last executing test programs: 7.798736616s ago: executing program 3 (id=5126): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xd, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="1808000000ff0300000012000000000085106783da1904e5131c0000c57b18a587a8902d277d1ac7995204080ab2eb15ea5285155b", @ANYRES32, @ANYBLOB="000000000000000000000000000000001800000000000000000000000000000095000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000c0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) 7.727656338s ago: executing program 3 (id=5128): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) clock_adjtime(0x0, 0x0) r1 = socket(0x2, 0x3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x880) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(r3, 0x1, 0x3, &(0x7f00000000c0), 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000000000), 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) getpid() recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f00000001c0)={0x400, 0x20, 0x0, 0x9da, 0x0, 0x6, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x7, 0x3, 0x0, 0x187, 0xfffffffe}) sendmsg$nl_route(r5, &(0x7f0000000680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x9, 0x3, 0x2c8, 0x190, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2b8, 0xffffffff, 0xffffffff, 0x2b8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328) sendto$inet6(r4, &(0x7f0000000280)='2', 0x1, 0x0, 0x0, 0x0) r7 = syz_io_uring_setup(0x5870, &(0x7f0000000380)={0x0, 0x0, 0x13090}, &(0x7f0000000000), &(0x7f0000000080)) io_submit(0x0, 0x1, &(0x7f00000008c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}]) 6.65481412s ago: executing program 3 (id=5131): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000780)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(&(0x7f0000000780), 0x0, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r4, 0x942e, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r6, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r6, &(0x7f0000000300)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5) sendmsg$inet(r6, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4093, 0xffd}], 0x1}, 0x700) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r7 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r7, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x0, 0x1000c000}, 0x0) 5.936925968s ago: executing program 1 (id=5133): mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 5.827760383s ago: executing program 1 (id=5134): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bb", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000280)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)='gretap0\x00'}) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000240)={0xe, 0x4}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) 5.38948825s ago: executing program 3 (id=5138): seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000340)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]}) socket$phonet(0x23, 0x2, 0x1) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000280)={0x80000000, 0x0, &(0x7f0000000c80)}) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYBLOB='\x00'/10], 0x54}, 0x1, 0x0, 0x0, 0x40084}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r4, 0x0, 0x39000, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pselect6(0x40, &(0x7f0000000180), 0x0, &(0x7f0000000040)={0x3fb}, 0x0, 0x0) r5 = open(&(0x7f0000000140)='./file1\x00', 0x64842, 0x0) splice(r3, 0x0, r5, 0x0, 0x8000000000408ce, 0x0) write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[], 0xfffffe3e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100800001) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r7, 0x84, 0x3, &(0x7f00000011c0)=""/4072, &(0x7f0000001180)=0xfe8) mkdir(&(0x7f00000000c0)='./file0\x00', 0x110) r8 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r8, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r8, 0x0, 0x0) write$FUSE_INIT(r8, 0x0, 0x0) rename(&(0x7f0000000100)='./file0/../file0/file0\x00', &(0x7f0000000140)='./file0/../file0/file0\x00') 5.219202857s ago: executing program 1 (id=5140): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096}, 0x70) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000ac0)={r2, r1, 0x25, 0x0, @val=@tracing={0x0, 0x9}}, 0x40) syz_emit_ethernet(0x4e, &(0x7f0000000080)=ANY=[], 0x0) 5.082601755s ago: executing program 1 (id=5141): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="1f769a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000300)={0x0, 0x0, 0x2, "9c45"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000079b4d3948859f0b6d011fe4b2"], 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r3 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r3, 0x4018480c, 0x0) 3.748427152s ago: executing program 2 (id=5146): ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000300)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x8f7117486690059f) bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301) ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x301, 0x0, 0x18, 0x0, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r5, &(0x7f00000003c0)={0x50000008}) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1210020, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lstat(&(0x7f0000000380)='./file0\x00', 0x0) mount$9p_unix(&(0x7f0000000400)='./cgroup/../file0\x00', &(0x7f0000000280)='./cgroup/../file0\x00', &(0x7f0000000340), 0x20100a6, &(0x7f0000000440)=ANY=[]) read$FUSE(r7, &(0x7f0000000440)={0x2020}, 0x5d0) setresgid(0x0, 0xee00, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) 2.818101704s ago: executing program 2 (id=5149): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 2.734692335s ago: executing program 0 (id=5150): r0 = epoll_create1(0x0) r1 = getpid() r2 = getpid() kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f00000000c0)) 2.734479292s ago: executing program 2 (id=5151): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a) socket$alg(0x26, 0x5, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad433ec50000000f00008095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r1}, 0x10) socket(0x10, 0x802, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 2.663973818s ago: executing program 0 (id=5152): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x10, &(0x7f0000000000)=ANY=[], &(0x7f0000000300)='GPL\x00', 0xc, 0xff8, &(0x7f0000001e00)=""/4088}, 0x90) 2.608639864s ago: executing program 0 (id=5153): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61103400000000006113380000000000bfa00000000000000700000008ffffffd50301001874004095000600000000006916000000000000bf67000000000000360607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d786046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c747664e9f7478f8200000000000000ff44b0a4577fa8e6084e9c47687f2330203a0a3edca9d4ffc012df1006a70ed9b841cfdedac17240dfe4171bcf94e05bc14f0063ce9e3f18e133ff27db7fc3fa53cc587cc58ece5f86f7a6520eeea8b3e885090acabaebf8bc1dea67de28f23b1756977a30534fc2f6abbe72b68bcd88bbf0749c72fcf19229ac72c24260838d89babf1ecf13e5908d286f71ae0c66b8c2413ae3a7a225132acfa8c3e0a9ab5f094a50786bf4fef8f096446fdeea118294957b97d958ecb028be46dd1434eb1a439218b39f8e"], &(0x7f0000000100)='GPL\x00'}, 0x48) bind$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000181100056a9f6bc536f3ee5deeba1038bae26d0465dbcf8c165f3310fcd1f146873a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) dup(r5) 2.608391493s ago: executing program 2 (id=5154): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'dvmrp1\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.367753684s ago: executing program 2 (id=5155): r0 = syz_open_dev$loop(&(0x7f0000000900), 0xb, 0x44000) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) 2.312054004s ago: executing program 2 (id=5156): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1) getpid() add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x2, 0x2d9b, 0x7, 0x1, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x48) keyctl$clear(0x3, 0xffffffffffffffff) sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$loop(0x0, 0xad5, 0xd25880) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x5b72fb7c, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000048040)=""/102400, 0x19000) shutdown(0xffffffffffffffff, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000003c0)) sched_setscheduler(0x0, 0x5, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000006600), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0) r3 = dup(r2) ioctl$KVM_CREATE_VM(r3, 0x541b, 0x0) futex(0x0, 0x0, 0x3d, 0x0, 0x0, 0x0) futex(0x0, 0x9, 0x80001, &(0x7f0000000040), 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) userfaultfd(0x0) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x9) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf) 1.979336494s ago: executing program 1 (id=5157): ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f0000166000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x24, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(r1, 0xe, &(0x7f0000000180)={0x6, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xca, &(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRESHEX=r2, @ANYRES64=r0, @ANYBLOB="ba2d"], 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) write$binfmt_script(r4, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f00000000c0)) 1.476362851s ago: executing program 0 (id=5158): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 1.258696313s ago: executing program 0 (id=5159): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) socket$inet6(0xa, 0x2, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="1500000065ffff017f000008003950323030302e4c"], 0x15) pipe2(&(0x7f0000001440)={0xffffffffffffffff}, 0x0) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYRES32=r2], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340), 0x0, 0x0, 0x0) 1.038202509s ago: executing program 0 (id=5160): creat(0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socket$key(0xf, 0x3, 0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) read$FUSE(r4, &(0x7f0000000a40)={0x2020}, 0x2) 96.540199ms ago: executing program 1 (id=5161): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xd, 0xb, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x3ee) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) connect$unix(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$selinux_validatetrans(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev(r4, 0x0, 0x0) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080), 0x3f00, 0x0) 86.826436ms ago: executing program 3 (id=5162): openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000001080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xb, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000006b8a00fe00000000c7080000010000007b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb7020000080000fa18230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r3, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 0s ago: executing program 3 (id=5163): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000580)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000600)=[@sack_perm], 0x8cbd752) kernel console output (not intermixed with test programs): 16223 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 1142.100550][T24123] wg2: left promiscuous mode [ 1142.109262][T24123] team0: Port device wg2 removed [ 1142.153141][T24123] wg2: entered promiscuous mode [ 1142.158497][T24123] team0: Port device wg2 added [ 1142.386258][ T67] Bluetooth: hci1: command 0x0419 tx timeout [ 1142.960579][T24131] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4512'. [ 1143.011327][T24134] /dev/sg0: Can't lookup blockdev [ 1143.044733][ T39] audit: type=1326 audit(1142.886:6792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24126 comm="syz.2.4511" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef60979eb9 code=0x7fc00000 [ 1143.076314][ T39] audit: type=1326 audit(1142.886:6793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24126 comm="syz.2.4511" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef60979eb9 code=0x7fc00000 [ 1143.515711][ T39] audit: type=1400 audit(1143.356:6794): avc: denied { nlmsg_write } for pid=24148 comm="syz.0.4518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 1143.601998][T24149] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4518'. [ 1143.892381][T11429] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1144.089135][T11429] usb 5-1: Using ep0 maxpacket: 16 [ 1144.096770][T11429] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 1144.100817][T11429] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 1144.105022][T11429] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 1144.108954][T11429] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has an invalid bInterval 255, changing to 11 [ 1144.113526][T11429] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid maxpacket 59391, setting to 1024 [ 1144.121234][T11429] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1144.123960][T11429] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 1144.127962][T11429] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1144.146459][T11429] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 1144.148731][T24153] tipc: Enabling not permitted [ 1144.151795][T24153] tipc: Enabling of bearer rejected, failed to enable media [ 1144.302588][T24165] team0: Port device wg2 removed [ 1144.333430][T24165] team0: Port device wg2 added [ 1146.498458][T16677] usb 5-1: USB disconnect, device number 48 [ 1146.675315][T24204] FAULT_INJECTION: forcing a failure. [ 1146.675315][T24204] name failslab, interval 1, probability 0, space 0, times 0 [ 1146.686666][T24204] CPU: 3 UID: 0 PID: 24204 Comm: syz.0.4529 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1146.692525][T24204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1146.699174][T24204] Call Trace: [ 1146.701303][T24204] [ 1146.703199][T24204] dump_stack_lvl+0x16c/0x1f0 [ 1146.706215][T24204] should_fail_ex+0x497/0x5b0 [ 1146.709159][T24204] ? fs_reclaim_acquire+0xae/0x160 [ 1146.714931][T24204] should_failslab+0xc2/0x120 [ 1146.717862][T24204] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1146.721389][T24204] ? __alloc_skb+0x2b1/0x380 [ 1146.723580][T24204] __alloc_skb+0x2b1/0x380 [ 1146.726135][T24204] ? __pfx___alloc_skb+0x10/0x10 [ 1146.729178][T24204] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1146.731900][T24204] netlink_alloc_large_skb+0x69/0x130 [ 1146.734691][T24204] netlink_sendmsg+0x689/0xd70 [ 1146.737030][T24204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1146.739554][T24204] ? __import_iovec+0x1fd/0x6e0 [ 1146.743867][T24204] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1146.746850][T24204] ____sys_sendmsg+0xab5/0xc90 [ 1146.750904][T24204] ? copy_msghdr_from_user+0x10b/0x160 [ 1146.754059][T24204] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1146.757361][T24204] ? find_held_lock+0x2d/0x110 [ 1146.760362][T24204] ? __pfx___lock_acquire+0x10/0x10 [ 1146.763552][T24204] ___sys_sendmsg+0x135/0x1e0 [ 1146.766506][T24204] ? __pfx____sys_sendmsg+0x10/0x10 [ 1146.769770][T24204] ? ksys_write+0x21c/0x260 [ 1146.772619][T24204] ? __fget_light+0x173/0x210 [ 1146.775522][T24204] __sys_sendmsg+0x117/0x1f0 [ 1146.778397][T24204] ? __pfx___sys_sendmsg+0x10/0x10 [ 1146.781597][T24204] do_syscall_64+0xcd/0x250 [ 1146.784521][T24204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1146.788181][T24204] RIP: 0033:0x7f51e4979eb9 [ 1146.790407][T24204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1146.799836][T24204] RSP: 002b:00007f51e583c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1146.805397][T24204] RAX: ffffffffffffffda RBX: 00007f51e4b15f80 RCX: 00007f51e4979eb9 [ 1146.810281][T24204] RDX: 0000000000000800 RSI: 0000000020000040 RDI: 0000000000000005 [ 1146.825686][T24204] RBP: 00007f51e583c090 R08: 0000000000000000 R09: 0000000000000000 [ 1146.829383][T24204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1146.832944][T24204] R13: 0000000000000000 R14: 00007f51e4b15f80 R15: 00007ffe951b3c98 [ 1146.836412][T24204] [ 1147.109135][T24212] netem: change failed [ 1147.220344][T24215] team0: Port device wg2 removed [ 1147.250071][T24215] team0: Port device wg2 added [ 1147.497199][ T39] audit: type=1400 audit(1147.326:6795): avc: denied { setopt } for pid=24221 comm="syz.0.4535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1148.309553][T24231] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4536'. [ 1148.472617][T24236] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4538'. [ 1150.122449][T24265] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1150.142681][T24265] netlink: 'syz.0.4546': attribute type 5 has an invalid length. [ 1151.350480][ T39] audit: type=1400 audit(1151.196:6796): avc: denied { read write } for pid=24292 comm="syz.3.4553" name="file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1151.382035][ T39] audit: type=1400 audit(1151.196:6797): avc: denied { open } for pid=24292 comm="syz.3.4553" path="/575/file0/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1151.495145][T24303] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1151.516917][T24303] netlink: 'syz.3.4557': attribute type 5 has an invalid length. [ 1151.581579][T24306] wg2: left promiscuous mode [ 1151.589519][T24306] team0: Port device wg2 removed [ 1151.603304][T24309] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1151.614152][T24306] wg2: entered promiscuous mode [ 1151.619495][T24306] team0: Port device wg2 added [ 1151.630918][T24309] netlink: 'syz.3.4558': attribute type 5 has an invalid length. [ 1152.343652][T24327] FAULT_INJECTION: forcing a failure. [ 1152.343652][T24327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1152.354323][T24327] CPU: 3 UID: 0 PID: 24327 Comm: syz.2.4564 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1152.361188][T24327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1152.366940][T24327] Call Trace: [ 1152.368884][T24327] [ 1152.370457][T24327] dump_stack_lvl+0x16c/0x1f0 [ 1152.373010][T24327] should_fail_ex+0x497/0x5b0 [ 1152.375926][T24327] strncpy_from_user+0x38/0x320 [ 1152.379203][T24327] getname_flags.part.0+0x8f/0x550 [ 1152.382508][T24327] getname_flags+0x93/0xf0 [ 1152.384757][T24327] user_path_at+0x24/0x60 [ 1152.388271][T24327] __x64_sys_mount+0x1fc/0x320 [ 1152.390841][T24327] ? __pfx___x64_sys_mount+0x10/0x10 [ 1152.393679][T24327] do_syscall_64+0xcd/0x250 [ 1152.396120][T24327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1152.399390][T24327] RIP: 0033:0x7fef60979eb9 [ 1152.401409][T24327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1152.412142][T24327] RSP: 002b:00007fef617f3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1152.416372][T24327] RAX: ffffffffffffffda RBX: 00007fef60b15f80 RCX: 00007fef60979eb9 [ 1152.422228][T24327] RDX: 0000000020000200 RSI: 00000000200001c0 RDI: 0000000020000000 [ 1152.426171][T24327] RBP: 00007fef617f3090 R08: 0000000000000000 R09: 0000000000000000 [ 1152.429759][T24327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1152.433378][T24327] R13: 0000000000000000 R14: 00007fef60b15f80 R15: 00007ffdf1c73f28 [ 1152.436850][T24327] [ 1152.439954][T24329] geneve1: entered allmulticast mode [ 1152.501894][T24331] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1152.519225][T24331] netlink: 'syz.3.4566': attribute type 5 has an invalid length. [ 1153.101700][T24355] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4571'. [ 1153.131751][T24354] team0: Port device wg2 removed [ 1153.178887][T24356] team0: Port device wg2 added [ 1153.935485][T24373] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1153.962264][T24373] netlink: 'syz.0.4578': attribute type 5 has an invalid length. [ 1154.789737][T24395] team0: Port device wg2 removed [ 1154.836433][T24395] team0: Port device wg2 added [ 1155.383542][T24406] wg2: left promiscuous mode [ 1155.441257][T24406] team0: Port device wg2 removed [ 1155.577998][T24409] wg2: entered promiscuous mode [ 1155.581017][T24409] team0: Port device wg2 added [ 1155.618692][T24413] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1155.631879][T24413] netlink: 'syz.3.4588': attribute type 5 has an invalid length. [ 1155.809581][T24416] [U] [ 1155.811443][T24416] [U] [ 1155.812871][T24416] [U] [ 1155.814415][T24416] [U] [ 1155.816024][T24416] [U] [ 1155.817243][T24416] [U] [ 1155.818577][T24416] [U] [ 1155.819823][T24416] [U] [ 1155.821188][T24416] [U] [ 1155.822448][T24416] [U] [ 1155.823671][T24416] [U] [ 1155.824870][T24416] [U] [ 1155.826244][T24416] [U] [ 1155.827468][T24416] [U] [ 1155.828832][T24416] [U] [ 1155.830129][T24416] [U] [ 1155.831796][T24416] [U] [ 1155.832976][T24416] [U] [ 1155.834157][T24416] [U] [ 1155.835108][ T39] audit: type=1400 audit(1155.676:6798): avc: denied { mounton } for pid=24417 comm="syz.3.4589" path="mnt:[4026533793]" dev="nsfs" ino=4026533793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1155.835338][T24416] [U] [ 1155.863288][T24416] [U] [ 1155.864631][T24416] [U] [ 1155.865834][T24416] [U] [ 1155.867031][T24416] [U] [ 1155.868285][T24416] [U] [ 1155.869559][T24416] [U] [ 1155.870903][T24416] [U] [ 1155.872204][T24416] [U] [ 1155.873424][T24416] [U] [ 1155.874594][T24416] [U] [ 1155.875779][T24416] [U] [ 1155.876998][T24416] [U] [ 1155.889830][T24416] [U] [ 1155.905601][T24416] [U] [ 1155.907241][T24416] [U] [ 1155.908885][T24416] [U] [ 1155.910787][T24416] [U] [ 1155.912310][T24416] [U] [ 1155.913478][T24416] [U] [ 1155.914618][T24416] [U] [ 1155.915892][T24416] [U] [ 1155.917090][T24416] [U] [ 1155.924777][T24416] [U] [ 1155.926132][T24416] [U] [ 1155.928087][T24416] [U] [ 1155.929612][T24416] [U] [ 1155.931243][T24416] [U] [ 1155.932881][T24416] [U] [ 1155.934613][T24416] [U] [ 1155.935831][T24416] [U] [ 1155.937149][T24416] [U] [ 1155.938360][T24416] [U] [ 1155.939645][T24416] [U] [ 1155.941156][T24416] [U] [ 1155.942937][T24416] [U] [ 1155.945736][T24416] [U] [ 1155.949290][T24416] [U] [ 1155.950533][T24416] [U] [ 1155.951737][T24416] [U] [ 1155.953067][T24416] [U] [ 1155.954716][T24416] [U] [ 1155.956322][T24416] [U] [ 1155.957869][T24416] [U] [ 1155.959036][T24416] [U] [ 1155.960331][T24416] [U] [ 1155.961551][T24416] [U] [ 1155.962764][T24416] [U] [ 1155.963935][T24416] [U] [ 1155.965187][T24416] [U] [ 1155.966373][T24416] [U] [ 1155.967514][T24416] [U] [ 1155.968712][T24416] [U] [ 1155.970323][T24416] [U] [ 1155.971676][T24416] [U] [ 1155.972894][T24416] [U] [ 1155.974627][T24416] [U] [ 1155.976014][T24416] [U] [ 1155.979021][T24416] [U] [ 1155.981561][T24416] [U] [ 1155.983287][T24416] [U] [ 1155.984927][T24416] [U] [ 1155.986473][T24416] [U] [ 1155.987764][T24416] [U] [ 1155.989220][T24416] [U] [ 1155.990727][T24416] [U] [ 1155.992189][T24416] [U] [ 1155.993640][T24416] [U] [ 1155.994973][T24416] [U] [ 1155.996734][T24416] [U] [ 1155.998003][T24416] [U] [ 1155.999250][T24416] [U] [ 1156.000624][T24416] [U] [ 1156.001888][T24416] [U] [ 1156.003217][T24416] [U] [ 1156.004482][T24416] [U] [ 1156.005755][T24416] [U] [ 1156.007103][T24416] [U] [ 1156.008398][T24416] [U] [ 1156.009932][T24416] [U] [ 1156.011372][T24416] [U] [ 1156.012901][T24416] [U] [ 1156.014316][T24416] [U] [ 1156.015830][T24416] [U] [ 1156.017235][T24416] [U] [ 1156.018789][T24416] [U] [ 1156.020191][T24416] [U] [ 1156.021901][T24416] [U] [ 1156.023208][T24416] [U] [ 1156.024743][T24416] [U] [ 1156.026503][T24416] [U] [ 1156.028299][T24416] [U] [ 1156.030057][T24416] [U] [ 1156.033193][T24416] [U] [ 1156.034567][T24416] [U] [ 1156.036198][T24416] [U] [ 1156.037964][T24416] [U] [ 1156.039808][T24416] [U] [ 1156.041526][T24416] [U] [ 1156.042855][T24416] [U] [ 1156.044114][T24416] [U] [ 1156.045910][T24416] [U] [ 1156.047376][T24416] [U] [ 1156.049264][T24416] [U] [ 1156.050587][T24416] [U] [ 1156.051949][T24416] [U] [ 1156.053660][T24416] [U] [ 1156.055392][T24416] [U] [ 1156.148107][T24410] [U] [ 1157.328174][ T39] audit: type=1400 audit(1157.176:6799): avc: denied { sqpoll } for pid=24435 comm="syz.3.4594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 1157.523389][T24446] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1157.553089][T24446] netlink: 'syz.1.4597': attribute type 5 has an invalid length. [ 1157.996395][T24460] FAULT_INJECTION: forcing a failure. [ 1157.996395][T24460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1158.002051][T24460] CPU: 2 UID: 0 PID: 24460 Comm: syz.3.4602 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1158.007830][T24460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1158.012182][T24460] Call Trace: [ 1158.013532][T24460] [ 1158.014710][T24460] dump_stack_lvl+0x16c/0x1f0 [ 1158.016924][T24460] should_fail_ex+0x497/0x5b0 [ 1158.019369][T24460] _copy_from_iter+0x2a1/0x1150 [ 1158.022149][T24460] ? __alloc_skb+0x1fe/0x380 [ 1158.024852][T24460] ? __pfx__copy_from_iter+0x10/0x10 [ 1158.027247][T24460] ? __virt_addr_valid+0x5e/0x590 [ 1158.029606][T24460] ? __phys_addr_symbol+0x30/0x80 [ 1158.032344][T24460] ? __check_object_size+0x497/0x720 [ 1158.037766][T24460] netlink_sendmsg+0x813/0xd70 [ 1158.039931][T24460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1158.042593][T24460] ? __import_iovec+0x1fd/0x6e0 [ 1158.044897][T24460] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1158.047342][T24460] ____sys_sendmsg+0xab5/0xc90 [ 1158.049511][T24460] ? copy_msghdr_from_user+0x10b/0x160 [ 1158.051977][T24460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1158.054190][T24460] ? find_held_lock+0x2d/0x110 [ 1158.056384][T24460] ? __pfx___lock_acquire+0x10/0x10 [ 1158.058659][T24460] ___sys_sendmsg+0x135/0x1e0 [ 1158.061078][T24460] ? __pfx____sys_sendmsg+0x10/0x10 [ 1158.063319][T24460] ? ksys_write+0x21c/0x260 [ 1158.065455][T24460] ? __fget_light+0x173/0x210 [ 1158.067647][T24460] __sys_sendmsg+0x117/0x1f0 [ 1158.070054][T24460] ? __pfx___sys_sendmsg+0x10/0x10 [ 1158.072572][T24460] do_syscall_64+0xcd/0x250 [ 1158.074688][T24460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1158.077874][T24460] RIP: 0033:0x7f1c7bb79eb9 [ 1158.080007][T24460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1158.088801][T24460] RSP: 002b:00007f1c7c965038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1158.092567][T24460] RAX: ffffffffffffffda RBX: 00007f1c7bd15f80 RCX: 00007f1c7bb79eb9 [ 1158.096059][T24460] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1158.099681][T24460] RBP: 00007f1c7c965090 R08: 0000000000000000 R09: 0000000000000000 [ 1158.103109][T24460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1158.106641][T24460] R13: 0000000000000000 R14: 00007f1c7bd15f80 R15: 00007ffca8335188 [ 1158.110184][T24460] [ 1158.138573][T24464] team0: Port device wg2 removed [ 1158.159202][T24464] team0: Port device wg2 added [ 1158.217488][ T39] audit: type=1326 audit(1158.046:6800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.226784][ T39] audit: type=1326 audit(1158.046:6801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.236736][ T39] audit: type=1326 audit(1158.046:6802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.264013][ T39] audit: type=1326 audit(1158.046:6803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.274452][ T39] audit: type=1326 audit(1158.046:6804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.285844][ T39] audit: type=1326 audit(1158.046:6805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.301439][ T39] audit: type=1326 audit(1158.066:6806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24461 comm="syz.1.4603" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1158.434118][T24471] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1158.498838][T24471] netlink: 'syz.1.4607': attribute type 5 has an invalid length. [ 1158.887546][T24480] netlink: 'syz.2.4609': attribute type 21 has an invalid length. [ 1158.891644][T24480] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4609'. [ 1159.452974][T24493] FAULT_INJECTION: forcing a failure. [ 1159.452974][T24493] name failslab, interval 1, probability 0, space 0, times 0 [ 1159.458349][T24493] CPU: 2 UID: 0 PID: 24493 Comm: syz.1.4613 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1159.462868][T24493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1159.467666][T24493] Call Trace: [ 1159.469189][T24493] [ 1159.470531][T24493] dump_stack_lvl+0x16c/0x1f0 [ 1159.472535][T24493] should_fail_ex+0x497/0x5b0 [ 1159.474660][T24493] ? fs_reclaim_acquire+0xae/0x160 [ 1159.478658][T24493] should_failslab+0xc2/0x120 [ 1159.480686][T24493] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1159.482786][T24493] ? alloc_empty_file+0x73/0x1e0 [ 1159.485015][T24493] ? __lock_acquire+0xbdd/0x3cb0 [ 1159.487171][T24493] alloc_empty_file+0x73/0x1e0 [ 1159.489339][T24493] path_openat+0xe0/0x2d20 [ 1159.491516][T24493] ? hlock_class+0x4e/0x130 [ 1159.493671][T24493] ? __lock_acquire+0x1620/0x3cb0 [ 1159.495962][T24493] ? __pfx_path_openat+0x10/0x10 [ 1159.498241][T24493] ? __pfx___lock_acquire+0x10/0x10 [ 1159.500603][T24493] ? find_held_lock+0x2d/0x110 [ 1159.502842][T24493] do_filp_open+0x1dc/0x430 [ 1159.504984][T24493] ? __pfx_do_filp_open+0x10/0x10 [ 1159.507347][T24493] ? find_held_lock+0x2d/0x110 [ 1159.509554][T24493] ? _raw_spin_unlock+0x28/0x50 [ 1159.511760][T24493] ? alloc_fd+0x2d7/0x6c0 [ 1159.513835][T24493] do_sys_openat2+0x17a/0x1e0 [ 1159.515961][T24493] ? __pfx_do_sys_openat2+0x10/0x10 [ 1159.518305][T24493] __x64_sys_openat+0x175/0x210 [ 1159.520519][T24493] ? __pfx___x64_sys_openat+0x10/0x10 [ 1159.522928][T24493] ? ksys_write+0x1ab/0x260 [ 1159.525023][T24493] do_syscall_64+0xcd/0x250 [ 1159.527107][T24493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1159.529801][T24493] RIP: 0033:0x7f7856f79eb9 [ 1159.531813][T24493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1159.540191][T24493] RSP: 002b:00007f7857d16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1159.544345][T24493] RAX: ffffffffffffffda RBX: 00007f7857116058 RCX: 00007f7856f79eb9 [ 1159.547856][T24493] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c [ 1159.551343][T24493] RBP: 00007f7857d16090 R08: 0000000000000000 R09: 0000000000000000 [ 1159.555028][T24493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1159.557717][T24493] R13: 0000000000000000 R14: 00007f7857116058 R15: 00007fffccff4928 [ 1159.561157][T24493] [ 1159.590722][T24494] team0: Port device wg2 removed [ 1159.609735][T24495] team0: Port device wg2 added [ 1160.310008][T24500] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1160.330393][T24500] netlink: 'syz.3.4616': attribute type 5 has an invalid length. [ 1160.465823][T24509] netlink: 'syz.3.4618': attribute type 21 has an invalid length. [ 1160.471822][T24509] netlink: 128 bytes leftover after parsing attributes in process `syz.3.4618'. [ 1160.537162][T24511] team0: Port device wg2 removed [ 1160.572908][T24511] team0: Port device wg2 added [ 1161.380622][ T39] audit: type=1326 audit(1161.226:6807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm="syz.1.4621" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1161.390901][ T39] audit: type=1326 audit(1161.226:6808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm="syz.1.4621" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1161.984661][T24528] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4622'. [ 1162.509987][T24538] wg2: left promiscuous mode [ 1162.513295][ T39] kauditd_printk_skb: 647 callbacks suppressed [ 1162.513307][ T39] audit: type=1326 audit(1162.126:7456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7856f15839 code=0x7ffc0000 [ 1162.534536][T24538] team0: Port device wg2 removed [ 1162.590630][ T39] audit: type=1326 audit(1162.426:7457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7856f70e67 code=0x7ffc0000 [ 1162.605388][ T39] audit: type=1326 audit(1162.426:7458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7856f15839 code=0x7ffc0000 [ 1162.620141][ T39] audit: type=1326 audit(1162.426:7459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7856f70e67 code=0x7ffc0000 [ 1162.637691][ T39] audit: type=1326 audit(1162.426:7460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7856f15839 code=0x7ffc0000 [ 1162.642195][T24540] wg2: entered promiscuous mode [ 1162.671651][T24540] team0: Port device wg2 added [ 1162.682091][T24542] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1162.699117][ T39] audit: type=1326 audit(1162.426:7461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7856f70e67 code=0x7ffc0000 [ 1162.718458][T24542] netlink: 'syz.3.4626': attribute type 5 has an invalid length. [ 1162.722151][ T39] audit: type=1326 audit(1162.426:7462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7856f15839 code=0x7ffc0000 [ 1162.733730][ T39] audit: type=1326 audit(1162.426:7463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7856f70e67 code=0x7ffc0000 [ 1162.789227][ T39] audit: type=1326 audit(1162.426:7464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7856f15839 code=0x7ffc0000 [ 1162.800013][ T39] audit: type=1326 audit(1162.426:7465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24520 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7856f70e67 code=0x7ffc0000 [ 1163.146190][T24549] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4627'. [ 1163.376361][ T67] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1163.382561][ T67] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1163.387911][ T67] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1163.393325][ T67] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1163.416648][ T67] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1163.420182][ T67] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1163.884808][T24553] chnl_net:caif_netlink_parms(): no params data found [ 1164.103542][T24553] bridge0: port 1(bridge_slave_0) entered blocking state [ 1164.106621][T24553] bridge0: port 1(bridge_slave_0) entered disabled state [ 1164.109876][T24553] bridge_slave_0: entered allmulticast mode [ 1164.114128][T24553] bridge_slave_0: entered promiscuous mode [ 1164.121926][T24553] bridge0: port 2(bridge_slave_1) entered blocking state [ 1164.125070][T24553] bridge0: port 2(bridge_slave_1) entered disabled state [ 1164.129843][T24553] bridge_slave_1: entered allmulticast mode [ 1164.134273][T24553] bridge_slave_1: entered promiscuous mode [ 1164.325143][T24553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1164.342129][T24553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1164.532843][T24553] team0: Port device team_slave_0 added [ 1164.545772][T24553] team0: Port device team_slave_1 added [ 1164.655098][T24553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1164.671385][T24553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1164.680419][T24553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1164.701089][T24553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1164.704007][T24553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1164.716956][T24553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1164.799683][T24582] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4634'. [ 1164.892705][T24553] hsr_slave_0: entered promiscuous mode [ 1164.903920][T24553] hsr_slave_1: entered promiscuous mode [ 1164.918222][T24553] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1164.924583][T24553] Cannot create hsr debugfs directory [ 1165.002929][T24591] team0: Port device wg2 removed [ 1165.199488][T24591] team0: Port device wg2 added [ 1165.504239][T22520] Bluetooth: hci4: command tx timeout [ 1165.716898][T24553] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1165.818577][T24598] netlink: 'syz.1.4640': attribute type 21 has an invalid length. [ 1165.821806][T24598] netlink: 128 bytes leftover after parsing attributes in process `syz.1.4640'. [ 1165.862692][T24553] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1165.999467][T24553] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1166.176919][T24553] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1166.639252][T24553] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1166.647811][T24553] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1166.655591][T24553] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1166.746674][T24553] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1167.012258][T24553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1167.061415][T24553] 8021q: adding VLAN 0 to HW filter on device team0 [ 1167.098718][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 1167.101844][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1167.124026][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 1167.127090][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1167.492608][T24624] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4645'. [ 1167.568477][T24628] wg2: left promiscuous mode [ 1167.578817][T24628] team0: Port device wg2 removed [ 1167.592467][T22520] Bluetooth: hci4: command 0x041b tx timeout [ 1167.702050][T24628] wg2: entered promiscuous mode [ 1167.705804][T24628] team0: Port device wg2 added [ 1167.827988][T24553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1167.930198][T24553] veth0_vlan: entered promiscuous mode [ 1167.960893][T24553] veth1_vlan: entered promiscuous mode [ 1168.013115][T24553] veth0_macvtap: entered promiscuous mode [ 1168.021381][T24553] veth1_macvtap: entered promiscuous mode [ 1168.038377][T24553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1168.042986][T24553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1168.052372][T24553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1168.059171][T24553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1168.064742][T24553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1168.072455][T24553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1168.110793][T24553] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.115505][T24553] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.123076][T24553] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.136179][T24553] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.185718][T24640] netlink: 'syz.1.4651': attribute type 21 has an invalid length. [ 1168.189276][T24640] netlink: 128 bytes leftover after parsing attributes in process `syz.1.4651'. [ 1168.223733][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1168.228899][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.249289][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1168.252954][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.502086][T24639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4650'. [ 1168.663664][T24656] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4652'. [ 1169.352899][T24662] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1169.618464][T24672] FAULT_INJECTION: forcing a failure. [ 1169.618464][T24672] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.624198][T24672] CPU: 3 UID: 0 PID: 24672 Comm: syz.1.4659 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1169.628846][ T39] kauditd_printk_skb: 815 callbacks suppressed [ 1169.628859][ T39] audit: type=1400 audit(1169.466:8281): avc: denied { mount } for pid=24671 comm="syz.1.4659" name="/" dev="pstore" ino=1393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 1169.644946][T24672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1169.644962][T24672] Call Trace: [ 1169.644969][T24672] [ 1169.644976][T24672] dump_stack_lvl+0x16c/0x1f0 [ 1169.645002][T24672] should_fail_ex+0x497/0x5b0 [ 1169.645025][T24672] ? fs_reclaim_acquire+0xae/0x160 [ 1169.645053][T24672] should_failslab+0xc2/0x120 [ 1169.645072][T24672] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1169.645100][T24672] ? getname_flags.part.0+0x4c/0x550 [ 1169.645141][T24672] getname_flags.part.0+0x4c/0x550 [ 1169.645171][T24672] getname_flags+0x93/0xf0 [ 1169.645192][T24672] user_path_at+0x24/0x60 [ 1169.645213][T24672] __x64_sys_mount+0x1fc/0x320 [ 1169.645235][T24672] ? __pfx___x64_sys_mount+0x10/0x10 [ 1169.645263][T24672] do_syscall_64+0xcd/0x250 [ 1169.645292][T24672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1169.645312][T24672] RIP: 0033:0x7f7856f79eb9 [ 1169.645328][T24672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1169.645346][T24672] RSP: 002b:00007f7857d37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1169.645371][T24672] RAX: ffffffffffffffda RBX: 00007f7857115f80 RCX: 00007f7856f79eb9 [ 1169.645384][T24672] RDX: 00000000200002c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1169.645397][T24672] RBP: 00007f7857d37090 R08: 0000000000000000 R09: 0000000000000000 [ 1169.645409][T24672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1169.645420][T24672] R13: 0000000000000000 R14: 00007f7857115f80 R15: 00007fffccff4928 [ 1169.645445][T24672] [ 1169.656927][T22520] Bluetooth: hci4: command 0x041b tx timeout [ 1169.867670][T24682] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4657'. [ 1169.984067][ T1108] bond0 (unregistering): Released all slaves [ 1170.006690][T24667] netlink: 'syz.0.4655': attribute type 5 has an invalid length. [ 1170.169354][ T1108] IPVS: stopping backup sync thread 16090 ... [ 1170.227291][T24687] netlink: 'syz.0.4661': attribute type 21 has an invalid length. [ 1170.256228][T24687] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4661'. [ 1170.566150][ T39] audit: type=1326 audit(1170.376:8282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24689 comm="syz.2.4662" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef60979eb9 code=0x0 [ 1170.659886][T24693] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24693 comm=syz.2.4662 [ 1170.709426][ T1108] hsr_slave_0: left promiscuous mode [ 1170.712834][ T1108] hsr_slave_1: left promiscuous mode [ 1170.798908][ T39] audit: type=1400 audit(1170.646:8283): avc: denied { getopt } for pid=24697 comm="syz.0.4664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1170.822235][ T1108] veth1_macvtap: left promiscuous mode [ 1170.825188][ T1108] veth0_macvtap: left promiscuous mode [ 1170.827757][ T1108] veth1_vlan: left promiscuous mode [ 1170.829828][ T1108] veth0_vlan: left promiscuous mode [ 1171.736248][T22520] Bluetooth: hci4: command 0x041b tx timeout [ 1172.136891][T24172] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1172.343551][T24172] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1172.357779][T24172] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1172.362129][T24172] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1172.384035][T24172] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1172.394602][T24720] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1172.402413][T24172] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1172.787507][T24730] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4671'. [ 1173.248793][ T5394] usb 5-1: USB disconnect, device number 49 [ 1173.817924][ T67] Bluetooth: hci4: command 0x041b tx timeout [ 1174.223040][T24742] FAULT_INJECTION: forcing a failure. [ 1174.223040][T24742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1174.230353][T24742] CPU: 2 UID: 0 PID: 24742 Comm: syz.0.4675 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1174.235088][T24742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1174.239786][T24742] Call Trace: [ 1174.241247][T24742] [ 1174.242578][T24742] dump_stack_lvl+0x16c/0x1f0 [ 1174.244716][T24742] should_fail_ex+0x497/0x5b0 [ 1174.246841][T24742] _copy_from_user+0x30/0xf0 [ 1174.248903][T24742] vhost_net_ioctl+0x47e/0x16f0 [ 1174.251066][T24742] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1174.253853][T24742] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1174.256239][T24742] ? selinux_file_ioctl+0x180/0x270 [ 1174.258565][T24742] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1174.260868][T24742] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1174.263237][T24742] __x64_sys_ioctl+0x193/0x220 [ 1174.265414][T24742] do_syscall_64+0xcd/0x250 [ 1174.267459][T24742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.270087][T24742] RIP: 0033:0x7f51e4979eb9 [ 1174.272090][T24742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1174.280540][T24742] RSP: 002b:00007f51e583c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1174.284204][T24742] RAX: ffffffffffffffda RBX: 00007f51e4b15f80 RCX: 00007f51e4979eb9 [ 1174.287698][T24742] RDX: 0000000020000080 RSI: 000000004008af30 RDI: 0000000000000005 [ 1174.290962][T24742] RBP: 00007f51e583c090 R08: 0000000000000000 R09: 0000000000000000 [ 1174.294041][T24742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1174.297377][T24742] R13: 0000000000000000 R14: 00007f51e4b15f80 R15: 00007ffe951b3c98 [ 1174.301091][T24742] [ 1174.343559][ T1108] team0 (unregistering): Port device wg2 removed [ 1174.510282][T24750] NILFS (nullb0): couldn't find nilfs on the device [ 1174.600398][T24750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4677'. [ 1174.634799][T24750] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4677'. [ 1175.212927][T24757] netlink: 'syz.0.4679': attribute type 7 has an invalid length. [ 1175.216429][T24757] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4679'. [ 1175.640237][T24769] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4681'. [ 1175.646408][ T25] usb 8-1: new high-speed USB device number 49 using dummy_hcd [ 1175.811588][T24770] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4682'. [ 1175.857036][ T25] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 1175.866169][ T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1175.878718][ T25] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1175.883990][ T25] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1175.897052][ T67] Bluetooth: hci4: command 0x041b tx timeout [ 1175.904219][ T25] usb 8-1: Manufacturer: syz [ 1175.916776][ T25] usb 8-1: config 0 descriptor?? [ 1176.119585][T24777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4684'. [ 1176.175531][T24765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1176.221290][ T25] rc_core: IR keymap rc-hauppauge not found [ 1176.224661][ T25] Registered IR keymap rc-empty [ 1176.233500][ T25] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 1176.240868][ T25] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input20 [ 1176.245017][T24765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1176.346847][ T25] usb 8-1: USB disconnect, device number 49 [ 1176.370011][ T39] audit: type=1400 audit(1176.206:8284): avc: denied { write } for pid=24780 comm="syz.0.4685" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 1176.742758][ T39] audit: type=1400 audit(1176.586:8285): avc: denied { setopt } for pid=24788 comm="syz.0.4686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 1177.799518][T24173] usb 8-1: new high-speed USB device number 50 using dummy_hcd [ 1177.838725][T24815] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4693'. [ 1177.976856][ T67] Bluetooth: hci4: command 0x041b tx timeout [ 1177.988691][T24173] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1177.993471][T24173] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1177.997217][T24173] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1178.000587][T24173] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1178.011105][T24809] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1178.028939][T24173] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 1178.386772][T11429] usb 8-1: USB disconnect, device number 50 [ 1179.586199][ T25] usb 8-1: new high-speed USB device number 51 using dummy_hcd [ 1179.805776][ T25] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 1179.809808][ T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1179.815522][ T25] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1179.821155][ T25] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1179.827204][ T25] usb 8-1: Manufacturer: syz [ 1179.836793][ T25] usb 8-1: config 0 descriptor?? [ 1179.930561][ T25] rc_core: IR keymap rc-hauppauge not found [ 1179.933837][ T25] Registered IR keymap rc-empty [ 1179.937808][ T25] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 1179.944101][ T25] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input21 [ 1180.130899][T24832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1180.145821][T24832] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1180.167124][ T5354] usb 8-1: USB disconnect, device number 51 [ 1180.376353][T16677] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1180.558347][T16677] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1180.562588][T16677] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1180.568086][T16677] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1180.575461][T16677] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1180.596020][T24852] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1180.606250][T16677] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1181.086651][ T833] usb 5-1: USB disconnect, device number 50 [ 1181.295652][T24868] bridge_slave_0: left allmulticast mode [ 1181.299951][T24868] bridge_slave_0: left promiscuous mode [ 1181.303615][T24868] bridge0: port 1(bridge_slave_0) entered disabled state [ 1181.331681][T24868] bridge_slave_1: left allmulticast mode [ 1181.334154][T24868] bridge_slave_1: left promiscuous mode [ 1181.336547][T24868] bridge0: port 2(bridge_slave_1) entered disabled state [ 1181.460253][T24868] bond0: (slave bond_slave_0): Releasing backup interface [ 1181.770401][T24868] bond0: (slave bond_slave_1): Releasing backup interface [ 1181.793855][T24868] team0: Port device team_slave_0 removed [ 1181.808574][T24868] team0: Port device team_slave_1 removed [ 1181.814471][T24868] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1181.819337][T24868] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1181.828990][T24868] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1181.832984][T24868] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1181.871604][T24871] team0: Port device wg2 added [ 1182.141596][T24880] team0: Port device wg2 removed [ 1182.181529][T24883] team0: Port device wg2 added [ 1182.459959][ T833] usb 8-1: new high-speed USB device number 52 using dummy_hcd [ 1182.638058][ T833] usb 8-1: Using ep0 maxpacket: 16 [ 1182.654084][ T833] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1182.659463][ T833] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 1182.667078][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 1182.687891][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 1182.693507][ T833] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1182.710633][ T833] usb 8-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 1182.714479][ T833] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.718460][ T833] usb 8-1: Product: syz [ 1182.720934][ T833] usb 8-1: Manufacturer: syz [ 1182.724024][ T833] usb 8-1: SerialNumber: syz [ 1182.730623][ T833] usb 8-1: config 0 descriptor?? [ 1182.984339][ T833] appledisplay 8-1:0.0: Error while getting initial brightness: -71 [ 1183.004741][ T833] appledisplay 8-1:0.0: probe with driver appledisplay failed with error -71 [ 1183.021553][ T833] usb 8-1: USB disconnect, device number 52 [ 1183.024792][ T1381] ieee802154 phy0 wpan0: encryption failed: -22 [ 1183.067438][T24894] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24894 comm=syz.0.4712 [ 1183.418954][T24908] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4717'. [ 1184.406809][T24921] input: syz0 as /devices/virtual/input/input22 [ 1184.893032][T24941] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1184.906334][ T39] audit: type=1400 audit(1184.746:8286): avc: denied { ioctl } for pid=24935 comm="syz.3.4725" path="socket:[154323]" dev="sockfs" ino=154323 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1185.128339][T24948] hugetlbfs: Bad value 'A' for mount option 'nr_inodes' [ 1185.128339][T24948] [ 1185.142906][T24948] netlink: 792 bytes leftover after parsing attributes in process `syz.3.4728'. [ 1185.149806][T24948] FAULT_INJECTION: forcing a failure. [ 1185.149806][T24948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1185.155613][T24948] CPU: 2 UID: 0 PID: 24948 Comm: syz.3.4728 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1185.160364][T24948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1185.165015][T24948] Call Trace: [ 1185.166441][T24948] [ 1185.167742][T24948] dump_stack_lvl+0x16c/0x1f0 [ 1185.169760][T24948] should_fail_ex+0x497/0x5b0 [ 1185.171768][T24948] _copy_from_user+0x30/0xf0 [ 1185.173795][T24948] map_update_elem+0x767/0x910 [ 1185.176010][T24948] ? __pfx_map_update_elem+0x10/0x10 [ 1185.178252][T24948] ? selinux_bpf+0xee/0x130 [ 1185.180216][T24948] ? bpf_lsm_bpf+0x9/0x10 [ 1185.182042][T24948] __sys_bpf+0x90c/0x4a00 [ 1185.183779][T24948] ? ksys_write+0x21c/0x260 [ 1185.185659][T24948] ? reacquire_held_locks+0x410/0x4c0 [ 1185.187915][T24948] ? __pfx___sys_bpf+0x10/0x10 [ 1185.189958][T24948] ? vfs_write+0x14d/0x1140 [ 1185.191922][T24948] ? __mutex_unlock_slowpath+0x164/0x650 [ 1185.194538][T24948] ? fput+0x32/0x390 [ 1185.196224][T24948] ? ksys_write+0x1ab/0x260 [ 1185.198126][T24948] ? __pfx_ksys_write+0x10/0x10 [ 1185.200082][T24948] __x64_sys_bpf+0x78/0xc0 [ 1185.201916][T24948] ? lockdep_hardirqs_on+0x7c/0x110 [ 1185.204102][T24948] do_syscall_64+0xcd/0x250 [ 1185.206036][T24948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1185.208640][T24948] RIP: 0033:0x7f13a6f79eb9 [ 1185.210496][T24948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1185.218186][T24948] RSP: 002b:00007f13a7c9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1185.221266][T24948] RAX: ffffffffffffffda RBX: 00007f13a7116058 RCX: 00007f13a6f79eb9 [ 1185.224645][T24948] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000002 [ 1185.227979][T24948] RBP: 00007f13a7c9a090 R08: 0000000000000000 R09: 0000000000000000 [ 1185.231167][T24948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1185.234357][T24948] R13: 0000000000000000 R14: 00007f13a7116058 R15: 00007ffdabb99ce8 [ 1185.237388][T24948] [ 1185.627118][ T39] audit: type=1326 audit(1185.476:8287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24951 comm="syz.3.4729" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13a6f79eb9 code=0x0 [ 1186.175413][T24962] trusted_key: syz.0.4732 sent an empty control message without MSG_MORE. [ 1188.174204][T24994] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1188.178181][T24994] IPv6: NLM_F_CREATE should be set when creating new route [ 1188.182386][T24994] IPv6: NLM_F_CREATE should be set when creating new route [ 1188.285583][T24998] team0: Port device wg2 removed [ 1188.320234][T24998] team0: Port device wg2 added [ 1188.373121][T25003] netlink: 'syz.2.4744': attribute type 12 has an invalid length. [ 1188.530198][T25004] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=25004 comm=syz.2.4744 [ 1189.286687][T25013] tipc: Started in network mode [ 1189.288760][T25013] tipc: Node identity 1, cluster identity 4711 [ 1189.291454][T25013] tipc: Node number set to 1 [ 1189.724337][T25023] wg2: left promiscuous mode [ 1189.730450][T25023] team0: Port device wg2 removed [ 1189.753829][T25023] wg2: entered promiscuous mode [ 1189.757384][T25023] team0: Port device wg2 added [ 1190.977978][ T67] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1190.989278][ T67] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1191.003521][ T67] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1191.008418][ T67] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1191.032355][ T67] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1191.036497][ T67] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1191.327094][T25038] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4753'. [ 1191.747087][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.771101][T25032] chnl_net:caif_netlink_parms(): no params data found [ 1191.928707][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.952055][ C2] vkms_vblank_simulate: vblank timer overrun [ 1192.103773][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.111557][T25032] bridge0: port 1(bridge_slave_0) entered blocking state [ 1192.114983][T25032] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.119841][T25032] bridge_slave_0: entered allmulticast mode [ 1192.124554][T25032] bridge_slave_0: entered promiscuous mode [ 1192.131131][T25032] bridge0: port 2(bridge_slave_1) entered blocking state [ 1192.134033][T25032] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.139831][T25032] bridge_slave_1: entered allmulticast mode [ 1192.143932][T25032] bridge_slave_1: entered promiscuous mode [ 1192.289435][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.338951][T25032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1192.368489][T25032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1192.471638][T25032] team0: Port device team_slave_0 added [ 1192.549300][T25032] team0: Port device team_slave_1 added [ 1192.615257][T25060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4757'. [ 1193.178795][T22520] Bluetooth: hci5: command tx timeout [ 1193.220711][T25032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1193.224805][T25032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1193.236649][T25032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1193.245216][T25032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1193.249864][T25032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1193.262877][T25032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1194.135716][ C2] vkms_vblank_simulate: vblank timer overrun [ 1194.307997][ C2] vkms_vblank_simulate: vblank timer overrun [ 1194.310481][ T1108] bond0 (unregistering): Released all slaves [ 1194.611889][T25032] hsr_slave_0: entered promiscuous mode [ 1194.646030][ T1108] IPVS: stopping backup sync thread 17240 ... [ 1194.653437][T25032] hsr_slave_1: entered promiscuous mode [ 1194.675216][T25032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1194.680597][T25032] Cannot create hsr debugfs directory [ 1195.003848][T25094] netlink: 'syz.3.4767': attribute type 21 has an invalid length. [ 1195.009996][T25094] netlink: 128 bytes leftover after parsing attributes in process `syz.3.4767'. [ 1195.256510][ T67] Bluetooth: hci5: command tx timeout [ 1195.371247][ T1108] hsr_slave_0: left promiscuous mode [ 1195.375882][ T1108] hsr_slave_1: left promiscuous mode [ 1195.450231][ T1108] veth0_macvtap: left promiscuous mode [ 1195.454232][ T1108] veth1_vlan: left promiscuous mode [ 1195.463805][ T1108] veth0_vlan: left promiscuous mode [ 1197.348109][ T67] Bluetooth: hci5: command 0x040f tx timeout [ 1197.555083][ T39] audit: type=1400 audit(1197.396:8288): avc: denied { map } for pid=25120 comm="syz.1.4772" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1197.580131][ T39] audit: type=1400 audit(1197.396:8289): avc: denied { execute } for pid=25120 comm="syz.1.4772" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1197.623658][ C2] vkms_vblank_simulate: vblank timer overrun [ 1197.810645][T25125] netlink: 'syz.1.4772': attribute type 1 has an invalid length. [ 1197.844512][T25125] netlink: 9352 bytes leftover after parsing attributes in process `syz.1.4772'. [ 1197.856766][T25125] netlink: 'syz.1.4772': attribute type 1 has an invalid length. [ 1197.862470][T25125] netlink: 'syz.1.4772': attribute type 2 has an invalid length. [ 1199.182054][ T1108] wg2 (unregistering): left promiscuous mode [ 1199.188811][ T1108] team0 (unregistering): Port device wg2 removed [ 1199.424530][ T67] Bluetooth: hci5: command 0x040f tx timeout [ 1199.619654][ C2] vkms_vblank_simulate: vblank timer overrun [ 1199.830175][T25118] team0: Port device wg2 removed [ 1199.852395][T25119] team0: Port device wg2 added [ 1200.156377][T25140] team0: Port device wg2 removed [ 1200.189015][T25144] team0: Port device wg2 added [ 1200.810566][T25032] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1200.815737][T25032] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1200.828566][T25032] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1200.857656][T25032] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1200.871547][T25158] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4776'. [ 1201.155141][T25032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1201.270403][T25032] 8021q: adding VLAN 0 to HW filter on device team0 [ 1201.289682][ T499] bridge0: port 1(bridge_slave_0) entered blocking state [ 1201.292810][ T499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1201.299257][ T499] bridge0: port 2(bridge_slave_1) entered blocking state [ 1201.302278][ T499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1201.506205][T22520] Bluetooth: hci5: command 0x040f tx timeout [ 1201.549436][T25032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1201.617162][T25032] veth0_vlan: entered promiscuous mode [ 1201.644636][T25032] veth1_vlan: entered promiscuous mode [ 1201.714914][T25032] veth0_macvtap: entered promiscuous mode [ 1201.739971][T25032] veth1_macvtap: entered promiscuous mode [ 1201.763434][T25032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1201.774198][T25032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.780668][T25032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1201.791518][T25032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1201.799080][T25032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.805059][T25032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1201.818370][T25032] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.836149][T25032] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.840538][T25032] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.845205][T25032] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.980033][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1201.984979][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1202.026438][T10031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1202.029783][T10031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1202.607944][T25215] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4782'. [ 1202.788760][T25221] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4784'. [ 1203.266325][T25217] team0: Port device wg2 removed [ 1203.285978][T25220] team0: Port device wg2 added [ 1203.576948][T22520] Bluetooth: hci5: command 0x040f tx timeout [ 1203.583038][T25230] input: syz0 as /devices/virtual/input/input23 [ 1203.858238][T25230] netlink: 'syz.2.4787': attribute type 7 has an invalid length. [ 1203.862138][T25230] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4787'. [ 1204.096550][T11427] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1204.291933][T11427] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1204.300445][T11427] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1204.305110][T11427] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1204.309170][T11427] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1204.320012][T25229] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1204.333231][T11427] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1204.388239][ T39] audit: type=1400 audit(1204.236:8290): avc: denied { execute } for pid=25241 comm="syz.3.4791" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1204.685912][ T1297] usb 5-1: USB disconnect, device number 51 [ 1206.265136][T25255] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4794'. [ 1206.543889][T25258] netlink: 'syz.0.4795': attribute type 21 has an invalid length. [ 1206.548111][T25258] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4795'. [ 1206.836595][ C2] vkms_vblank_simulate: vblank timer overrun [ 1206.890670][T25265] bridge_slave_0: left allmulticast mode [ 1206.893284][T25265] bridge_slave_0: left promiscuous mode [ 1206.896029][T25265] bridge0: port 1(bridge_slave_0) entered disabled state [ 1206.903074][T25265] bridge_slave_1: left allmulticast mode [ 1206.905655][T25265] bridge_slave_1: left promiscuous mode [ 1206.908855][T25265] bridge0: port 2(bridge_slave_1) entered disabled state [ 1206.918055][T25265] bond0: (slave bond_slave_0): Releasing backup interface [ 1206.929414][T25265] bond0: (slave bond_slave_1): Releasing backup interface [ 1206.969494][T25265] team0: Port device team_slave_0 removed [ 1206.981588][T25265] team0: Port device team_slave_1 removed [ 1206.984874][T25265] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1206.990226][T25265] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1206.996007][T25265] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1206.999031][T25265] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1207.070344][T25266] team0: Port device wg2 added [ 1207.140223][T25272] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4800'. [ 1207.850130][ C2] vkms_vblank_simulate: vblank timer overrun [ 1209.208784][T25298] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4806'. [ 1211.085283][T25331] FAULT_INJECTION: forcing a failure. [ 1211.085283][T25331] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.099251][T25331] CPU: 2 UID: 0 PID: 25331 Comm: syz.1.4816 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1211.103970][T25331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1211.108827][T25331] Call Trace: [ 1211.110237][T25331] [ 1211.111485][T25331] dump_stack_lvl+0x16c/0x1f0 [ 1211.113441][T25331] should_fail_ex+0x497/0x5b0 [ 1211.115413][T25331] ? fs_reclaim_acquire+0xae/0x160 [ 1211.117588][T25331] should_failslab+0xc2/0x120 [ 1211.119563][T25331] __kmalloc_node_noprof+0xd1/0x430 [ 1211.121798][T25331] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 1211.124078][T25331] __kvmalloc_node_noprof+0x9d/0x1a0 [ 1211.126266][T25331] alloc_netdev_mqs+0xb2f/0x13d0 [ 1211.128375][T25331] rtnl_create_link+0xc10/0xfa0 [ 1211.130399][T25331] __rtnl_newlink+0x10ae/0x1920 [ 1211.132410][T25331] ? __pfx___rtnl_newlink+0x10/0x10 [ 1211.134567][T25331] rtnl_newlink+0x67/0xa0 [ 1211.136375][T25331] ? __pfx_rtnl_newlink+0x10/0x10 [ 1211.136402][T25331] rtnetlink_rcv_msg+0x3c7/0xea0 [ 1211.136432][T25331] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1211.136468][T25331] netlink_rcv_skb+0x16b/0x440 [ 1211.145388][T25331] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1211.147700][T25331] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1211.149901][T25331] ? netlink_deliver_tap+0x1ae/0xd90 [ 1211.152077][T25331] netlink_unicast+0x53c/0x7f0 [ 1211.154063][T25331] ? __pfx_netlink_unicast+0x10/0x10 [ 1211.156336][T25331] netlink_sendmsg+0x8b8/0xd70 [ 1211.158459][T25331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1211.160947][T25331] ? __import_iovec+0x1fd/0x6e0 [ 1211.162993][T25331] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1211.165334][T25331] ____sys_sendmsg+0xab5/0xc90 [ 1211.167321][T25331] ? copy_msghdr_from_user+0x10b/0x160 [ 1211.169351][T25331] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1211.171469][T25331] ? find_held_lock+0x2d/0x110 [ 1211.173403][T25331] ? __pfx___lock_acquire+0x10/0x10 [ 1211.175582][T25331] ___sys_sendmsg+0x135/0x1e0 [ 1211.177544][T25331] ? __pfx____sys_sendmsg+0x10/0x10 [ 1211.179696][T25331] ? ksys_write+0x21c/0x260 [ 1211.181563][T25331] ? __fget_light+0x173/0x210 [ 1211.183438][T25331] __sys_sendmsg+0x117/0x1f0 [ 1211.185367][T25331] ? __pfx___sys_sendmsg+0x10/0x10 [ 1211.187554][T25331] do_syscall_64+0xcd/0x250 [ 1211.189484][T25331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.191977][T25331] RIP: 0033:0x7f7856f79eb9 [ 1211.193865][T25331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1211.201777][T25331] RSP: 002b:00007f7857d37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1211.205071][T25331] RAX: ffffffffffffffda RBX: 00007f7857115f80 RCX: 00007f7856f79eb9 [ 1211.208069][T25331] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 1211.211350][T25331] RBP: 00007f7857d37090 R08: 0000000000000000 R09: 0000000000000000 [ 1211.214689][T25331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1211.217980][T25331] R13: 0000000000000000 R14: 00007f7857115f80 R15: 00007fffccff4928 [ 1211.221248][T25331] [ 1211.379679][ T39] audit: type=1326 audit(1211.196:8291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.398503][ T39] audit: type=1326 audit(1211.226:8292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.426496][ T39] audit: type=1326 audit(1211.276:8293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.439437][ T39] audit: type=1326 audit(1211.276:8294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.476337][ T39] audit: type=1326 audit(1211.276:8295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.517874][ T39] audit: type=1326 audit(1211.276:8296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.532014][ T39] audit: type=1326 audit(1211.276:8297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.543307][ T39] audit: type=1326 audit(1211.296:8298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.556865][ T39] audit: type=1326 audit(1211.296:8299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.556914][ T39] audit: type=1326 audit(1211.296:8300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25335 comm="syz.1.4817" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1211.610921][T25339] netlink: 17279 bytes leftover after parsing attributes in process `syz.1.4817'. [ 1212.241192][T25352] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 1212.651500][T25360] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4820'. [ 1213.177665][T25365] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4821'. [ 1213.307269][T25367] FAULT_INJECTION: forcing a failure. [ 1213.307269][T25367] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.316268][T25367] CPU: 0 UID: 0 PID: 25367 Comm: syz.3.4822 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1213.320485][T25367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1213.325334][T25367] Call Trace: [ 1213.326818][T25367] [ 1213.328290][T25367] dump_stack_lvl+0x16c/0x1f0 [ 1213.330366][T25367] should_fail_ex+0x497/0x5b0 [ 1213.332366][T25367] ? fs_reclaim_acquire+0xae/0x160 [ 1213.334900][T25367] should_failslab+0xc2/0x120 [ 1213.337106][T25367] __kmalloc_node_noprof+0xd1/0x430 [ 1213.339451][T25367] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 1213.341811][T25367] __kvmalloc_node_noprof+0x9d/0x1a0 [ 1213.343985][T25367] alloc_netdev_mqs+0xb2f/0x13d0 [ 1213.345882][T25367] rtnl_create_link+0xc10/0xfa0 [ 1213.347924][T25367] __rtnl_newlink+0x10ae/0x1920 [ 1213.349969][T25367] ? __pfx___rtnl_newlink+0x10/0x10 [ 1213.352174][T25367] rtnl_newlink+0x67/0xa0 [ 1213.354013][T25367] ? __pfx_rtnl_newlink+0x10/0x10 [ 1213.356376][T25367] rtnetlink_rcv_msg+0x3c7/0xea0 [ 1213.358897][T25367] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1213.361738][T25367] netlink_rcv_skb+0x16b/0x440 [ 1213.363944][T25367] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1213.366335][T25367] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1213.368155][T25367] ? netlink_deliver_tap+0x1ae/0xd90 [ 1213.369926][T25367] netlink_unicast+0x53c/0x7f0 [ 1213.371586][T25367] ? __pfx_netlink_unicast+0x10/0x10 [ 1213.373568][T25367] netlink_sendmsg+0x8b8/0xd70 [ 1213.375411][T25367] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1213.377638][T25367] ? __import_iovec+0x1fd/0x6e0 [ 1213.379804][T25367] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1213.382192][T25367] ____sys_sendmsg+0xab5/0xc90 [ 1213.384313][T25367] ? copy_msghdr_from_user+0x10b/0x160 [ 1213.386697][T25367] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1213.388980][T25367] ? find_held_lock+0x2d/0x110 [ 1213.391082][T25367] ? __pfx___lock_acquire+0x10/0x10 [ 1213.393644][T25367] ___sys_sendmsg+0x135/0x1e0 [ 1213.396728][T25367] ? __pfx____sys_sendmsg+0x10/0x10 [ 1213.398909][T25367] ? ksys_write+0x21c/0x260 [ 1213.400980][T25367] ? __fget_light+0x173/0x210 [ 1213.403085][T25367] __sys_sendmsg+0x117/0x1f0 [ 1213.405126][T25367] ? __pfx___sys_sendmsg+0x10/0x10 [ 1213.407329][T25367] do_syscall_64+0xcd/0x250 [ 1213.409305][T25367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.412140][T25367] RIP: 0033:0x7f13a6f79eb9 [ 1213.414152][T25367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1213.422446][T25367] RSP: 002b:00007f13a7cbb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1213.425901][T25367] RAX: ffffffffffffffda RBX: 00007f13a7115f80 RCX: 00007f13a6f79eb9 [ 1213.429154][T25367] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 1213.432462][T25367] RBP: 00007f13a7cbb090 R08: 0000000000000000 R09: 0000000000000000 [ 1213.436042][T25367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.439522][T25367] R13: 0000000000000000 R14: 00007f13a7115f80 R15: 00007ffdabb99ce8 [ 1213.443001][T25367] [ 1214.398662][T25402] netlink: zone id is out of range [ 1214.404309][T25402] netlink: zone id is out of range [ 1214.412111][T25402] netlink: zone id is out of range [ 1214.423953][T25402] netlink: set zone limit has 4 unknown bytes [ 1214.894216][ C3] vkms_vblank_simulate: vblank timer overrun [ 1215.238510][T25406] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4832'. [ 1216.189228][T25424] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1216.315700][T25425] netlink: 'syz.3.4836': attribute type 5 has an invalid length. [ 1216.398191][T25427] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1216.508931][T25428] netlink: 'syz.0.4837': attribute type 5 has an invalid length. [ 1216.704361][T25431] ptm ptm33: ldisc open failed (-12), clearing slot 33 [ 1217.074154][ T39] kauditd_printk_skb: 21 callbacks suppressed [ 1217.074169][ T39] audit: type=1400 audit(1216.916:8322): avc: denied { execute } for pid=25439 comm="syz.3.4841" path="/dev/audio1" dev="devtmpfs" ino=1133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 1217.254107][T25449] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4842'. [ 1217.929836][T25460] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1218.011896][T25463] netlink: 'syz.2.4847': attribute type 5 has an invalid length. [ 1218.836050][ T67] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1218.842048][ T67] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1218.853149][T25484] team0: Port device wg2 removed [ 1218.879284][ T67] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1218.884795][ T67] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1218.888095][ T67] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1218.901355][ T67] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1218.964724][T25488] team0: Port device wg2 added [ 1219.433671][T25486] chnl_net:caif_netlink_parms(): no params data found [ 1219.499617][ T39] audit: type=1400 audit(1219.346:8323): avc: denied { write } for pid=25493 comm="syz.3.4856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 1219.599078][T25486] bridge0: port 1(bridge_slave_0) entered blocking state [ 1219.602985][T25486] bridge0: port 1(bridge_slave_0) entered disabled state [ 1219.606430][T25486] bridge_slave_0: entered allmulticast mode [ 1219.610349][T25486] bridge_slave_0: entered promiscuous mode [ 1219.612925][ T39] audit: type=1400 audit(1219.456:8324): avc: denied { read } for pid=25504 comm="syz.0.4857" name="/" dev="configfs" ino=2142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1219.617425][T25486] bridge0: port 2(bridge_slave_1) entered blocking state [ 1219.625275][T25486] bridge0: port 2(bridge_slave_1) entered disabled state [ 1219.625551][ T39] audit: type=1400 audit(1219.456:8325): avc: denied { open } for pid=25504 comm="syz.0.4857" path="/sys/kernel/config" dev="configfs" ino=2142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1219.629286][T25486] bridge_slave_1: entered allmulticast mode [ 1219.641996][T25486] bridge_slave_1: entered promiscuous mode [ 1219.736043][T25486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1219.742735][T25486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1219.812256][T25486] team0: Port device team_slave_0 added [ 1219.820202][T25486] team0: Port device team_slave_1 added [ 1219.883449][T25486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1219.890860][T25486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1219.901857][T25486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1219.912815][T25486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1219.915634][T25486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1219.927316][T25486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1220.227935][T25486] hsr_slave_0: entered promiscuous mode [ 1220.248621][T25486] hsr_slave_1: entered promiscuous mode [ 1220.259498][T25486] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1220.264435][T25486] Cannot create hsr debugfs directory [ 1220.457893][ T67] Bluetooth: hci5: command 0x040f tx timeout [ 1220.631924][T25486] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.768404][T25486] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.855305][T25486] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.941458][ T67] Bluetooth: hci2: command tx timeout [ 1220.951748][T25486] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1221.152285][T25486] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1221.171863][T25486] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1221.182810][T25486] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1221.189376][T25532] openvswitch: netlink: Unknown nsh attribute 0 [ 1221.204773][T25486] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1221.386816][T25486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1221.425543][T25486] 8021q: adding VLAN 0 to HW filter on device team0 [ 1221.439379][T25539] netlink: 'syz.1.4867': attribute type 10 has an invalid length. [ 1221.461008][T25539] team0: Device netdevsim0 is of different type [ 1221.468858][ T499] bridge0: port 1(bridge_slave_0) entered blocking state [ 1221.471949][ T499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1221.479017][ T499] bridge0: port 2(bridge_slave_1) entered blocking state [ 1221.482075][ T499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1221.509065][T25539] netlink: 'syz.1.4867': attribute type 10 has an invalid length. [ 1221.518445][T25539] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1221.599514][T25542] serio: Serial port ttynull [ 1221.750393][ T39] audit: type=1400 audit(1221.596:8326): avc: denied { getopt } for pid=25541 comm="syz.3.4868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1221.764582][ T39] audit: type=1400 audit(1221.596:8327): avc: denied { mount } for pid=25541 comm="syz.3.4868" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 1221.775149][ T39] audit: type=1400 audit(1221.596:8328): avc: denied { remount } for pid=25541 comm="syz.3.4868" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 1221.777201][T25559] team0: Port device wg2 removed [ 1221.796358][T25559] bond0: (slave netdevsim0): Releasing backup interface [ 1221.812632][T25561] team0: Port device wg2 added [ 1221.842371][T25486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1221.893387][T25486] veth0_vlan: entered promiscuous mode [ 1221.928800][T25486] veth1_vlan: entered promiscuous mode [ 1221.958596][T25486] veth0_macvtap: entered promiscuous mode [ 1221.966752][T25486] veth1_macvtap: entered promiscuous mode [ 1221.983140][T25486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.990307][T25486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.996485][T25486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1222.005145][T25486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1222.010843][T25486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1222.016489][T25486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1222.024746][T25486] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.029393][T25486] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.033165][T25486] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.037002][T25486] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.111177][ T499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1222.114674][ T499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1222.151930][T10031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1222.156820][T10031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1222.265161][ T39] audit: type=1400 audit(1222.106:8329): avc: denied { unmount } for pid=24553 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 1222.329328][T25566] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4853'. [ 1222.581564][T25573] 9p: Unknown Cache mode or invalid value mmap+kvñœ~ŽàGº­Ç¬Šßg0 [ 1222.793743][ T39] audit: type=1400 audit(1222.636:8330): avc: denied { read append } for pid=25583 comm="syz.2.4875" name="cgroup.controllers" dev="9p" ino=36575638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1222.808416][ T39] audit: type=1400 audit(1222.646:8331): avc: denied { open } for pid=25583 comm="syz.2.4875" path="/2/file0/cgroup.controllers" dev="9p" ino=36575638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1222.819802][ T39] audit: type=1400 audit(1222.656:8332): avc: denied { write } for pid=25583 comm="syz.2.4875" name="cgroup.controllers" dev="9p" ino=36575638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1223.016677][T22520] Bluetooth: hci2: command tx timeout [ 1223.630369][T25595] FAULT_INJECTION: forcing a failure. [ 1223.630369][T25595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1223.637842][T25595] CPU: 0 UID: 0 PID: 25595 Comm: syz.2.4878 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1223.642604][T25595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1223.647886][T25595] Call Trace: [ 1223.649775][T25595] [ 1223.651258][T25595] dump_stack_lvl+0x16c/0x1f0 [ 1223.653347][T25595] should_fail_ex+0x497/0x5b0 [ 1223.655405][T25595] _copy_to_user+0x30/0xc0 [ 1223.657190][T25595] simple_read_from_buffer+0xd0/0x160 [ 1223.659271][T25595] proc_fail_nth_read+0x19e/0x280 [ 1223.661477][T25595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1223.663970][T25595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1223.666424][T25595] vfs_read+0x1d4/0xbd0 [ 1223.668225][T25595] ? __fdget_pos+0xeb/0x180 [ 1223.670224][T25595] ? __pfx_vfs_read+0x10/0x10 [ 1223.672244][T25595] ? __pfx___mutex_lock+0x10/0x10 [ 1223.674402][T25595] ? __fget_files+0x256/0x400 [ 1223.676498][T25595] ksys_read+0x12f/0x260 [ 1223.678389][T25595] ? __pfx_ksys_read+0x10/0x10 [ 1223.680530][T25595] do_syscall_64+0xcd/0x250 [ 1223.682562][T25595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1223.685064][T25595] RIP: 0033:0x7f65db9788fc [ 1223.687113][T25595] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1223.695508][T25595] RSP: 002b:00007f65dc6a6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1223.699117][T25595] RAX: ffffffffffffffda RBX: 00007f65dbb16058 RCX: 00007f65db9788fc [ 1223.702637][T25595] RDX: 000000000000000f RSI: 00007f65dc6a60a0 RDI: 0000000000000003 [ 1223.706128][T25595] RBP: 00007f65dc6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 1223.709545][T25595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1223.713083][T25595] R13: 0000000000000001 R14: 00007f65dbb16058 R15: 00007ffeb599aec8 [ 1223.716325][T25595] [ 1223.729621][T25598] sp0: Synchronizing with TNC [ 1223.859345][ C3] vkms_vblank_simulate: vblank timer overrun [ 1224.162438][T25604] bridge_slave_0: left allmulticast mode [ 1224.164239][T25604] bridge_slave_0: left promiscuous mode [ 1224.166607][T25604] bridge0: port 1(bridge_slave_0) entered disabled state [ 1224.219906][T25604] bridge_slave_1: left allmulticast mode [ 1224.222121][T25604] bridge_slave_1: left promiscuous mode [ 1224.226821][T25604] bridge0: port 2(bridge_slave_1) entered disabled state [ 1224.299976][T25604] bond0: (slave bond_slave_0): Releasing backup interface [ 1224.343144][T25604] bond0: (slave bond_slave_1): Releasing backup interface [ 1224.408796][T25604] team0: Port device team_slave_0 removed [ 1224.484678][T25604] team0: Port device team_slave_1 removed [ 1224.493944][T25604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1224.496829][T25604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1224.529136][T25604] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1224.536820][T25604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1224.870688][T25605] team0: Port device wg2 added [ 1225.096612][ T67] Bluetooth: hci2: command tx timeout [ 1225.382625][T25620] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted [ 1225.919319][ C3] vkms_vblank_simulate: vblank timer overrun [ 1225.961835][T25626] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4888'. [ 1226.345938][T25643] team0: Port device wg2 removed [ 1226.391656][T25643] team0: Port device wg2 added [ 1227.141259][T25659] netlink: 'syz.1.4897': attribute type 7 has an invalid length. [ 1227.147984][T25659] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4897'. [ 1227.153532][T25659] netlink: 'syz.1.4897': attribute type 3 has an invalid length. [ 1227.157745][T25659] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4897'. [ 1227.188571][ T67] Bluetooth: hci2: command 0x0419 tx timeout [ 1228.814697][T25672] FAULT_INJECTION: forcing a failure. [ 1228.814697][T25672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1228.823118][T25672] CPU: 3 UID: 0 PID: 25672 Comm: syz.0.4901 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1228.829924][T25672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1228.835577][T25672] Call Trace: [ 1228.837116][T25672] [ 1228.838443][T25672] dump_stack_lvl+0x16c/0x1f0 [ 1228.840568][T25672] should_fail_ex+0x497/0x5b0 [ 1228.842634][T25672] _copy_from_user+0x30/0xf0 [ 1228.844919][T25672] copy_msghdr_from_user+0x99/0x160 [ 1228.847240][T25672] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1228.849865][T25672] ? find_held_lock+0x2d/0x110 [ 1228.851988][T25672] ? __pfx___lock_acquire+0x10/0x10 [ 1228.854303][T25672] ___sys_sendmsg+0xff/0x1e0 [ 1228.856526][T25672] ? __pfx____sys_sendmsg+0x10/0x10 [ 1228.858778][T25672] ? ksys_write+0x21c/0x260 [ 1228.861317][T25672] ? __fget_light+0x173/0x210 [ 1228.863380][T25672] __sys_sendmsg+0x117/0x1f0 [ 1228.865422][T25672] ? __pfx___sys_sendmsg+0x10/0x10 [ 1228.867720][T25672] do_syscall_64+0xcd/0x250 [ 1228.869785][T25672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1228.872337][T25672] RIP: 0033:0x7f7db9779eb9 [ 1228.874361][T25672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1228.882608][T25672] RSP: 002b:00007f7dba607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1228.885844][T25672] RAX: ffffffffffffffda RBX: 00007f7db9915f80 RCX: 00007f7db9779eb9 [ 1228.889331][T25672] RDX: 0000000000000000 RSI: 0000000020000d80 RDI: 0000000000000003 [ 1228.892781][T25672] RBP: 00007f7dba607090 R08: 0000000000000000 R09: 0000000000000000 [ 1228.896258][T25672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1228.900152][T25672] R13: 0000000000000000 R14: 00007f7db9915f80 R15: 00007ffd59dc0fb8 [ 1228.903330][T25672] [ 1228.904622][ C3] vkms_vblank_simulate: vblank timer overrun [ 1229.197165][T25681] team0: Port device wg2 removed [ 1229.234775][T25681] team0: Port device wg2 added [ 1229.260404][T22520] Bluetooth: hci2: command 0x0419 tx timeout [ 1229.565787][ T39] audit: type=1400 audit(1229.406:8333): avc: denied { append } for pid=25691 comm="syz.2.4908" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 1229.576366][T22520] Bluetooth: hci2: unexpected subevent 0x04 length: 1 < 11 [ 1229.583489][T22520] Bluetooth: hci2: unexpected subevent 0x04 length: 1 < 11 [ 1229.844666][T25709] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4911'. [ 1230.325312][T25728] FAULT_INJECTION: forcing a failure. [ 1230.325312][T25728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1230.333014][T25728] CPU: 2 UID: 0 PID: 25728 Comm: syz.0.4917 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1230.337839][T25728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1230.342224][T25728] Call Trace: [ 1230.344630][T25728] [ 1230.345890][T25728] dump_stack_lvl+0x16c/0x1f0 [ 1230.349015][T25728] should_fail_ex+0x497/0x5b0 [ 1230.352463][T25728] _copy_from_iter+0x2a1/0x1150 [ 1230.356300][T25728] ? __alloc_skb+0x1fe/0x380 [ 1230.358265][T25728] ? __pfx__copy_from_iter+0x10/0x10 [ 1230.361452][T25728] ? __virt_addr_valid+0x5e/0x590 [ 1230.363477][T25728] ? __phys_addr_symbol+0x30/0x80 [ 1230.377351][T25728] ? __check_object_size+0x497/0x720 [ 1230.379840][T25728] netlink_sendmsg+0x813/0xd70 [ 1230.381994][T25728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1230.384572][T25728] ? __import_iovec+0x1fd/0x6e0 [ 1230.386799][T25728] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1230.389482][T25728] ____sys_sendmsg+0xab5/0xc90 [ 1230.391818][T25728] ? copy_msghdr_from_user+0x10b/0x160 [ 1230.394979][T25728] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1230.397381][T25728] ? find_held_lock+0x2d/0x110 [ 1230.399661][T25728] ? __pfx___lock_acquire+0x10/0x10 [ 1230.401968][T25728] ___sys_sendmsg+0x135/0x1e0 [ 1230.404043][T25728] ? __pfx____sys_sendmsg+0x10/0x10 [ 1230.406500][T25728] ? ksys_write+0x21c/0x260 [ 1230.408657][T25728] ? __fget_light+0x173/0x210 [ 1230.410800][T25728] __sys_sendmsg+0x117/0x1f0 [ 1230.412800][T25728] ? __pfx___sys_sendmsg+0x10/0x10 [ 1230.415016][T25728] do_syscall_64+0xcd/0x250 [ 1230.417530][T25728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1230.421295][T25728] RIP: 0033:0x7f7db9779eb9 [ 1230.423213][T25728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1230.432244][T25728] RSP: 002b:00007f7dba607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1230.436205][T13332] usb 8-1: new high-speed USB device number 53 using dummy_hcd [ 1230.436704][T25728] RAX: ffffffffffffffda RBX: 00007f7db9915f80 RCX: 00007f7db9779eb9 [ 1230.436720][T25728] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 1230.436733][T25728] RBP: 00007f7dba607090 R08: 0000000000000000 R09: 0000000000000000 [ 1230.436745][T25728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1230.436757][T25728] R13: 0000000000000000 R14: 00007f7db9915f80 R15: 00007ffd59dc0fb8 [ 1230.459890][T25728] [ 1230.516946][T25735] FAULT_INJECTION: forcing a failure. [ 1230.516946][T25735] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1230.523267][T25735] CPU: 0 UID: 0 PID: 25735 Comm: syz.1.4920 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1230.528169][T25735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1230.532478][T25735] Call Trace: [ 1230.534106][T25735] [ 1230.535457][T25735] dump_stack_lvl+0x16c/0x1f0 [ 1230.537573][T25735] should_fail_ex+0x497/0x5b0 [ 1230.542743][T25735] _copy_from_user+0x30/0xf0 [ 1230.545362][T25735] kstrtouint_from_user+0xd7/0x1c0 [ 1230.548483][T25735] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1230.551058][T25735] ? __pfx_lock_acquire+0x10/0x10 [ 1230.553429][T25735] proc_fail_nth_write+0x84/0x260 [ 1230.555883][T25735] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1230.558430][T25735] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1230.561051][T25735] vfs_write+0x29a/0x1140 [ 1230.563401][T25735] ? __fdget_pos+0xeb/0x180 [ 1230.566319][T25735] ? __pfx_vfs_write+0x10/0x10 [ 1230.569067][T25735] ? __pfx___mutex_lock+0x10/0x10 [ 1230.571856][T25735] ? __fget_files+0x256/0x400 [ 1230.574211][T25735] ksys_write+0x12f/0x260 [ 1230.577265][T25735] ? __pfx_ksys_write+0x10/0x10 [ 1230.582064][T25735] do_syscall_64+0xcd/0x250 [ 1230.585225][T25735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1230.588822][T25735] RIP: 0033:0x7f7856f7899f [ 1230.591242][T25735] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 1230.616046][T25735] RSP: 002b:00007f7857d37030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1230.619930][T25735] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7856f7899f [ 1230.628357][T13332] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1230.628976][T25735] RDX: 0000000000000001 RSI: 00007f7857d370a0 RDI: 0000000000000003 [ 1230.633973][T13332] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1230.637502][T25735] RBP: 00007f7857d37090 R08: 0000000000000000 R09: 0000000000000000 [ 1230.637517][T25735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1230.637529][T25735] R13: 0000000000000000 R14: 00007f7857115f80 R15: 00007fffccff4928 [ 1230.637557][T25735] [ 1230.680633][T13332] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1230.687148][T13332] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1230.706978][T25716] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1230.714186][T13332] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 1230.837155][T25743] team0: Port device wg2 removed [ 1230.901605][T25743] team0: Port device wg2 added [ 1231.010999][T24176] usb 8-1: USB disconnect, device number 53 [ 1232.095232][ C3] vkms_vblank_simulate: vblank timer overrun [ 1232.633382][T25777] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4932'. [ 1232.859379][ T39] audit: type=1400 audit(1232.706:8334): avc: denied { create } for pid=25775 comm="syz.2.4931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1232.884810][ T39] audit: type=1400 audit(1232.726:8335): avc: denied { getopt } for pid=25775 comm="syz.2.4931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1233.633148][T25810] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4941'. [ 1233.701640][T25812] FAULT_INJECTION: forcing a failure. [ 1233.701640][T25812] name failslab, interval 1, probability 0, space 0, times 0 [ 1233.707452][T25812] CPU: 3 UID: 0 PID: 25812 Comm: syz.3.4942 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1233.711932][T25812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1233.716428][T25812] Call Trace: [ 1233.718467][T25812] [ 1233.719573][T25812] dump_stack_lvl+0x16c/0x1f0 [ 1233.721365][T25812] should_fail_ex+0x497/0x5b0 [ 1233.723315][T25812] ? fs_reclaim_acquire+0xae/0x160 [ 1233.725505][T25812] should_failslab+0xc2/0x120 [ 1233.727540][T25812] __kmalloc_node_noprof+0xd1/0x430 [ 1233.729819][T25812] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 1233.732286][T25812] ? lockdep_init_map_type+0x16d/0x7d0 [ 1233.735186][T25812] __kvmalloc_node_noprof+0x9d/0x1a0 [ 1233.737570][T25812] bucket_table_alloc.isra.0+0x86/0x470 [ 1233.739870][T25812] rhashtable_init_noprof+0x41a/0x7e0 [ 1233.742248][T25812] rhltable_init_noprof+0x20/0x60 [ 1233.744533][T25812] nf_tables_newtable+0xfaa/0x1b20 [ 1233.746725][T25812] ? net_generic+0xea/0x2a0 [ 1233.748986][T25812] ? __pfx_nf_tables_newtable+0x10/0x10 [ 1233.752110][T25812] ? __nla_parse+0x40/0x60 [ 1233.754216][T25812] nfnetlink_rcv_batch+0x1a3d/0x2500 [ 1233.756515][T25812] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 1233.758850][T25812] ? find_held_lock+0x2d/0x110 [ 1233.760983][T25812] ? avc_has_perm_noaudit+0x119/0x3a0 [ 1233.763694][T25812] ? avc_has_perm_noaudit+0x143/0x3a0 [ 1233.766040][T25812] ? bpf_lsm_capable+0x9/0x10 [ 1233.768558][T25812] ? __nla_parse+0x40/0x60 [ 1233.770401][T25812] nfnetlink_rcv+0x3c3/0x430 [ 1233.772115][T25812] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1233.774791][T25812] netlink_unicast+0x53c/0x7f0 [ 1233.776845][T25812] ? __pfx_netlink_unicast+0x10/0x10 [ 1233.779433][T25812] netlink_sendmsg+0x8b8/0xd70 [ 1233.781726][T25812] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1233.784018][T25812] ? __import_iovec+0x1fd/0x6e0 [ 1233.786125][T25812] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1233.788196][T25812] ____sys_sendmsg+0xab5/0xc90 [ 1233.790301][T25812] ? copy_msghdr_from_user+0x10b/0x160 [ 1233.792699][T25812] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1233.795282][T25812] ? find_held_lock+0x2d/0x110 [ 1233.797196][T25812] ? __pfx___lock_acquire+0x10/0x10 [ 1233.799269][T25812] ___sys_sendmsg+0x135/0x1e0 [ 1233.801487][T25812] ? __pfx____sys_sendmsg+0x10/0x10 [ 1233.803931][T25812] ? ksys_write+0x21c/0x260 [ 1233.806217][T25812] ? __fget_light+0x173/0x210 [ 1233.808474][T25812] __sys_sendmsg+0x117/0x1f0 [ 1233.810379][T25812] ? __pfx___sys_sendmsg+0x10/0x10 [ 1233.812670][T25812] do_syscall_64+0xcd/0x250 [ 1233.816137][T25812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1233.819809][T25812] RIP: 0033:0x7f13a6f79eb9 [ 1233.822084][T25812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1233.830570][T25812] RSP: 002b:00007f13a7cbb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1233.834233][T25812] RAX: ffffffffffffffda RBX: 00007f13a7115f80 RCX: 00007f13a6f79eb9 [ 1233.839092][T25812] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 1233.842997][T25812] RBP: 00007f13a7cbb090 R08: 0000000000000000 R09: 0000000000000000 [ 1233.846301][T25812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1233.849622][T25812] R13: 0000000000000000 R14: 00007f13a7115f80 R15: 00007ffdabb99ce8 [ 1233.853355][T25812] [ 1233.855091][ C3] vkms_vblank_simulate: vblank timer overrun [ 1233.860099][ T39] audit: type=1400 audit(1233.676:8336): avc: denied { read } for pid=25813 comm="syz.0.4943" name="file0" dev="tmpfs" ino=270 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1233.869912][ T39] audit: type=1400 audit(1233.696:8337): avc: denied { mounton } for pid=25813 comm="syz.0.4943" path="/48/file0" dev="tmpfs" ino=270 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1233.957599][T25818] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1233.963032][T25818] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1234.525942][ T39] audit: type=1326 audit(1234.366:8338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25824 comm="syz.2.4946" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65db979eb9 code=0x0 [ 1235.053817][T25838] team0: Port device wg2 removed [ 1235.081357][T25838] team0: Port device wg2 added [ 1235.422904][T25844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4951'. [ 1235.478470][T25845] team0: Port device wg2 removed [ 1235.515243][ T39] audit: type=1400 audit(1235.356:8339): avc: denied { mount } for pid=25846 comm="syz.0.4952" name="/" dev="rpc_pipefs" ino=159033 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 1235.519070][T25845] team0: Port device wg2 added [ 1236.506242][ T39] audit: type=1400 audit(1236.346:8340): avc: denied { append } for pid=25859 comm="syz.2.4957" name="event3" dev="devtmpfs" ino=1115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1236.883573][T25876] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1236.888581][T25876] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1236.896148][T25876] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1236.901443][T25876] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1236.908289][T25876] geneve2: entered promiscuous mode [ 1236.910842][T25876] geneve2: entered allmulticast mode [ 1237.006781][ T39] audit: type=1400 audit(1236.846:8341): avc: denied { mount } for pid=25877 comm="syz.0.4963" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 1237.037509][ T39] audit: type=1400 audit(1236.886:8342): avc: denied { watch } for pid=25877 comm="syz.0.4963" path="/57/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 1237.178606][ T39] audit: type=1400 audit(1237.026:8343): avc: denied { unmount } for pid=25032 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 1237.286172][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.295676][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.300415][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.303616][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.308630][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.311865][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.314967][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.321020][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.324186][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.329422][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.333109][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.340415][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.344178][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.354531][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.358961][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.362286][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.365377][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.370290][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.373533][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.379159][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.382590][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.385784][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.389828][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.393190][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.397538][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.401449][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.405096][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.409571][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.412765][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.418612][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.421818][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.425053][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.430345][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.434250][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.437224][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.440877][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.443841][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.447612][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.450180][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.452966][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.455878][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.459602][ T5354] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 1237.487764][ T5354] hid-generic 0000:0000:0000.0009: hidraw1: HID v0.00 Device [syz0] on syz0 [ 1237.992475][ T39] audit: type=1400 audit(1237.836:8344): avc: denied { append } for pid=25906 comm="syz.2.4972" name="usbmon0" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 1238.703071][T25920] No control pipe specified [ 1239.323209][T25928] FAULT_INJECTION: forcing a failure. [ 1239.323209][T25928] name failslab, interval 1, probability 0, space 0, times 0 [ 1239.330776][T25928] CPU: 3 UID: 0 PID: 25928 Comm: syz.2.4978 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1239.336394][T25928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1239.340744][T25928] Call Trace: [ 1239.342209][T25928] [ 1239.343669][T25928] dump_stack_lvl+0x16c/0x1f0 [ 1239.345683][T25928] should_fail_ex+0x497/0x5b0 [ 1239.347833][T25928] ? fs_reclaim_acquire+0xae/0x160 [ 1239.349993][T25928] should_failslab+0xc2/0x120 [ 1239.352331][T25928] __kmalloc_noprof+0xcb/0x400 [ 1239.354598][T25928] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 1239.357776][T25928] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 1239.360077][T25928] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1239.362435][T25928] ? security_capable+0x98/0xd0 [ 1239.364347][T25928] genl_rcv_msg+0x565/0x800 [ 1239.366145][T25928] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1239.368301][T25928] ? __pfx___lock_acquire+0x10/0x10 [ 1239.370567][T25928] ? __pfx_fou_nl_del_doit+0x10/0x10 [ 1239.372926][T25928] netlink_rcv_skb+0x16b/0x440 [ 1239.375204][T25928] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1239.377538][T25928] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1239.380000][T25928] ? down_read+0xc9/0x330 [ 1239.381884][T25928] ? __pfx_down_read+0x10/0x10 [ 1239.383957][T25928] ? netlink_deliver_tap+0x1ae/0xd90 [ 1239.385899][T25928] genl_rcv+0x28/0x40 [ 1239.387395][T25928] netlink_unicast+0x53c/0x7f0 [ 1239.389381][T25928] ? __pfx_netlink_unicast+0x10/0x10 [ 1239.391432][T25928] netlink_sendmsg+0x8b8/0xd70 [ 1239.393433][T25928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1239.395685][T25928] ? __import_iovec+0x1fd/0x6e0 [ 1239.397861][T25928] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1239.400023][T25928] ____sys_sendmsg+0xab5/0xc90 [ 1239.402034][T25928] ? copy_msghdr_from_user+0x10b/0x160 [ 1239.404324][T25928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1239.406633][T25928] ? find_held_lock+0x2d/0x110 [ 1239.408750][T25928] ? __pfx___lock_acquire+0x10/0x10 [ 1239.410942][T25928] ___sys_sendmsg+0x135/0x1e0 [ 1239.413003][T25928] ? __pfx____sys_sendmsg+0x10/0x10 [ 1239.415255][T25928] ? ksys_write+0x21c/0x260 [ 1239.417270][T25928] ? __fget_light+0x173/0x210 [ 1239.419272][T25928] __sys_sendmsg+0x117/0x1f0 [ 1239.421286][T25928] ? __pfx___sys_sendmsg+0x10/0x10 [ 1239.423299][T25928] do_syscall_64+0xcd/0x250 [ 1239.425216][T25928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.427698][T25928] RIP: 0033:0x7f65db979eb9 [ 1239.429579][T25928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1239.438145][T25928] RSP: 002b:00007f65dc6c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1239.441843][T25928] RAX: ffffffffffffffda RBX: 00007f65dbb15f80 RCX: 00007f65db979eb9 [ 1239.445746][T25928] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 1239.449308][T25928] RBP: 00007f65dc6c7090 R08: 0000000000000000 R09: 0000000000000000 [ 1239.452462][T25928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1239.455364][T25928] R13: 0000000000000000 R14: 00007f65dbb15f80 R15: 00007ffeb599aec8 [ 1239.458252][T25928] [ 1239.459698][ C3] vkms_vblank_simulate: vblank timer overrun [ 1239.754995][ T39] audit: type=1400 audit(1239.596:8345): avc: denied { create } for pid=25935 comm="syz.3.4982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1239.755791][T25937] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4982'. [ 1239.881812][ T39] audit: type=1400 audit(1239.726:8346): avc: denied { ioctl } for pid=25946 comm="syz.1.4986" path="socket:[155580]" dev="sockfs" ino=155580 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1239.921650][T25945] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4982'. [ 1239.933923][T25945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4982'. [ 1239.937500][ T39] audit: type=1400 audit(1239.766:8347): avc: denied { write } for pid=25935 comm="syz.3.4982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1239.937549][ T39] audit: type=1400 audit(1239.766:8348): avc: denied { nlmsg_write } for pid=25935 comm="syz.3.4982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1240.336247][T11427] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1240.539565][T11427] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1240.544484][T11427] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1240.553340][T11427] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1240.557826][T11427] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1240.565806][T25940] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1240.572257][T11427] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1240.795416][T11427] usb 5-1: USB disconnect, device number 52 [ 1241.071166][T25964] team0: Port device wg2 removed [ 1241.099221][T25964] team0: Port device wg2 added [ 1241.297519][T25966] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4989'. [ 1242.132761][T25984] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4996'. [ 1242.868308][T25997] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4999'. [ 1243.101541][T26002] fuse: Bad value for 'fd' [ 1244.069578][T26022] FAULT_INJECTION: forcing a failure. [ 1244.069578][T26022] name failslab, interval 1, probability 0, space 0, times 0 [ 1244.074536][T26022] CPU: 3 UID: 0 PID: 26022 Comm: syz.0.5005 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1244.078722][T26022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1244.083340][T26022] Call Trace: [ 1244.084993][T26022] [ 1244.086329][T26022] dump_stack_lvl+0x16c/0x1f0 [ 1244.088473][T26022] should_fail_ex+0x497/0x5b0 [ 1244.090482][T26022] should_failslab+0xc2/0x120 [ 1244.092613][T26022] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1244.094656][T26022] ? skb_clone+0x190/0x3f0 [ 1244.096613][T26022] skb_clone+0x190/0x3f0 [ 1244.098149][T26022] netlink_deliver_tap+0xab3/0xd90 [ 1244.100052][T26022] netlink_unicast+0x5e1/0x7f0 [ 1244.102445][T26022] ? __pfx_netlink_unicast+0x10/0x10 [ 1244.105145][T26022] netlink_sendmsg+0x8b8/0xd70 [ 1244.107264][T26022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1244.109524][T26022] ? __import_iovec+0x1fd/0x6e0 [ 1244.111310][T26022] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1244.113103][T26022] ____sys_sendmsg+0xab5/0xc90 [ 1244.114643][T26022] ? copy_msghdr_from_user+0x10b/0x160 [ 1244.116770][T26022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1244.118853][T26022] ? find_held_lock+0x2d/0x110 [ 1244.120974][T26022] ? __pfx___lock_acquire+0x10/0x10 [ 1244.123144][T26022] ___sys_sendmsg+0x135/0x1e0 [ 1244.124979][T26022] ? __pfx____sys_sendmsg+0x10/0x10 [ 1244.127307][T26022] ? ksys_write+0x21c/0x260 [ 1244.129345][T26022] ? __fget_light+0x173/0x210 [ 1244.131409][T26022] __sys_sendmsg+0x117/0x1f0 [ 1244.133431][T26022] ? __pfx___sys_sendmsg+0x10/0x10 [ 1244.135690][T26022] do_syscall_64+0xcd/0x250 [ 1244.137641][T26022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.140161][T26022] RIP: 0033:0x7f7db9779eb9 [ 1244.142032][T26022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1244.150599][T26022] RSP: 002b:00007f7dba607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1244.153982][T26022] RAX: ffffffffffffffda RBX: 00007f7db9915f80 RCX: 00007f7db9779eb9 [ 1244.157159][T26022] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1244.160516][T26022] RBP: 00007f7dba607090 R08: 0000000000000000 R09: 0000000000000000 [ 1244.163688][T26022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1244.166308][T26022] R13: 0000000000000000 R14: 00007f7db9915f80 R15: 00007ffd59dc0fb8 [ 1244.169820][T26022] [ 1244.171260][ C3] vkms_vblank_simulate: vblank timer overrun [ 1244.180477][T26022] netlink: 830 bytes leftover after parsing attributes in process `syz.0.5005'. [ 1244.479258][T26031] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5007'. [ 1244.484447][ T1381] ieee802154 phy0 wpan0: encryption failed: -22 [ 1245.245929][T26044] team0: Port device wg2 removed [ 1245.294724][T26044] team0: Port device wg2 added [ 1252.742043][T26068] netlink: 'syz.3.5019': attribute type 21 has an invalid length. [ 1252.745640][T26068] netlink: 128 bytes leftover after parsing attributes in process `syz.3.5019'. [ 1252.829974][T26071] netlink: 'syz.2.5020': attribute type 21 has an invalid length. [ 1252.829998][T26071] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5020'. [ 1252.986842][ T5394] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1253.062031][T26078] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1253.165627][T26079] netlink: 'syz.2.5022': attribute type 5 has an invalid length. [ 1253.206991][ T5394] usb 5-1: too many configurations: 26, using maximum allowed: 8 [ 1253.215874][ T5394] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1253.220961][ T5394] usb 5-1: can't read configurations, error -61 [ 1253.386213][ T5394] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1253.576988][ T5394] usb 5-1: too many configurations: 26, using maximum allowed: 8 [ 1253.588085][ T5394] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1253.591700][ T5394] usb 5-1: can't read configurations, error -61 [ 1253.602218][ T5394] usb usb5-port1: attempt power cycle [ 1254.046191][ T5394] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1254.154643][ T5394] usb 5-1: too many configurations: 26, using maximum allowed: 8 [ 1254.164946][ T5394] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1254.168656][ T5394] usb 5-1: can't read configurations, error -61 [ 1254.356187][ T5394] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1254.382259][T26111] overlayfs: missing 'lowerdir' [ 1254.613849][ T5394] usb 5-1: too many configurations: 26, using maximum allowed: 8 [ 1254.618828][ T5394] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1254.622000][ T5394] usb 5-1: can't read configurations, error -61 [ 1254.625901][ T5394] usb usb5-port1: unable to enumerate USB device [ 1255.226924][T26119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5032'. [ 1257.238796][T26144] team0: Port device wg2 removed [ 1257.317124][T26145] team0: Port device wg2 added [ 1257.764420][ T39] audit: type=1400 audit(1257.616:8349): avc: denied { ioctl } for pid=26148 comm="syz.1.5041" path="socket:[161346]" dev="sockfs" ino=161346 ioctlcmd=0xf50c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 1257.767265][T26151] netlink: 'syz.0.5042': attribute type 21 has an invalid length. [ 1257.777056][T26151] netlink: 128 bytes leftover after parsing attributes in process `syz.0.5042'. [ 1258.576310][T16677] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1258.769166][T16677] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1258.773963][T16677] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1258.794215][T16677] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1258.800816][T16677] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1258.829150][T26166] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1258.835544][T16677] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1259.169263][T16677] usb 5-1: USB disconnect, device number 57 [ 1259.490539][T26179] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5048'. [ 1260.360089][T26197] netlink: 'syz.3.5053': attribute type 21 has an invalid length. [ 1260.363480][T26197] netlink: 128 bytes leftover after parsing attributes in process `syz.3.5053'. [ 1260.640092][T26200] team0: Port device wg2 removed [ 1260.668427][T26203] team0: Port device wg2 added [ 1261.407730][T26210] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.410943][T26206] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.412946][T26210] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.418011][T26206] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.426990][T26206] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.427614][T26210] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.431298][T26206] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.436952][T26210] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 1261.441500][T26206] syz.3.5055 (26206): drop_caches: 2 [ 1261.448702][T26210] syz.3.5055 (26210): drop_caches: 2 [ 1261.667003][ T39] audit: type=1400 audit(1261.516:8350): avc: denied { append } for pid=26229 comm="syz.3.5062" name="loop3" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1261.729665][T26233] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5063'. [ 1262.643958][T26252] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1262.670695][ T39] audit: type=1400 audit(1262.516:8351): avc: denied { rename } for pid=26251 comm="syz.0.5072" name="file1" dev="overlay" ino=36575596 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1262.683892][ T39] audit: type=1400 audit(1262.516:8352): avc: denied { unlink } for pid=26251 comm="syz.0.5072" name="file0" dev="overlay" ino=36575586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1262.694306][ T39] audit: type=1400 audit(1262.526:8353): avc: denied { write open } for pid=26251 comm="syz.0.5072" path=2F202864656C6574656429 dev="tmpfs" ino=463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1262.702000][T26253] syzkaller0: entered promiscuous mode [ 1262.705005][ T39] audit: type=1400 audit(1262.526:8354): avc: denied { setattr } for pid=26251 comm="syz.0.5072" name="#463" dev="tmpfs" ino=463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1262.709949][T26253] syzkaller0: entered allmulticast mode [ 1262.716260][ T39] audit: type=1400 audit(1262.526:8355): avc: denied { link } for pid=26251 comm="syz.0.5072" name="#463" dev="tmpfs" ino=463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1262.799860][ T39] audit: type=1400 audit(1262.646:8356): avc: denied { setopt } for pid=26258 comm="syz.3.5074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1265.462936][ T39] audit: type=1400 audit(1265.306:8357): avc: denied { read } for pid=26306 comm="syz.1.5086" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1267.663461][T26357] tunl0: entered promiscuous mode [ 1267.669354][T26357] netlink: 'syz.2.5104': attribute type 1 has an invalid length. [ 1267.672946][T26357] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5104'. [ 1267.686819][ T39] audit: type=1400 audit(1267.536:8358): avc: denied { lock } for pid=26358 comm="syz.3.5105" path="socket:[163169]" dev="sockfs" ino=163169 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 1267.778659][ T39] audit: type=1326 audit(1267.626:8359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.787706][ T39] audit: type=1326 audit(1267.626:8360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.796554][ T39] audit: type=1326 audit(1267.626:8361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.805764][ T39] audit: type=1326 audit(1267.626:8362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.814851][ T39] audit: type=1326 audit(1267.626:8363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.823987][ T39] audit: type=1326 audit(1267.636:8364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.833409][ T39] audit: type=1326 audit(1267.636:8365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.842034][ T39] audit: type=1326 audit(1267.636:8366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.851454][ T39] audit: type=1326 audit(1267.636:8367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.861579][ T39] audit: type=1326 audit(1267.676:8368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.871881][ T39] audit: type=1326 audit(1267.676:8369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.882904][ T39] audit: type=1326 audit(1267.686:8370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.894373][ T39] audit: type=1326 audit(1267.686:8371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1267.906741][ T39] audit: type=1326 audit(1267.686:8372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26366 comm="syz.1.5109" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7856f79eb9 code=0x7ffc0000 [ 1268.026215][ T25] usb 8-1: new high-speed USB device number 54 using dummy_hcd [ 1268.216173][ T25] usb 8-1: Using ep0 maxpacket: 32 [ 1268.220474][ T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1268.231039][ T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 1268.235464][ T25] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1268.248097][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1268.254349][ T25] usb 8-1: config 0 descriptor?? [ 1268.257356][T26365] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1268.265369][ T25] hub 8-1:0.0: USB hub found [ 1268.469271][ T25] hub 8-1:0.0: 2 ports detected [ 1268.683892][ T25] hub 8-1:0.0: hub_hub_status failed (err = -71) [ 1268.697924][ T25] hub 8-1:0.0: config failed, can't get hub status (err -71) [ 1268.734335][ T25] usbhid 8-1:0.0: can't add hid device: -71 [ 1268.737305][ T25] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1268.770131][ T25] usb 8-1: USB disconnect, device number 54 [ 1270.381827][T26394] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 1271.782701][T26431] input: syz0 as /devices/virtual/input/input26 [ 1273.036944][ T39] kauditd_printk_skb: 32 callbacks suppressed [ 1273.036960][ T39] audit: type=1326 audit(1272.876:8405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26454 comm="syz.3.5138" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13a6f79eb9 code=0x0 [ 1275.086325][ T39] audit: type=1400 audit(1274.896:8406): avc: denied { remount } for pid=26476 comm="syz.2.5146" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1275.505818][T26483] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5147'. [ 1278.468577][T26528] ------------[ cut here ]------------ [ 1278.472079][T26528] WARNING: CPU: 0 PID: 26528 at include/linux/rwsem.h:195 follow_pte+0x414/0x4c0 [ 1278.475963][T26528] Modules linked in: [ 1278.477584][T26528] CPU: 0 UID: 0 PID: 26528 Comm: syz.1.5161 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1278.481654][T26528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1278.485857][T26528] RIP: 0010:follow_pte+0x414/0x4c0 [ 1278.492376][T26528] Code: bf 98 01 00 00 be ff ff ff ff e8 f7 c7 44 09 31 ff 41 89 c4 89 c6 e8 9b cd b9 ff 45 85 e4 0f 85 80 fc ff ff e8 4d cb b9 ff 90 <0f> 0b 90 e9 72 fc ff ff e8 3f cb b9 ff 90 0f 0b 48 c7 c7 d8 6f 14 [ 1278.500469][T26528] RSP: 0018:ffffc900047974d0 EFLAGS: 00010283 [ 1278.503618][T26528] RAX: 0000000000013379 RBX: 00007f2d51b44000 RCX: ffffc9000c403000 [ 1278.516615][T26528] RDX: 0000000000040000 RSI: ffffffff81d1f4a3 RDI: 0000000000000005 [ 1278.519829][T26528] RBP: ffff888030d6fba0 R08: 0000000000000005 R09: 0000000000000000 [ 1278.523014][T26528] R10: 0000000000000000 R11: 000000000000026a R12: 0000000000000000 [ 1278.526248][T26528] R13: ffffc90004797530 R14: ffffc90004797550 R15: ffff888029df5580 [ 1278.529527][T26528] FS: 00007f7857cf56c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000 [ 1278.533388][T26528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1278.536317][T26528] CR2: 0000000000000000 CR3: 000000002df68000 CR4: 0000000000350ef0 [ 1278.539760][T26528] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1278.542876][T26528] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1278.546164][T26528] Call Trace: [ 1278.547386][T26528] [ 1278.548641][T26528] ? show_regs+0x8c/0xa0 [ 1278.550431][T26528] ? __warn+0xe5/0x3c0 [ 1278.552170][T26528] ? follow_pte+0x414/0x4c0 [ 1278.554285][T26528] ? report_bug+0x3c0/0x580 [ 1278.556527][T26528] ? handle_bug+0x3d/0x70 [ 1278.558821][T26528] ? exc_invalid_op+0x17/0x50 [ 1278.560791][T26528] ? asm_exc_invalid_op+0x1a/0x20 [ 1278.562911][T26528] ? follow_pte+0x413/0x4c0 [ 1278.565038][T26528] ? follow_pte+0x414/0x4c0 [ 1278.567225][T26528] get_pat_info+0xf2/0x510 [ 1278.568554][T26528] ? __pfx_get_pat_info+0x10/0x10 [ 1278.570049][T26528] untrack_pfn+0xf7/0x4d0 [ 1278.571369][T26528] ? __pfx_untrack_pfn+0x10/0x10 [ 1278.572940][T26528] ? zap_page_range_single+0x307/0x560 [ 1278.575079][T26528] ? __pfx_lock_release+0x10/0x10 [ 1278.577082][T26528] ? uprobe_munmap+0x20/0x5d0 [ 1278.578983][T26528] unmap_single_vma+0x1bd/0x2b0 [ 1278.581164][T26528] zap_page_range_single+0x326/0x560 [ 1278.583476][T26528] ? __pfx_zap_page_range_single+0x10/0x10 [ 1278.586205][T26528] ? __pfx___might_resched+0x10/0x10 [ 1278.588463][T26528] ? vma_interval_tree_subtree_search+0x14d/0x1b0 [ 1278.591137][T26528] unmap_mapping_range+0x1ee/0x280 [ 1278.593362][T26528] ? __pfx_unmap_mapping_range+0x10/0x10 [ 1278.595706][T26528] ? inode_newsize_ok+0x13b/0x200 [ 1278.598157][T26528] truncate_pagecache+0x53/0x90 [ 1278.600602][T26528] simple_setattr+0xf2/0x120 [ 1278.602649][T26528] notify_change+0xf41/0x1230 [ 1278.605560][T26528] do_truncate+0x15c/0x220 [ 1278.607674][T26528] ? __pfx_do_truncate+0x10/0x10 [ 1278.609853][T26528] path_openat+0x27a8/0x2d20 [ 1278.611913][T26528] ? __pfx_path_openat+0x10/0x10 [ 1278.613856][T26528] ? __pfx___lock_acquire+0x10/0x10 [ 1278.615911][T26528] ? find_held_lock+0x2d/0x110 [ 1278.618052][T26528] do_filp_open+0x1dc/0x430 [ 1278.619957][T26528] ? __pfx_do_filp_open+0x10/0x10 [ 1278.621908][T26528] ? find_held_lock+0x2d/0x110 [ 1278.623774][T26528] ? _raw_spin_unlock+0x28/0x50 [ 1278.625733][T26528] ? alloc_fd+0x2d7/0x6c0 [ 1278.627399][T26528] do_sys_openat2+0x17a/0x1e0 [ 1278.629462][T26528] ? __pfx_do_sys_openat2+0x10/0x10 [ 1278.631773][T26528] ? __fget_files+0x256/0x400 [ 1278.633348][T26528] __x64_sys_openat+0x175/0x210 [ 1278.635405][T26528] ? __pfx___x64_sys_openat+0x10/0x10 [ 1278.637362][T26528] do_syscall_64+0xcd/0x250 [ 1278.639244][T26528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.641282][T26528] RIP: 0033:0x7f7856f79eb9 [ 1278.643166][T26528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1278.649999][T26528] RSP: 002b:00007f7857cf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1278.653313][T26528] RAX: ffffffffffffffda RBX: 00007f7857116130 RCX: 00007f7856f79eb9 [ 1278.656842][T26528] RDX: 0000000000003f00 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 1278.660279][T26528] RBP: 00007f7856fe793e R08: 0000000000000000 R09: 0000000000000000 [ 1278.663680][T26528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1278.666861][T26528] R13: 0000000000000000 R14: 00007f7857116130 R15: 00007fffccff4928 [ 1278.669922][T26528] [ 1278.671288][T26528] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1278.674490][T26528] CPU: 0 UID: 0 PID: 26528 Comm: syz.1.5161 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0 [ 1278.679005][T26528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1278.683123][T26528] Call Trace: [ 1278.684423][T26528] [ 1278.685615][T26528] dump_stack_lvl+0x3d/0x1f0 [ 1278.687525][T26528] panic+0x6dc/0x7c0 [ 1278.689327][T26528] ? __pfx_panic+0x10/0x10 [ 1278.691321][T26528] ? show_trace_log_lvl+0x363/0x500 [ 1278.693648][T26528] ? follow_pte+0x414/0x4c0 [ 1278.695626][T26528] check_panic_on_warn+0xab/0xb0 [ 1278.697880][T26528] __warn+0xf1/0x3c0 [ 1278.699621][T26528] ? follow_pte+0x414/0x4c0 [ 1278.701647][T26528] report_bug+0x3c0/0x580 [ 1278.703615][T26528] handle_bug+0x3d/0x70 [ 1278.705458][T26528] exc_invalid_op+0x17/0x50 [ 1278.707282][T26528] asm_exc_invalid_op+0x1a/0x20 [ 1278.709180][T26528] RIP: 0010:follow_pte+0x414/0x4c0 [ 1278.711191][T26528] Code: bf 98 01 00 00 be ff ff ff ff e8 f7 c7 44 09 31 ff 41 89 c4 89 c6 e8 9b cd b9 ff 45 85 e4 0f 85 80 fc ff ff e8 4d cb b9 ff 90 <0f> 0b 90 e9 72 fc ff ff e8 3f cb b9 ff 90 0f 0b 48 c7 c7 d8 6f 14 [ 1278.719847][T26528] RSP: 0018:ffffc900047974d0 EFLAGS: 00010283 [ 1278.722411][T26528] RAX: 0000000000013379 RBX: 00007f2d51b44000 RCX: ffffc9000c403000 [ 1278.726103][T26528] RDX: 0000000000040000 RSI: ffffffff81d1f4a3 RDI: 0000000000000005 [ 1278.729434][T26528] RBP: ffff888030d6fba0 R08: 0000000000000005 R09: 0000000000000000 [ 1278.733516][T26528] R10: 0000000000000000 R11: 000000000000026a R12: 0000000000000000 [ 1278.736886][T26528] R13: ffffc90004797530 R14: ffffc90004797550 R15: ffff888029df5580 [ 1278.740355][T26528] ? follow_pte+0x413/0x4c0 [ 1278.742359][T26528] get_pat_info+0xf2/0x510 [ 1278.744359][T26528] ? __pfx_get_pat_info+0x10/0x10 [ 1278.746688][T26528] untrack_pfn+0xf7/0x4d0 [ 1278.749046][T26528] ? __pfx_untrack_pfn+0x10/0x10 [ 1278.751421][T26528] ? zap_page_range_single+0x307/0x560 [ 1278.753526][T26528] ? __pfx_lock_release+0x10/0x10 [ 1278.755501][T26528] ? uprobe_munmap+0x20/0x5d0 [ 1278.757394][T26528] unmap_single_vma+0x1bd/0x2b0 [ 1278.759874][T26528] zap_page_range_single+0x326/0x560 [ 1278.762109][T26528] ? __pfx_zap_page_range_single+0x10/0x10 [ 1278.764630][T26528] ? __pfx___might_resched+0x10/0x10 [ 1278.767010][T26528] ? vma_interval_tree_subtree_search+0x14d/0x1b0 [ 1278.770105][T26528] unmap_mapping_range+0x1ee/0x280 [ 1278.772348][T26528] ? __pfx_unmap_mapping_range+0x10/0x10 [ 1278.774685][T26528] ? inode_newsize_ok+0x13b/0x200 [ 1278.776941][T26528] truncate_pagecache+0x53/0x90 [ 1278.779223][T26528] simple_setattr+0xf2/0x120 [ 1278.781673][T26528] notify_change+0xf41/0x1230 [ 1278.784060][T26528] do_truncate+0x15c/0x220 [ 1278.786112][T26528] ? __pfx_do_truncate+0x10/0x10 [ 1278.788420][T26528] path_openat+0x27a8/0x2d20 [ 1278.790837][T26528] ? __pfx_path_openat+0x10/0x10 [ 1278.793467][T26528] ? __pfx___lock_acquire+0x10/0x10 [ 1278.796019][T26528] ? find_held_lock+0x2d/0x110 [ 1278.798316][T26528] do_filp_open+0x1dc/0x430 [ 1278.800728][T26528] ? __pfx_do_filp_open+0x10/0x10 [ 1278.802938][T26528] ? find_held_lock+0x2d/0x110 [ 1278.805120][T26528] ? _raw_spin_unlock+0x28/0x50 [ 1278.807314][T26528] ? alloc_fd+0x2d7/0x6c0 [ 1278.809423][T26528] do_sys_openat2+0x17a/0x1e0 [ 1278.811579][T26528] ? __pfx_do_sys_openat2+0x10/0x10 [ 1278.813805][T26528] ? __fget_files+0x256/0x400 [ 1278.816109][T26528] __x64_sys_openat+0x175/0x210 [ 1278.818101][T26528] ? __pfx___x64_sys_openat+0x10/0x10 [ 1278.820858][T26528] do_syscall_64+0xcd/0x250 [ 1278.823014][T26528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.825628][T26528] RIP: 0033:0x7f7856f79eb9 [ 1278.828943][T26528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1278.839082][T26528] RSP: 002b:00007f7857cf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1278.843065][T26528] RAX: ffffffffffffffda RBX: 00007f7857116130 RCX: 00007f7856f79eb9 [ 1278.846840][T26528] RDX: 0000000000003f00 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 1278.850433][T26528] RBP: 00007f7856fe793e R08: 0000000000000000 R09: 0000000000000000 [ 1278.853931][T26528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1278.857372][T26528] R13: 0000000000000000 R14: 00007f7857116130 R15: 00007fffccff4928 [ 1278.860851][T26528] [ 1278.862893][T26528] Kernel Offset: disabled [ 1278.865508][T26528] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:42:26 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8502d375 RDI=ffffffff9a5b2f20 RBP=ffffffff9a5b2ee0 RSP=ffffc90004796ea0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000030 R14=ffffffff8502d310 R15=0000000000000000 RIP=ffffffff8502d39f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f7857cf56c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000002df68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8762 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe876f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8769 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe877d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8803 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe88e1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78570eb488 00007f78570eb480 00007f78570eb478 00007f78570eb450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7857c4d100 00007f78570eb440 00007f78570eb458 00007f78570eb4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78570eb498 00007f78570eb490 00007f78570eb488 00007f78570eb480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffff888030362440 RCX=1ffffffff2d2d7ba RDX=0000000000000001 RSI=0000000000000004 RDI=ffffffff9696bdd0 RBP=bf8c2ea922061a85 RSP=ffffc900049a76f8 R8 =0000000000000000 R9 =fffffbfff2d244f7 R10=ffffffff969227bf R11=0000000000000000 R12=ffff888049c038e8 R13=ffff888032ba9900 R14=0000000000000246 R15=ffffc900049a78b8 RIP=ffffffff81696b37 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f7dba5e66c0 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f7dba5e5f98 CR3=000000004f042000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 007375746174732f 78756e696c65732f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8762 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe876f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8769 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe877d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8803 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe88e1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78570eb488 00007f78570eb480 00007f78570eb478 00007f78570eb450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7857c4d100 00007f78570eb440 00007f78570e0004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78570eb498 00007f78570eb490 00007f78570eb488 00007f78570eb480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000001000e4f RBX=0000000000000002 RCX=ffffffff8b16cb49 RDX=0000000000000000 RSI=ffffffff8b4cd740 RDI=ffffffff8bb0f900 RBP=ffffed1003adb000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d506fd9 R10=ffff88806a837ecb R11=0000000000000000 R12=0000000000000002 R13=ffff88801d6d8000 R14=ffffffff90143cd8 R15=0000000000000000 RIP=ffffffff8b16df3f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f7857cf4f98 CR3=000000002df68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8762 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe876f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8769 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe877d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe8803 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7856fe88e1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78570eb488 00007f78570eb480 00007f78570eb478 00007f78570eb450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7857c4d100 00007f78570eb440 00007f78570eb458 00007f78570eb4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f78570eb498 00007f78570eb490 00007f78570eb488 00007f78570eb480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=1ffff92000b1aeda RCX=1ffff1100d507dc0 RDX=ffffed1006738006 RSI=ffffffff8bb0f880 RDI=ffff88806a83ee00 RBP=ffff8880339c0000 RSP=ffffc900058d76a8 R8 =0000000000000000 R9 =ffffed1006738086 R10=ffff8880339c0437 R11=0000000000000000 R12=0000000000000007 R13=ffff8880339c0014 R14=ffff8880339c0a00 R15=ffff8880339c0034 RIP=ffffffff815dc51f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f7857d166c0 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020000000 CR3=000000002df68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a6fe8762 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a6fe876f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a6fe8769 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a6fe877d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a6fe8803 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a6fe88e1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a70eb488 00007f13a70eb480 00007f13a70eb478 00007f13a70eb450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a7c4d100 00007f13a70eb440 00007f13a70eb458 00007f13a70eb4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f13a70eb498 00007f13a70eb490 00007f13a70eb488 00007f13a70eb480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000