect, device number 22 [ 306.615487][ T35] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 306.766112][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 306.780079][ T35] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 306.788946][ T35] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 306.798596][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 306.807129][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 306.816582][ T35] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 306.827064][ T35] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 306.830177][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.927887][ T9893] netlink: 'syz.1.1157': attribute type 3 has an invalid length. [ 306.929831][ T9893] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1157'. [ 307.025115][ T9895] (syz.1.1157,9895,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 307.027802][ T9895] (syz.1.1157,9895,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 307.046960][ T35] usb 8-1: GET_CAPABILITIES returned 0 [ 307.049514][ T35] usbtmc 8-1:16.0: can't read capabilities [ 307.081284][ T9896] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1159'. [ 307.581486][ T9886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.584511][ T9886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.701438][ T5343] usb 8-1: USB disconnect, device number 23 [ 307.702300][ T9905] usbtmc 8-1:16.0: usb_control_msg returned -71 [ 308.633118][ T9929] usb 2-1: USB disconnect, device number 3 [ 308.796081][ T9926] hub 2-0:1.0: USB hub found [ 308.796085][ T9932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1165'. [ 308.797951][ T9926] hub 2-0:1.0: 6 ports detected [ 308.998803][ T1102] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 309.007514][ T9935] virtio-fs: tag <(null)> not found [ 309.027292][ T5396] usb 2-1: new high-speed USB device number 4 using ehci-pci [ 309.220180][ T5396] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 309.223358][ T5396] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 309.228641][ T5396] usb 2-1: Product: QEMU USB Tablet [ 309.234181][ T5396] usb 2-1: Manufacturer: QEMU [ 309.237589][ T5396] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 309.288908][ T5396] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0014/input/input19 [ 309.418521][ T5396] hid-generic 0003:0627:0001.0014: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 309.425439][ T7840] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 309.593683][ T7840] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 309.597185][ T7840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 309.600404][ T7840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 309.603207][ T7840] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 309.607174][ T7840] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 309.610246][ T7840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.617326][ T7840] usb 6-1: config 0 descriptor?? [ 309.977275][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 309.977289][ T39] audit: type=1400 audit(1728078961.906:945): avc: denied { bind } for pid=9942 comm="syz.0.1168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 310.034127][ T39] audit: type=1400 audit(1728078961.956:946): avc: denied { write } for pid=9942 comm="syz.0.1168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 310.079915][ T7840] plantronics 0003:047F:FFFF.0015: ignoring exceeding usage max [ 310.274822][ T7840] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 310.283788][ T7840] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 310.427993][ T9956] netlink: 'syz.0.1171': attribute type 10 has an invalid length. [ 310.444482][ T9956] team0: Port device netdevsim0 added [ 310.573695][ T9960] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 310.576246][ T9960] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1172'. [ 310.661296][ T9962] (syz.3.1172,9962,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 310.664144][ T9962] (syz.3.1172,9962,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 310.681143][ T5397] usb 6-1: USB disconnect, device number 17 [ 310.716355][ T9963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1171'. [ 311.263720][ T39] audit: type=1400 audit(1728078963.186:947): avc: denied { watch watch_reads } for pid=9964 comm="syz.1.1173" path="pipe:[34358]" dev="pipefs" ino=34358 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 311.608052][ T39] audit: type=1400 audit(1728078963.536:948): avc: denied { read } for pid=9964 comm="syz.1.1173" name="btrfs-control" dev="devtmpfs" ino=1149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 311.616752][ T39] audit: type=1400 audit(1728078963.536:949): avc: denied { open } for pid=9964 comm="syz.1.1173" path="/dev/btrfs-control" dev="devtmpfs" ino=1149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 311.623007][ T39] audit: type=1400 audit(1728078963.536:950): avc: denied { ioctl } for pid=9964 comm="syz.1.1173" path="/dev/btrfs-control" dev="devtmpfs" ino=1149 ioctlcmd=0x9405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 312.580305][ T9981] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1177'. [ 312.677520][ T39] audit: type=1400 audit(1728078964.606:951): avc: denied { connect } for pid=9984 comm="syz.0.1178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 313.085828][ T39] audit: type=1400 audit(1728078965.016:952): avc: denied { connect } for pid=9988 comm="syz.1.1179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 313.519057][ T9986] virtio-fs: tag <(null)> not found [ 315.090348][ T5341] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 315.094200][ T5341] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 315.102465][ T5341] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 315.105792][ T5341] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 315.109485][ T5341] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 315.111954][ T5341] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 315.174850][T10004] chnl_net:caif_netlink_parms(): no params data found [ 315.455975][T10004] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.457867][T10004] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.459707][T10004] bridge_slave_0: entered allmulticast mode [ 315.461825][T10004] bridge_slave_0: entered promiscuous mode [ 315.464537][T10004] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.466889][T10004] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.468882][T10004] bridge_slave_1: entered allmulticast mode [ 315.470860][T10004] bridge_slave_1: entered promiscuous mode [ 315.493168][T10004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 315.499270][T10004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 315.521789][T10004] team0: Port device team_slave_0 added [ 315.524481][T10004] team0: Port device team_slave_1 added [ 315.542480][T10004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 315.544241][T10004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.551151][T10004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.554602][T10004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.556461][T10004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.563086][T10004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.586411][T10004] hsr_slave_0: entered promiscuous mode [ 315.588486][T10004] hsr_slave_1: entered promiscuous mode [ 315.590294][T10004] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 315.592249][T10004] Cannot create hsr debugfs directory [ 315.790273][T10004] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.236768][T10004] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.830545][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.832196][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.145563][ T5341] Bluetooth: hci4: command tx timeout [ 317.514648][T10004] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.421073][T10004] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.497808][T10004] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 318.587265][T10004] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 318.590948][T10004] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 318.594416][T10004] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 318.647137][T10004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.654974][T10004] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.658856][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.660753][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.666184][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.668071][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.745863][T10004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.763569][T10004] veth0_vlan: entered promiscuous mode [ 318.768632][T10004] veth1_vlan: entered promiscuous mode [ 318.780036][T10004] veth0_macvtap: entered promiscuous mode [ 318.783768][T10004] veth1_macvtap: entered promiscuous mode [ 318.790105][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.792862][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.795616][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.798344][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.800899][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.803596][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.806651][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.809379][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.811920][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.814644][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.818187][T10004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.822655][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.825484][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.828038][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.830745][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.833288][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.836127][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.838678][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.841531][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.844056][T10004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.846820][T10004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.850905][T10004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.856130][T10004] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.859133][T10004] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.862103][T10004] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.865069][T10004] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.225412][ T5341] Bluetooth: hci4: command tx timeout [ 319.284239][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.288620][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.297450][ T1109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.299434][ T1109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.340644][T10021] FAULT_INJECTION: forcing a failure. [ 319.340644][T10021] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.344203][T10021] CPU: 3 UID: 0 PID: 10021 Comm: syz.3.1192 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 319.346946][T10021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 319.349659][T10021] Call Trace: [ 319.350535][T10021] [ 319.351307][T10021] dump_stack_lvl+0x16c/0x1f0 [ 319.352532][T10021] should_fail_ex+0x497/0x5b0 [ 319.353752][T10021] _copy_to_user+0x30/0xc0 [ 319.354898][T10021] video_usercopy+0xf37/0x1600 [ 319.356454][T10021] ? __pfx___video_do_ioctl+0x10/0x10 [ 319.358137][T10021] ? __pfx_video_usercopy+0x10/0x10 [ 319.359516][T10021] v4l2_ioctl+0x1ba/0x250 [ 319.360676][T10021] ? __pfx_v4l2_ioctl+0x10/0x10 [ 319.361960][T10021] __x64_sys_ioctl+0x18f/0x220 [ 319.363230][T10021] do_syscall_64+0xcd/0x250 [ 319.364447][T10021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.365997][T10021] RIP: 0033:0x7fb676f7dff9 [ 319.367186][T10021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.372190][T10021] RSP: 002b:00007fb677d99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 319.374406][T10021] RAX: ffffffffffffffda RBX: 00007fb677135f80 RCX: 00007fb676f7dff9 [ 319.376516][T10021] RDX: 0000000020000140 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 319.378568][T10021] RBP: 00007fb677d99090 R08: 0000000000000000 R09: 0000000000000000 [ 319.380640][T10021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.382695][T10021] R13: 0000000000000000 R14: 00007fb677135f80 R15: 00007ffd9c194838 [ 319.384769][T10021] [ 319.415476][T10026] netlink: 'syz.1.1184': attribute type 10 has an invalid length. [ 319.422040][T10026] team0: Port device netdevsim0 added [ 319.625758][T10034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1184'. [ 319.652803][T10035] netlink: 'syz.2.1183': attribute type 3 has an invalid length. [ 319.654870][T10035] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1183'. [ 319.804546][T10037] (syz.2.1183,10037,2):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 319.811911][T10037] (syz.2.1183,10037,2):ocfs2_fill_super:1178 ERROR: status = -22 [ 321.222576][ T5397] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 321.315502][ T4771] Bluetooth: hci4: command tx timeout [ 323.054191][ T4771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 323.072563][ T4771] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 323.075192][ T4771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 323.080272][ T4771] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 323.082653][ T4771] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 323.084674][ T4771] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 323.385454][ T5341] Bluetooth: hci4: command tx timeout [ 325.150029][ T5341] Bluetooth: hci3: command tx timeout [ 327.225476][ T5341] Bluetooth: hci3: command tx timeout [ 329.305486][ T5341] Bluetooth: hci3: command tx timeout [ 331.385534][ T5341] Bluetooth: hci3: command tx timeout [ 331.504074][T10056] chnl_net:caif_netlink_parms(): no params data found [ 331.550987][ T4771] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 331.554694][ T4771] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 331.558073][ T4771] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 331.561026][ T4771] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 331.563046][ T4771] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 331.564968][ T4771] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 331.810665][ T89] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.870842][T10056] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.872656][T10056] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.874491][T10056] bridge_slave_0: entered allmulticast mode [ 331.880593][T10056] bridge_slave_0: entered promiscuous mode [ 331.899265][ T89] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.906287][T10056] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.908194][T10056] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.910169][T10056] bridge_slave_1: entered allmulticast mode [ 331.912370][T10056] bridge_slave_1: entered promiscuous mode [ 331.941285][T10056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.947694][T10056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.989056][T10056] team0: Port device team_slave_0 added [ 331.997793][T10056] team0: Port device team_slave_1 added [ 332.012388][ T89] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.044709][T10056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 332.047160][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 332.054612][T10056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 332.061478][T10056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 332.063316][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 332.070101][T10056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 332.093359][ T89] team0: Port device netdevsim0 removed [ 332.097098][ T89] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.127618][T10056] hsr_slave_0: entered promiscuous mode [ 332.129637][T10056] hsr_slave_1: entered promiscuous mode [ 332.131386][T10056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 332.133364][T10056] Cannot create hsr debugfs directory [ 332.134927][T10068] chnl_net:caif_netlink_parms(): no params data found [ 332.221005][T10068] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.223619][T10068] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.226340][T10068] bridge_slave_0: entered allmulticast mode [ 332.231586][T10068] bridge_slave_0: entered promiscuous mode [ 332.259505][T10068] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.261512][T10068] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.263419][T10068] bridge_slave_1: entered allmulticast mode [ 332.265556][T10068] bridge_slave_1: entered promiscuous mode [ 332.276197][ T89] bridge_slave_1: left allmulticast mode [ 332.278357][ T89] bridge_slave_1: left promiscuous mode [ 332.280429][ T89] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.284100][ T89] bridge_slave_0: left allmulticast mode [ 332.285708][ T89] bridge_slave_0: left promiscuous mode [ 332.287177][ T89] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.319966][ T89] bond1: left allmulticast mode [ 332.321578][ T89] ip6gretap1: left allmulticast mode [ 332.323504][ T89] bond1: left promiscuous mode [ 332.325118][ T89] ip6gretap1: left promiscuous mode [ 332.366616][ T89] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 332.610861][ T89] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.615015][ T89] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.619922][ T89] bond0 (unregistering): Released all slaves [ 332.718112][ T89] bond1 (unregistering): Released all slaves [ 332.740307][T10068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 332.760970][T10068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 332.813505][T10068] team0: Port device team_slave_0 added [ 332.827008][ C3] ================================================================== [ 332.829814][ C3] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 [ 332.832791][ C3] Read of size 4 at addr ffff8880299c0008 by task kworker/3:1/55 [ 332.836069][ C3] [ 332.836605][ T39] audit: type=1400 audit(1728078984.756:953): avc: denied { write } for pid=5320 comm="syz-executor" path="pipe:[5067]" dev="pipefs" ino=5067 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 332.837417][ C3] CPU: 3 UID: 0 PID: 55 Comm: kworker/3:1 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 332.849023][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 332.852667][ C3] Workqueue: events_long defense_work_handler [ 332.854855][ C3] Call Trace: [ 332.856057][ C3] [ 332.857007][ C3] dump_stack_lvl+0x116/0x1f0 [ 332.858680][ C3] print_report+0xc3/0x620 [ 332.860542][ C3] ? __virt_addr_valid+0x5e/0x590 [ 332.862263][ C3] ? __phys_addr+0xc6/0x150 [ 332.863857][ C3] kasan_report+0xd9/0x110 [ 332.865480][ C3] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 332.867700][ C3] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 332.869755][ C3] __rhashtable_lookup.constprop.0+0x426/0x550 [ 332.871757][ C3] ? lock_acquire+0x2f/0xb0 [ 332.873480][ C3] ? ila_nf_input+0x1bd/0x620 [ 332.875027][ C3] ila_nf_input+0x1ee/0x620 [ 332.876611][ C3] ? __pfx_ila_nf_input+0x10/0x10 [ 332.878419][ C3] nf_hook_slow+0xbb/0x200 [ 332.879970][ C3] nf_hook.constprop.0+0x42e/0x750 [ 332.881847][ C3] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 332.883644][ C3] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 332.885632][ C3] ? sock_wfree+0x46a/0x880 [ 332.887120][ C3] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 332.888958][ C3] ? __pfx_ipv6_rcv+0x10/0x10 [ 332.890538][ C3] ipv6_rcv+0xa4/0x680 [ 332.891874][ C3] ? __pfx_ipv6_rcv+0x10/0x10 [ 332.893497][ C3] __netif_receive_skb_one_core+0x12e/0x1e0 [ 332.895540][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 332.897776][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 332.899528][ C3] ? process_backlog+0x3f1/0x15f0 [ 332.901215][ C3] ? process_backlog+0x3f1/0x15f0 [ 332.902962][ C3] __netif_receive_skb+0x1d/0x160 [ 332.904641][ C3] process_backlog+0x443/0x15f0 [ 332.906017][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 332.907406][ C3] net_rx_action+0xa92/0x1010 [ 332.908649][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 332.910008][ C3] ? __pfx_mark_lock+0x10/0x10 [ 332.911258][ C3] ? kvm_sched_clock_read+0x11/0x20 [ 332.912709][ C3] ? sched_clock+0x38/0x60 [ 332.914238][ C3] ? sched_clock_cpu+0x6d/0x4d0 [ 332.915898][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 332.917676][ C3] ? mark_held_locks+0x9f/0xe0 [ 332.918951][ C3] handle_softirqs+0x213/0x8f0 [ 332.920230][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 332.921631][ C3] ? update_defense_level+0x5c9/0xf50 [ 332.923056][ C3] do_softirq+0xb2/0xf0 [ 332.924170][ C3] [ 332.924971][ C3] [ 332.925761][ C3] __local_bh_enable_ip+0x100/0x120 [ 332.927148][ C3] update_defense_level+0x5ce/0xf50 [ 332.928534][ C3] ? __pfx_update_defense_level+0x10/0x10 [ 332.930031][ C3] ? process_one_work+0x921/0x1ba0 [ 332.931378][ C3] defense_work_handler+0x26/0xd0 [ 332.932718][ C3] process_one_work+0x9c5/0x1ba0 [ 332.934018][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 332.935476][ C3] ? __pfx_process_one_work+0x10/0x10 [ 332.936904][ C3] ? assign_work+0x1a0/0x250 [ 332.938130][ C3] worker_thread+0x6c8/0xf00 [ 332.939355][ C3] ? __pfx_worker_thread+0x10/0x10 [ 332.940706][ C3] kthread+0x2c1/0x3a0 [ 332.941792][ C3] ? _raw_spin_unlock_irq+0x23/0x50 [ 332.943164][ C3] ? __pfx_kthread+0x10/0x10 [ 332.944699][ C3] ret_from_fork+0x45/0x80 [ 332.946280][ C3] ? __pfx_kthread+0x10/0x10 [ 332.947901][ C3] ret_from_fork_asm+0x1a/0x30 [ 332.949601][ C3] [ 332.950697][ C3] [ 332.951548][ C3] The buggy address belongs to the physical page: [ 332.953844][ C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880299c2000 pfn:0x299c0 [ 332.956507][ C3] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 332.958257][ C3] raw: 00fff00000000000 ffffea00012b4c08 ffff88806a944fb0 0000000000000000 [ 332.960428][ C3] raw: ffff8880299c2000 0000000000000000 00000000ffffffff 0000000000000000 [ 332.962527][ C3] page dumped because: kasan: bad access detected [ 332.964359][ C3] page_owner tracks the page as freed [ 332.966183][ C3] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 9119, tgid 9119 (syz-executor), ts 268581262044, free_ts 332814819528 [ 332.973102][ C3] post_alloc_hook+0x2d1/0x350 [ 332.974708][ C3] get_page_from_freelist+0x101e/0x3070 [ 332.976168][ C3] __alloc_pages_noprof+0x223/0x25c0 [ 332.977555][ C3] ___kmalloc_large_node+0x84/0x1b0 [ 332.978917][ C3] __kmalloc_large_node_noprof+0x1c/0x70 [ 332.980387][ C3] __kmalloc_node_noprof.cold+0x5/0x5f [ 332.981804][ C3] __kvmalloc_node_noprof+0x6f/0x1a0 [ 332.983194][ C3] bucket_table_alloc.isra.0+0x86/0x460 [ 332.985058][ C3] rhashtable_init_noprof+0x41a/0x7e0 [ 332.986942][ C3] ila_xlat_init_net+0xb5/0x110 [ 332.988656][ C3] ops_init+0x1df/0x5f0 [ 332.990116][ C3] setup_net+0x21f/0x860 [ 332.991499][ C3] copy_net_ns+0x2b4/0x6b0 [ 332.992995][ C3] create_new_namespaces+0x3ea/0xad0 [ 332.994828][ C3] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 332.996713][ C3] ksys_unshare+0x419/0x970 [ 332.998327][ C3] page last free pid 89 tgid 89 stack trace: [ 333.000329][ C3] free_unref_page+0x5f4/0xdc0 [ 333.001967][ C3] __folio_put+0x30d/0x3d0 [ 333.003526][ C3] kvfree+0x47/0x50 [ 333.004845][ C3] rhashtable_free_and_destroy+0x16c/0x990 [ 333.006801][ C3] ila_xlat_exit_net+0x59/0xa0 [ 333.008435][ C3] ops_exit_list+0xb0/0x180 [ 333.009955][ C3] cleanup_net+0x5b7/0xb40 [ 333.011418][ C3] process_one_work+0x9c5/0x1ba0 [ 333.013115][ C3] worker_thread+0x6c8/0xf00 [ 333.014786][ C3] kthread+0x2c1/0x3a0 [ 333.016282][ C3] ret_from_fork+0x45/0x80 [ 333.017879][ C3] ret_from_fork_asm+0x1a/0x30 [ 333.019615][ C3] [ 333.020510][ C3] Memory state around the buggy address: [ 333.022502][ C3] ffff8880299bff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 333.024840][ C3] ffff8880299bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 333.026909][ C3] >ffff8880299c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 333.028998][ C3] ^ [ 333.030127][ C3] ffff8880299c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 333.032230][ C3] ffff8880299c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 333.034636][ C3] ================================================================== [ 333.037521][ C3] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 333.039975][ C3] CPU: 3 UID: 0 PID: 55 Comm: kworker/3:1 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 333.043648][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 333.046686][ C3] Workqueue: events_long defense_work_handler [ 333.048286][ C3] Call Trace: [ 333.049162][ C3] [ 333.049915][ C3] dump_stack_lvl+0x3d/0x1f0 [ 333.051130][ C3] panic+0x71d/0x800 [ 333.052182][ C3] ? __pfx_panic+0x10/0x10 [ 333.053371][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 333.055125][ C3] check_panic_on_warn+0xab/0xb0 [ 333.056887][ C3] end_report+0x117/0x180 [ 333.058405][ C3] kasan_report+0xe9/0x110 [ 333.059976][ C3] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 333.062206][ C3] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 333.064418][ C3] __rhashtable_lookup.constprop.0+0x426/0x550 [ 333.065998][ C3] ? lock_acquire+0x2f/0xb0 [ 333.067163][ C3] ? ila_nf_input+0x1bd/0x620 [ 333.068374][ C3] ila_nf_input+0x1ee/0x620 [ 333.069542][ C3] ? __pfx_ila_nf_input+0x10/0x10 [ 333.070866][ C3] nf_hook_slow+0xbb/0x200 [ 333.072056][ C3] nf_hook.constprop.0+0x42e/0x750 [ 333.073411][ C3] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 333.075216][ C3] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 333.077176][ C3] ? sock_wfree+0x46a/0x880 [ 333.078770][ C3] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 333.080608][ C3] ? __pfx_ipv6_rcv+0x10/0x10 [ 333.082248][ C3] ipv6_rcv+0xa4/0x680 [ 333.083708][ C3] ? __pfx_ipv6_rcv+0x10/0x10 [ 333.085083][ C3] __netif_receive_skb_one_core+0x12e/0x1e0 [ 333.086619][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 333.088179][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 333.089538][ C3] ? process_backlog+0x3f1/0x15f0 [ 333.090850][ C3] ? process_backlog+0x3f1/0x15f0 [ 333.092103][ C3] __netif_receive_skb+0x1d/0x160 [ 333.093332][ C3] process_backlog+0x443/0x15f0 [ 333.094885][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 333.096705][ C3] net_rx_action+0xa92/0x1010 [ 333.098280][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 333.099991][ C3] ? __pfx_mark_lock+0x10/0x10 [ 333.101666][ C3] ? kvm_sched_clock_read+0x11/0x20 [ 333.103474][ C3] ? sched_clock+0x38/0x60 [ 333.104915][ C3] ? sched_clock_cpu+0x6d/0x4d0 [ 333.106198][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 333.107726][ C3] ? mark_held_locks+0x9f/0xe0 [ 333.108999][ C3] handle_softirqs+0x213/0x8f0 [ 333.110264][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 333.111655][ C3] ? update_defense_level+0x5c9/0xf50 [ 333.113078][ C3] do_softirq+0xb2/0xf0 [ 333.114237][ C3] [ 333.114969][ C3] [ 333.115736][ C3] __local_bh_enable_ip+0x100/0x120 [ 333.117075][ C3] update_defense_level+0x5ce/0xf50 [ 333.118435][ C3] ? __pfx_update_defense_level+0x10/0x10 [ 333.119923][ C3] ? process_one_work+0x921/0x1ba0 [ 333.121202][ C3] defense_work_handler+0x26/0xd0 [ 333.122458][ C3] process_one_work+0x9c5/0x1ba0 [ 333.123790][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 333.125278][ C3] ? __pfx_process_one_work+0x10/0x10 [ 333.126684][ C3] ? assign_work+0x1a0/0x250 [ 333.127908][ C3] worker_thread+0x6c8/0xf00 [ 333.129134][ C3] ? __pfx_worker_thread+0x10/0x10 [ 333.130469][ C3] kthread+0x2c1/0x3a0 [ 333.131539][ C3] ? _raw_spin_unlock_irq+0x23/0x50 [ 333.132902][ C3] ? __pfx_kthread+0x10/0x10 [ 333.134114][ C3] ret_from_fork+0x45/0x80 [ 333.135286][ C3] ? __pfx_kthread+0x10/0x10 [ 333.136531][ C3] ret_from_fork_asm+0x1a/0x30 [ 333.137799][ C3] [ 333.139207][ C3] Kernel Offset: disabled [ 333.140365][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:56:24 Registers: info registers vcpu 0 CPU#0 RAX=00000000006de64b RBX=0000000000000000 RCX=ffffffff8b21cd99 RDX=0000000000000000 RSI=ffffffff8b6cd040 RDI=ffffffff8bd19d40 RBP=fffffbfff1bd2af8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed100d4c7025 R10=ffff88806a63812b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de957c0 R14=ffffffff905f3088 R15=0000000000000000 RIP=ffffffff8b21e17f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000560bfef528e8 CR3=000000002a46e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=fee6ccbafee6ccba fee6ccbafee6ccba fee6ccbafee6ccba fee6ccbafee6ccba fee6ccbafee6ccba fee6ccbafee6ccba fee6ccbafee6ccba fee6ccbafee6ccba ZMM22=7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa 7b1bc2fa7b1bc2fa ZMM23=40618b2a40618b2a 40618b2a40618b2a 40618b2a40618b2a 40618b2a40618b2a 40618b2a40618b2a 40618b2a40618b2a 40618b2a40618b2a 40618b2a40618b2a ZMM24=ff390337ff390337 ff390337ff390337 ff390337ff390337 ff390337ff390337 ff390337ff390337 ff390337ff390337 ff390337ff390337 ff390337ff390337 ZMM25=82698ef982698ef9 82698ef982698ef9 82698ef982698ef9 82698ef982698ef9 82698ef982698ef9 82698ef982698ef9 82698ef982698ef9 82698ef982698ef9 ZMM26=910ab1dc910ab1dc 910ab1dc910ab1dc 910ab1dc910ab1dc 910ab1dc910ab1dc 910ab1dc910ab1dc 910ab1dc910ab1dc 910ab1dc910ab1dc 910ab1dc910ab1dc ZMM27=a35ba47da35ba47d a35ba47da35ba47d a35ba47da35ba47d a35ba47da35ba47d a35ba47da35ba47d a35ba47da35ba47d a35ba47da35ba47d a35ba47da35ba47d ZMM28=000001f0000001ef 000001ee000001ed 000001ec000001eb 000001ea000001e9 000001e8000001e7 000001e6000001e5 000001e4000001e3 000001e2000001e1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=1a0f00001a0f0000 1a0f00001a0f0000 1a0f00001a0f0000 1a0f00001a0f0000 1a0f00001a0f0000 1a0f00001a0f0000 1a0f00001a0f0000 1a0f00001a0f0000 info registers vcpu 1 CPU#1 RAX=1ffffffff2e35ab9 RBX=ffffffff9704bd98 RCX=1ffffffff2c3699b RDX=00000000000003fd RSI=000000000003f3d6 RDI=ffffffff9704bda8 RBP=ffffffff971ad5a8 RSP=ffffc9000da6eca0 R8 =0000000000000000 R9 =ffffffff96ec5d38 R10=000000000000005d R11=00000000000003bc R12=ffffffff8169a9c0 R13=ffffffff971ad5c8 R14=dffffc0000000000 R15=ffffffff971ad598 RIP=ffffffff8169f892 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555564f86500 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000557d9a20bc98 CR3=000000002f528000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=0000000000000000 Opmask02=00000000ffbfef77 Opmask03=0000000000000000 Opmask04=00000000ffdfffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd0412d6d0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 00000000ff000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656e696c5f706c63 73002a5d392d305b 79747400786d7470 0079747400646461 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 54003d534b4e494c 564544003d4d4554 535953425553003d 4854415056454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 540018534b4e494c 56454400184d4554 5359534255530018 4854415056454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000040 00000000302d7872 2f7365756575712f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000121 0000003534316c6c 696b66722f323479 68702f3131323038 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007feae4df1ee0 00007feae4df1ee0 00000000000003f1 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 69305f474f5b647c 69303a2433273f39 7b27697a787c7a30 23333a3a38263342 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f45454d41490054 454e5f4449692e6e 6524004452414f42 4e4f5f454d414e5f ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4445414d41450000 454e4c4449452e41 002400444c414442 004144454141424e ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 2 CPU#2 RAX=ffff888027448000 RBX=ffffc90004c0f1c8 RCX=ffffffff813d6ebe RDX=0000000000000001 RSI=0000000000000000 RDI=ffffc90004c0f138 RBP=0000000000000060 RSP=ffffc90004c0f0c8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffffc90004c0f1f8 R14=ffffc90004c0f138 R15=ffffc90004c0f160 RIP=ffffffff81ef04f8 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0c62a67d60 CR3=000000000df7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0c61f0b6a3 00007f0c61f0b6a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd2d9180e0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000030000000a 0000000200000021 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500000007 000000040000000d ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555574c85d25 0000555574c85480 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555574c71574 0000555574c71570 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000037323335 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300080014d00300 080014c803018480 080014c00303ffff ffff0414b00303ff ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0103ffffffff0403 ffffffff04541000 06014c9a01a01000 1480041410000601 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 01ee000800159003 0008001588030008 0015800303ffffff ff0414f00303ffff ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0414e0030008 0014d80300080014 d00300080014c803 018480080014c003 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03ffffffff0414b0 0303ffffffff0414 a003000800149803 0008001490030008 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6666666666666666 0a392e79656b5f5f 2062203036396664 6261396666666666 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6664626139666666 66666666660a302e 79656b5f5f206220 3061396664626139 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6220303261666462 6139666666666666 66660a312e79656b 5f5f206220306539 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 735f706374706d20 6220303862346562 6139666666666666 66660a7665645f69 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3063346562613966 666666666666660a 64657461636f6c6c 615f7374656b636f ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d20622030346334 6562613966666666 666666660a322e79 656b5f5f20622030 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2030386334656261 3966666666666666 660a64695f74656e 7265705f70637470 info registers vcpu 3 CPU#3 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850a6c05 RDI=ffffffff9aae1b80 RBP=ffffffff9aae1b40 RSP=ffffc90000908408 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000000d R14=ffffffff850a6ba0 R15=0000000000000000 RIP=ffffffff850a6c2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f73c6fdd800 CR3=000000002f528000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffffffe Opmask01=0000000000000fff Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe38583250 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f1108 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f1100 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3a893f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e00656369766564 5f77656e2f6d6973 76656474656e2f73 75622f7379732f00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b0040464c534041 5f52404b0a484c56 53404151404b0a56 50470a565c560a00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000