last executing test programs: 6.721571201s ago: executing program 3 (id=415): ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000001100)="48b84e000000000000000f23c00f21f83503000e000f23f866b808018ee82e656564f20f38f1a4759a000000260ffa0cb7400f0f4b00aa0f090fc73eb9bb0a00000f32420f09f3400fc773c3", 0x4c}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000dc0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000240)='rcu_utilization\x00'}, 0x10) stat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) 6.311608112s ago: executing program 3 (id=417): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = getpid() syz_pidfd_open(r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000004a00010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, 0x0, 0x0) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000110000104000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010065727370616e00000c0002800600020030000000"], 0x3c}}, 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000440)) close_range(r7, r0, 0x0) sendmmsg$inet6(r0, &(0x7f0000002540)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)='v', 0x1}], 0x1}}], 0x1, 0x400c404) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468) 5.339983597s ago: executing program 3 (id=421): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000380)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000180)='`', 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r3, 0x0) r4 = dup3(r3, r2, 0x0) recvmmsg(r4, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0xf00, 0x0, 0x0) (fail_nth: 16) 4.307332597s ago: executing program 3 (id=423): timer_settime(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$setperm(0x5, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x11) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_DEV_DESTROY(r1, 0x5502) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x8802, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @remote, 0xffbffffc}, 0x1c) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0x13) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0x145d00, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r3, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc1}}) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x4080) syz_emit_ethernet(0x1ee, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60922ff501b8210000000000000000000000ffff7f000001fe8000000000000000000000000000aa670804040d480600fc020000000000000000000000000001fc020000000000000000000000000001ff010000000000000000000000000001fc0100000000000000000000000000001120000000000000071800000000000000000000000000000004011000e39a406896431cf8cebb1379b1cfca3ce3334fb0cd81c12766ff8351be2d961c40ce922dd8423e2de93ba96a5c90f772216e5e60c7d2a67cbcbc1d3b195d538eb920fc058775cc06baf8a87b4736fa0cf5161d47d4416aa6a1099c3aa4a927c4d93bcf1f4a781cbde0ee829f1276818415e192376437a6d4854c3c3ad346c7df7dfea9cd0463aa441a1b9cd514fedb8172d54cbf1353cf5f63fe58465c2d0e165df05ada44174919aaffc29df43606f9d49bcc571525c7aecc77ad523da96156400a63d03f15e4254c95ecb66cda9310041006d9d10e6b8a38bbdcac75348fe624c73bd800000000000000000000000000000401000000000000000000000401907800114f84008e269cc52104e4fbd8be11e86055d5cec119bfa161827fb675e43744d104b96e26ecb84a318c4c1d7b4f70305e74abd64694eddc8e552b811b2a1c63e32b811f4e8296000000000000000000"], 0x0) 4.099717899s ago: executing program 0 (id=425): ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000001100)="48b84e000000000000000f23c00f21f83503000e000f23f866b808018ee82e656564f20f38f1a4759a000000260ffa0cb7400f0f4b00aa0f090fc73eb9bb0a00000f32420f09f3400fc773c3", 0x4c}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000dc0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000240)='rcu_utilization\x00'}, 0x10) stat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) 4.030909729s ago: executing program 2 (id=426): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}}, 0x90) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000840)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff0ff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b70000000000000095000010000000004e62011c3034fdb117168bd07ba08af339d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945ff15d802f5132143c0a9fc7a84452569957c1002ed7d458e17f791f4798c8eb484de03312c69b3edff5be26765ba5f8f2879021c2ea53ac547a654bbd2db5356b971d83dd12742be9087a3e7b7c0efd3e38c794eb06b0b8c392904ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057826ef4e912f01a201e694e3049b8c8fe8b65d8d66bb766f7f3f918c86a702522368d9f81897133af94a5a4cff7f4d8b9d8eaf302f0b2e0c252b0000000000000000ee917bca4885bbf597a14ab6458e6272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36be115be3b325ecd201d2ffb0a7fa4f5d1106560cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b861299fcd9ed9d8679406419406bf0c5329bd5b4697336112b0b8756ce3574046bf611a108f8df4d1a88597840b702b6fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f7faf39a43a66c5540b8762b42007c9ec43193ccf617dbf8a12b4a189edbf9fb7c42b1f435ccd4b19b53b60322af0aa66e8f448e1bd96822e6b70b62912c926dbe417cccd4f696d528fa8a3ea847f10e9b1106f3bb506f1d7fbdf801000000000000006c028eb5b5a073d0de5538ab42e171b3baae34c35987b0dda497ac3f5e97e60eaeea15c6d55badf9b86b1c000100006e60cd06c9ed24313ce607d403bb6030f800000000690db0221b1705c501f802ff59b4e683efa4b6e77e042072ec9eb8166f6e28b49a7705a1befc4d315878f88a8fb1dd679fb4c5557abae6849917dc51a89d47b728502f7e621fc0e3ba04020000c149ee6601728c750930519339b44197c22da865059b475afd96187d881e93b42a5fdfd686d8900c44c67133eeb0109dcb60dddad58037fda65885a15a42560ee3027a5ebf95254744f10fd607bc3100b94932b8d9447c42f6e21ee0e54f8be386bdc09decece910a481e648e0cb074536a25ff581d92af08a06f857311a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6ae00f0000000000006a8194479700a02b92bec8d05eae1f24fdd7b80d3dde04c22f689594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4acd7acf1dfe79d6771903b76e2ae47d972651390c22d641030e1ddac018dc3116e1803af10a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f00000000000000001000ba96edb95ede0e1957c2a2754258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548941d5d16297757310d9daebd5a3dabbced3b051129cd60a37d397643324e6f0aadf978d639650000000000000000570b0acbcaa196e6b46e213a34c1a550e7c2d8cee7a278cee591f360e345d37dc9f8991a16c08d72317e42d2ac9126acd76130ef1086016697e4d51c4b42b2efc8edab88d46bc3d5d6e5a634c912bc40513643bf44cb416b3149040220aa39035ae46d16d879fc815a5cb84b0d5c8ad970128adf8dec1171e860ca54ce5d6a5aa0327bca4f49a710bf8a8399071237fe5d764e2034873c94a4f21287f3bce3eeb69e94df2e14e4ab10cc7834b304bc879b80255991dd7aac2e92c9e7c411c019d229c1f1e563152f1c5ae9cda3e808000000a0c779d624c5a2b7491b8f73e767389ecd1dee951353bb22b7caf89468871520823715cfebd04189c6c6b34bd8a6541f6bc0630000000000f94e85f5111add3a3cb5bcace95f38465402c39df835754ef33056b0e1134187822c001a25304f3e00b44675d0a25a21dc4023c642cc6f5a75c45a29ab933600acf9a2d471b73a73178cdf309e5d53311996215b44295dfddc1dd6b81132e999366e460d15d366e84da02b8afc40c47e733f804460ed8300ec34eab2ed80097bd32ff1a6143ab1476037e474ca876187c85bed4391215cd77e6a1fd6399a498b96b9b0cca93255acb08c67e50004c5af6fd5b4ce7c1ebc9202bd7b329a4d2530486d5999dd7f90ebecca37f2869135438f0540801fd7481daf9ec94b799c12e714d573e2a6331f496254f254a60c52b2026ed6a72c82cd191490fabe7b151f92e5d700f21830d613fbe490f305b3845a78817e59bf7ed36471dbca01d39e50ae2535460e1d2f2614940647233a02d5000000000000000000f70e52f0d56f6a4dcf7e57c03d4b4add0500000000000000320304d0d2b308c5ed3956eae263035d703f862224e9818a3d7ac270793a7bf2af87585293960a80ac63c54e55063bf8d24639e561253ef0caf6c58118120d8acecc0528f0d81d291009fc46401baf9c22d1c452a5b61b7a1b9adfcc17f5ad99dcdf935923185db7b14a7fa7babc1f53df70618bb73aa810b756696f26653b84cf842ae433fda59fbe312be11bb7dfecdc38c1c1f688d2724568cc396fca7c74984b7f7bd000000000000003ff3e5857fc6598c933610be374909dc8622b0722259e922f40d7862f7ea72f1754f07711de7600000000000000000000000000c4cb643e73ad8a45f0c7164484540e66e29943aa72297d831ce6c978866a55ed53130c6747f569c9c9abe724b4fc647b17401d2201e8c201e7d6ffa1fa122677f7393ed4fe8a93306f048b6703b04544e42a9cd937ef8d98ee8d878a12a627791c5c2d9fc6de65356be92fd98fdbe819686c7bd3be5bd0ce627c8357675f752c73a502d25c31c831078f098c34295bfe90e882843003841f4c0c65dc1810a50000000000000015911cb03e743c482199757d35df5b59fe0a0c5240c85498d818578e2d65c4ff4acbee037498222b1f81f3726a244da1fd6b8c195f1303bedb744045f31e1547d7bc3c3eae68b8da059a59c8c37e3639c2c4eb3d8229ac24d2ce12bc0e5db4a8202d72e64d5c5eacd0d0c0cd7a879ed967f5a2bd39ae4cf7daf7c9fa1777d54fb5920c8434163f75062c62455bf6e23817a85d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x90) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r4, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000440), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="31030000000000000000080000000b000900aaaaaaaaaabb0000a9ac455f720b02bd3752f61a"], 0x20}, 0x1, 0x0, 0x0, 0x20044890}, 0x0) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="00000000000080"], 0x7) r7 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100, 0x20000130, 0x20000280], 0x2, 0x0, &(0x7f0000000100)=ANY=[]}, 0x78) write$binfmt_aout(r8, &(0x7f00000010c0)=ANY=[], 0x1a3) write$binfmt_misc(r8, &(0x7f0000000040)=ANY=[], 0xe09) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 3.65761982s ago: executing program 0 (id=427): socketpair(0x1e, 0x5, 0x0, &(0x7f0000000040)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$vcs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, &(0x7f0000000280)=ANY=[@ANYRESDEC=r1, @ANYRES8=r1], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) select(0x40, &(0x7f0000000000), &(0x7f0000000240)={0xcc}, 0x0, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x2000000000000001, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x200000100000011, 0xa, 0x0) pselect6(0x40, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x0, &(0x7f00000002c0)={0x3fc}, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) preadv(r6, &(0x7f0000002340)=[{&(0x7f00000041c0)=""/178, 0xb2}], 0x1, 0x3, 0x0) socket$kcm(0x2, 0xa, 0x2) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioperm(0x0, 0x40, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x0, 0x0, 0x0, 0x9}, 0x48) r7 = socket$inet(0x2, 0x3, 0x2) r8 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc) 3.281792347s ago: executing program 2 (id=428): openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x26c00000) getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000001180)=""/4102, &(0x7f00000003c0)=0x1006) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000380)={0x1ff, 0x2, 0x2000, 0x2000, &(0x7f0000feb000/0x2000)=nil}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x9, &(0x7f0000000400)=@raw=[@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @exit], &(0x7f0000000480)='syzkaller\x00', 0x2, 0xe5, &(0x7f0000000000)=""/229, 0x0, 0x11}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x84000) r5 = fcntl$dupfd(r4, 0x0, r4) write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@tick=0x3}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x80, 0x0, @tick=0x692, {}, {}, @queue={0x8, {0x81, 0x1d2a}}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time={0x8, 0x10}, {}, {0xff}, @quote}, {0x0, 0x0, 0x0, 0xfe, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}], 0xa8) read$snapshot(r5, 0x0, 0xffffffbf) ioctl$CAPI_NCCI_OPENCOUNT(0xffffffffffffffff, 0x80044326, &(0x7f0000000000)) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffffe, 0x0, 0x3, 0x0) r6 = getpid() process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r7, 0x800452d2, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e3502020001ffffffff685f1158e2fafc0e1f00020000000c00009c"], 0x38) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) creat(0x0, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000580)={r8, 0xffffffffffffffff}, 0x4) r10 = socket(0x400000000010, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f00000005c0)=ANY=[@ANYRES16=r10, @ANYRESDEC=r9, @ANYBLOB="8a4d8324c9df5ba89cd84eaf3a103af9192710886940c3106cb7288f82a43ecb27600973eb240251f2b8ac393f329dab323f21747e4e25b16c1566bbe4228d8b3de2eee5cdd29c401bcde555b0c0ef3cfb1e099a835a5d03d9fecc101f8aa290b90119c6601870a2afcb99ae95e44e9b7301398668e24638d90de879250d8491e829b07ce575b335c8478149477a401ac15be46785b445054cf595c69869f7702ba308f5c8bbdaaf81f45a9d8669d24457775a78611acbc6c12fa44edde8958930479ee0e7af61a2242a4166b4f44537b2bb544a31112098235e95972595a6c4cc99ec81ed5303334f6c959daa5bc63cc35aba9db7"], &(0x7f0000000d40)='syzkaller\x00'}, 0x90) 3.08872768s ago: executing program 1 (id=430): socket(0x0, 0x0, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000300)={@link_local, @empty, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast, {[@timestamp_addr={0x44, 0xc, 0x9c, 0x1, 0x3, [{@broadcast, 0x5}]}]}}, @timestamp_reply={0x11, 0xe0, 0x0, 0x0, 0x0, 0x20000000}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0xe) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, '\x00', @string=&(0x7f0000000080)}}) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) socket$inet6_sctp(0xa, 0x0, 0x84) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f00000001c0)=[{0x0, 0xfe}, {0x0, 0x2, 0x0, 0x1ff}, {0x8, 0x0, 0x20}]}) socket$inet_udplite(0x2, 0x2, 0x88) 2.727570099s ago: executing program 1 (id=431): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r3) fspick(r3, &(0x7f0000000300)='./file0\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f00000001c0)={0x9}, 0x10) setsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x3}, 0x8) 2.565493844s ago: executing program 1 (id=432): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) get_robust_list(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) readv(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0x3}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x2) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r3, r5}, 0x40) syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000280)="0c78bca32c37898d78318e236899", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.536415542s ago: executing program 0 (id=433): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa1000000000000070100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000840)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0x9, 0x100005, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r5}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000080), &(0x7f0000000040)='%pI4 \x00'}, 0x20) 2.460341217s ago: executing program 2 (id=434): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r3) fspick(r3, &(0x7f0000000300)='./file0\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f00000001c0)={0x9}, 0x10) setsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x3}, 0x8) 2.34131342s ago: executing program 2 (id=435): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000640)='<', 0x1}], 0x1) recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003780)=[{0x0}], 0x1}}], 0x1, 0x40000121, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xc, &(0x7f0000000140)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r3}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x14}}]}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000580)="ddb9547ed38704e9abaf9b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1) 1.43582953s ago: executing program 1 (id=436): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000640)='<', 0x1}], 0x1) recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003780)=[{0x0}], 0x1}}], 0x1, 0x40000121, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xc, &(0x7f0000000140)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r3}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x14}}]}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000580)="ddb9547ed38704e9abaf9b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1) 1.43514269s ago: executing program 2 (id=437): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = getpid() syz_pidfd_open(r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000004a00010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, 0x0, 0x0) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000110000104000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010065727370616e00000c0002800600020030000000"], 0x3c}}, 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f0000000440)) close_range(r7, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000002540)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)='v', 0x1}], 0x1}}], 0x1, 0x400c404) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468) 1.204333931s ago: executing program 0 (id=438): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = getpid() syz_pidfd_open(r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000004a00010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, 0x0, 0x0) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000110000104000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010065727370616e00000c0002800600020030000000"], 0x3c}}, 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f0000000440)) close_range(0xffffffffffffffff, r0, 0x0) sendmmsg$inet6(r0, &(0x7f0000002540)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)='v', 0x1}], 0x1}}], 0x1, 0x400c404) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468) 555.594507ms ago: executing program 1 (id=439): r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000400), 0x4) sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000007280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) 371.172166ms ago: executing program 3 (id=440): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r3) fspick(r3, &(0x7f0000000300)='./file0\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f00000001c0)={0x9}, 0x10) setsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x3}, 0x8) 370.785754ms ago: executing program 1 (id=441): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902"], 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = epoll_create1(0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0xa, 0x3, 0x3a) socket$inet(0x2, 0x0, 0xff) sendmsg$xdp(r3, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x4, 0x0, 0x1d}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000680)="a4b7bb283a89adc2e0f857dbce961909686903e709a3a0cb8a1851d4f29a2f55ba2c528ccec0c0fa8b0d1a4a1c68875487ef0be50daf2ad5687cd340c489a6f5c94cef9813bd7f0f3b0a3522cfc74533c247b1ddd699c3d72759a7df0d897519e49fcde0f0ff2e1d1e0abff0fc49c0bee1d0993c3795c99a1b65b24e5570ca28343c", 0x82}, {&(0x7f00000001c0)}], 0x2, 0x0, 0x0, 0x4000000}, 0x14) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r0], 0x18}}, 0x44001) read$FUSE(r3, &(0x7f0000009b00)={0x2020}, 0x2020) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000000)) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r7 = inotify_init1(0x0) fcntl$setown(r7, 0x8, 0xffffffffffffffff) fcntl$getownex(r7, 0x10, &(0x7f0000000140)) r8 = syz_open_procfs(0x0, &(0x7f0000000600)='fd/4\x00') open_by_handle_at(r8, &(0x7f0000000180)=ANY=[@ANYBLOB="0c00000001000000"], 0x0) 370.160755ms ago: executing program 2 (id=442): socketpair(0x1e, 0x5, 0x0, &(0x7f0000000040)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$vcs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, &(0x7f0000000280)=ANY=[@ANYRESDEC=r1, @ANYRES8=r1], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) select(0x40, &(0x7f0000000000), &(0x7f0000000240)={0xcc}, 0x0, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x2000000000000001, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x200000100000011, 0xa, 0x0) pselect6(0x40, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x0, &(0x7f00000002c0)={0x3fc}, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) preadv(r6, &(0x7f0000002340)=[{&(0x7f00000041c0)=""/178, 0xb2}], 0x1, 0x3, 0x0) socket$kcm(0x2, 0xa, 0x2) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioperm(0x0, 0x40, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x0, 0x0, 0x0, 0x9}, 0x48) r7 = socket$inet(0x2, 0x3, 0x2) r8 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc) 275.174961ms ago: executing program 0 (id=443): timer_create(0x3, 0x0, &(0x7f0000000280)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)) (async) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r2}, 0x10) (async) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async) munlockall() write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async) dup(r1) (async) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async) chdir(&(0x7f00000003c0)='./bus\x00') (async) creat(&(0x7f0000000000)='./file0\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$kcm(0x2, 0x0, 0x2) sendmsg$inet(r5, 0x0, 0x0) (async) socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) (async) dup(0xffffffffffffffff) 207.238091ms ago: executing program 3 (id=444): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) get_robust_list(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) readv(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0x3}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x2) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r3, r5}, 0x40) syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000280)="0c78bca32c37898d78318e236899", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 0 (id=445): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e00}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000000c0)='timer_expire_entry\x00'}, 0x10) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r2, 0x4068aea3, &(0x7f0000000180)={0xdc}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x2, 0xd000, 0x2000, &(0x7f0000001000/0x2000)=nil}) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001480)=ANY=[@ANYBLOB="05000000020c00"/16, @ANYBLOB="334e074fa62fbe9009316dd595b5960e03864277018ee47f1880ff12131a9aa7bfe7c6e6e6f54d6d39fd2ad50eefd0da1bb9e89f6def7b7ec582494d86b3f833dda99ac1aaa4e3f7d8e4800aabd477f3320795997253df4891bf142c67379948eb0824b4f4ece1b38ae3cb788a49d2663fb741ba4e4f19a4d815c3ec766c76651006a3c4de769dadd0ab91f840468f80a95545536628b63f157023dc7d36ad59799c10d94f31d0b0ea70c50a68c1af05d89f0946c2673bc2caf4efcab00b98e53d9c78bd2b117a24c19babbb1f8bddefe97eeacf341a74f4c44b5869e64c06e7afee90f8f6990d256e60c82af6b8771e734e144034ea56b4d0cd7dfd330aadfbb0383a2cf0f6cc9db41a414aba05e61e948fc1cc59f6583091a7e5929abe1514243a330d6b263a246a98d467ffa1fab4bb44f5e94b6165887443c80d83997f541dce58dfbfc47a22dd8c0d2164ad8e53d01fb21281ee7a92bb73c7d275b4145d2dc769d51a43c62c624e3125866d8e5703913e61dbd3dff3042ea483884753499b5e992aa2d698c625e96583b84da4033ed6c173c6d9dc0593c515fbdf6706834fd84075615638b21818df6a28116db70f21512f4b406907f9e63e4d334818dfdd4906b0a8db8967e56b9971bf24c72d8c1d8c3afcbf4dcdefce3443c96fa9170f1c283333a7476e679c2eac2a5fea72cf1d20c8df6caff24e3f555d24e7a38e285cf1963acd12b292d1213c9f4853efd4fec880a433d01aaa62a1f5471e9102a74638d88c911d7c061496cbcef43a2ffe1467eed7ecf598d61d36f46e72b244553c24027a45794703922f3b5a37458c95fca2fb504983e3a0d7210704c0c5c2a1d76f58413f7e83c429495c880bc217e4703f6a64fec2dfad6160443f21144d3fc9782556294018f12e04b37359226f0283fd071a1e545e496f36ec36b08182add9976c18a9d1b5e914d0c1cf565b398ae571b3c9409ec9722c4446a2c15a58bf33d6451c2cf3f4eac45ec89706af58971f0355ffc27f627ca9580fde3589d83430e26ab1996c1d7880c7758a58ef526c556f8f5beae75cdf8a78abe3d7b8630edff670faaf1c9962134abe1ed3ec7b2e32a3b3fe7590dca6819bd247372e918b4cbcf3921e5891b6551dc080250e7b8092156cf30185e2c75f7e7d18d4dce91d8f0c5e88e41163f89f482cace5902692697d59edd1fa4a14819063460832f6c5cf2892f11de738fde121dc0ceade5a5263a3c84e9a700f2aa9bbe41b9d20e752177dab919e222d7781c860e639d5d09235b2c386bcb2b55bb93b884df2ae3f3d5b62bccc954132eb56909b9ac50451a15feb185a923c8c29b1e74576e3b48901f3ba8bf6906d0018a351cbb430195de9fe94b218fb20f7238f48e710ea4f4ab7314aa62b9888a54be22c105d8239c8aef5a4a9448e9e00e38e7ba6dc90dc3f2aaccbd0e5939dff74bef4a1bd508ec8855f0f41b063b71580a0617d0737b3cac435e34b8e87dc754740f25af60f65baaf1787b8b3dfec4760ea98e7302a3c1e97a9c549133a6fec7ef60ba8dc0246ac073e57ecca37d660a34efc6d144f74b9828400b726ff838c1c35bd2fac99f707f58d50cdc5c237919a9ed769fa9eed86a08a3b30596c167724c17589d955cc1efbb90554978637f94bae7636d3997e2b0cb6382d090003b5488bf596bf937f433bdf57b3065078e1090c5d955b5f87a52910b82d58d81600b6720d6f5138fb98f9415e1f8ab86f1a6279e790ecc97e58266223ebdb591412262743bb41325a52ceb53964c580f6d11482ce63c1df04e6a14561bc5215438715b44f4bfd38ca66259c5f9411835d0f2bb805976317a94efb5ca42b6ea458a2dade69f883b6904ae9c88be30d0de9581ea050d18f80e799ea9182385220fd64c827602240207ca97306382133fb964f77f7a2ef809566558bfeaf529ce6d13974ed0c1b4001cba3ec2537fe2db6db2a0db7070567da2b8353b181e2eb1e54eee6b85f588e08196d18b6f62e31df4eded6a33e8d5eb53feaad08188d38a9ea2f9893da231c63bf11958a0f25ff034b1736d8ef3b9ef1894412647248d0ed8875c32be86a803abad908cdd907c7c9e841aa7157290c71204eb077ecefbdade6e69c2adacecac199108dd925aaa78d0e70cc62af90aeef7198ad307105fa06b2e128a41d6828c530a6468d5ebc4e8ea26c39fcf9c52fb1c1cb5ae02855247f8476b27d83b9c77c74924d900ebd278e9c7b3123c67ae3d301477c336fb77b96b3353a4bb1ad54c949958e8f3ac6c6f021e1f343ce3db31c5fa7553fd71db5d0fa0b0e6c985f400f5decb49a405fb553fc51dad66a1353f4cb90d8cf71c686092c236b0012fe14cc95da9bdb6a34c2d765b4d97e9f8f82cb27b116ddff0a69a1cccdd5e24c1a90a561472905f5e2c50f0a8d7e9500ef73911d419595413624828f674df4089bd596f87fd16331380b087e22149a94e3096dc05a6444fd3273de400d021ffb307fd9901b08b6cb8376f5a631941261ad6749eca6c7c5072eabab4356fcc1f96e232e32ac7804e3775672e7bcee863a79c8b06a5ab7febab795648f58df466b4bfe2b4abb0cb9ffb30e949ae6f09a0d708245d59bf4707cea173ba0c2a374de07ac3d25cffcb59834377168c7b709ae728d59afeadbf04b8ddc0a783795428fcb757d838544b5d3e9a112df26c31403fc77e95e594959c6ae040ef5d73044ceeecae33fb45964b27fd370624bc4bbd1a27ffb66806c1d13bc55bf3c2ddc39a1dfafff749ab84efe3205fff043c477d1ccb0f7faed45d85791c896497e7a8bb041f03e340967cd936eed00ad9c1f55fa6f7600194c3052451c565ff664db73f323ec22dbd8115a732e12c2bc17b041ac59e6bfc43e242044042d60243ec56f367e11275a8130d7eb0632f6c27a2febfd9760ac724510ea4db465dee8abe7d7f1bbb4828a7327900581807da639ca367078bd1e79fa32f9a8bd60f57b3611ca68d8311b5663741a1a247825ac6c2553048df71dd5d3006ebb923bea53906cd471d738befff5773aac9a1c7f76b1338e08be7d3649de656d0bf869268992a447cdca78eb7babe95817ed3da08927faf6beb2c1cb2bbbe7c81b2d1586a59d967569256bc891f50fa7e4daad77a02f71aa7655fb0fa7cad9906cb303000affb05dd611dc0de4af8886380de5c5e72355e59f0435bbce0dd8d8931a781a24199c31530e3c0bdbb4279b8707f4bb14cfe37a0275ee13d4f1b61065dccfde8f92f9fd5c3cff4807ed431902091437eda3d3c55fa90f2e69f017720d1089c15e0f6f3787d22e592b44a8422259bce301fc457bbafa2874ddeeb824c3785fc08ba859c567f0524d3a81b1fd7d1eb2062610497378d0211ec11d297c49c6cfbb7ca82e1ec128bb2aca4ed8e4e6110423a64117a64e3987a318b7f332f141ffabd756f89fda06eac7f1569764201a8c030d792cb1b850104e87701b66422e28de632d9cd9fe6aefe79b287180fd539f7d4e5ca645e8f67f1ab36de55a34c1e426ae35720175ebd27f94ec7fad790dc6e327ce13b3594dfb3a662d084e343c1bdb9c176723d369e8746f27728b58678ada65e8d46ed3d30aa28b47d23b57ddc731e9f009845ab27563ae8c40b5436adcc0225409cbca0c34f9354dc69babcb9f5db6672e84064fe84438d0bdabe0fb10375d7d6469a7fdd348a65c96ee5f78b8b248dc70399fa71d044dee492b52d63b1cd73bea051f4daf168b5ea1f502aa7ed744ec807ff189f87ca0f2f514827bbc9236ac942bb622d52e6fdb3826984bf0edce8e19086102bc12163f47f9b371bfa5e5a18c6918972563c2244f4021800f083a1e43958aea6c67b1fb8b368abb54d44a8880a166f588c5ba9b962d12383ef30eba31181c20b47e102ba792f451405bd8e2c47bbff2221c5df9598ba6e3344f75cb16e17ed23976e55085203c72dda502960e26d59535133057f08db96dee2f78fc5d3e943e9b9c979aeeb715045467605b9b80da55c21c2d881cac68466be7c0d2b2e0dda61918a9bed3fea9909087810b4dcd883c0ab65211a950c559153550faafb878e309aefdcdf71ef55334cd822b5773ae8dbaf1f504ffae0821b4cbaed13946421e95b604cf78a4fe16e26c7a18b1df2901b8616cb76403240b3d1aa1a5e41cfee47b0072181d5a7f542ef2ea140ad4028a779901cf630b7213314a4d3e67f4596ae45fe57321cc5ed48736188392bc66ac082e85da77d5fc5a76d17d79a742c9221f5313937f7c3e175be53525617f52a4c3cc35045d98d4f3fc17b1d0819f81a9ba1472f55e7aa532e641c9a27dce328f20c0e701b6c84e655040d39e6f0d90c57dd03ba2d8ede159eb3c8c1e41463413594e097df52378fa2a039dd35c106badd55608ad3596ba2f2a92b6d3860b2ed8e18045b20d083ac56c2c9fe92f213771b17adec49c01b74f347b1d2468828b828594f5cf094ffbbc851ebe8cb0b12524f0687d36b94219e4e2d71fb89d03537618cb03ca6a246f9d7399d3a99cb82e1145f1322a6345fe35429b98060e8b19d22c215d09067cd3370777cf5a4da97b1f8ec4884bfbb6e1ad30098637448641088170be87682376ddabcb22980383455f28a9207aeffa50b9ecad7d11a55d649e508f2f4bb917c82f052a734e2dc2820eb6da0b7dfd100a9398e2b93e3a9a36a70d7d38c13580fbb53b20600d3807b89ef6d2bc73384183a23a9bc95340d602198a386bd2cfea261f4cfaf6bd365e66e892697ab10fe974b85502e5624e1c038ec932506238db79ee7f9f5ecdb504de674fc6d0cbd2497a176b6ec3ad0f05b66c84e2d2ce51566fa57fac787b62fdc1271f1d2fe4861e545024e679590c8a07e7401ef099e3228985cca2aad1987baa6d8fc189d6c814b5ff24f4a4217625f539c89802dc7a289e146a939547bf866e238129ef5527fbd007058aa226cdfc37351084c987fa03d89678dfdbbf7e87a5d7bf853f372b6639594a26e4d4782d85fec09561847d14068ed48e52612da441df9fc2a74da6386bf721ef3e7e22304df9a8b8a96f8970243bdee621213293041b07f3f05a8e945483eb53a4f2c99eb3c1cc7bac3448349cfa73b714709509f8226d9ecbea4f0e028204811f573d880229b5c86ed74ae3dd71d006d36701d0c6bda33c28aedddd0e60304841db9ce794fe2837c8879420aeca583e0d32baa0ca343dc084aabc33af5ae20bcabac197101a76289a2408fe197e54c2b9d6697837dc3e49cb26309d51b318827630ddc6548bedd47496df03d9212cc3ddd442ae96a6b4a75c9fde3278d29088b7feca4b09f4b777f9f9a423b85625c31653d8f320289e8eba82c914e8ba6d989779c3d1febda2c350aa5b9a04adf21ecf808da63ecbf0f3bfc4c97c4949296c9561ec47766e01fdcbadca7970736ef0498b279d50dcbe3003a4256a1d5445641e66a7749c868bc57a597d0471004e0eeca7760ffedc6bedf69c2f99ee88a7f1c9b9cef9a748b19cea8402183d07ac78d04d1abf97b903c1456ce8547776538a450e013877d43adbfd5d2ed992498190567ae355868bd1e5aa00c817c3e86522914e08bdba556ca9935395e252fb54d8c801182780a284f0daa90e7cb76e813a2408f36d06010f8eac0302a98cd15376502b35bc2ea452bea046df591b4490ef71edd9f91b1b888676aef54dd8f77f08031afb8b722811e75b7f17f874dd3c9f1c22dddfda61468f289da45399b45c186a2ff46d3e8d7f2c9a18be109a29a2973f46a682e00763f2d03a", @ANYRESDEC=0x0, @ANYBLOB="d001fb6667e6f56a6ae626bff3cf2eea2f0eef0ffcd8026e474b943609b5a8b41f71f1383749fbce8829df5730d87167a66118212b22a1a582f573bc94a7e0efc23f943b52ca0d98980d501e391f32aa4864732cfa73d7e353c0789d6be76d3237e77515e529d1f594f9f1ea160ae8a281f998275cdd0054bea1154942d84e8f467743da4d0cae86b3fd648b1c89b1a816bf382724d683efe63c597b1aeaef2dbaca80ce5eb1b29e2006721049a181df0d91fa18e27a1dec734d", @ANYRES64=0x0, @ANYBLOB="00000040010000000000000000000000645b01000000931133f6d9919fd48557d76811cd874f3c837bbfc1c8831026d40798a2be4cc414e02216198977dc3d41ed0880c64c39e5f4059bae641ed151129d36fa7aa47a5ded6da6b0330ae404ae876ec1a9f449c96beeb3c7734c99e9d4d76508ea78b1dabebeaa334d7022d422d26a04c39f283d2ecc456283549592b63c00bab20f8e40ae59087575656515162b6016bad8572f2de9955c9966e322447a85352dd27c44e87cda3bdbf60959a2129c942ef71104670f56e997917141299ab91fcfd07676dd0ee78a3e9b7245a5ae3bc9fca0a07f626759649be2d02d14198232b74730a1467ad275305e39936dd36f440f8ddce9f7de8c7dbde8543dc71de1bc41b5877faeac205b8eb7e486d23f0e0b268389d06f15f88c64eb8773b51cd988c1173a6c0feeb887cfc853e23392e108fd122c99337dabdd72a6fb2c70562fef5c66cc8f33b7c1b4c45a9cb83b7bf5020c84e82ebd89ca383e780137aba137e37b7e4d0000000000000000006fb6a4fbc716da11068688ea0285ae6e3888db07728ab99c97936096751b6ba2ff018322774dcf5e9987e0c95182cc20af2ccee4f581f99224ec9002fa0ddca3579bfa7e53edaf9867e526cde393c57a5d5d799ce8fb760f98f79f848f0c0b7ef85857ffbda95cdac8e23c98607515b9205ec9832ea94a695ac706bbf5b6c7baae145e45bc75c9654d0a3e73d5bfe48d00"/539], 0x80}}, 0x0) ioctl$SIOCGSTAMPNS(r3, 0x8907, &(0x7f0000000100)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40096101, &(0x7f0000000080)={{&(0x7f0000000380)={'Accelerator\x00', {&(0x7f00000004c0)=@adf_dec={@bank={'Bank', '0', 'InterruptCoalescingNumResponses\x00'}, {0x5}, {&(0x7f0000000200)=@adf_dec={@normal='NumberDcInstances\x00', {0x6}}}}}, {&(0x7f00000002c0)={'Accelerator0\x00'}}}}, 0x2}) readahead(r4, 0x1, 0x1) socket(0x11, 0x800000003, 0x0) syz_pidfd_open(0x0, 0x0) syz_pidfd_open(0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000006c0), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={0x0, 0x0, 0x10000}) syz_emit_ethernet(0xa4, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffff000086dd607377c2006e110000000000000000000000ffffac1414aafe8000000000000000000000000000aa00000400006dffff0000000000669078426bccdc65c29a4bc2c1266dea7a5d91556e6bcf99e630bb84dc378b1de38f34f1affaee09000000e10d55665f304f4faf896314ca84b8858ff78dfaa0c8d0ba589745fa531cd4cd84f7069c604890876f018e747742c2d85904376af370"], 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x20000, @private0={0xfc, 0x0, '\x00', 0x1}, 0x100001}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000640)={'#! ', './file0', [{0x20, 'cpuacct.usage_sys\x00'}, {0x20, '\xd5\xaf\xc3\x9b\xe3Qk\b?\xe69\x95b\x00\x00\x00\x00M\x19\xbdr\x10Z\x06'}, {0x20, ':'}, {0x20, 'InterruptCoalescingNumResponses\x00'}, {0x20, 'Accelerator\x00'}]}, 0x67) kernel console output (not intermixed with test programs): 1 [ 64.064230][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.068730][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.080374][ T5342] veth0_vlan: entered promiscuous mode [ 64.105152][ T5335] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.108587][ T5335] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.111510][ T5335] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.114409][ T5335] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.141294][ T5342] veth1_vlan: entered promiscuous mode [ 64.145540][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.149487][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.176157][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.179518][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.197039][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.202098][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.205562][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 64.205571][ T39] audit: type=1400 audit(1722169590.418:117): avc: denied { mount } for pid=5333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 64.218816][ T39] audit: type=1400 audit(1722169590.418:118): avc: denied { mounton } for pid=5333 comm="syz-executor" path="/syzkaller.0652oH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 64.222733][ T5342] veth0_macvtap: entered promiscuous mode [ 64.230718][ T39] audit: type=1400 audit(1722169590.418:119): avc: denied { mount } for pid=5333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 64.240305][ T5342] veth1_macvtap: entered promiscuous mode [ 64.241545][ T39] audit: type=1400 audit(1722169590.418:120): avc: denied { unmount } for pid=5333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 64.253210][ T39] audit: type=1400 audit(1722169590.438:121): avc: denied { mounton } for pid=5333 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 64.264954][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.268233][ T39] audit: type=1400 audit(1722169590.438:122): avc: denied { mount } for pid=5333 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 64.274127][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.315000][ T39] audit: type=1400 audit(1722169590.528:123): avc: denied { read write } for pid=5333 comm="syz-executor" name="loop2" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.323641][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.333378][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.334697][ T39] audit: type=1400 audit(1722169590.528:124): avc: denied { open } for pid=5333 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.336680][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.341064][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.347867][ T39] audit: type=1400 audit(1722169590.528:125): avc: denied { ioctl } for pid=5333 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=662 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.355458][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.371933][ T39] audit: type=1400 audit(1722169590.588:126): avc: denied { read } for pid=5398 comm="syz.2.3" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 64.372664][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.393990][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.399014][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.407860][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.419195][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.423625][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.430117][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.433575][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.437492][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.442837][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.451872][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.460455][ T5342] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.463676][ T5342] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.467050][ T5342] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.472878][ T5342] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.680953][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.684868][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.718674][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.722091][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.946528][ T5412] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 65.156583][ T5416] netlink: 'syz.1.6': attribute type 30 has an invalid length. [ 65.250621][ T5420] x_tables: duplicate entry at hook 1 [ 65.298047][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.303261][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.323272][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.341324][ T5418] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 65.347831][ T5422] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8'. [ 65.352626][ T5418] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 65.387305][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.393758][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.398549][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.402458][ T5418] ip6gretap0 speed is unknown, defaulting to 1000 [ 65.597460][ T5429] 9pnet_fd: Insufficient options for proto=fd [ 65.608277][ T5347] Bluetooth: hci0: command tx timeout [ 65.608507][ T4763] Bluetooth: hci1: command tx timeout [ 65.611907][ T5347] Bluetooth: hci3: command tx timeout [ 65.698237][ T5347] Bluetooth: hci2: command tx timeout [ 65.728188][ T5377] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 65.921674][ T5377] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 65.926743][ T5377] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 65.936384][ T5377] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 65.943386][ T5377] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 65.947208][ T5377] usb 6-1: SerialNumber: syz [ 66.139130][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 66.198686][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 66.209111][ T5436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'. [ 66.212954][ T5436] netlink: 64 bytes leftover after parsing attributes in process `syz.3.13'. [ 66.231706][ T5437] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8'. [ 66.239037][ T5437] veth0_to_bond: entered allmulticast mode [ 66.242019][ T5436] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13'. [ 66.255906][ T5437] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8'. [ 66.285447][ T5377] usb 6-1: 0:2 : does not exist [ 66.288364][ T5377] usb 6-1: unit 5 not found! [ 66.309240][ T5439] Zero length message leads to an empty skb [ 66.314248][ T5377] usb 6-1: USB disconnect, device number 2 [ 66.418025][ T5443] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 66.424024][ T5444] atomic_op ffff888046eb4198 conn xmit_atomic 0000000000000000 [ 66.468875][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.506458][ T5450] FAULT_INJECTION: forcing a failure. [ 66.506458][ T5450] name failslab, interval 1, probability 0, space 0, times 1 [ 66.512113][ T5450] CPU: 2 UID: 0 PID: 5450 Comm: syz.0.17 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 66.516531][ T5450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.521522][ T5450] Call Trace: [ 66.523352][ T5450] [ 66.524673][ T5450] dump_stack_lvl+0x16c/0x1f0 [ 66.527000][ T5450] should_fail_ex+0x497/0x5b0 [ 66.529129][ T5450] ? fs_reclaim_acquire+0xae/0x160 [ 66.531788][ T5450] should_failslab+0xc2/0x120 [ 66.534124][ T5450] kmem_cache_alloc_node_noprof+0x71/0x310 [ 66.536741][ T5450] ? __alloc_skb+0x2b1/0x380 [ 66.538856][ T5450] __alloc_skb+0x2b1/0x380 [ 66.540910][ T5450] ? __pfx___alloc_skb+0x10/0x10 [ 66.543168][ T5450] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 66.545805][ T5450] netlink_alloc_large_skb+0x69/0x130 [ 66.548211][ T5450] netlink_sendmsg+0x689/0xd70 [ 66.550602][ T5450] ? __pfx_netlink_sendmsg+0x10/0x10 [ 66.553197][ T5450] ? __import_iovec+0x1fd/0x6e0 [ 66.555392][ T5450] ____sys_sendmsg+0xab5/0xc90 [ 66.557543][ T5450] ? copy_msghdr_from_user+0x10b/0x160 [ 66.560234][ T5450] ? __pfx_____sys_sendmsg+0x10/0x10 [ 66.563033][ T5450] ? find_held_lock+0x2d/0x110 [ 66.565285][ T5450] ? __pfx___lock_acquire+0x10/0x10 [ 66.567734][ T5450] ___sys_sendmsg+0x135/0x1e0 [ 66.570097][ T5450] ? __pfx____sys_sendmsg+0x10/0x10 [ 66.573131][ T5450] ? ksys_write+0x21c/0x260 [ 66.575945][ T5450] ? __fget_light+0x173/0x210 [ 66.578162][ T5450] __sys_sendmsg+0x117/0x1f0 [ 66.580236][ T5450] ? __pfx___sys_sendmsg+0x10/0x10 [ 66.582527][ T5450] do_syscall_64+0xcd/0x250 [ 66.584594][ T5450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.587468][ T5450] RIP: 0033:0x7fc775977299 [ 66.589187][ T5450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.597795][ T5450] RSP: 002b:00007fc77678b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.601390][ T5450] RAX: ffffffffffffffda RBX: 00007fc775b05f80 RCX: 00007fc775977299 [ 66.604913][ T5450] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 66.608486][ T5450] RBP: 00007fc77678b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 66.611923][ T5450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.615414][ T5450] R13: 000000000000000b R14: 00007fc775b05f80 R15: 00007fff189bc1b8 [ 66.618949][ T5450] [ 66.673455][ T5339] udevd[5339]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 67.101302][ T5463] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.389107][ T5471] futex_wake_op: syz.3.23 tries to shift op by -1; fix this program [ 67.528469][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.554701][ T5477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'. [ 67.558684][ T5477] netlink: 64 bytes leftover after parsing attributes in process `syz.0.25'. [ 67.584207][ T5477] netlink: 28 bytes leftover after parsing attributes in process `syz.0.25'. [ 67.688996][ T5347] Bluetooth: hci0: command tx timeout [ 67.691619][ T5347] Bluetooth: hci3: command tx timeout [ 67.694104][ T5347] Bluetooth: hci1: command tx timeout [ 67.770413][ T5347] Bluetooth: hci2: command tx timeout [ 68.142270][ T831] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 68.288182][ T831] usb 5-1: device descriptor read/64, error -71 [ 68.333991][ T5507] warning: `syz.1.32' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 68.578199][ T831] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 68.728799][ T831] usb 5-1: device descriptor read/64, error -71 [ 68.848500][ T831] usb usb5-port1: attempt power cycle [ 69.299559][ T831] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 69.338780][ T831] usb 5-1: device descriptor read/8, error -71 [ 69.442898][ T39] kauditd_printk_skb: 76 callbacks suppressed [ 69.442954][ T39] audit: type=1400 audit(1722169595.658:203): avc: denied { unmount } for pid=5335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 69.485702][ T39] audit: type=1400 audit(1722169595.698:204): avc: denied { setopt } for pid=5512 comm="syz.1.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.498362][ T39] audit: type=1400 audit(1722169595.698:205): avc: denied { write } for pid=5512 comm="syz.1.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.513864][ T39] audit: type=1400 audit(1722169595.698:206): avc: denied { connect } for pid=5512 comm="syz.1.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.535796][ T39] audit: type=1400 audit(1722169595.698:207): avc: denied { name_connect } for pid=5512 comm="syz.1.34" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 69.546460][ T39] audit: type=1400 audit(1722169595.728:208): avc: denied { read } for pid=5512 comm="syz.1.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.555368][ T39] audit: type=1400 audit(1722169595.758:209): avc: denied { read } for pid=5512 comm="syz.1.34" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 69.565232][ T39] audit: type=1400 audit(1722169595.758:210): avc: denied { open } for pid=5512 comm="syz.1.34" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 69.575640][ T39] audit: type=1400 audit(1722169595.768:211): avc: denied { ioctl } for pid=5512 comm="syz.1.34" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 69.586419][ T39] audit: type=1400 audit(1722169595.768:212): avc: denied { set_context_mgr } for pid=5512 comm="syz.1.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 69.626000][ T831] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 69.661084][ T831] usb 5-1: device descriptor read/8, error -71 [ 69.781120][ T831] usb usb5-port1: unable to enumerate USB device [ 69.964133][ C0] vkms_vblank_simulate: vblank timer overrun [ 69.994325][ C0] vkms_vblank_simulate: vblank timer overrun [ 70.111763][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 70.493876][ C0] vkms_vblank_simulate: vblank timer overrun [ 71.211993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.216139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.428251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c8!!! [ 71.450217][ T4763] Bluetooth: hci1: command 0x0406 tx timeout [ 71.533491][ T5535] ALSA: seq fatal error: cannot create timer (-22) [ 71.586517][ T5535] xt_connbytes: Forcing CT accounting to be enabled [ 71.593809][ T5535] Cannot find add_set index 0 as target [ 71.621611][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.639349][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.812191][ T1117] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.946613][ T1117] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.095691][ T1117] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.137075][ T4763] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.142694][ T4763] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.147121][ T4763] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.152758][ T4763] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.157337][ T4763] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.162314][ T4763] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.202611][ T1117] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.233425][ T5540] ip6gretap0 speed is unknown, defaulting to 1000 [ 72.432713][ T5540] chnl_net:caif_netlink_parms(): no params data found [ 72.452268][ T1117] bridge_slave_1: left allmulticast mode [ 72.455087][ T1117] bridge_slave_1: left promiscuous mode [ 72.460921][ T1117] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.476095][ T1117] bridge_slave_0: left allmulticast mode [ 72.479171][ T1117] bridge_slave_0: left promiscuous mode [ 72.482745][ T1117] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.895221][ T1117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 72.910481][ T1117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 72.917938][ T1117] bond0 (unregistering): Released all slaves [ 73.259522][ T5540] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.269099][ T5540] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.276928][ T5540] bridge_slave_0: entered allmulticast mode [ 73.289279][ T5540] bridge_slave_0: entered promiscuous mode [ 73.297837][ T5540] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.307234][ T5540] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.316425][ T5540] bridge_slave_1: entered allmulticast mode [ 73.327102][ T5540] bridge_slave_1: entered promiscuous mode [ 73.369798][ T5568] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4 sclass=netlink_xfrm_socket pid=5568 comm=syz.0.48 [ 73.394390][ T5563] ALSA: seq fatal error: cannot create timer (-22) [ 73.406847][ T5563] Cannot find add_set index 0 as target [ 73.494552][ T5540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.504352][ T5540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.604660][ T5540] team0: Port device team_slave_0 added [ 73.613107][ T5540] team0: Port device team_slave_1 added [ 73.630076][ T1117] hsr_slave_0: left promiscuous mode [ 73.658582][ T1117] hsr_slave_1: left promiscuous mode [ 73.693581][ C0] vkms_vblank_simulate: vblank timer overrun [ 73.706843][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.710306][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 73.717431][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.720722][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 73.810494][ T1117] veth1_macvtap: left promiscuous mode [ 73.813312][ T1117] veth0_macvtap: left promiscuous mode [ 73.815879][ T1117] veth1_vlan: left promiscuous mode [ 73.822171][ T1117] veth0_vlan: left promiscuous mode [ 74.258773][ T5347] Bluetooth: hci1: command tx timeout [ 74.637043][ T1117] team0 (unregistering): Port device team_slave_1 removed [ 74.726313][ T1117] team0 (unregistering): Port device team_slave_0 removed [ 75.093537][ T5583] ALSA: seq fatal error: cannot create timer (-22) [ 75.105508][ T5583] xt_connbytes: Forcing CT accounting to be enabled [ 75.109772][ T5583] Cannot find add_set index 0 as target [ 75.665294][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.676176][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.697476][ T5540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.701064][ T39] kauditd_printk_skb: 32 callbacks suppressed [ 75.701077][ T39] audit: type=1400 audit(1722169601.908:245): avc: denied { getattr } for pid=5595 comm="syz.0.56" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9045 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 75.708045][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.725232][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.733006][ T39] audit: type=1400 audit(1722169601.928:246): avc: denied { ioctl } for pid=5588 comm="syz.3.54" path="socket:[7569]" dev="sockfs" ino=7569 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 75.737800][ T5540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.750814][ T39] audit: type=1400 audit(1722169601.938:247): avc: denied { execute } for pid=5595 comm="syz.0.56" path="/13/bus" dev="tmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.767277][ T5596] netlink: 'syz.0.56': attribute type 10 has an invalid length. [ 75.782317][ T5600] netlink: 'syz.3.54': attribute type 1 has an invalid length. [ 75.792478][ T5600] __nla_validate_parse: 1 callbacks suppressed [ 75.792491][ T5600] netlink: 9352 bytes leftover after parsing attributes in process `syz.3.54'. [ 75.801158][ T5600] netlink: 'syz.3.54': attribute type 1 has an invalid length. [ 75.806369][ T5600] netlink: 12 bytes leftover after parsing attributes in process `syz.3.54'. [ 75.902049][ T5540] hsr_slave_0: entered promiscuous mode [ 75.906063][ T5540] hsr_slave_1: entered promiscuous mode [ 75.923550][ T5540] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.930791][ T5540] Cannot create hsr debugfs directory [ 76.329268][ T5347] Bluetooth: hci1: command tx timeout [ 76.341741][ T5616] mmap: syz.0.58 (5616) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 76.447067][ T5620] ALSA: seq fatal error: cannot create timer (-22) [ 76.454133][ T5620] Cannot find add_set index 0 as target [ 76.984136][ T5540] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 77.002192][ T5540] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 77.015121][ T5540] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 77.030459][ T5540] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.140949][ T1384] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.144901][ T1384] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.159936][ T5540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.174562][ T39] audit: type=1400 audit(1722169603.378:248): avc: denied { read } for pid=5632 comm="syz.0.61" name="fb0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.192086][ T5634] input: syz0 as /devices/virtual/input/input5 [ 77.211250][ T39] audit: type=1400 audit(1722169603.378:249): avc: denied { open } for pid=5632 comm="syz.0.61" path="/dev/fb0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.239780][ T5540] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.260844][ T39] audit: type=1400 audit(1722169603.388:250): avc: denied { ioctl } for pid=5632 comm="syz.0.61" path="/dev/fb0" dev="devtmpfs" ino=639 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.295555][ T39] audit: type=1400 audit(1722169603.398:251): avc: denied { ioctl } for pid=5632 comm="syz.0.61" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5569 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 77.299175][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.310081][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.327818][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.330902][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.336422][ T39] audit: type=1400 audit(1722169603.478:252): avc: denied { read } for pid=4810 comm="acpid" name="event4" dev="devtmpfs" ino=2408 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 77.375637][ T39] audit: type=1400 audit(1722169603.478:253): avc: denied { open } for pid=4810 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2408 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 77.387239][ T5540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.398571][ T39] audit: type=1400 audit(1722169603.478:254): avc: denied { ioctl } for pid=4810 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2408 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 77.497634][ T5634] dccp_invalid_packet: invalid packet type [ 77.602035][ T5540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.696638][ T5540] veth0_vlan: entered promiscuous mode [ 77.710659][ T5540] veth1_vlan: entered promiscuous mode [ 77.756343][ T5540] veth0_macvtap: entered promiscuous mode [ 77.770824][ T5540] veth1_macvtap: entered promiscuous mode [ 77.801954][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.806424][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.811044][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.814648][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.818251][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.822423][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.832326][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.843884][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.849946][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.854201][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.859186][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.863346][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.867641][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.875789][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.886768][ T5540] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.890743][ T5540] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.894187][ T5540] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.897998][ T5540] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.018680][ T1117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.021967][ T1117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.070842][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.077545][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.410349][ T5347] Bluetooth: hci1: command tx timeout [ 78.720097][ T5681] FAULT_INJECTION: forcing a failure. [ 78.720097][ T5681] name failslab, interval 1, probability 0, space 0, times 0 [ 78.727446][ T5681] CPU: 3 UID: 0 PID: 5681 Comm: syz.2.65 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 78.732201][ T5681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.736796][ T5681] Call Trace: [ 78.738258][ T5681] [ 78.739539][ T5681] dump_stack_lvl+0x16c/0x1f0 [ 78.741575][ T5681] should_fail_ex+0x497/0x5b0 [ 78.743647][ T5681] ? fs_reclaim_acquire+0xae/0x160 [ 78.745842][ T5681] should_failslab+0xc2/0x120 [ 78.748114][ T5681] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 78.750718][ T5681] ? __anon_vma_prepare+0x344/0x5e0 [ 78.753006][ T5681] __anon_vma_prepare+0x344/0x5e0 [ 78.755264][ T5681] ? __pfx___pte_alloc+0x10/0x10 [ 78.757816][ T5681] vmf_anon_prepare+0x11c/0x250 [ 78.760032][ T5681] __handle_mm_fault+0x2a19/0x5660 [ 78.762747][ T5681] ? __pfx_mt_find+0x10/0x10 [ 78.765011][ T5681] ? get_pid_task+0xfc/0x250 [ 78.767079][ T5681] ? __pfx___handle_mm_fault+0x10/0x10 [ 78.769496][ T5681] ? find_vma+0xc0/0x140 [ 78.771313][ T5681] ? __pfx_find_vma+0x10/0x10 [ 78.774035][ T5681] handle_mm_fault+0x44e/0x7b0 [ 78.790328][ T5681] ? __pkru_allows_pkey+0x52/0xb0 [ 78.792562][ T5681] do_user_addr_fault+0x7a3/0x13f0 [ 78.794843][ T5681] exc_page_fault+0x5c/0xc0 [ 78.796850][ T5681] asm_exc_page_fault+0x26/0x30 [ 78.799020][ T5681] RIP: 0010:__put_user_4+0x11/0x20 [ 78.801389][ T5681] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 78.809845][ T5681] RSP: 0018:ffffc9000356fe70 EFLAGS: 00050202 [ 78.812738][ T5681] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020000e80 [ 78.815808][ T5681] RDX: 0000000000000000 RSI: ffffffff8153c1cb RDI: ffff888047f8056c [ 78.819896][ T5681] RBP: 1ffff920006adfd2 R08: 0000000000000000 R09: fffffbfff202527b [ 78.826217][ T5681] R10: ffffffff901293df R11: 0000000000000000 R12: 0000000020000e80 [ 78.829697][ T5681] R13: 0000000000000002 R14: dffffc0000000000 R15: ffff888047f80000 [ 78.832911][ T5681] ? __do_sys_prctl+0x48b/0x1e40 [ 78.837768][ T5681] __do_sys_prctl+0x4cc/0x1e40 [ 78.839901][ T5681] ? __pfx___do_sys_prctl+0x10/0x10 [ 78.842217][ T5681] do_syscall_64+0xcd/0x250 [ 78.844287][ T5681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.847011][ T5681] RIP: 0033:0x7fe3f3177299 [ 78.849016][ T5681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.857306][ T5681] RSP: 002b:00007fe3f3ea8048 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 78.863161][ T5681] RAX: ffffffffffffffda RBX: 00007fe3f3305f80 RCX: 00007fe3f3177299 [ 78.866616][ T5681] RDX: 0000000000000000 RSI: 0000000020000e80 RDI: 0000000000000002 [ 78.870013][ T5681] RBP: 00007fe3f3ea80a0 R08: 0000000000000000 R09: 0000000000000000 [ 78.873063][ T5681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.876295][ T5681] R13: 000000000000000b R14: 00007fe3f3305f80 R15: 00007ffcfb044428 [ 78.879664][ T5681] [ 80.196130][ T5704] ALSA: seq fatal error: cannot create timer (-22) [ 80.217923][ T5704] Cannot find add_set index 0 as target [ 80.490941][ T5347] Bluetooth: hci1: command tx timeout [ 80.981885][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 80.981899][ T39] audit: type=1400 audit(1722169607.198:272): avc: denied { sqpoll } for pid=5710 comm="syz.3.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 81.004615][ T39] audit: type=1400 audit(1722169607.218:273): avc: denied { read write } for pid=5710 comm="syz.3.72" name="uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 81.021157][ T39] audit: type=1400 audit(1722169607.228:274): avc: denied { open } for pid=5710 comm="syz.3.72" path="/dev/uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 81.034502][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.037791][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.043899][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.047164][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.054717][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.057671][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.061794][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.065938][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.069462][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.072717][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.076081][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.079745][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.083042][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.086427][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.090305][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.093758][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.097838][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.101610][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.104912][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.108767][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.111974][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.115200][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.119075][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.122411][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.125670][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.129552][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.133129][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.136456][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.140225][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.143606][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.146990][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.154266][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.157550][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.160845][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.163994][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.167226][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.171129][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.174121][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.177031][ T39] audit: type=1400 audit(1722169607.388:275): avc: denied { connect } for pid=5718 comm="syz.2.73" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 81.180051][ T5719] fuse: Invalid rootmode [ 81.185494][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.190571][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.193558][ T39] audit: type=1400 audit(1722169607.398:276): avc: denied { mounton } for pid=5718 comm="syz.2.73" path="/14/file0" dev="tmpfs" ino=89 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 81.208467][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.211853][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.215246][ T833] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 81.218393][ T39] audit: type=1400 audit(1722169607.408:277): avc: denied { write } for pid=5718 comm="syz.2.73" name="hidraw0" dev="devtmpfs" ino=1116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 81.261919][ T833] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 81.322785][ T39] audit: type=1400 audit(1722169607.538:278): avc: denied { getopt } for pid=5722 comm="syz.2.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 81.337730][ T5723] FAULT_INJECTION: forcing a failure. [ 81.337730][ T5723] name failslab, interval 1, probability 0, space 0, times 0 [ 81.343547][ T5723] CPU: 3 UID: 0 PID: 5723 Comm: syz.2.74 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 81.347924][ T5723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.352554][ T5723] Call Trace: [ 81.354009][ T5723] [ 81.355312][ T5723] dump_stack_lvl+0x16c/0x1f0 [ 81.357364][ T5723] should_fail_ex+0x497/0x5b0 [ 81.359433][ T5723] ? __pfx___ip_dev_find+0x10/0x10 [ 81.361396][ T5723] should_failslab+0xc2/0x120 [ 81.363222][ T5723] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 81.365557][ T5723] ? dst_alloc+0x99/0x1a0 [ 81.367481][ T5723] dst_alloc+0x99/0x1a0 [ 81.369105][ T830] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 81.369344][ T5723] rt_dst_alloc+0x35/0x3a0 [ 81.373994][ T5723] ip_route_output_key_hash_rcu+0x8a5/0x2770 [ 81.376604][ T5723] ? scm_detach_fds+0x2c5/0x780 [ 81.378744][ T5723] ip_route_output_key_hash+0x138/0x2e0 [ 81.381146][ T5723] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 81.383854][ T5723] ? bpf_test_run+0x49d/0xa90 [ 81.385917][ T5723] ? bpf_prog_test_run_skb+0xb6e/0x20f0 [ 81.388338][ T5723] ? __sys_bpf+0x10d2/0x4a20 [ 81.390283][ T5723] ip_route_output_flow+0x27/0x150 [ 81.392415][ T5723] ip_tunnel_xmit+0x18f6/0x33f0 [ 81.394522][ T5723] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 81.396765][ T5723] ? rcu_is_watching+0x12/0xc0 [ 81.398845][ T5723] ? trace_kmalloc+0x2d/0xe0 [ 81.400700][ T5723] ? skb_release_data+0x761/0x980 [ 81.403718][ T5723] ? kmalloc_reserve+0x13c/0x2c0 [ 81.405636][ T5723] __gre_xmit+0x89d/0xbd0 [ 81.407328][ T5723] ? __pfx___gre_xmit+0x10/0x10 [ 81.409759][ T5723] ? __pfx_pskb_expand_head+0x10/0x10 [ 81.412339][ T5723] ipgre_xmit+0x578/0xb30 [ 81.414832][ T5723] dev_hard_start_xmit+0x143/0x790 [ 81.417544][ T5723] __dev_queue_xmit+0x7c7/0x4300 [ 81.419633][ T5723] ? __pfx___dev_queue_xmit+0x10/0x10 [ 81.422006][ T5723] ? rcu_is_watching+0x12/0xc0 [ 81.424035][ T5723] ? trace_kmalloc+0x2d/0xe0 [ 81.426073][ T5723] ? __kmalloc_node_track_caller_noprof+0x22d/0x430 [ 81.428803][ T5723] ? pskb_expand_head+0x240/0x11f0 [ 81.430876][ T5723] ? skb_release_data+0x761/0x980 [ 81.433407][ T5723] ? kmalloc_reserve+0x13c/0x2c0 [ 81.435972][ T5723] ? skb_headers_offset_update+0x129/0x260 [ 81.439321][ T5723] ? pskb_expand_head+0x636/0x11f0 [ 81.442342][ T5723] ? __pfx_pskb_expand_head+0x10/0x10 [ 81.444953][ T5723] ? __asan_memcpy+0x3c/0x60 [ 81.447038][ T5723] __bpf_redirect+0x6fa/0xfa0 [ 81.449086][ T5723] bpf_clone_redirect+0x2cb/0x3d0 [ 81.451315][ T5723] ? __pfx_bpf_clone_redirect+0x10/0x10 [ 81.453684][ T5723] ___bpf_prog_run+0x3e51/0xabd0 [ 81.455948][ T5723] ? __pfx_mark_lock+0x10/0x10 [ 81.458228][ T5723] __bpf_prog_run512+0xb7/0x100 [ 81.460698][ T5723] ? __pfx___bpf_prog_run512+0x10/0x10 [ 81.462843][ T5723] ? hlock_class+0x4e/0x130 [ 81.465044][ T5723] ? __pfx___cant_migrate+0x10/0x10 [ 81.467426][ T5723] ? ktime_get+0xfb/0x1a0 [ 81.469384][ T5723] bpf_test_run+0x49d/0xa90 [ 81.471631][ T5723] ? __pfx_bpf_test_run+0x10/0x10 [ 81.474029][ T5723] ? __asan_memset+0x23/0x50 [ 81.476148][ T5723] bpf_prog_test_run_skb+0xb6e/0x20f0 [ 81.476797][ T39] audit: type=1400 audit(1722169607.678:279): avc: denied { unlink } for pid=5724 comm="syz.3.75" name="#1" dev="tmpfs" ino=143 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 81.478623][ T5723] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 81.478650][ T5723] ? fput+0x32/0x390 [ 81.478670][ T5723] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 81.478694][ T5723] __sys_bpf+0x10d2/0x4a20 [ 81.487918][ T39] audit: type=1400 audit(1722169607.678:280): avc: denied { mount } for pid=5724 comm="syz.3.75" name="/" dev="overlay" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 81.490359][ T5723] ? ksys_write+0x21c/0x260 [ 81.490378][ T5723] ? reacquire_held_locks+0x410/0x4c0 [ 81.490400][ T5723] ? __pfx___sys_bpf+0x10/0x10 [ 81.490421][ T5723] ? vfs_write+0x14d/0x1140 [ 81.490437][ T5723] ? __mutex_unlock_slowpath+0x164/0x650 [ 81.497951][ T39] audit: type=1400 audit(1722169607.688:281): avc: denied { connect } for pid=5724 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 81.505629][ T5723] ? fput+0x32/0x390 [ 81.505652][ T5723] ? ksys_write+0x1ab/0x260 [ 81.505668][ T5723] ? __pfx_ksys_write+0x10/0x10 [ 81.505684][ T5723] __x64_sys_bpf+0x78/0xc0 [ 81.505707][ T5723] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.505731][ T5723] do_syscall_64+0xcd/0x250 [ 81.505748][ T5723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.505768][ T5723] RIP: 0033:0x7fe3f3177299 [ 81.505782][ T5723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.523386][ T830] usb 6-1: device descriptor read/64, error -71 [ 81.525506][ T5723] RSP: 002b:00007fe3f3ea8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 81.556623][ T5723] RAX: ffffffffffffffda RBX: 00007fe3f3305f80 RCX: 00007fe3f3177299 [ 81.560093][ T5723] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a [ 81.564384][ T5723] RBP: 00007fe3f3ea80a0 R08: 0000000000000000 R09: 0000000000000000 [ 81.567795][ T5723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 81.571636][ T5723] R13: 000000000000000b R14: 00007fe3f3305f80 R15: 00007ffcfb044428 [ 81.575033][ T5723] [ 81.788269][ T830] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 81.878478][ T5741] input: syz0 as /devices/virtual/input/input7 [ 81.948169][ T830] usb 6-1: device descriptor read/64, error -71 [ 82.037916][ T5741] dccp_invalid_packet: invalid packet type [ 82.079086][ T830] usb usb6-port1: attempt power cycle [ 82.252878][ T1298] cfg80211: failed to load regulatory.db [ 82.498245][ T830] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 82.542268][ T5746] xt_connbytes: Forcing CT accounting to be enabled [ 82.545343][ T5746] Cannot find add_set index 0 as target [ 82.549546][ T830] usb 6-1: device descriptor read/8, error -71 [ 82.828188][ T830] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 82.861397][ T5749] ALSA: seq fatal error: cannot create timer (-22) [ 82.876164][ T5749] Cannot find add_set index 0 as target [ 82.878857][ T830] usb 6-1: device descriptor read/8, error -71 [ 82.998655][ T830] usb usb6-port1: unable to enumerate USB device [ 83.288259][ T5347] Bluetooth: hci0: command tx timeout [ 83.303714][ T5751] syz.0.83 uses obsolete (PF_INET,SOCK_PACKET) [ 83.307235][ T5751] syzkaller1: entered promiscuous mode [ 83.310603][ T5751] syzkaller1: entered allmulticast mode [ 83.549421][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.552649][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.556887][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.563830][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.567525][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.572043][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.575301][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.579320][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.582539][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.585571][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.588968][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.592872][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.596697][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.599500][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.604924][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.608208][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.611390][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.614395][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.620358][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.626065][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.631877][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.637378][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.657716][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.661233][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.664472][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.667625][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.671866][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.674921][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.686291][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.691021][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.696125][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.700931][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.704045][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.709040][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.714922][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.718494][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.721727][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.725298][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.729000][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.732140][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.735334][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.739048][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.742280][ T58] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 83.749934][ T58] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 84.116688][ T5766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.88'. [ 84.125231][ T5766] 9pnet_fd: Insufficient options for proto=fd [ 84.545371][ T5779] ALSA: seq fatal error: cannot create timer (-22) [ 84.556792][ T5779] xt_connbytes: Forcing CT accounting to be enabled [ 84.561131][ T5779] Cannot find add_set index 0 as target [ 84.835697][ T5787] ALSA: seq fatal error: cannot create timer (-22) [ 84.925768][ T5787] Cannot find add_set index 0 as target [ 85.047262][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.051027][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.054243][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.057313][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.061052][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.064136][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.067023][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.070410][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.073684][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.077136][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.081782][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.085054][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.088463][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.091645][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.094707][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.097759][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.102188][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.105562][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.109140][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.112698][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.116188][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.119658][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.123257][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.126555][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.130762][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.134411][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.137832][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.141487][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.144926][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.148301][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.151575][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.154889][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.158619][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.161828][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.165201][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.168884][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.171993][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.175347][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.179026][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.182555][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.186099][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.190785][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.194248][ T10] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.212605][ T10] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz0] on syz0 [ 85.376622][ T5347] Bluetooth: hci0: command tx timeout [ 85.969649][ T5814] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 86.006483][ T39] kauditd_printk_skb: 11 callbacks suppressed [ 86.006498][ T39] audit: type=1400 audit(1722169612.218:293): avc: denied { create } for pid=5815 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 86.114346][ T5820] FAULT_INJECTION: forcing a failure. [ 86.114346][ T5820] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 86.120538][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz.2.103 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 86.125626][ T5820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.129842][ T5820] Call Trace: [ 86.132081][ T5820] [ 86.133516][ T5820] dump_stack_lvl+0x16c/0x1f0 [ 86.136201][ T5820] should_fail_ex+0x497/0x5b0 [ 86.138476][ T5820] _copy_from_user+0x30/0xf0 [ 86.140590][ T5820] restore_sigcontext+0xcc/0x6a0 [ 86.144689][ T5820] ? __pfx_restore_sigcontext+0x10/0x10 [ 86.147082][ T5820] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.149153][ T5820] ? lockdep_hardirqs_on+0x7c/0x110 [ 86.153812][ T5820] __do_sys_rt_sigreturn+0x138/0x230 [ 86.156085][ T5820] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 86.158571][ T5820] do_syscall_64+0xcd/0x250 [ 86.161266][ T5820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.164159][ T5820] RIP: 0033:0x7fe3f3112cb9 [ 86.166395][ T5820] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 86.176530][ T5820] RSP: 002b:00007fe3f3ea7380 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 86.181477][ T5820] RAX: ffffffffffffffda RBX: 00007fe3f3305f80 RCX: 00007fe3f3112cb9 [ 86.186139][ T5820] RDX: 00007fe3f3ea7380 RSI: 00007fe3f3ea74b0 RDI: 0000000000000021 [ 86.190643][ T5820] RBP: 00007fe3f3ea80a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.195126][ T5820] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 86.199227][ T5820] R13: 000000000000000b R14: 00007fe3f3305f80 R15: 00007ffcfb044428 [ 86.203581][ T5820] [ 86.266826][ T39] audit: type=1400 audit(1722169612.478:294): avc: denied { getopt } for pid=5826 comm="syz.2.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 86.282906][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.285442][ T39] audit: type=1400 audit(1722169612.498:295): avc: denied { ioctl } for pid=5826 comm="syz.2.105" path="socket:[10363]" dev="sockfs" ino=10363 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 86.287085][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.290425][ T5827] netdevsim netdevsim2: Direct firmware load for e 024a 012b 0000 0001 0000 [ 86.290425][ T5827] failed with error -2 [ 86.290527][ T5827] netdevsim netdevsim2: Falling back to sysfs fallback for: e 024a 012b 0000 0001 0000 [ 86.290527][ T5827] [ 86.315871][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.320775][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.323952][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.327465][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.331181][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.335469][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.340023][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.340266][ T5828] fuse: Bad value for 'user_id' [ 86.343280][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.345398][ T5828] fuse: Bad value for 'user_id' [ 86.348222][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348243][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348261][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348279][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348298][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348315][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348332][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348350][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348367][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348385][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348402][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.348420][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.401535][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.410490][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.413615][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.417335][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.421021][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.424531][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.430288][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.433618][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.436437][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.439728][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.442853][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.445947][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.449248][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.452244][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.455632][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.459511][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.463022][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.466199][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.469399][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.473361][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.476612][ T831] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 86.482709][ T831] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz0] on syz0 [ 86.693184][ T5834] ALSA: seq fatal error: cannot create timer (-22) [ 86.698531][ T5834] Cannot find add_set index 0 as target [ 86.772730][ T5836] FAULT_INJECTION: forcing a failure. [ 86.772730][ T5836] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 86.781855][ T5836] CPU: 2 UID: 0 PID: 5836 Comm: syz.0.108 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 86.786043][ T5836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.790850][ T5836] Call Trace: [ 86.792357][ T5836] [ 86.794041][ T5836] dump_stack_lvl+0x16c/0x1f0 [ 86.796074][ T5836] should_fail_ex+0x497/0x5b0 [ 86.797925][ T5836] _copy_from_user+0x30/0xf0 [ 86.799724][ T5836] restore_sigcontext+0xcc/0x6a0 [ 86.801884][ T5836] ? __pfx_restore_sigcontext+0x10/0x10 [ 86.804292][ T5836] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.806372][ T5836] ? lockdep_hardirqs_on+0x7c/0x110 [ 86.808447][ T5836] __do_sys_rt_sigreturn+0x138/0x230 [ 86.810597][ T5836] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 86.812871][ T5836] do_syscall_64+0xcd/0x250 [ 86.814737][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.817167][ T5836] RIP: 0033:0x7fc775912cb9 [ 86.819241][ T5836] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 86.827070][ T5836] RSP: 002b:00007fc77678a380 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 86.830453][ T5836] RAX: ffffffffffffffda RBX: 00007fc775b05f80 RCX: 00007fc775912cb9 [ 86.833487][ T5836] RDX: 00007fc77678a380 RSI: 00007fc77678a4b0 RDI: 0000000000000021 [ 86.836870][ T5836] RBP: 00007fc77678b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.839925][ T5836] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 86.843155][ T5836] R13: 000000000000000b R14: 00007fc775b05f80 R15: 00007fff189bc1b8 [ 86.846228][ T5836] [ 87.078326][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 87.278155][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 87.282319][ T10] usb 5-1: config 0 has no interfaces? [ 87.284426][ T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 87.288534][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.298355][ T10] usb 5-1: config 0 descriptor?? [ 87.437584][ T5853] ALSA: seq fatal error: cannot create timer (-22) [ 87.445216][ T5853] Cannot find add_set index 0 as target [ 87.680539][ T10] usb 5-1: USB disconnect, device number 6 [ 88.250496][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.257359][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.261017][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.264207][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.264946][ T39] audit: type=1400 audit(1722169614.478:296): avc: denied { rename } for pid=4807 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 88.267542][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.282212][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.285683][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.290868][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.291706][ T39] audit: type=1400 audit(1722169614.478:297): avc: denied { unlink } for pid=4807 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 88.294362][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.306866][ T39] audit: type=1400 audit(1722169614.478:298): avc: denied { create } for pid=4807 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 88.310971][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.324786][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.327739][ T39] audit: type=1400 audit(1722169614.538:299): avc: denied { write } for pid=5857 comm="syz.2.114" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 88.328316][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.351718][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.355079][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.358724][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.361937][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.365203][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.368634][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.371905][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.375310][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.378941][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.384087][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.397899][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.402320][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.406010][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.412458][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.419638][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.428243][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.430999][ T5863] kvm: emulating exchange as write [ 88.431719][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.448144][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.451695][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.455782][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.464600][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.468178][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.471419][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.474804][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.478691][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.481787][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.485114][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.488940][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.491954][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.495464][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.498680][ T831] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 88.503527][ T5866] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 88.508597][ T831] hid-generic 0000:0000:0000.0006: hidraw1: HID v0.00 Device [syz0] on syz0 [ 88.790013][ T5879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.119'. [ 88.794337][ T5879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.119'. [ 88.934156][ T5882] ALSA: seq fatal error: cannot create timer (-22) [ 88.946262][ T5882] Cannot find add_set index 0 as target [ 89.108816][ T39] audit: type=1400 audit(1722169615.318:300): avc: denied { read } for pid=5883 comm="syz.3.121" name="sg0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 89.125523][ T5884] "syz.3.121" (5884) uses obsolete ecb(arc4) skcipher [ 89.128268][ T39] audit: type=1400 audit(1722169615.318:301): avc: denied { open } for pid=5883 comm="syz.3.121" path="/dev/sg0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 89.139208][ T39] audit: type=1400 audit(1722169615.328:302): avc: denied { append } for pid=5886 comm="syz.2.122" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 89.178216][ T5884] program syz.3.121 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.366962][ T5891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.122'. [ 90.030440][ T5902] ALSA: seq fatal error: cannot create timer (-22) [ 90.116744][ T5912] fuse: Unknown parameter '0x0000000000000005' [ 90.126178][ T5902] Cannot find add_set index 0 as target [ 90.210617][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 91.016469][ T39] kauditd_printk_skb: 81 callbacks suppressed [ 91.016484][ T39] audit: type=1400 audit(1722169617.228:384): avc: denied { connect } for pid=5918 comm="syz.1.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 91.031555][ T39] audit: type=1400 audit(1722169617.238:385): avc: denied { listen } for pid=5918 comm="syz.1.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 91.043598][ T39] audit: type=1400 audit(1722169617.238:386): avc: denied { append } for pid=5922 comm="syz.0.132" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 91.056960][ T39] audit: type=1400 audit(1722169617.258:387): avc: denied { setopt } for pid=5918 comm="syz.1.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 91.157365][ T5930] FAULT_INJECTION: forcing a failure. [ 91.157365][ T5930] name failslab, interval 1, probability 0, space 0, times 0 [ 91.167735][ T5930] CPU: 2 UID: 0 PID: 5930 Comm: syz.2.134 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 91.171947][ T5930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.176381][ T5930] Call Trace: [ 91.177889][ T5930] [ 91.179106][ T5930] dump_stack_lvl+0x16c/0x1f0 [ 91.181046][ T5930] should_fail_ex+0x497/0x5b0 [ 91.183250][ T5930] ? fs_reclaim_acquire+0xae/0x160 [ 91.185589][ T5930] should_failslab+0xc2/0x120 [ 91.187750][ T5930] __kmalloc_noprof+0xcb/0x400 [ 91.189856][ T5930] ? __pfx_lock_acquire+0x10/0x10 [ 91.192022][ T5930] tomoyo_realpath_from_path+0xb9/0x720 [ 91.194535][ T5930] ? tomoyo_profile+0x47/0x60 [ 91.196863][ T5930] tomoyo_path_number_perm+0x245/0x590 [ 91.199541][ T5930] ? tomoyo_path_number_perm+0x232/0x590 [ 91.202091][ T5930] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 91.204630][ T5930] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 91.206929][ T5930] ? __fget_files+0x256/0x400 [ 91.208981][ T5930] security_file_ioctl+0x75/0xc0 [ 91.211171][ T5930] __x64_sys_ioctl+0xbb/0x220 [ 91.213244][ T5930] do_syscall_64+0xcd/0x250 [ 91.215157][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.217821][ T5930] RIP: 0033:0x7fe3f3177299 [ 91.219720][ T5930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.228984][ T5930] RSP: 002b:00007fe3f3ea8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.232663][ T5930] RAX: ffffffffffffffda RBX: 00007fe3f3305f80 RCX: 00007fe3f3177299 [ 91.236103][ T5930] RDX: 0000000020000040 RSI: 00000000c1485544 RDI: 0000000000000003 [ 91.240413][ T5930] RBP: 00007fe3f3ea80a0 R08: 0000000000000000 R09: 0000000000000000 [ 91.244031][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.248059][ T5930] R13: 000000000000000b R14: 00007fe3f3305f80 R15: 00007ffcfb044428 [ 91.252244][ T5930] [ 91.265574][ T5930] ERROR: Out of memory at tomoyo_realpath_from_path. [ 91.386496][ T5938] fuse: Unknown parameter '0x0000000000000005' [ 91.420320][ T5939] ALSA: seq fatal error: cannot create timer (-22) [ 91.426627][ T5939] Cannot find add_set index 0 as target [ 91.431929][ T5940] ALSA: seq fatal error: cannot create timer (-22) [ 91.508370][ T5940] Cannot find add_set index 0 as target [ 91.607078][ T5944] ALSA: seq fatal error: cannot create timer (-22) [ 91.631914][ T5944] Cannot find add_set index 0 as target [ 91.753810][ T5943] netlink: 12 bytes leftover after parsing attributes in process `syz.0.132'. [ 92.429417][ T39] audit: type=1400 audit(1722169618.648:388): avc: denied { mount } for pid=5948 comm="syz.2.142" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 92.445852][ T5949] overlayfs: missing 'lowerdir' [ 92.510901][ T39] audit: type=1400 audit(1722169618.728:389): avc: denied { read append } for pid=5951 comm="syz.1.144" name="rtc0" dev="devtmpfs" ino=867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 92.528939][ T39] audit: type=1400 audit(1722169618.728:390): avc: denied { open } for pid=5951 comm="syz.1.144" path="/dev/rtc0" dev="devtmpfs" ino=867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 92.543383][ T39] audit: type=1400 audit(1722169618.728:391): avc: denied { ioctl } for pid=5951 comm="syz.1.144" path="/dev/rtc0" dev="devtmpfs" ino=867 ioctlcmd=0x7013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 92.603472][ T5347] Bluetooth: hci2: Malformed LE Event: 0x02 [ 92.606324][ T39] audit: type=1400 audit(1722169618.818:392): avc: denied { execute } for pid=5958 comm="syz.0.145" path="/40/cpu.stat" dev="tmpfs" ino=233 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 92.616103][ T39] audit: type=1400 audit(1722169618.828:393): avc: denied { module_request } for pid=5958 comm="syz.0.145" kmod="net-pf-16-proto-16-family-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 92.815231][ T5968] fuse: Unknown parameter '0x0000000000000005' [ 93.035725][ T5972] ALSA: seq fatal error: cannot create timer (-22) [ 93.051966][ T5972] Cannot find add_set index 0 as target [ 93.612432][ T5979] ALSA: seq fatal error: cannot create timer (-22) [ 93.650823][ T5979] Cannot find add_set index 0 as target [ 93.749304][ T5983] ALSA: seq fatal error: cannot create timer (-22) [ 93.756115][ T5983] Cannot find add_set index 0 as target [ 93.905232][ T5974] netlink: 12 bytes leftover after parsing attributes in process `syz.3.149'. [ 94.242639][ T5988] input: syz0 as /devices/virtual/input/input12 [ 94.428634][ T5992] input: syz0 as /devices/virtual/input/input13 [ 94.455641][ T5988] dccp_invalid_packet: invalid packet type [ 94.602259][ T5992] dccp_invalid_packet: invalid packet type [ 94.821181][ T6001] fuse: Unknown parameter 'fd0x0000000000000005' [ 94.964332][ T5347] Bluetooth: hci0: Malformed LE Event: 0x02 [ 96.062484][ T6016] ALSA: seq fatal error: cannot create timer (-22) [ 96.085110][ T6016] Cannot find add_set index 0 as target [ 96.115860][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 96.115877][ T39] audit: type=1400 audit(1722169622.328:403): avc: denied { create } for pid=6014 comm="syz.3.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 96.963295][ T6025] FAULT_INJECTION: forcing a failure. [ 96.963295][ T6025] name failslab, interval 1, probability 0, space 0, times 0 [ 96.969697][ T6025] CPU: 2 UID: 0 PID: 6025 Comm: syz.2.162 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 96.974237][ T6025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.980950][ T6025] Call Trace: [ 96.982598][ T6025] [ 96.983869][ T6025] dump_stack_lvl+0x16c/0x1f0 [ 96.985991][ T6025] should_fail_ex+0x497/0x5b0 [ 97.001370][ T6025] ? fs_reclaim_acquire+0xae/0x160 [ 97.004649][ T6025] should_failslab+0xc2/0x120 [ 97.006760][ T6025] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 97.009129][ T6025] ? security_file_alloc+0x41/0x260 [ 97.011346][ T6025] security_file_alloc+0x41/0x260 [ 97.013518][ T6025] ? kmem_cache_alloc_noprof+0x174/0x2f0 [ 97.015901][ T6025] init_file+0x99/0x260 [ 97.021650][ T6025] alloc_empty_file+0x91/0x1e0 [ 97.023823][ T6025] alloc_file_pseudo+0x147/0x210 [ 97.026041][ T6025] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 97.028520][ T6025] ? security_inode_alloc+0x19e/0x240 [ 97.031157][ T6025] ? inode_init_always+0xc77/0xf80 [ 97.033786][ T6025] sock_alloc_file+0x50/0x1d0 [ 97.035811][ T6025] do_accept+0x2a8/0x540 [ 97.037696][ T6025] ? __pfx_do_accept+0x10/0x10 [ 97.039819][ T6025] __sys_accept4+0x102/0x1c0 [ 97.041650][ T6025] ? __pfx___sys_accept4+0x10/0x10 [ 97.043556][ T6025] ? ksys_write+0x1ab/0x260 [ 97.045278][ T6025] ? __pfx_ksys_write+0x10/0x10 [ 97.047168][ T6025] __x64_sys_accept+0x74/0xb0 [ 97.048978][ T6025] ? lockdep_hardirqs_on+0x7c/0x110 [ 97.051091][ T6025] do_syscall_64+0xcd/0x250 [ 97.052897][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.055476][ T6025] RIP: 0033:0x7fe3f3177299 [ 97.057501][ T6025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.065247][ T6025] RSP: 002b:00007fe3f3ea8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 97.069216][ T6025] RAX: ffffffffffffffda RBX: 00007fe3f3305f80 RCX: 00007fe3f3177299 [ 97.074340][ T6025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 97.079046][ T6025] RBP: 00007fe3f3ea80a0 R08: 0000000000000000 R09: 0000000000000000 [ 97.084108][ T6025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.088647][ T6025] R13: 000000000000000b R14: 00007fe3f3305f80 R15: 00007ffcfb044428 [ 97.092779][ T6025] [ 97.338279][ T6031] ALSA: seq fatal error: cannot create timer (-22) [ 97.353125][ T6031] Cannot find add_set index 0 as target [ 97.703411][ T6034] ALSA: seq fatal error: cannot create timer (-22) [ 97.715050][ T6034] Cannot find add_set index 0 as target [ 97.904087][ T6040] fuse: Unknown parameter 'fd0x0000000000000005' [ 98.326292][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 99.154624][ T6056] Cannot find add_set index 0 as target [ 99.248263][ T39] audit: type=1400 audit(1722169625.458:404): avc: denied { read } for pid=6059 comm="syz.3.172" name="card1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 99.299044][ T39] audit: type=1400 audit(1722169625.458:405): avc: denied { open } for pid=6059 comm="syz.3.172" path="/dev/dri/card1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 99.311781][ T39] audit: type=1400 audit(1722169625.458:406): avc: denied { ioctl } for pid=6059 comm="syz.3.172" path="/dev/dri/card1" dev="devtmpfs" ino=638 ioctlcmd=0x640d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 99.336441][ T6064] input: syz0 as /devices/virtual/input/input16 [ 99.349109][ T39] audit: type=1400 audit(1722169625.568:407): avc: denied { create } for pid=6059 comm="syz.3.172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 99.492818][ T6064] dccp_invalid_packet: invalid packet type [ 99.812281][ T6067] netlink: 12 bytes leftover after parsing attributes in process `syz.1.167'. [ 100.192219][ T6074] fuse: Unknown parameter 'fd0x0000000000000005' [ 100.381998][ T6081] input: syz0 as /devices/virtual/input/input19 [ 100.570940][ T6081] dccp_invalid_packet: invalid packet type [ 101.064374][ T5347] Bluetooth: hci1: Malformed LE Event: 0x02 [ 102.155543][ T6097] ALSA: seq fatal error: cannot create timer (-22) [ 102.170618][ T6097] Cannot find add_set index 0 as target [ 102.990733][ T6103] Cannot find add_set index 0 as target [ 102.999467][ T6102] input: syz0 as /devices/virtual/input/input21 [ 103.224056][ T6102] dccp_invalid_packet: invalid packet type [ 103.280222][ T6106] Cannot find add_set index 0 as target [ 103.573547][ T39] audit: type=1400 audit(1722169629.788:408): avc: denied { name_bind } for pid=6110 comm="syz.0.185" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 103.625021][ T39] audit: type=1400 audit(1722169629.788:409): avc: denied { setopt } for pid=6110 comm="syz.0.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 103.874809][ T39] audit: type=1400 audit(1722169630.088:410): avc: denied { mount } for pid=6113 comm="syz.2.186" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 103.951346][ T39] audit: type=1400 audit(1722169630.168:411): avc: denied { unmount } for pid=5333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 104.199024][ T5347] Bluetooth: hci0: Malformed LE Event: 0x02 [ 104.332776][ T6122] input: syz0 as /devices/virtual/input/input23 [ 104.427954][ T6122] dccp_invalid_packet: invalid packet type [ 105.545074][ T39] audit: type=1400 audit(1722169631.748:412): avc: denied { bind } for pid=6128 comm="syz.2.190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 105.791279][ T6137] netlink: 'syz.0.191': attribute type 8 has an invalid length. [ 105.795068][ T6137] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 105.902444][ T6137] ieee802154 phy0 wpan0: encryption failed: -22 [ 105.906499][ T39] audit: type=1400 audit(1722169632.118:413): avc: denied { write } for pid=6134 comm="syz.0.191" path="socket:[11531]" dev="sockfs" ino=11531 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 106.215355][ T6140] input: syz0 as /devices/virtual/input/input25 [ 106.392388][ T6140] dccp_invalid_packet: invalid packet type [ 106.450863][ T6149] Cannot find add_set index 0 as target [ 106.835504][ T6153] Cannot find add_set index 0 as target [ 107.152798][ T39] audit: type=1400 audit(1722169633.358:414): avc: denied { write } for pid=6154 comm="syz.3.197" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 107.172280][ T5347] Bluetooth: hci2: unexpected subevent 0x1a length: 10 > 6 [ 107.680408][ T5347] Bluetooth: hci2: Malformed LE Event: 0x02 [ 108.618217][ T39] audit: type=1400 audit(1722169634.818:415): avc: denied { name_bind } for pid=6172 comm="syz.0.200" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 108.638876][ T39] audit: type=1400 audit(1722169634.818:416): avc: denied { node_bind } for pid=6172 comm="syz.0.200" saddr=224.0.0.1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 108.765786][ T6178] input: syz0 as /devices/virtual/input/input27 [ 108.986871][ T6178] dccp_invalid_packet: invalid packet type [ 109.221925][ T5347] Bluetooth: hci2: command tx timeout [ 109.357824][ T6191] input: syz0 as /devices/virtual/input/input29 [ 109.447375][ T6191] dccp_invalid_packet: invalid packet type [ 109.673343][ T6197] Cannot find add_set index 0 as target [ 111.046121][ T6208] netlink: 'syz.2.210': attribute type 10 has an invalid length. [ 111.748436][ T6208] team0: Port device wlan1 added [ 111.851191][ T6209] Cannot find add_set index 0 as target [ 111.997436][ C3] vkms_vblank_simulate: vblank timer overrun [ 112.049167][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 112.452449][ T6224] input: syz0 as /devices/virtual/input/input31 [ 112.515822][ T6224] dccp_invalid_packet: invalid packet type [ 112.569163][ T5379] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 112.638571][ T6231] sch_tbf: burst 2 is lower than device netdevsim0 mtu (1514) ! [ 112.693329][ T6230] Cannot find add_set index 0 as target [ 112.821084][ T5379] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.832191][ T5379] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.837687][ T5379] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 112.842683][ T5379] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.862737][ T5379] usb 7-1: config 0 descriptor?? [ 113.327136][ T5379] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 113.353908][ T5379] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0D8C:0022.0007/input/input33 [ 113.400352][ T5379] cm6533_jd 0003:0D8C:0022.0007: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 113.521253][ T39] audit: type=1400 audit(1722169639.738:417): avc: denied { name_bind } for pid=6214 comm="syz.2.212" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 113.540647][ T6215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.554375][ T6215] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.638301][ T39] audit: type=1400 audit(1722169639.838:418): avc: denied { accept } for pid=6244 comm="syz.0.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 113.823327][ T10] usb 7-1: USB disconnect, device number 2 [ 113.975213][ T39] audit: type=1400 audit(1722169640.188:419): avc: denied { read } for pid=6244 comm="syz.0.221" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 113.986536][ T39] audit: type=1400 audit(1722169640.188:420): avc: denied { open } for pid=6244 comm="syz.0.221" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 114.336628][ T6257] input: syz0 as /devices/virtual/input/input34 [ 114.444152][ T6257] dccp_invalid_packet: invalid packet type [ 114.651916][ T39] audit: type=1400 audit(1722169640.868:421): avc: denied { ioctl } for pid=6263 comm="syz.1.226" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13572 ioctlcmd=0x9420 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 114.672153][ T6264] netlink: 'syz.1.226': attribute type 2 has an invalid length. [ 114.676157][ T6264] netlink: 'syz.1.226': attribute type 1 has an invalid length. [ 114.681921][ T6264] netlink: 60 bytes leftover after parsing attributes in process `syz.1.226'. [ 114.696891][ T6264] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.226'. [ 114.705505][ T6264] netlink: 248 bytes leftover after parsing attributes in process `syz.1.226'. [ 114.937984][ T39] audit: type=1400 audit(1722169641.148:422): avc: denied { write } for pid=6267 comm="syz.1.227" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 115.102195][ T6276] Cannot find add_set index 0 as target [ 115.208312][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 115.418452][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 115.431654][ T10] usb 6-1: config 1 has an invalid interface number: 2 but max is 0 [ 115.435748][ T10] usb 6-1: config 1 has no interface number 0 [ 115.440999][ T10] usb 6-1: config 1 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.446546][ T10] usb 6-1: config 1 interface 2 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 128 [ 115.455627][ T10] usb 6-1: config 1 interface 2 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 115.495560][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 115.508009][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 115.526205][ T10] usb 6-1: SerialNumber: syz [ 115.543314][ T6268] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 115.971988][ T6286] ip6gretap0 speed is unknown, defaulting to 1000 [ 116.761364][ T39] audit: type=1400 audit(1722169642.978:423): avc: denied { create } for pid=6292 comm="syz.3.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 116.784204][ T39] audit: type=1400 audit(1722169642.978:424): avc: denied { write } for pid=6292 comm="syz.3.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 116.821548][ T39] audit: type=1400 audit(1722169643.038:425): avc: denied { accept } for pid=6292 comm="syz.3.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 117.019983][ T39] audit: type=1400 audit(1722169643.238:426): avc: denied { write } for pid=6297 comm="syz.2.235" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 117.110616][ T39] audit: type=1400 audit(1722169643.328:427): avc: denied { bind } for pid=6297 comm="syz.2.235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 117.120027][ T6299] Bluetooth: MGMT ver 1.23 [ 117.219638][ T5397] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 117.259412][ C0] hrtimer: interrupt took 2964820 ns [ 117.449058][ T5397] usb 8-1: Using ep0 maxpacket: 8 [ 117.471329][ T5397] usb 8-1: config 0 has no interfaces? [ 117.495028][ T5397] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 117.499846][ T5397] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.503866][ T5397] usb 8-1: Product: syz [ 117.506484][ T5397] usb 8-1: Manufacturer: syz [ 117.509170][ T5397] usb 8-1: SerialNumber: syz [ 117.516533][ T5397] usb 8-1: config 0 descriptor?? [ 117.648204][ T989] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 117.824703][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.234'. [ 117.850730][ T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.856069][ T989] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 117.864326][ T989] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 117.870723][ T989] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.881452][ T989] usb 5-1: config 0 descriptor?? [ 118.158614][ T10] cdc_acm 6-1:1.2: ttyACM0: USB ACM device [ 118.220032][ T6309] netlink: 28 bytes leftover after parsing attributes in process `syz.0.236'. [ 118.256026][ T10] usb 6-1: USB disconnect, device number 7 [ 118.430335][ T5379] usb 8-1: USB disconnect, device number 2 [ 119.277968][ T6326] netlink: 'syz.3.242': attribute type 10 has an invalid length. [ 119.308948][ T6326] team0: Port device wlan1 added [ 120.059838][ T6333] input: syz0 as /devices/virtual/input/input36 [ 120.101733][ T989] usbhid 5-1:0.0: can't add hid device: -71 [ 120.104721][ T989] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 120.119537][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 120.119558][ T39] audit: type=1400 audit(1722169646.338:431): avc: denied { mounton } for pid=6334 comm="syz.2.245" path="/proc/191/task" dev="proc" ino=14398 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 120.123698][ T989] usb 5-1: USB disconnect, device number 7 [ 120.138007][ T39] audit: type=1400 audit(1722169646.338:432): avc: denied { mount } for pid=6334 comm="syz.2.245" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 120.170750][ T6333] dccp_invalid_packet: invalid packet type [ 120.822384][ T989] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 121.020572][ T989] usb 6-1: config 0 has no interfaces? [ 121.023452][ T989] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 121.027564][ T989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.034801][ T989] usb 6-1: config 0 descriptor?? [ 121.316122][ T5379] usb 6-1: USB disconnect, device number 8 [ 121.388184][ T833] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 121.584729][ T833] usb 7-1: config 0 has no interfaces? [ 121.587250][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 121.591177][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.596868][ T833] usb 7-1: config 0 descriptor?? [ 121.877770][ T6361] netlink: 12 bytes leftover after parsing attributes in process `syz.1.252'. [ 121.882060][ T6361] netlink: 24 bytes leftover after parsing attributes in process `syz.1.252'. [ 121.941005][ T10] usb 7-1: USB disconnect, device number 3 [ 122.797727][ C2] vkms_vblank_simulate: vblank timer overrun [ 122.943385][ C2] vkms_vblank_simulate: vblank timer overrun [ 123.014808][ T6385] input: syz0 as /devices/virtual/input/input38 [ 123.039375][ T39] audit: type=1400 audit(1722169649.258:433): avc: denied { read } for pid=6388 comm="syz.1.261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 123.156897][ T6385] dccp_invalid_packet: invalid packet type [ 123.158934][ T6394] input: syz1 as /devices/virtual/input/input39 [ 123.208231][ T833] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 123.265834][ T6397] use of bytesused == 0 is deprecated and will be removed in the future, [ 123.271000][ T6397] use the actual size instead. [ 123.413490][ T833] usb 7-1: config 0 has no interfaces? [ 123.415913][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.428181][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.438482][ T833] usb 7-1: config 0 descriptor?? [ 123.710732][ T35] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 123.751398][ T833] usb 7-1: USB disconnect, device number 4 [ 123.941228][ T35] usb 6-1: config 0 has no interfaces? [ 123.943900][ T35] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.947697][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.954957][ T35] usb 6-1: config 0 descriptor?? [ 124.189284][ C2] vkms_vblank_simulate: vblank timer overrun [ 124.284596][ T833] usb 6-1: USB disconnect, device number 9 [ 125.427860][ T39] audit: type=1400 audit(1722169651.638:434): avc: denied { setopt } for pid=6426 comm="syz.2.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 125.746496][ T39] audit: type=1400 audit(1722169651.958:435): avc: denied { sqpoll } for pid=6433 comm="syz.2.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 126.201708][ T39] audit: type=1400 audit(1722169652.418:436): avc: denied { create } for pid=6446 comm="syz.1.277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 126.350568][ T833] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 126.508190][ T5396] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 126.558904][ T833] usb 7-1: config 0 has no interfaces? [ 126.561862][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 126.567240][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.585002][ T833] usb 7-1: config 0 descriptor?? [ 126.622196][ T39] audit: type=1400 audit(1722169652.838:437): avc: denied { write } for pid=6452 comm="syz.3.279" name="001" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 126.711064][ T5396] usb 5-1: config 0 has no interfaces? [ 126.713372][ T5396] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 126.717005][ T5396] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.827166][ T5396] usb 5-1: config 0 descriptor?? [ 126.881337][ T35] usb 7-1: USB disconnect, device number 5 [ 127.217474][ T5379] usb 5-1: USB disconnect, device number 8 [ 127.731752][ T39] audit: type=1400 audit(1722169653.938:438): avc: denied { connect } for pid=6477 comm="syz.1.283" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.807023][ T39] audit: type=1400 audit(1722169654.018:439): avc: denied { mounton } for pid=6477 comm="syz.1.283" path="/55/file1" dev="tmpfs" ino=311 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 127.817227][ T39] audit: type=1400 audit(1722169654.028:440): avc: denied { setopt } for pid=6477 comm="syz.1.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 129.214031][ T6498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.289'. [ 129.321159][ T8] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 129.560127][ T8] usb 5-1: config 0 has no interfaces? [ 129.563181][ T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 129.567755][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.574924][ T8] usb 5-1: config 0 descriptor?? [ 129.868307][ T830] usb 5-1: USB disconnect, device number 9 [ 130.275192][ T39] audit: type=1400 audit(1722169656.488:441): avc: denied { setopt } for pid=6518 comm="syz.2.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 130.285372][ T39] audit: type=1400 audit(1722169656.498:442): avc: denied { create } for pid=6518 comm="syz.2.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 130.295002][ T39] audit: type=1400 audit(1722169656.508:443): avc: denied { setopt } for pid=6518 comm="syz.2.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 130.450984][ T39] kauditd_printk_skb: 11 callbacks suppressed [ 130.450999][ T39] audit: type=1400 audit(1722169656.668:455): avc: denied { write } for pid=6520 comm="syz.3.295" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 130.469458][ T39] audit: type=1400 audit(1722169656.668:456): avc: denied { ioctl } for pid=6520 comm="syz.3.295" path="/dev/nullb0" dev="devtmpfs" ino=693 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 130.508793][ T39] audit: type=1400 audit(1722169656.728:457): avc: denied { setopt } for pid=6520 comm="syz.3.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 130.746672][ T39] audit: type=1400 audit(1722169656.958:458): avc: denied { shutdown } for pid=6520 comm="syz.3.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 130.923809][ T6539] vlan0: entered promiscuous mode [ 130.926214][ T6539] vlan0: entered allmulticast mode [ 130.939176][ T6539] veth0_vlan: entered allmulticast mode [ 130.948679][ T6539] team0: Port device vlan0 added [ 130.955673][ T39] audit: type=1400 audit(1722169657.168:459): avc: denied { ioctl } for pid=6538 comm="syz.1.301" path="socket:[15403]" dev="sockfs" ino=15403 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 130.966885][ T39] audit: type=1400 audit(1722169657.178:460): avc: denied { mounton } for pid=6538 comm="syz.1.301" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 131.021049][ T39] audit: type=1400 audit(1722169657.238:461): avc: denied { create } for pid=6541 comm="syz.1.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 131.101221][ T39] audit: type=1400 audit(1722169657.308:462): avc: denied { unmount } for pid=5540 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 131.690239][ T6561] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 131.708249][ T39] audit: type=1400 audit(1722169657.928:463): avc: denied { bind } for pid=6558 comm="syz.3.308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 131.718873][ T39] audit: type=1400 audit(1722169657.938:464): avc: denied { name_bind } for pid=6558 comm="syz.3.308" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 131.858418][ T5379] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 132.032999][ T6569] Cannot find add_set index 0 as target [ 132.051689][ T5379] usb 7-1: config 0 has no interfaces? [ 132.053875][ T5379] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 132.057390][ T5379] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.063505][ T5379] usb 7-1: config 0 descriptor?? [ 132.435263][ T8] usb 7-1: USB disconnect, device number 6 [ 134.289190][ T6598] Cannot find add_set index 0 as target [ 134.424901][ T6600] netlink: 12 bytes leftover after parsing attributes in process `syz.0.318'. [ 135.118265][ T1298] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 135.316722][ T1298] usb 7-1: config 0 has no interfaces? [ 135.319344][ T1298] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.323508][ T1298] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.334217][ T1298] usb 7-1: config 0 descriptor?? [ 135.614683][ T5347] Bluetooth: hci2: Malformed LE Event: 0x02 [ 135.640718][ T989] usb 7-1: USB disconnect, device number 7 [ 136.251951][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 136.251961][ T39] audit: type=1400 audit(1722169662.468:468): avc: denied { connect } for pid=6627 comm="syz.2.327" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 136.268170][ T39] audit: type=1400 audit(1722169662.478:469): avc: denied { name_connect } for pid=6627 comm="syz.2.327" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 136.521745][ T6643] Cannot find add_set index 0 as target [ 136.623073][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.331'. [ 136.628511][ T39] audit: type=1400 audit(1722169662.838:470): avc: denied { shutdown } for pid=6636 comm="syz.2.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 136.668369][ T39] audit: type=1400 audit(1722169662.838:471): avc: denied { name_connect } for pid=6636 comm="syz.2.331" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 136.693652][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 137.339645][ C3] vkms_vblank_simulate: vblank timer overrun [ 137.358253][ T1298] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 137.396721][ C3] vkms_vblank_simulate: vblank timer overrun [ 137.586515][ T1298] usb 7-1: config 0 has no interfaces? [ 137.589142][ T1298] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 137.596909][ T1298] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.614548][ T1298] usb 7-1: config 0 descriptor?? [ 137.816359][ T6655] netlink: 8 bytes leftover after parsing attributes in process `syz.0.335'. [ 137.952157][ T989] usb 7-1: USB disconnect, device number 8 [ 138.017771][ T5347] Bluetooth: hci2: Malformed LE Event: 0x02 [ 138.540762][ T6695] Cannot find add_set index 0 as target [ 138.572539][ T1384] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.575437][ T1384] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.060010][ T6711] netlink: 24 bytes leftover after parsing attributes in process `syz.2.352'. [ 139.075585][ T6711] netlink: 20 bytes leftover after parsing attributes in process `syz.2.352'. [ 139.083436][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.352'. [ 139.089828][ T6711] fuse: Unknown parameter '­ð0xffffffffffffffff' [ 139.101533][ T39] audit: type=1400 audit(1722169665.308:472): avc: denied { create } for pid=6712 comm="syz.3.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 139.111718][ T39] audit: type=1400 audit(1722169665.308:473): avc: denied { bind } for pid=6712 comm="syz.3.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 139.120717][ T39] audit: type=1400 audit(1722169665.308:474): avc: denied { name_bind } for pid=6712 comm="syz.3.353" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 139.146463][ T39] audit: type=1400 audit(1722169665.308:475): avc: denied { node_bind } for pid=6712 comm="syz.3.353" saddr=::ffff:172.20.20.187 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 139.194378][ T6715] CIFS: VFS: Malformed UNC in devname [ 139.196216][ T6711] ======================================================= [ 139.196216][ T6711] WARNING: The mand mount option has been deprecated and [ 139.196216][ T6711] and is ignored by this kernel. Remove the mand [ 139.196216][ T6711] option from the mount to silence this warning. [ 139.196216][ T6711] ======================================================= [ 139.211872][ T39] audit: type=1326 audit(1722169665.428:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6714 comm="syz.3.354" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x0 [ 139.244126][ T39] audit: type=1400 audit(1722169665.458:477): avc: denied { remount } for pid=6710 comm="syz.2.352" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 139.317928][ T6722] loop0: detected capacity change from 0 to 7 [ 139.333204][ T6722] Dev loop0: unable to read RDB block 7 [ 139.335764][ T6722] loop0: AHDI p4 [ 139.337382][ T6722] loop0: partition table partially beyond EOD, truncated [ 139.422089][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 139.429916][ T6724] Cannot find add_set index 0 as target [ 139.935202][ T6728] FAULT_INJECTION: forcing a failure. [ 139.935202][ T6728] name failslab, interval 1, probability 0, space 0, times 0 [ 139.941933][ T6728] CPU: 3 UID: 0 PID: 6728 Comm: syz.2.358 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 139.946847][ T6728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 139.952317][ T6728] Call Trace: [ 139.954127][ T6728] [ 139.955473][ T6728] dump_stack_lvl+0x16c/0x1f0 [ 139.957585][ T6728] should_fail_ex+0x497/0x5b0 [ 139.959981][ T6728] ? fs_reclaim_acquire+0xae/0x160 [ 139.962259][ T6728] should_failslab+0xc2/0x120 [ 139.964370][ T6728] kmem_cache_alloc_node_noprof+0x71/0x310 [ 139.966995][ T6728] ? __alloc_skb+0x2b1/0x380 [ 139.969123][ T6728] __alloc_skb+0x2b1/0x380 [ 139.971465][ T6728] ? __pfx___alloc_skb+0x10/0x10 [ 139.973681][ T6728] ? hlock_class+0x4e/0x130 [ 139.975714][ T6728] ? __lock_acquire+0x1620/0x3cb0 [ 139.977958][ T6728] __ip6_append_data.isra.0+0x2976/0x4450 [ 139.981773][ T6728] ? __pfx_raw6_getfrag+0x10/0x10 [ 139.984089][ T6728] ? __pfx___ip6_append_data.isra.0+0x10/0x10 [ 139.987314][ T6728] ? ip6_mtu+0x231/0x4a0 [ 139.989244][ T6728] ? ip6_setup_cork+0xbdc/0x1370 [ 139.991477][ T6728] ip6_append_data+0x1e6/0x500 [ 139.993686][ T6728] ? __pfx_raw6_getfrag+0x10/0x10 [ 139.995931][ T6728] rawv6_sendmsg+0x1565/0x43f0 [ 139.998180][ T6728] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 140.000553][ T6728] ? avc_has_perm_noaudit+0x143/0x3a0 [ 140.000641][ T6729] Cannot find add_set index 0 as target [ 140.003157][ T6728] ? avc_has_perm+0x11b/0x1c0 [ 140.007678][ T6728] ? __pfx_avc_has_perm+0x10/0x10 [ 140.009944][ T6728] ? __pfx___lock_acquire+0x10/0x10 [ 140.012244][ T6728] ? hlock_class+0x4e/0x130 [ 140.014228][ T6728] ? mark_lock+0xb5/0xc60 [ 140.016099][ T6728] ? sock_has_perm+0x25a/0x2f0 [ 140.018330][ T6728] ? __pfx_sock_has_perm+0x10/0x10 [ 140.020570][ T6728] ? __import_iovec+0x1fd/0x6e0 [ 140.022693][ T6728] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 140.024906][ T6728] ? inet_sendmsg+0x119/0x140 [ 140.027041][ T6728] inet_sendmsg+0x119/0x140 [ 140.029023][ T6728] ____sys_sendmsg+0x992/0xc90 [ 140.031180][ T6728] ? copy_msghdr_from_user+0x10b/0x160 [ 140.033439][ T6728] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.035775][ T6728] ? __lock_acquire+0x1620/0x3cb0 [ 140.037937][ T6728] ___sys_sendmsg+0x135/0x1e0 [ 140.039813][ T6728] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.041850][ T6728] ? __pfx___might_resched+0x10/0x10 [ 140.044166][ T6728] ? __might_fault+0xe3/0x190 [ 140.046253][ T6728] __sys_sendmmsg+0x1a1/0x450 [ 140.048400][ T6728] ? __pfx___sys_sendmmsg+0x10/0x10 [ 140.050591][ T6728] ? vfs_write+0x14d/0x1140 [ 140.052402][ T6728] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 140.055085][ T6728] ? fput+0x32/0x390 [ 140.056838][ T6728] ? ksys_write+0x1ab/0x260 [ 140.058940][ T6728] ? __pfx_ksys_write+0x10/0x10 [ 140.061077][ T6728] __x64_sys_sendmmsg+0x9c/0x100 [ 140.063308][ T6728] ? lockdep_hardirqs_on+0x7c/0x110 [ 140.065626][ T6728] do_syscall_64+0xcd/0x250 [ 140.067688][ T6728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.070393][ T6728] RIP: 0033:0x7fe3f3177299 [ 140.072322][ T6728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.080963][ T6728] RSP: 002b:00007fe3f3ea8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 140.085668][ T6728] RAX: ffffffffffffffda RBX: 00007fe3f3305f80 RCX: 00007fe3f3177299 [ 140.089464][ T6728] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 140.093004][ T6728] RBP: 00007fe3f3ea80a0 R08: 0000000000000000 R09: 0000000000000000 [ 140.096701][ T6728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.100187][ T6728] R13: 000000000000000b R14: 00007fe3f3305f80 R15: 00007ffcfb044428 [ 140.104320][ T6728] [ 141.110028][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 141.467613][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 141.467623][ T39] audit: type=1400 audit(1722169667.678:486): avc: denied { create } for pid=6757 comm="syz.0.367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 141.478204][ T39] audit: type=1400 audit(1722169667.688:487): avc: denied { write } for pid=6757 comm="syz.0.367" name="kcm" dev="proc" ino=4026533179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 141.486717][ T39] audit: type=1400 audit(1722169667.698:488): avc: denied { setopt } for pid=6757 comm="syz.0.367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 141.709047][ T6775] netlink: 12 bytes leftover after parsing attributes in process `syz.2.371'. [ 141.907007][ T6783] Cannot find add_set index 0 as target [ 142.036421][ T5347] Bluetooth: hci3: Malformed LE Event: 0x02 [ 142.502504][ T39] audit: type=1400 audit(1722169668.698:489): avc: denied { write } for pid=6800 comm="syz.3.380" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 142.511967][ T39] audit: type=1400 audit(1722169668.698:490): avc: denied { ioctl } for pid=6800 comm="syz.3.380" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 142.548542][ T39] audit: type=1400 audit(1722169668.698:491): avc: denied { setopt } for pid=6800 comm="syz.3.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 142.562499][ T39] audit: type=1400 audit(1722169668.778:492): avc: denied { write } for pid=6803 comm="syz.0.381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 142.562846][ T6804] netlink: 104 bytes leftover after parsing attributes in process `syz.0.381'. [ 142.572365][ T39] audit: type=1400 audit(1722169668.778:493): avc: denied { nlmsg_write } for pid=6803 comm="syz.0.381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 142.576252][ T6806] netlink: 'syz.0.381': attribute type 29 has an invalid length. [ 142.587490][ T39] audit: type=1400 audit(1722169668.778:494): avc: denied { getopt } for pid=6800 comm="syz.3.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 142.591494][ T6804] netlink: 'syz.0.381': attribute type 29 has an invalid length. [ 142.601633][ T6806] netlink: 'syz.0.381': attribute type 29 has an invalid length. [ 142.605319][ T6804] netlink: 'syz.0.381': attribute type 29 has an invalid length. [ 142.610001][ T6806] netlink: 'syz.0.381': attribute type 29 has an invalid length. [ 142.639686][ T5347] Bluetooth: hci3: unexpected subevent 0x01 length: 23 > 18 [ 142.936083][ T6815] overlayfs: missing 'lowerdir' [ 143.186897][ T6828] Cannot find add_set index 0 as target [ 143.266142][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 143.283481][ T6826] batman_adv: batadv2: Adding interface: netdevsim0 [ 143.286081][ T6826] batman_adv: batadv2: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.298334][ T6826] batman_adv: batadv2: Interface activated: netdevsim0 [ 143.550541][ T4763] Bluetooth: hci0: Malformed LE Event: 0x02 [ 143.701829][ T6837] NILFS (nullb0): couldn't find nilfs on the device [ 144.187056][ T39] audit: type=1400 audit(1722169670.398:495): avc: denied { ioctl } for pid=6846 comm="syz.2.395" path="/dev/binderfs/binder-control" dev="binder" ino=2 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 144.263585][ T6848] loop0: detected capacity change from 0 to 7 [ 144.271389][ T6848] Dev loop0: unable to read RDB block 7 [ 144.273918][ T6848] loop0: AHDI p4 [ 144.275636][ T6848] loop0: partition table partially beyond EOD, truncated [ 144.628192][ T6860] ALSA: seq fatal error: cannot create timer (-22) [ 144.634425][ T6860] Cannot find add_set index 0 as target [ 145.281315][ C3] vkms_vblank_simulate: vblank timer overrun [ 145.484860][ T4763] Bluetooth: hci0: Malformed LE Event: 0x02 [ 146.041596][ T6888] cgroup: Bad value for 'name' [ 146.098429][ T6888] Process accounting resumed [ 146.155435][ T6891] program syz.2.409 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 146.299728][ T6892] xt_policy: too many policy elements [ 146.306214][ T6892] usb usb8: usbfs: process 6892 (syz.2.409) did not claim interface 0 before use [ 146.346115][ T6894] netlink: 36 bytes leftover after parsing attributes in process `syz.3.410'. [ 146.544152][ T6899] FAULT_INJECTION: forcing a failure. [ 146.544152][ T6899] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.549767][ T6899] CPU: 1 UID: 0 PID: 6899 Comm: syz.0.412 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 146.553816][ T6899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.558444][ T6899] Call Trace: [ 146.559756][ T6899] [ 146.560906][ T6899] dump_stack_lvl+0x16c/0x1f0 [ 146.563316][ T6899] should_fail_ex+0x497/0x5b0 [ 146.566005][ T6899] _copy_from_user+0x30/0xf0 [ 146.568672][ T6899] copy_msghdr_from_user+0x99/0x160 [ 146.571319][ T6899] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 146.573917][ T6899] ? find_held_lock+0x2d/0x110 [ 146.576018][ T6899] ? __pfx___lock_acquire+0x10/0x10 [ 146.578285][ T6899] ___sys_sendmsg+0xff/0x1e0 [ 146.580279][ T6899] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.582971][ T6899] ? ksys_write+0x21c/0x260 [ 146.585312][ T6899] ? __fget_light+0x173/0x210 [ 146.587493][ T6899] __sys_sendmsg+0x117/0x1f0 [ 146.589545][ T6899] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.591781][ T6899] do_syscall_64+0xcd/0x250 [ 146.593790][ T6899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.596359][ T6899] RIP: 0033:0x7fc775977299 [ 146.598356][ T6899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.606696][ T6899] RSP: 002b:00007fc77678b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.610804][ T6899] RAX: ffffffffffffffda RBX: 00007fc775b05f80 RCX: 00007fc775977299 [ 146.615004][ T6899] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 146.619043][ T6899] RBP: 00007fc77678b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 146.622510][ T6899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.626052][ T6899] R13: 000000000000000b R14: 00007fc775b05f80 R15: 00007fff189bc1b8 [ 146.629960][ T6899] [ 146.790099][ T6902] ALSA: seq fatal error: cannot create timer (-22) [ 146.796093][ T6902] Cannot find add_set index 0 as target [ 147.429237][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 147.429251][ T39] audit: type=1400 audit(1722169673.638:498): avc: denied { write } for pid=6903 comm="syz.1.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 147.448627][ T39] audit: type=1400 audit(1722169673.638:499): avc: denied { nlmsg_write } for pid=6903 comm="syz.1.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 147.697737][ T4763] Bluetooth: hci3: Malformed LE Event: 0x02 [ 148.045696][ T6916] Cannot find add_set index 0 as target [ 148.870407][ T39] audit: type=1400 audit(1722169675.088:500): avc: denied { read } for pid=6927 comm="syz.3.421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 148.880507][ T6929] FAULT_INJECTION: forcing a failure. [ 148.880507][ T6929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.888520][ T6929] CPU: 3 UID: 0 PID: 6929 Comm: syz.3.421 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 148.893470][ T6929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.898196][ T6929] Call Trace: [ 148.899602][ T6929] [ 148.900906][ T6929] dump_stack_lvl+0x16c/0x1f0 [ 148.903772][ T6929] should_fail_ex+0x497/0x5b0 [ 148.906228][ T6929] _copy_from_user+0x30/0xf0 [ 148.908252][ T6929] copy_msghdr_from_user+0x99/0x160 [ 148.910737][ T6929] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 148.913541][ T6929] ? rcu_is_watching+0x12/0xc0 [ 148.915801][ T6929] ? __pfx___lock_acquire+0x10/0x10 [ 148.918149][ T6929] ___sys_recvmsg+0xdc/0x1a0 [ 148.920761][ T6929] ? __pfx____sys_recvmsg+0x10/0x10 [ 148.923691][ T6929] ? find_held_lock+0x2d/0x110 [ 148.925944][ T6929] ? __pfx___might_resched+0x10/0x10 [ 148.928221][ T6929] ? __might_fault+0xe3/0x190 [ 148.930892][ T6929] do_recvmmsg+0x2ba/0x750 [ 148.933546][ T6929] ? __pfx_do_recvmmsg+0x10/0x10 [ 148.935814][ T6929] ? vfs_write+0x14d/0x1140 [ 148.937906][ T6929] ? __mutex_unlock_slowpath+0x164/0x650 [ 148.940544][ T6929] __x64_sys_recvmmsg+0x239/0x290 [ 148.943089][ T6929] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 148.945747][ T6929] do_syscall_64+0xcd/0x250 [ 148.947848][ T6929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.950754][ T6929] RIP: 0033:0x7f0bfef77299 [ 148.953116][ T6929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.964715][ T6929] RSP: 002b:00007f0bffd8b048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 148.968925][ T6929] RAX: ffffffffffffffda RBX: 00007f0bff106058 RCX: 00007f0bfef77299 [ 148.972775][ T6929] RDX: 0000000000000f00 RSI: 00000000200004c0 RDI: 0000000000000004 [ 148.976502][ T6929] RBP: 00007f0bffd8b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 148.980060][ T6929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 148.983448][ T6929] R13: 000000000000006e R14: 00007f0bff106058 R15: 00007fff02174408 [ 148.987080][ T6929] [ 149.959866][ T6938] input: syz0 as /devices/virtual/input/input41 [ 149.963254][ T6938] input: failed to attach handler leds to device input41, error: -6 [ 149.964085][ T6939] ALSA: seq fatal error: cannot create timer (-22) [ 149.992646][ T6939] Cannot find add_set index 0 as target [ 150.068038][ T6938] dccp_invalid_packet: invalid packet type [ 150.180387][ T4763] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 150.184448][ T4763] Bluetooth: hci0: Injecting HCI hardware error event [ 150.188859][ T4763] Bluetooth: hci0: hardware error 0x00 [ 150.234823][ T6945] loop0: detected capacity change from 0 to 7 [ 150.249680][ T6945] Dev loop0: unable to read RDB block 7 [ 150.252171][ T6945] loop0: AHDI p4 [ 150.253822][ T6945] loop0: partition table partially beyond EOD, truncated [ 150.396948][ T4825] Dev loop0: unable to read RDB block 7 [ 150.399744][ T4825] loop0: AHDI p4 [ 150.401497][ T4825] loop0: partition table partially beyond EOD, truncated [ 151.033142][ T5347] Bluetooth: hci0: Malformed LE Event: 0x02 [ 151.553060][ T39] audit: type=1326 audit(1722169677.768:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 151.586372][ T39] audit: type=1326 audit(1722169677.768:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 151.613423][ T39] audit: type=1326 audit(1722169677.818:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 151.628157][ T39] audit: type=1326 audit(1722169677.828:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 151.639095][ T39] audit: type=1326 audit(1722169677.828:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 151.648726][ T39] audit: type=1326 audit(1722169677.828:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 151.659195][ T39] audit: type=1326 audit(1722169677.868:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.1.432" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7829377299 code=0x7ffc0000 [ 152.248358][ T4763] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 152.783620][ T6987] ALSA: seq fatal error: cannot create timer (-22) [ 152.802898][ T6987] Cannot find add_set index 0 as target [ 153.006277][ T6990] ALSA: seq fatal error: cannot create timer (-22) [ 153.016956][ T6990] Cannot find add_set index 0 as target [ 153.906871][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 153.906886][ T39] audit: type=1326 audit(1722169680.118:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.930179][ T39] audit: type=1326 audit(1722169680.118:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.941125][ T39] audit: type=1326 audit(1722169680.128:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.953077][ T39] audit: type=1326 audit(1722169680.128:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.962932][ T39] audit: type=1326 audit(1722169680.128:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.971926][ T39] audit: type=1326 audit(1722169680.138:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.982030][ T39] audit: type=1326 audit(1722169680.138:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 153.992046][ T39] audit: type=1326 audit(1722169680.148:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 154.006453][ T39] audit: type=1326 audit(1722169680.218:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 154.020172][ T35] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 154.069422][ T39] audit: type=1326 audit(1722169680.218:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7006 comm="syz.3.444" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bfef77299 code=0x7ffc0000 [ 154.253656][ T35] usb 6-1: config 0 has no interfaces? [ 154.256258][ T35] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 154.261125][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.273909][ T35] usb 6-1: config 0 descriptor?? [ 154.584947][ T830] usb 6-1: USB disconnect, device number 10 [ 155.883160][ C1] ================================================================== [ 155.886780][ C1] BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x41c/0x4e0 [ 155.890441][ C1] Read of size 4 at addr ffffc9000344fa50 by task syz.3.444/7007 [ 155.895708][ C1] [ 155.896786][ C1] CPU: 1 UID: 0 PID: 7007 Comm: syz.3.444 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 155.901174][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 155.905862][ C1] Call Trace: [ 155.907362][ C1] [ 155.908659][ C1] dump_stack_lvl+0x116/0x1f0 [ 155.910737][ C1] print_report+0xc3/0x620 [ 155.912696][ C1] ? __virt_addr_valid+0x5e/0x590 [ 155.914922][ C1] kasan_report+0xd9/0x110 [ 155.916923][ C1] ? xdp_do_check_flushed+0x41c/0x4e0 [ 155.919122][ C1] ? xdp_do_check_flushed+0x41c/0x4e0 [ 155.921346][ C1] xdp_do_check_flushed+0x41c/0x4e0 [ 155.923918][ C1] __napi_poll.constprop.0+0xd1/0x550 [ 155.926428][ C1] net_rx_action+0xa92/0x1010 [ 155.928519][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 155.930758][ C1] ? lock_acquire+0x1b1/0x560 [ 155.932712][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 155.934736][ C1] ? sched_clock+0x38/0x60 [ 155.936475][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 155.938408][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 155.940356][ C1] handle_softirqs+0x216/0x8f0 [ 155.942477][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 155.944801][ C1] ? irqtime_account_irq+0x18d/0x2e0 [ 155.947181][ C1] ? bpf_test_run+0x3a4/0xa90 [ 155.949233][ C1] do_softirq+0xb2/0xf0 [ 155.951003][ C1] [ 155.952306][ C1] [ 155.953684][ C1] __local_bh_enable_ip+0x100/0x120 [ 155.956058][ C1] bpf_test_run+0x3a9/0xa90 [ 155.958338][ C1] ? __pfx_bpf_test_run+0x10/0x10 [ 155.960584][ C1] ? __asan_memset+0x23/0x50 [ 155.962629][ C1] bpf_prog_test_run_skb+0xb6e/0x20f0 [ 155.964988][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 155.967805][ C1] ? fput+0x32/0x390 [ 155.969609][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 155.972153][ C1] __sys_bpf+0x10d2/0x4a20 [ 155.974109][ C1] ? kmem_cache_free+0xc0/0x3a0 [ 155.976107][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 155.977972][ C1] ? audit_log_end+0x14a/0x2b0 [ 155.979823][ C1] ? audit_seccomp+0x21b/0x280 [ 155.981722][ C1] ? xfd_validate_state+0x5d/0x180 [ 155.983699][ C1] __x64_sys_bpf+0x78/0xc0 [ 155.985864][ C1] do_syscall_64+0xcd/0x250 [ 155.987861][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.990448][ C1] RIP: 0033:0x7f0bfef77299 [ 155.992417][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.000450][ C1] RSP: 002b:00007f0bffdac048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 156.004051][ C1] RAX: ffffffffffffffda RBX: 00007f0bff105f80 RCX: 00007f0bfef77299 [ 156.007529][ C1] RDX: 0000000000000050 RSI: 0000000020000180 RDI: 000000000000000a [ 156.010817][ C1] RBP: 00007f0bfefe48e6 R08: 0000000000000000 R09: 0000000000000000 [ 156.013825][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.016840][ C1] R13: 000000000000000b R14: 00007f0bff105f80 R15: 00007fff02174408 [ 156.019863][ C1] [ 156.021163][ C1] [ 156.022108][ C1] The buggy address belongs to stack of task syz.3.444/7007 [ 156.024912][ C1] and is located at offset 112 in frame: [ 156.027139][ C1] bpf_test_run+0x0/0xa90 [ 156.028840][ C1] [ 156.029787][ C1] This frame has 5 objects: [ 156.031536][ C1] [32, 36) 'ret' [ 156.031548][ C1] [48, 64) 'run_ctx' [ 156.033142][ C1] [80, 104) 't' [ 156.035318][ C1] [144, 168) 'item' [ 156.036865][ C1] [208, 320) '__bpf_net_ctx' [ 156.038597][ C1] [ 156.041989][ C1] The buggy address belongs to the virtual mapping at [ 156.041989][ C1] [ffffc90003448000, ffffc90003451000) created by: [ 156.041989][ C1] kernel_clone+0xfd/0x980 [ 156.050059][ C1] [ 156.051474][ C1] The buggy address belongs to the physical page: [ 156.054625][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x2afe7 [ 156.058457][ C1] memcg:ffff888020553282 [ 156.060318][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 156.063474][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 156.067577][ C1] raw: 0000000000000002 0000000000000000 00000001ffffffff ffff888020553282 [ 156.071465][ C1] page dumped because: kasan: bad access detected [ 156.074284][ C1] page_owner tracks the page as allocated [ 156.076786][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 6999, tgid 6999 (syz.0.443), ts 153853839503, free_ts 153848874554 [ 156.084569][ C1] post_alloc_hook+0x2d1/0x350 [ 156.087155][ C1] get_page_from_freelist+0x1351/0x2e50 [ 156.089583][ C1] __alloc_pages_noprof+0x22b/0x2460 [ 156.091886][ C1] alloc_pages_mpol_noprof+0x275/0x610 [ 156.094276][ C1] __vmalloc_node_range_noprof+0xa6a/0x1520 [ 156.096883][ C1] copy_process+0x2f3b/0x8de0 [ 156.099112][ C1] kernel_clone+0xfd/0x980 [ 156.101363][ C1] __do_sys_clone3+0x1f5/0x270 [ 156.103221][ C1] do_syscall_64+0xcd/0x250 [ 156.105163][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.107934][ C1] page last free pid 6999 tgid 6999 stack trace: [ 156.110730][ C1] free_unref_page+0x64a/0xe40 [ 156.112846][ C1] rcu_core+0x828/0x16b0 [ 156.114690][ C1] handle_softirqs+0x216/0x8f0 [ 156.116779][ C1] irq_exit_rcu+0xbb/0x120 [ 156.118868][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 156.121024][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 156.123598][ C1] [ 156.124635][ C1] Memory state around the buggy address: [ 156.127075][ C1] ffffc9000344f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 156.130259][ C1] ffffc9000344f980: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 156.133464][ C1] >ffffc9000344fa00: 04 f2 00 00 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 [ 156.136974][ C1] ^ [ 156.139840][ C1] ffffc9000344fa80: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 156.143204][ C1] ffffc9000344fb00: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 156.146516][ C1] ================================================================== [ 156.150216][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 156.153316][ C1] CPU: 1 UID: 0 PID: 7007 Comm: syz.3.444 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 156.157626][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.162229][ C1] Call Trace: [ 156.163803][ C1] [ 156.165304][ C1] dump_stack_lvl+0x3d/0x1f0 [ 156.167469][ C1] panic+0x6f5/0x7a0 [ 156.169331][ C1] ? irqtime_account_irq+0x18d/0x2e0 [ 156.171634][ C1] ? __pfx_panic+0x10/0x10 [ 156.173811][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 156.176430][ C1] check_panic_on_warn+0xab/0xb0 [ 156.178814][ C1] end_report+0x117/0x180 [ 156.180654][ C1] kasan_report+0xe9/0x110 [ 156.182620][ C1] ? xdp_do_check_flushed+0x41c/0x4e0 [ 156.184984][ C1] ? xdp_do_check_flushed+0x41c/0x4e0 [ 156.187368][ C1] xdp_do_check_flushed+0x41c/0x4e0 [ 156.189711][ C1] __napi_poll.constprop.0+0xd1/0x550 [ 156.192067][ C1] net_rx_action+0xa92/0x1010 [ 156.194168][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 156.196414][ C1] ? lock_acquire+0x1b1/0x560 [ 156.198325][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 156.200319][ C1] ? sched_clock+0x38/0x60 [ 156.202027][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 156.203949][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 156.206040][ C1] handle_softirqs+0x216/0x8f0 [ 156.208159][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 156.210618][ C1] ? irqtime_account_irq+0x18d/0x2e0 [ 156.212929][ C1] ? bpf_test_run+0x3a4/0xa90 [ 156.215327][ C1] do_softirq+0xb2/0xf0 [ 156.217208][ C1] [ 156.218543][ C1] [ 156.219848][ C1] __local_bh_enable_ip+0x100/0x120 [ 156.222154][ C1] bpf_test_run+0x3a9/0xa90 [ 156.224162][ C1] ? __pfx_bpf_test_run+0x10/0x10 [ 156.226413][ C1] ? __asan_memset+0x23/0x50 [ 156.228473][ C1] bpf_prog_test_run_skb+0xb6e/0x20f0 [ 156.230867][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 156.233424][ C1] ? fput+0x32/0x390 [ 156.235220][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 156.237701][ C1] __sys_bpf+0x10d2/0x4a20 [ 156.239437][ C1] ? kmem_cache_free+0xc0/0x3a0 [ 156.241354][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 156.243215][ C1] ? audit_log_end+0x14a/0x2b0 [ 156.245075][ C1] ? audit_seccomp+0x21b/0x280 [ 156.246937][ C1] ? xfd_validate_state+0x5d/0x180 [ 156.249694][ C1] __x64_sys_bpf+0x78/0xc0 [ 156.251746][ C1] do_syscall_64+0xcd/0x250 [ 156.253823][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.256402][ C1] RIP: 0033:0x7f0bfef77299 [ 156.258410][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.270171][ C1] RSP: 002b:00007f0bffdac048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 156.274321][ C1] RAX: ffffffffffffffda RBX: 00007f0bff105f80 RCX: 00007f0bfef77299 [ 156.278003][ C1] RDX: 0000000000000050 RSI: 0000000020000180 RDI: 000000000000000a [ 156.284413][ C1] RBP: 00007f0bfefe48e6 R08: 0000000000000000 R09: 0000000000000000 [ 156.287714][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.291201][ C1] R13: 000000000000000b R14: 00007f0bff105f80 R15: 00007fff02174408 [ 156.294791][ C1] [ 156.306550][ C1] Kernel Offset: disabled [ 156.308506][ C1] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:28:02 Registers: info registers vcpu 0 CPU#0 RAX=000000000026efc5 RBX=0000000000000000 RCX=ffffffff8b115529 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08b40 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000001 R9 =ffffed100d606fe1 R10=ffff88806b037f0b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901293d8 R15=0000000000000000 RIP=ffffffff8b11691f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f9dc212703a CR3=00000000261be000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=2eebbcb7e9fd5709 24dfeb6acc758f72 2eebbcb7e9fd5709 24dfeb6acc758f72 2eebbcb7e9fd5709 24dfeb6acc758f72 2eebbcb7e9fd5709 24dfeb6acc758f72 ZMM18=24ac513ace42234a e1fd4c37faf10c39 24ac513ace42234a e1fd4c37faf10c39 24ac513ace42234a e1fd4c37faf10c39 24ac513ace42234a e1fd4c37faf10c39 ZMM19=5704000000000000 0000000000000005 5704000000000000 0000000000000004 5704000000000000 0000000000000003 5704000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=24dfeb6a24dfeb6a 24dfeb6a24dfeb6a 24dfeb6a24dfeb6a 24dfeb6a24dfeb6a 24dfeb6a24dfeb6a 24dfeb6a24dfeb6a 24dfeb6a24dfeb6a 24dfeb6a24dfeb6a ZMM22=e9fd5709e9fd5709 e9fd5709e9fd5709 e9fd5709e9fd5709 e9fd5709e9fd5709 e9fd5709e9fd5709 e9fd5709e9fd5709 e9fd5709e9fd5709 e9fd5709e9fd5709 ZMM23=2eebbcb72eebbcb7 2eebbcb72eebbcb7 2eebbcb72eebbcb7 2eebbcb72eebbcb7 2eebbcb72eebbcb7 2eebbcb72eebbcb7 2eebbcb72eebbcb7 2eebbcb72eebbcb7 ZMM24=faf10c39faf10c39 faf10c39faf10c39 faf10c39faf10c39 faf10c39faf10c39 faf10c39faf10c39 faf10c39faf10c39 faf10c39faf10c39 faf10c39faf10c39 ZMM25=e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 e1fd4c37e1fd4c37 ZMM26=ce42234ace42234a ce42234ace42234a ce42234ace42234a ce42234ace42234a ce42234ace42234a ce42234ace42234a ce42234ace42234a ce42234ace42234a ZMM27=24ac513a24ac513a 24ac513a24ac513a 24ac513a24ac513a 24ac513a24ac513a 24ac513a24ac513a 24ac513a24ac513a 24ac513a24ac513a 24ac513a24ac513a ZMM28=000000400000003f 0000003e0000003d 0000003c0000003b 0000003a00000039 0000003800000037 0000003600000035 0000003400000033 0000003200000031 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=5604000056040000 5604000056040000 5604000056040000 5604000056040000 5604000056040000 5604000056040000 5604000056040000 5604000056040000 info registers vcpu 1 CPU#1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fdd905 RDI=ffffffff95198720 RBP=ffffffff951986e0 RSP=ffffc900008b0788 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000030 R14=ffffffff84fdd8a0 R15=0000000000000000 RIP=ffffffff84fdd92f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f0bffdac6c0 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b315e6ff8 CR3=000000002d9bc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc760a2190 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78293e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78293e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78293e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78293e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78293e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78293e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000001e81c3 RBX=0000000000000002 RCX=ffffffff8b115529 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08b40 RBP=ffffed100305b000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d646fe1 R10=ffff88806b237f0b R11=0000000000000000 R12=0000000000000002 R13=ffff8880182d8000 R14=ffffffff901293d8 R15=0000000000000000 RIP=ffffffff8b11691f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b315e2ff8 CR3=000000002fb18000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff02174790 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bfefe56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bfefe56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bfefe56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bfefe56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bfefe5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bfefe5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000001c6f01 RBX=0000000000000003 RCX=ffffffff8b115529 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08b40 RBP=ffffed100305b488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d666fe1 R10=ffff88806b337f0b R11=0000000000000000 R12=0000000000000003 R13=ffff8880182da440 R14=ffffffff901293d8 R15=0000000000000000 RIP=ffffffff8b11691f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fec93ee9440 CR3=0000000023e06000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcfb0447b0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3f31e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3f31e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3f31e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3f31e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3f31e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3f31e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000048 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000048 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000