last executing test programs: 4.389352319s ago: executing program 0 (id=1208): mount$9p_tcp(&(0x7f0000000640), &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x8010, &(0x7f0000000080)={'trans=tcp,', {'port', 0x3d, 0x4e22}}) (fail_nth: 34) 4.134975241s ago: executing program 0 (id=1209): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="19000000"], 0x48) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={0x0, 0x0, 0x8}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x7, @null, @bpq0, 0x5, [@null, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1b, 0x0, 0x0) ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @default, @bpq0, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @null]}) openat$tun(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0) 4.061510491s ago: executing program 0 (id=1210): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff5"], 0xfdef) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000340009000000000000400000020000001000018009006400a553"], 0x24}, 0x1, 0x0, 0x0, 0x4841}, 0x4000010) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.806668971s ago: executing program 0 (id=1220): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (fail_nth: 3) 3.450911569s ago: executing program 0 (id=1226): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) write$char_usb(r6, &(0x7f0000000240)="0b06864742b6ef44b2b37f990523a316e76c59d61390a56b195d3387b995facc5eda77190e67a923ba5dc74fab9e1a0e5250daf9c474da", 0x37) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 3.060862529s ago: executing program 0 (id=1228): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0xe, 0x141341) r1 = syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES16=r0], 0x0) syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="1201"], 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67) process_vm_readv(r3, &(0x7f0000000280)=[{&(0x7f0000000140)=""/255, 0xff}], 0x1, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x400c1}, 0x0) ioctl$EVIOCGKEYCODE_V2(r4, 0x80284504, &(0x7f0000000040)=""/185) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x6, 0x20}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000001c0)={r6, 0x0, 0x4, 0x1000}, &(0x7f0000000240)=0x10) ioctl$USBDEVFS_GET_CAPABILITIES(r0, 0x8004551a, &(0x7f00000002c0)) r7 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r7, &(0x7f0000000d40)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000bc0)=@alg={0x120, 0x10, 0x200, 0x70bd28, 0x25dfdbfb, {{'cbc-camellia-aesni-avx2\x00'}, '\x00', '\x00', 0x0, 0x600}, [{0x8, 0x1, 0x100}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x7}, {0x8, 0x1, 0x4}, {0x8, 0x1, 0x3b}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0xff}, {0x8, 0x1, 0x9}]}, 0x120}, 0x1, 0x0, 0x0, 0x1}, 0x4c854) r8 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x28, 0x44, 0x0, 0x6}, {0x6, 0x0, 0x0, 0x7}]}, 0x10) r9 = socket$packet(0x11, 0x3, 0x300) r10 = socket$packet(0x11, 0x3, 0x300) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b0400000000000000000200000030000a80390001800a00010071756575650000001c0002800600034000040000060001400000000006000240000400000900010073797a300000"], 0x84}}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYRESHEX=r1, @ANYRESHEX=r2, @ANYBLOB="8b04040000000000700012800b00010067656e65766500e4000002800500"], 0x90}, 0x1, 0x0, 0x0, 0x20008000}, 0x404c084) setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00', 0x0}) sendto$packet(r8, &(0x7f00000000c0)="0b036800e0ceeefb64000200475400f6a13bb1000000080086dd", 0xff29, 0x20042884, &(0x7f0000000080)={0x11, 0x2, r12, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_open_dev$usbfs(&(0x7f0000000040), 0x204, 0x3a3541) ioctl$BTRFS_IOC_BALANCE_V2(r9, 0xc4009420, &(0x7f0000000340)={0x6, 0x0, {0x3, @struct={0x3, 0xbe7}, 0x0, 0x8, 0x7fffffffffffffff, 0x21be, 0x1, 0x8ff5, 0x408, @usage=0x658, 0x7, 0x9, [0x9, 0x1, 0x6, 0x6, 0x8, 0x2]}, {0xe, @struct={0x80000, 0xfffffff8}, 0x0, 0x7, 0xd8, 0x8001, 0x877, 0xe53f, 0x11, @struct={0x1f29, 0x9}, 0x6, 0x5, [0x3, 0xffffffffffff779f, 0x1, 0x81, 0xfffffffffffffbff, 0xe]}, {0xfffffffffffffff7, @struct={0x7cf1, 0x1}, 0x0, 0x800, 0xfa, 0xb, 0x9, 0x2, 0x0, @struct={0x8}, 0x3, 0x5, [0x2, 0x0, 0x9b, 0x6, 0x1000, 0x6]}, {0x3, 0x655, 0x6}}) 1.901247222s ago: executing program 1 (id=1238): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff5"], 0xfdef) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000340009000000000000400000020000001000018009006400a553"], 0x24}, 0x1, 0x0, 0x0, 0x4841}, 0x4000010) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.052969648s ago: executing program 2 (id=1242): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) recvfrom(r0, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 1.029725556s ago: executing program 1 (id=1243): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746c", 0xed}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def", 0xe8}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe752", 0x53}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a4292e2fbaa8", 0xea}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2727898d209dcb274", 0x1f}], 0x5}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72", 0x26}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd6424082bcd0864a854e542aacc3201fff776fe1c00"/216, 0xd8}], 0x2}}], 0x2, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.029598141s ago: executing program 2 (id=1244): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd) 1.016153302s ago: executing program 2 (id=1246): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 937.767109ms ago: executing program 1 (id=1247): pipe2$9p(&(0x7f00000001c0), 0x0) syz_emit_vhci(&(0x7f0000003200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADV_SET_RAND_ADDR={{}, 0x8}}}, 0x7) 937.441802ms ago: executing program 2 (id=1248): setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003640)=[{{0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000003100)="af", 0x1}, {&(0x7f00000020c0)="9cd23e229f0da96293a51f3246723dd9389b057fde90b4219f239a13042cd4f4f27b2fa0c319796ef6c38060566039af21ffc769f1d92b8b58146aebb74d90613928c65263101ebbe118a331e1081b2cb9317aa94fc6bbafeb5914dbe77e2090a76fb71dbad6afc7d03acfe4694cbca869b6d66d35aab503c6c5ca458238008d0e52172bde9a48186e3e9bfb7e121896db659ffbaace36e16cf67bb96d36fe3d0daf3997b1d27fbfaafba5b684c87fadc36ca04ee4a8b7e74fada144dc9e1492fe44d04ea248cb765f5387639922799b387034eefca37e01075ac41087d2d11f8a720028a0c0d086e7ac332fbe833d3a67337dfaa3b1f5831bf3af7af7ac108b545ad345bc89af9032887c0eb828074902dd96d74165805996a3b501d05d67676a93ac6ff0a4e50366a7e856ada9b6a2d33bcf3b6d134235d57044be9ca4ff192389927e90af2cea07fcb1f302cbf285e9a1567ee827c5353a851248f1e282630fa007f702142e04cdc7bc80ecb029b5f26294b7bdf5e511b77b47582fbb8b13a4ba89dc75945d8f57cf97fa0cfdbc4a87ad66d8a58c52c168d828215c00f1ac922c546250665b531691d6a9118ff903c8e81d7d936c3c3c6d38b5379c759bc968bc36ebd6b12936a3d25e8a2cf1ec951c8de018237eb1465787f2ef561786b14338c4c961cf6aced72d384f6aed5fe17d770ca9453ca3962a00cc47a11c922082b76efeffb76563d56f019e8e5a9ecabb9b83f49b8e5d213cc1634e35136568540d9f3295323b333fa53f997b50737cd552da86998fc4c7f19f32b77b6d2f87ea1806441b42bd51ec5ffca8bcb7b01e9c13fa4b63571e2297a01526430a078f5728c3f58b928958da5ab758ba2fbcbaff141fe587b735cd2767dbc0acc0a51b31210258d03763dbd438dc9db8686aac136b247bb6a01fb6a4c2ba4f489c5ff6724e00c9e8c44834da0c0a092a782dabde0cd5a3290b1647ac2a6cbe27311fa1737f06d85443330c773c1c1f84591d04803f296c958bb5f0fb6e17e1c32d7efbe733b9beb36c961f85f28370016ead6216e2336e9898b1d6c553e7a686682b6c90b60fbd7bc5fb4e91d0b7511021ca568c220553a7b79eb51176b4dd3ca3ec9c0f8ce9263c6604bc75c325fc71aeae9ed889fb9bd51433438d04b6c76c4d70feeed67b7b466a16ac7325cef03bb8a897ba6712aaf611c5d8449cdaf355cc4204797058b7d413e851aa13afcd4f4a540a6ced00055a0ceb20fc905b88b62297264dab8410896dba9c750fbe896a63637857015d6f6b126c384b19f67941b8828e35a5eab42be28b27b255b6bd1a3a214997c9cce8f0aef982b9ec54fcecacdc3c4be503d8b75710e30e69ab586e50e712030736c3cd3954eb88be954cdb0f6dc1bf091c9f00f31a0dbf936823df7f7706a84d0c5e4a062efef8ad14e070f31b3f8f6b4484d4f4ebc7679cfcf835806bf355ae34a329b8016986470854c6abeb3212c30edc05d1ee41877001e0cf2938082aefa40da5eead5b4467b27b14f760f2d69c535d6a3fe30a70c65420b5cb2eed75fa7fc0b7ea0041ac406c700dcdd82a4e286612615b759a48463a694df497fe9ffd64f445313524120d61e4e0b5b3a8170b1f9637963f2bc53c2ad6d9299e6d7928311ea04e35ab3ba7c739f699ea4d915d4579b12864589848c2b330f2d71fa230f14e0b490522c7c87cf9c822c979725bbe577b7a07d4dc71450f2ba867db516bcb8b8fed25374be9295719146c1934065f07fa30142923655c4db546bc802de484d2401fa9bfcf7ae3b0bf3f76ea54a917f523923a080a03b73e589e9ef94c640e6d8fea3b98f2d45a242a5521df735b8688e65dc579a6a3678cade4af6b723c2fa467bac1eaaf9f51c40e4e241f3ce3ad58793b0e334ec7d7b4eac25a77d50a0bebf51c16a95d586dda88e038bfa485b8fb86b338921163927c91d724654c547c0ec9ff108711fd24760c3990a68a8924a15b4aeeaae8380ad2938f538c3213a7f5ab6bdacd307c0496244a278c43f4a47888b6faa9d00a9802", 0x5ac}], 0x2}}], 0x1, 0x4040005) 937.109501ms ago: executing program 1 (id=1249): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000080000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x2, 0x0, 0x0, &(0x7f00000002c0)=""/76, 0x0, 0xeeef0000}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000840)={0x2, 0x0, [{0xf000, 0x60, &(0x7f0000000180)=""/96}, {0x8000000, 0x9f, &(0x7f0000000780)=""/159}]}) mkdir(&(0x7f0000000400)='./file0\x00', 0x99) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) truncate(&(0x7f0000000000)='./bus\x00', 0x8001) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r4, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) setfsuid(0xffffffffffffffff) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) r7 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000200)={'netdevsim0\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x3, 0x3, 0x7, 0x9, 0x7, 0xea7}}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xa, 0xfff3}, {0xfff2, 0xfff1}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000094}, 0x4044040) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0], 0x4000000000000302}) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 936.969759ms ago: executing program 2 (id=1250): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x8, 0x80000) fanotify_mark(r2, 0x105, 0x4800003a, r1, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(0x0) r3 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1000000000003, 0x5, 0x8, 0x3, 0x1, {0x5, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) 841.432718ms ago: executing program 1 (id=1252): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x10, 0x803, 0x0) write(r2, &(0x7f0000000000)="260000002200470154daf151af565d78276fdd2482dcf5c3e8ff06dde9010172b7e5c72e6cb6", 0x26) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) setuid(0x0) linkat(r3, &(0x7f0000000340)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1400) openat(r3, &(0x7f0000000080)='./file0\x00', 0x100, 0x20) sendto(r2, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000023c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/254, 0xfe}, {&(0x7f0000002a40)=""/4132, 0x1024}, {&(0x7f0000000240)=""/206, 0xce}, {&(0x7f00000001c0)=""/79, 0x4f}, {&(0x7f0000000100)=""/139, 0x8b}, {&(0x7f0000000880)=""/114, 0x72}], 0x6}, 0xfffffffe}], 0x1, 0x40002000, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14, r1, 0x701, 0x0, 0x0, {0x45}}, 0x14}}, 0x0) syz_emit_ethernet(0x76, &(0x7f00000004c0)={@broadcast, @random='\x00\x00B\f\x00', @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x40, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @empty, @mcast2, [@hopopts={0x11}], "fafb17c133d11e59"}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000001340)=@framed={{0xbe, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}}, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 840.122073ms ago: executing program 1 (id=1253): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r3, 0x0, 0x0) recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 311.047093ms ago: executing program 3 (id=1256): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x94) writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x201e}], 0x1e) 310.492203ms ago: executing program 3 (id=1257): pipe2$9p(&(0x7f00000001c0), 0x0) 190.667483ms ago: executing program 3 (id=1258): setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003640)=[{{0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000003100)="af", 0x1}, {&(0x7f00000020c0)="9cd23e229f0da96293a51f3246723dd9389b057fde90b4219f239a13042cd4f4f27b2fa0c319796ef6c38060566039af21ffc769f1d92b8b58146aebb74d90613928c65263101ebbe118a331e1081b2cb9317aa94fc6bbafeb5914dbe77e2090a76fb71dbad6afc7d03acfe4694cbca869b6d66d35aab503c6c5ca458238008d0e52172bde9a48186e3e9bfb7e121896db659ffbaace36e16cf67bb96d36fe3d0daf3997b1d27fbfaafba5b684c87fadc36ca04ee4a8b7e74fada144dc9e1492fe44d04ea248cb765f5387639922799b387034eefca37e01075ac41087d2d11f8a720028a0c0d086e7ac332fbe833d3a67337dfaa3b1f5831bf3af7af7ac108b545ad345bc89af9032887c0eb828074902dd96d74165805996a3b501d05d67676a93ac6ff0a4e50366a7e856ada9b6a2d33bcf3b6d134235d57044be9ca4ff192389927e90af2cea07fcb1f302cbf285e9a1567ee827c5353a851248f1e282630fa007f702142e04cdc7bc80ecb029b5f26294b7bdf5e511b77b47582fbb8b13a4ba89dc75945d8f57cf97fa0cfdbc4a87ad66d8a58c52c168d828215c00f1ac922c546250665b531691d6a9118ff903c8e81d7d936c3c3c6d38b5379c759bc968bc36ebd6b12936a3d25e8a2cf1ec951c8de018237eb1465787f2ef561786b14338c4c961cf6aced72d384f6aed5fe17d770ca9453ca3962a00cc47a11c922082b76efeffb76563d56f019e8e5a9ecabb9b83f49b8e5d213cc1634e35136568540d9f3295323b333fa53f997b50737cd552da86998fc4c7f19f32b77b6d2f87ea1806441b42bd51ec5ffca8bcb7b01e9c13fa4b63571e2297a01526430a078f5728c3f58b928958da5ab758ba2fbcbaff141fe587b735cd2767dbc0acc0a51b31210258d03763dbd438dc9db8686aac136b247bb6a01fb6a4c2ba4f489c5ff6724e00c9e8c44834da0c0a092a782dabde0cd5a3290b1647ac2a6cbe27311fa1737f06d85443330c773c1c1f84591d04803f296c958bb5f0fb6e17e1c32d7efbe733b9beb36c961f85f28370016ead6216e2336e9898b1d6c553e7a686682b6c90b60fbd7bc5fb4e91d0b7511021ca568c220553a7b79eb51176b4dd3ca3ec9c0f8ce9263c6604bc75c325fc71aeae9ed889fb9bd51433438d04b6c76c4d70feeed67b7b466a16ac7325cef03bb8a897ba6712aaf611c5d8449cdaf355cc4204797058b7d413e851aa13afcd4f4a540a6ced00055a0ceb20fc905b88b62297264dab8410896dba9c750fbe896a63637857015d6f6b126c384b19f67941b8828e35a5eab42be28b27b255b6bd1a3a214997c9cce8f0aef982b9ec54fcecacdc3c4be503d8b75710e30e69ab586e50e712030736c3cd3954eb88be954cdb0f6dc1bf091c9f00f31a0dbf936823df7f7706a84d0c5e4a062efef8ad14e070f31b3f8f6b4484d4f4ebc7679cfcf835806bf355ae34a329b8016986470854c6abeb3212c30edc05d1ee41877001e0cf2938082aefa40da5eead5b4467b27b14f760f2d69c535d6a3fe30a70c65420b5cb2eed75fa7fc0b7ea0041ac406c700dcdd82a4e286612615b759a48463a694df497fe9ffd64f445313524120d61e4e0b5b3a8170b1f9637963f2bc53c2ad6d9299e6d7928311ea04e35ab3ba7c739f699ea4d915d4579b12864589848c2b330f2d71fa230f14e0b490522c7c87cf9c822c979725bbe577b7a07d4dc71450f2ba867db516bcb8b8fed25374be9295719146c1934065f07fa30142923655c4db546bc802de484d2401fa9bfcf7ae3b0bf3f76ea54a917f523923a080a03b73e589e9ef94c640e6d8fea3b98f2d45a242a5521df735b8688e65dc579a6a3678cade4af6b723c2fa467bac1eaaf9f51c40e4e241f3ce3ad58793b0e334ec7d7b4eac25a77d50a0bebf51c16a95d586dda88e038bfa485b8fb86b338921163927c91d724654c547c0ec9ff108711fd24760c3990a68a8924a15b4aeeaae8380ad2938f538c3213a7f5ab6bdacd307c0496244a278c43f4a47888b6faa9d00a9802", 0x5ac}], 0x2}}], 0x1, 0x4040005) 190.464831ms ago: executing program 3 (id=1259): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="19000000"], 0x48) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={0x0, 0x0, 0x8}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) 65.834489ms ago: executing program 3 (id=1260): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000200)=0x8001100) (fail_nth: 3) 267.409µs ago: executing program 3 (id=1261): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}}, 0x0) 0s ago: executing program 2 (id=1262): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="19000000"], 0x48) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={0x0, 0x0, 0x8}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r2, 0x8914, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, 0x0, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x7, @null, @bpq0, 0x5, [@null, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r6, 0x29, 0x1b, 0x0, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @default, @bpq0, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @null]}) openat$tun(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 0 (id=1267): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) kernel console output (not intermixed with test programs): attributes in process `syz.1.366'. [ 71.879449][ T7025] netfs: Couldn't get user pages (rc=-14) [ 72.776935][ T7051] netfs: Couldn't get user pages (rc=-14) [ 73.522363][ T7100] netfs: Couldn't get user pages (rc=-14) [ 73.525307][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 73.525316][ T40] audit: type=1800 audit(1751555800.057:280): pid=7100 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.406" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 73.820946][ T40] audit: type=1800 audit(1751555800.357:281): pid=7129 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.420" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 73.821905][ T7129] netfs: Couldn't get user pages (rc=-14) [ 74.024371][ T40] audit: type=1800 audit(1751555800.567:282): pid=7152 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.431" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 74.025035][ T7152] netfs: Couldn't get user pages (rc=-14) [ 74.336207][ T40] audit: type=1800 audit(1751555800.877:283): pid=7184 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.445" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 74.337563][ T7184] netfs: Couldn't get user pages (rc=-14) [ 74.803491][ T6025] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 74.894948][ T40] audit: type=1800 audit(1751555801.437:284): pid=7225 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.465" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 74.898741][ T7225] netfs: Couldn't get user pages (rc=-14) [ 75.240352][ T6025] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.429284][ T40] audit: type=1800 audit(1751555801.967:285): pid=7256 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.478" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 75.434599][ T7256] netfs: Couldn't get user pages (rc=-14) [ 75.767962][ T6025] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.771121][ T6025] usb 6-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 75.774099][ T6025] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.792355][ T6025] usb 6-1: config 0 descriptor?? [ 76.087286][ T40] audit: type=1800 audit(1751555802.627:286): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.491" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 76.095104][ T7285] netfs: Couldn't get user pages (rc=-14) [ 76.178702][ T6025] usbhid 6-1:0.0: can't add hid device: -71 [ 76.496664][ T6025] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 76.860794][ T6025] usb 6-1: USB disconnect, device number 2 [ 77.208871][ T40] audit: type=1800 audit(1751555803.747:287): pid=7329 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.510" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 77.218665][ T7329] netfs: Couldn't get user pages (rc=-14) [ 77.947165][ T40] audit: type=1400 audit(1751555804.487:288): avc: denied { setopt } for pid=7353 comm="syz.1.519" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 78.274701][ T40] audit: type=1800 audit(1751555804.817:289): pid=7378 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.530" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 78.281093][ T7378] netfs: Couldn't get user pages (rc=-14) [ 78.929494][ T7392] netlink: 8 bytes leftover after parsing attributes in process `syz.3.535'. [ 79.079085][ T40] audit: type=1800 audit(1751555805.617:290): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.540" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 79.084118][ T7402] netfs: Couldn't get user pages (rc=-14) [ 79.205947][ T40] audit: type=1400 audit(1751555805.747:291): avc: denied { create } for pid=7413 comm="syz.3.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 79.214940][ T40] audit: type=1400 audit(1751555805.747:292): avc: denied { connect } for pid=7413 comm="syz.3.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 79.221400][ T40] audit: type=1400 audit(1751555805.747:293): avc: denied { bind } for pid=7413 comm="syz.3.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 79.415823][ T7422] fuse: Unknown parameter '18446744073709551615' [ 79.453748][ T6007] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 79.633565][ T6007] usb 8-1: Using ep0 maxpacket: 8 [ 79.636776][ T6007] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 79.640001][ T6007] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 79.643112][ T6007] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 79.646834][ T6007] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 79.651451][ T6007] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 79.656064][ T6007] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.872921][ T6007] usb 8-1: GET_CAPABILITIES returned 0 [ 79.876048][ T6007] usbtmc 8-1:16.0: can't read capabilities [ 80.079232][ T40] audit: type=1400 audit(1751555806.617:294): avc: denied { write } for pid=7413 comm="syz.3.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 80.141615][ T7452] 8021q: adding VLAN 0 to HW filter on device bond1 [ 80.148291][ T40] audit: type=1400 audit(1751555806.687:295): avc: denied { ioctl } for pid=7413 comm="syz.3.546" path="socket:[20535]" dev="sockfs" ino=20535 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 80.160953][ T7416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.546'. [ 80.164485][ T40] audit: type=1400 audit(1751555806.687:296): avc: denied { setopt } for pid=7413 comm="syz.3.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 80.166025][ T7416] openvswitch: : Dropping previously announced user features [ 80.170342][ T40] audit: type=1400 audit(1751555806.697:297): avc: denied { read } for pid=7413 comm="syz.3.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 80.186723][ T9] usb 8-1: USB disconnect, device number 3 [ 80.253480][ T40] audit: type=1800 audit(1751555806.787:298): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.562" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 80.258285][ T7458] netfs: Couldn't get user pages (rc=-14) [ 81.093006][ T40] audit: type=1800 audit(1751555807.627:299): pid=7487 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.574" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 81.103546][ T7487] netfs: Couldn't get user pages (rc=-14) [ 81.161118][ T7493] 9pnet_fd: p9_fd_create_tcp (7493): problem connecting socket to 127.0.0.1 [ 81.316722][ T34] cfg80211: failed to load regulatory.db [ 82.184416][ T7515] netfs: Couldn't get user pages (rc=-14) [ 82.305051][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 84.115014][ T5943] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 84.117752][ T5943] Bluetooth: hci3: Injecting HCI hardware error event [ 84.120747][ T5952] Bluetooth: hci3: hardware error 0x00 [ 84.145257][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 84.145271][ T40] audit: type=1400 audit(1751555810.687:301): avc: denied { create } for pid=7599 comm="syz.2.623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 84.154584][ T40] audit: type=1400 audit(1751555810.687:302): avc: denied { setopt } for pid=7599 comm="syz.2.623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 84.160849][ T40] audit: type=1400 audit(1751555810.687:303): avc: denied { write } for pid=7599 comm="syz.2.623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 84.518315][ T40] audit: type=1800 audit(1751555811.057:304): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.629" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 84.524420][ T7616] netfs: Couldn't get user pages (rc=-14) [ 85.022662][ T7626] FAULT_INJECTION: forcing a failure. [ 85.022662][ T7626] name failslab, interval 1, probability 0, space 0, times 0 [ 85.026711][ T7626] CPU: 2 UID: 0 PID: 7626 Comm: syz.0.632 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 85.026726][ T7626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.026732][ T7626] Call Trace: [ 85.026736][ T7626] [ 85.026745][ T7626] dump_stack_lvl+0x16c/0x1f0 [ 85.026779][ T7626] should_fail_ex+0x512/0x640 [ 85.026796][ T7626] ? fs_reclaim_acquire+0xae/0x150 [ 85.026808][ T7626] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 85.026822][ T7626] should_failslab+0xc2/0x120 [ 85.026837][ T7626] __kmalloc_noprof+0xd2/0x510 [ 85.026853][ T7626] tomoyo_realpath_from_path+0xc2/0x6e0 [ 85.026869][ T7626] ? tomoyo_profile+0x47/0x60 [ 85.026885][ T7626] tomoyo_path_number_perm+0x245/0x580 [ 85.026897][ T7626] ? tomoyo_path_number_perm+0x237/0x580 [ 85.026910][ T7626] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.026923][ T7626] ? find_held_lock+0x2b/0x80 [ 85.026946][ T7626] ? find_held_lock+0x2b/0x80 [ 85.026958][ T7626] ? hook_file_ioctl_common+0x145/0x410 [ 85.026977][ T7626] ? __fget_files+0x20e/0x3c0 [ 85.026993][ T7626] security_file_ioctl+0x9b/0x240 [ 85.027007][ T7626] __x64_sys_ioctl+0xb7/0x210 [ 85.027020][ T7626] do_syscall_64+0xcd/0x4c0 [ 85.027035][ T7626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.027046][ T7626] RIP: 0033:0x7f3fc5f8e929 [ 85.027054][ T7626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.027064][ T7626] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.027074][ T7626] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 85.027081][ T7626] RDX: 0000200000000000 RSI: 0000000080045503 RDI: 0000000000000003 [ 85.027087][ T7626] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 85.027093][ T7626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.027099][ T7626] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 85.027111][ T7626] [ 85.027115][ T7626] ERROR: Out of memory at tomoyo_realpath_from_path. [ 85.174926][ T7631] overlayfs: failed to resolve './file0': -2 [ 85.390048][ T40] audit: type=1800 audit(1751555811.927:305): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.640" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 85.398456][ T7645] netfs: Couldn't get user pages (rc=-14) [ 85.607705][ T40] audit: type=1400 audit(1751555812.147:306): avc: denied { create } for pid=7655 comm="syz.0.644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 85.728667][ T7661] overlayfs: failed to resolve './file0': -2 [ 86.183575][ T5952] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 86.501486][ T7676] netfs: Couldn't get user pages (rc=-14) [ 86.503704][ T40] audit: type=1800 audit(1751555813.037:307): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.652" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 86.864253][ T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 87.013429][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 87.017784][ T9] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 87.020998][ T9] usb 7-1: config 0 has no interface number 0 [ 87.024368][ T9] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 87.028559][ T9] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 87.033891][ T9] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 87.037944][ T9] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 87.041114][ T9] usb 7-1: Product: syz [ 87.042850][ T9] usb 7-1: SerialNumber: syz [ 87.047922][ T9] usb 7-1: config 0 descriptor?? [ 87.053054][ T9] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 87.059439][ T9] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.8/input/input11 [ 87.277079][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 87.488497][ T7684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.492701][ T7684] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.499766][ T7684] netlink: 'syz.2.655': attribute type 39 has an invalid length. [ 87.716193][ T7706] overlayfs: failed to resolve './file0': -2 [ 87.736424][ T6007] usb 7-1: USB disconnect, device number 2 [ 87.736427][ C3] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 87.741167][ C3] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 87.746976][ T6007] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 88.278620][ T40] audit: type=1800 audit(1751555814.817:308): pid=7711 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.665" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 88.279665][ T7711] netfs: Couldn't get user pages (rc=-14) [ 88.652344][ T7732] 9pnet_fd: Insufficient options for proto=fd [ 89.570508][ T7758] 9pnet_fd: Insufficient options for proto=fd [ 90.026423][ T7774] netlink: 104 bytes leftover after parsing attributes in process `syz.0.691'. [ 90.026523][ T40] audit: type=1400 audit(1751555816.567:309): avc: denied { nlmsg_read } for pid=7773 comm="syz.0.691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 90.882626][ T7793] 9pnet_fd: Insufficient options for proto=fd [ 91.091934][ T7805] netlink: 8 bytes leftover after parsing attributes in process `syz.3.701'. [ 91.095974][ T7805] openvswitch: : Dropping previously announced user features [ 91.639730][ T40] audit: type=1400 audit(1751555818.177:310): avc: denied { create } for pid=7814 comm="syz.2.705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 92.115802][ T7834] FAULT_INJECTION: forcing a failure. [ 92.115802][ T7834] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.119913][ T7834] CPU: 1 UID: 0 PID: 7834 Comm: syz.0.712 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 92.119927][ T7834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.119934][ T7834] Call Trace: [ 92.119943][ T7834] [ 92.119947][ T7834] dump_stack_lvl+0x16c/0x1f0 [ 92.119976][ T7834] should_fail_ex+0x512/0x640 [ 92.119995][ T7834] _copy_from_user+0x2e/0xd0 [ 92.120010][ T7834] copy_msghdr_from_user+0x98/0x160 [ 92.120025][ T7834] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 92.120045][ T7834] ___sys_sendmsg+0xfe/0x1d0 [ 92.120060][ T7834] ? __pfx____sys_sendmsg+0x10/0x10 [ 92.120073][ T7834] ? __lock_acquire+0x622/0x1c90 [ 92.120103][ T7834] __sys_sendmsg+0x16d/0x220 [ 92.120117][ T7834] ? __pfx___sys_sendmsg+0x10/0x10 [ 92.120139][ T7834] do_syscall_64+0xcd/0x4c0 [ 92.120155][ T7834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.120166][ T7834] RIP: 0033:0x7f3fc5f8e929 [ 92.120175][ T7834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.120185][ T7834] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 92.120195][ T7834] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 92.120202][ T7834] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 92.120207][ T7834] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 92.120213][ T7834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.120219][ T7834] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 92.120231][ T7834] [ 92.492899][ T7849] lo speed is unknown, defaulting to 1000 [ 92.498434][ T7849] lo speed is unknown, defaulting to 1000 [ 92.502160][ T7849] lo speed is unknown, defaulting to 1000 [ 92.577642][ T7851] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 92.583861][ T5952] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 92.583919][ T5952] Bluetooth: hci2: Injecting HCI hardware error event [ 92.588141][ T5952] Bluetooth: hci2: hardware error 0x00 [ 92.592875][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.717'. [ 92.593220][ T7849] infiniband syz0: set active [ 92.597314][ T7851] openvswitch: : Dropping previously announced user features [ 92.599617][ T6007] lo speed is unknown, defaulting to 1000 [ 92.604488][ T7849] infiniband syz0: added lo [ 92.641956][ T7849] RDS/IB: syz0: added [ 92.645365][ T7849] smc: adding ib device syz0 with port count 1 [ 92.647657][ T7849] smc: ib device syz0 port 1 has pnetid [ 92.650379][ T6007] lo speed is unknown, defaulting to 1000 [ 92.654060][ T7849] lo speed is unknown, defaulting to 1000 [ 92.754533][ T7849] lo speed is unknown, defaulting to 1000 [ 92.845686][ T7849] lo speed is unknown, defaulting to 1000 [ 92.981983][ T7849] lo speed is unknown, defaulting to 1000 [ 93.589910][ T7881] overlayfs: failed to resolve './file1': -2 [ 94.194757][ T7906] overlayfs: failed to resolve './file1': -2 [ 94.666825][ T5952] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 94.767409][ T40] audit: type=1400 audit(1751555821.307:311): avc: denied { write } for pid=7924 comm="syz.1.744" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 95.234118][ T7955] netlink: 24 bytes leftover after parsing attributes in process `syz.2.756'. [ 95.336921][ T7960] overlayfs: failed to resolve './file1': -2 [ 96.052435][ T7987] netlink: 24 bytes leftover after parsing attributes in process `syz.1.768'. [ 96.295737][ T8008] block nbd3: shutting down sockets [ 96.339636][ T8013] netlink: 24 bytes leftover after parsing attributes in process `syz.1.777'. [ 96.425334][ T8018] FAULT_INJECTION: forcing a failure. [ 96.425334][ T8018] name failslab, interval 1, probability 0, space 0, times 0 [ 96.430377][ T8018] CPU: 2 UID: 0 PID: 8018 Comm: syz.2.779 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 96.430401][ T8018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.430412][ T8018] Call Trace: [ 96.430419][ T8018] [ 96.430426][ T8018] dump_stack_lvl+0x16c/0x1f0 [ 96.430476][ T8018] should_fail_ex+0x512/0x640 [ 96.430509][ T8018] ? fs_reclaim_acquire+0xae/0x150 [ 96.430529][ T8018] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 96.430553][ T8018] should_failslab+0xc2/0x120 [ 96.430578][ T8018] __kmalloc_noprof+0xd2/0x510 [ 96.430603][ T8018] tomoyo_realpath_from_path+0xc2/0x6e0 [ 96.430630][ T8018] ? tomoyo_profile+0x47/0x60 [ 96.430658][ T8018] tomoyo_path_number_perm+0x245/0x580 [ 96.430677][ T8018] ? tomoyo_path_number_perm+0x237/0x580 [ 96.430701][ T8018] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 96.430721][ T8018] ? find_held_lock+0x2b/0x80 [ 96.430763][ T8018] ? find_held_lock+0x2b/0x80 [ 96.430785][ T8018] ? hook_file_ioctl_common+0x145/0x410 [ 96.430818][ T8018] ? __fget_files+0x20e/0x3c0 [ 96.430846][ T8018] security_file_ioctl+0x9b/0x240 [ 96.430871][ T8018] __x64_sys_ioctl+0xb7/0x210 [ 96.430893][ T8018] do_syscall_64+0xcd/0x4c0 [ 96.430920][ T8018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.430938][ T8018] RIP: 0033:0x7fb06978e929 [ 96.430953][ T8018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.430971][ T8018] RSP: 002b:00007fb06a68a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.430988][ T8018] RAX: ffffffffffffffda RBX: 00007fb0699b5fa0 RCX: 00007fb06978e929 [ 96.431000][ T8018] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 96.431011][ T8018] RBP: 00007fb06a68a090 R08: 0000000000000000 R09: 0000000000000000 [ 96.431020][ T8018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.431030][ T8018] R13: 0000000000000000 R14: 00007fb0699b5fa0 R15: 00007fff8b1bd648 [ 96.431053][ T8018] [ 96.431061][ T8018] ERROR: Out of memory at tomoyo_realpath_from_path. [ 96.478039][ T8022] block nbd2: shutting down sockets [ 96.770549][ T40] audit: type=1400 audit(1751555823.307:312): avc: denied { append } for pid=8035 comm="syz.2.786" name="cec0" dev="devtmpfs" ino=973 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.076245][ T8045] netlink: 16 bytes leftover after parsing attributes in process `syz.0.790'. [ 97.326741][ T8055] block nbd3: shutting down sockets [ 97.423854][ T8064] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input12 [ 97.476516][ T8070] netlink: 16 bytes leftover after parsing attributes in process `syz.1.800'. [ 97.724977][ T40] audit: type=1400 audit(1751555824.267:313): avc: denied { create } for pid=8080 comm="syz.3.805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 97.993619][ T8089] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input13 [ 98.034889][ T8089] FAULT_INJECTION: forcing a failure. [ 98.034889][ T8089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.039973][ T8089] CPU: 0 UID: 0 PID: 8089 Comm: syz.3.809 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 98.039989][ T8089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.039997][ T8089] Call Trace: [ 98.040001][ T8089] [ 98.040018][ T8089] dump_stack_lvl+0x16c/0x1f0 [ 98.040054][ T8089] should_fail_ex+0x512/0x640 [ 98.040075][ T8089] _copy_to_user+0x32/0xd0 [ 98.040091][ T8089] simple_read_from_buffer+0xcb/0x170 [ 98.040107][ T8089] proc_fail_nth_read+0x197/0x270 [ 98.040121][ T8089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 98.040135][ T8089] ? rw_verify_area+0xcf/0x680 [ 98.040146][ T8089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 98.040159][ T8089] vfs_read+0x1e4/0xc60 [ 98.040174][ T8089] ? __pfx___mutex_lock+0x10/0x10 [ 98.040213][ T8089] ? __pfx_vfs_read+0x10/0x10 [ 98.040233][ T8089] ? __fget_files+0x20e/0x3c0 [ 98.040251][ T8089] ksys_read+0x12a/0x250 [ 98.040264][ T8089] ? __pfx_ksys_read+0x10/0x10 [ 98.040280][ T8089] do_syscall_64+0xcd/0x4c0 [ 98.040297][ T8089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.040309][ T8089] RIP: 0033:0x7fc1c6b8d33c [ 98.040319][ T8089] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 98.040329][ T8089] RSP: 002b:00007fc1c7918030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 98.040340][ T8089] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8d33c [ 98.040347][ T8089] RDX: 000000000000000f RSI: 00007fc1c79180a0 RDI: 0000000000000003 [ 98.040353][ T8089] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 98.040358][ T8089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.040365][ T8089] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 98.040378][ T8089] [ 98.101908][ C0] vkms_vblank_simulate: vblank timer overrun [ 98.145551][ T8092] netlink: 16 bytes leftover after parsing attributes in process `syz.2.810'. [ 98.429521][ T8110] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input14 [ 98.480060][ T8115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.820'. [ 98.486223][ T8115] FAULT_INJECTION: forcing a failure. [ 98.486223][ T8115] name failslab, interval 1, probability 0, space 0, times 0 [ 98.492252][ T8115] CPU: 2 UID: 0 PID: 8115 Comm: syz.2.820 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 98.492276][ T8115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.492286][ T8115] Call Trace: [ 98.492299][ T8115] [ 98.492306][ T8115] dump_stack_lvl+0x16c/0x1f0 [ 98.492364][ T8115] should_fail_ex+0x512/0x640 [ 98.492389][ T8115] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 98.492412][ T8115] should_failslab+0xc2/0x120 [ 98.492440][ T8115] __kmalloc_cache_noprof+0x6a/0x3e0 [ 98.492458][ T8115] ? ovs_dp_cmd_new+0x1af/0xe60 [ 98.492484][ T8115] ovs_dp_cmd_new+0x1af/0xe60 [ 98.492510][ T8115] ? rcu_is_watching+0x12/0xc0 [ 98.492531][ T8115] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 98.492558][ T8115] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 98.492580][ T8115] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 98.492605][ T8115] genl_family_rcv_msg_doit+0x209/0x2f0 [ 98.492627][ T8115] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 98.492653][ T8115] ? bpf_lsm_capable+0x9/0x10 [ 98.492670][ T8115] ? security_capable+0x7e/0x260 [ 98.492690][ T8115] ? ns_capable+0xd7/0x110 [ 98.492715][ T8115] genl_rcv_msg+0x55c/0x800 [ 98.492737][ T8115] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.492758][ T8115] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 98.492788][ T8115] netlink_rcv_skb+0x158/0x420 [ 98.492805][ T8115] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.492824][ T8115] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 98.492850][ T8115] ? netlink_deliver_tap+0x1ae/0xd30 [ 98.492880][ T8115] genl_rcv+0x28/0x40 [ 98.492896][ T8115] netlink_unicast+0x53d/0x7f0 [ 98.492913][ T8115] ? __pfx_netlink_unicast+0x10/0x10 [ 98.492935][ T8115] netlink_sendmsg+0x8d1/0xdd0 [ 98.492953][ T8115] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.492979][ T8115] ____sys_sendmsg+0xa95/0xc70 [ 98.492996][ T8115] ? copy_msghdr_from_user+0x10a/0x160 [ 98.493019][ T8115] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.493047][ T8115] ___sys_sendmsg+0x134/0x1d0 [ 98.493071][ T8115] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.493092][ T8115] ? __lock_acquire+0x622/0x1c90 [ 98.493147][ T8115] __sys_sendmsg+0x16d/0x220 [ 98.493171][ T8115] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.493210][ T8115] do_syscall_64+0xcd/0x4c0 [ 98.493237][ T8115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.493254][ T8115] RIP: 0033:0x7fb06978e929 [ 98.493268][ T8115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.493285][ T8115] RSP: 002b:00007fb06a68a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.493303][ T8115] RAX: ffffffffffffffda RBX: 00007fb0699b5fa0 RCX: 00007fb06978e929 [ 98.493314][ T8115] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 98.493325][ T8115] RBP: 00007fb06a68a090 R08: 0000000000000000 R09: 0000000000000000 [ 98.493335][ T8115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.493362][ T8115] R13: 0000000000000000 R14: 00007fb0699b5fa0 R15: 00007fff8b1bd648 [ 98.493383][ T8115] [ 98.516140][ T8117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.821'. [ 98.855615][ T8141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.858924][ T8141] batadv_slave_0: entered promiscuous mode [ 98.861031][ T8141] batadv_slave_0: entered allmulticast mode [ 98.920204][ T8146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.833'. [ 98.926061][ T8146] openvswitch: : Dropping previously announced user features [ 98.972073][ T8152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.836'. [ 99.012901][ T8155] FAULT_INJECTION: forcing a failure. [ 99.012901][ T8155] name failslab, interval 1, probability 0, space 0, times 0 [ 99.018534][ T8155] CPU: 0 UID: 0 PID: 8155 Comm: syz.0.837 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 99.018549][ T8155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.018556][ T8155] Call Trace: [ 99.018559][ T8155] [ 99.018563][ T8155] dump_stack_lvl+0x16c/0x1f0 [ 99.018582][ T8155] should_fail_ex+0x512/0x640 [ 99.018595][ T8155] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 99.018612][ T8155] should_failslab+0xc2/0x120 [ 99.018629][ T8155] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 99.018642][ T8155] ? __alloc_skb+0x2b2/0x380 [ 99.018658][ T8155] __alloc_skb+0x2b2/0x380 [ 99.018671][ T8155] ? __pfx___alloc_skb+0x10/0x10 [ 99.018686][ T8155] ? tcp_chrono_stop+0x95/0x420 [ 99.018704][ T8155] tcp_stream_alloc_skb+0x34/0x570 [ 99.018720][ T8155] tcp_connect+0xe75/0x5480 [ 99.018741][ T8155] ? __pfx_tcp_connect+0x10/0x10 [ 99.018755][ T8155] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 99.018771][ T8155] ? xfrm_lookup_route+0x6a/0x200 [ 99.018789][ T8155] tcp_v4_connect+0x153b/0x1bd0 [ 99.018806][ T8155] ? __pfx_tcp_v4_connect+0x10/0x10 [ 99.018818][ T8155] ? __lock_acquire+0xb8a/0x1c90 [ 99.018837][ T8155] __inet_stream_connect+0x3c8/0x1020 [ 99.018853][ T8155] ? __pfx___inet_stream_connect+0x10/0x10 [ 99.018867][ T8155] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 99.018880][ T8155] ? __local_bh_enable_ip+0xa4/0x120 [ 99.018895][ T8155] inet_stream_connect+0x57/0xa0 [ 99.018909][ T8155] p9_fd_create_tcp+0x307/0x540 [ 99.018922][ T8155] ? __pfx_p9_fd_create_tcp+0x10/0x10 [ 99.018943][ T8155] ? p9_client_create+0x7a9/0x11c0 [ 99.018962][ T8155] p9_client_create+0x80f/0x11c0 [ 99.018980][ T8155] ? __pfx_p9_client_create+0x10/0x10 [ 99.018998][ T8155] ? rcu_is_watching+0x12/0xc0 [ 99.019019][ T8155] ? lockdep_init_map_type+0x5c/0x280 [ 99.019041][ T8155] ? __raw_spin_lock_init+0x3a/0x110 [ 99.019061][ T8155] v9fs_session_init+0x1f7/0x1a80 [ 99.019100][ T8155] ? __pfx_v9fs_session_init+0x10/0x10 [ 99.019159][ T8155] v9fs_mount+0xc5/0xa30 [ 99.019173][ T8155] ? __pfx_v9fs_mount+0x10/0x10 [ 99.019195][ T8155] ? cap_capable+0xb3/0x250 [ 99.019210][ T8155] ? __pfx_v9fs_mount+0x10/0x10 [ 99.019221][ T8155] legacy_get_tree+0x109/0x220 [ 99.019237][ T8155] vfs_get_tree+0x8e/0x340 [ 99.019248][ T8155] path_mount+0x1414/0x2020 [ 99.019264][ T8155] ? kmem_cache_free+0x2d1/0x4d0 [ 99.019277][ T8155] ? __pfx_path_mount+0x10/0x10 [ 99.019294][ T8155] ? putname+0x154/0x1a0 [ 99.019311][ T8155] __x64_sys_mount+0x28d/0x310 [ 99.019327][ T8155] ? __pfx___x64_sys_mount+0x10/0x10 [ 99.019347][ T8155] do_syscall_64+0xcd/0x4c0 [ 99.019363][ T8155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.019375][ T8155] RIP: 0033:0x7f3fc5f8e929 [ 99.019384][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.019394][ T8155] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 99.019405][ T8155] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 99.019411][ T8155] RDX: 00002000000006c0 RSI: 0000200000000680 RDI: 0000200000000640 [ 99.019417][ T8155] RBP: 00007f3fc6d4e090 R08: 0000200000000080 R09: 0000000000000000 [ 99.019423][ T8155] R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000002 [ 99.019429][ T8155] R13: 0000000000000001 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 99.019442][ T8155] [ 99.019525][ T8155] 9pnet_fd: p9_fd_create_tcp (8155): problem connecting socket to 127.0.0.1 [ 99.611812][ T40] audit: type=1400 audit(1751555826.147:314): avc: denied { write } for pid=8170 comm="syz.1.844" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 99.866492][ T838] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 100.030169][ T838] usb 6-1: not running at top speed; connect to a high speed hub [ 100.044122][ T838] usb 6-1: config 1 interface 0 altsetting 4 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 100.048532][ T838] usb 6-1: config 1 interface 0 has no altsetting 0 [ 100.067187][ T838] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 100.070801][ T838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.084051][ T838] usb 6-1: Product: syz [ 100.085845][ T838] usb 6-1: Manufacturer: syz [ 100.087747][ T838] usb 6-1: SerialNumber: syz [ 100.102092][ T8173] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 100.105692][ T40] audit: type=1326 audit(1751555826.647:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8200 comm="syz.2.858" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb06978e929 code=0x0 [ 100.208262][ T8205] QAT: failed to copy from user cfg_data. [ 100.211178][ T40] audit: type=1400 audit(1751555826.747:316): avc: denied { create } for pid=8200 comm="syz.2.858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 100.219141][ T40] audit: type=1400 audit(1751555826.747:317): avc: denied { ioctl } for pid=8200 comm="syz.2.858" path="socket:[23434]" dev="sockfs" ino=23434 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 100.229421][ T40] audit: type=1400 audit(1751555826.747:318): avc: denied { write } for pid=8200 comm="syz.2.858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 100.283698][ T8207] FAULT_INJECTION: forcing a failure. [ 100.283698][ T8207] name failslab, interval 1, probability 0, space 0, times 0 [ 100.288825][ T8207] CPU: 3 UID: 0 PID: 8207 Comm: syz.3.860 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 100.288849][ T8207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.288859][ T8207] Call Trace: [ 100.288866][ T8207] [ 100.288874][ T8207] dump_stack_lvl+0x16c/0x1f0 [ 100.288925][ T8207] should_fail_ex+0x512/0x640 [ 100.288953][ T8207] ? fs_reclaim_acquire+0xae/0x150 [ 100.288973][ T8207] ? tomoyo_encode2+0x100/0x3e0 [ 100.288995][ T8207] should_failslab+0xc2/0x120 [ 100.289021][ T8207] __kmalloc_noprof+0xd2/0x510 [ 100.289044][ T8207] ? d_absolute_path+0x136/0x1a0 [ 100.289066][ T8207] tomoyo_encode2+0x100/0x3e0 [ 100.289094][ T8207] tomoyo_encode+0x29/0x50 [ 100.289117][ T8207] tomoyo_realpath_from_path+0x18f/0x6e0 [ 100.289148][ T8207] tomoyo_path_number_perm+0x245/0x580 [ 100.289167][ T8207] ? tomoyo_path_number_perm+0x237/0x580 [ 100.289190][ T8207] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 100.289211][ T8207] ? find_held_lock+0x2b/0x80 [ 100.289256][ T8207] ? find_held_lock+0x2b/0x80 [ 100.289276][ T8207] ? hook_file_ioctl_common+0x145/0x410 [ 100.289308][ T8207] ? __fget_files+0x20e/0x3c0 [ 100.289337][ T8207] security_file_ioctl+0x9b/0x240 [ 100.289363][ T8207] __x64_sys_ioctl+0xb7/0x210 [ 100.289383][ T8207] do_syscall_64+0xcd/0x4c0 [ 100.289408][ T8207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.289426][ T8207] RIP: 0033:0x7fc1c6b8e929 [ 100.289441][ T8207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.289457][ T8207] RSP: 002b:00007fc1c7918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.289475][ T8207] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8e929 [ 100.289486][ T8207] RDX: 0000200000000000 RSI: 0000000080045503 RDI: 0000000000000003 [ 100.289497][ T8207] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 100.289508][ T8207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.289517][ T8207] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 100.289541][ T8207] [ 100.289560][ T8207] ERROR: Out of memory at tomoyo_realpath_from_path. [ 100.318768][ T838] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 4 proto 2 vid 0x0525 pid 0xA4A8 [ 100.376562][ T838] usb 6-1: USB disconnect, device number 3 [ 100.381100][ T838] usblp0: removed [ 100.511574][ T40] audit: type=1400 audit(1751555827.047:319): avc: denied { ioctl } for pid=8170 comm="syz.1.844" path="/dev/hpet" dev="devtmpfs" ino=630 ioctlcmd=0xf50f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 100.823534][ T838] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 100.973541][ T838] usb 6-1: Using ep0 maxpacket: 8 [ 101.082692][ T8222] __nla_validate_parse: 3 callbacks suppressed [ 101.082703][ T8222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'. [ 101.306530][ T8173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.309681][ T8173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.313462][ T838] usb 6-1: unable to get BOS descriptor or descriptor too short [ 101.323374][ T838] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 101.325769][ T838] usb 6-1: can't read configurations, error -71 [ 101.347921][ T40] audit: type=1400 audit(1751555827.887:320): avc: denied { ioctl } for pid=8232 comm="syz.3.871" path="socket:[25990]" dev="sockfs" ino=25990 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 101.445536][ T8247] netlink: 8 bytes leftover after parsing attributes in process `syz.2.876'. [ 102.179097][ T8274] FAULT_INJECTION: forcing a failure. [ 102.179097][ T8274] name failslab, interval 1, probability 0, space 0, times 0 [ 102.183131][ T8274] CPU: 2 UID: 0 PID: 8274 Comm: syz.1.886 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 102.183146][ T8274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.183153][ T8274] Call Trace: [ 102.183157][ T8274] [ 102.183161][ T8274] dump_stack_lvl+0x16c/0x1f0 [ 102.183180][ T8274] should_fail_ex+0x512/0x640 [ 102.183194][ T8274] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 102.183209][ T8274] should_failslab+0xc2/0x120 [ 102.183224][ T8274] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 102.183237][ T8274] ? __alloc_skb+0x2b2/0x380 [ 102.183253][ T8274] __alloc_skb+0x2b2/0x380 [ 102.183266][ T8274] ? __pfx___alloc_skb+0x10/0x10 [ 102.183278][ T8274] ? find_held_lock+0x2b/0x80 [ 102.183295][ T8274] alloc_skb_with_frags+0xe0/0x860 [ 102.183314][ T8274] sock_alloc_send_pskb+0x7fb/0x990 [ 102.183327][ T8274] ? avc_has_perm+0x11a/0x1c0 [ 102.183352][ T8274] ? __pfx_avc_has_perm+0x10/0x10 [ 102.183365][ T8274] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 102.183377][ T8274] ? avc_has_perm_noaudit+0x149/0x3b0 [ 102.183395][ T8274] ? sock_has_perm+0x259/0x2f0 [ 102.183406][ T8274] ? __pfx_sock_has_perm+0x10/0x10 [ 102.183419][ T8274] hci_sock_sendmsg+0x1c7/0x25f0 [ 102.183437][ T8274] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 102.183456][ T8274] sock_write_iter+0x4ff/0x5b0 [ 102.183467][ T8274] ? __pfx_sock_write_iter+0x10/0x10 [ 102.183482][ T8274] ? bpf_lsm_file_permission+0x9/0x10 [ 102.183498][ T8274] ? security_file_permission+0x71/0x210 [ 102.183513][ T8274] ? rw_verify_area+0xcf/0x680 [ 102.183526][ T8274] vfs_write+0x6c4/0x1150 [ 102.183539][ T8274] ? __pfx_sock_write_iter+0x10/0x10 [ 102.183550][ T8274] ? __pfx_vfs_write+0x10/0x10 [ 102.183562][ T8274] ? find_held_lock+0x2b/0x80 [ 102.183587][ T8274] ksys_write+0x1f8/0x250 [ 102.183604][ T8274] ? __pfx_ksys_write+0x10/0x10 [ 102.183625][ T8274] do_syscall_64+0xcd/0x4c0 [ 102.183646][ T8274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.183657][ T8274] RIP: 0033:0x7f94f218e929 [ 102.183666][ T8274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.183676][ T8274] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 102.183687][ T8274] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 102.183693][ T8274] RDX: 000000000000000d RSI: 0000200000000000 RDI: 0000000000000004 [ 102.183699][ T8274] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 102.183705][ T8274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.183711][ T8274] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 102.183724][ T8274] [ 102.363428][ T40] audit: type=1400 audit(1751555828.887:321): avc: denied { execute } for pid=8279 comm="syz.3.890" path="/251/cpu.stat" dev="tmpfs" ino=1396 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 102.381136][ T8289] FAULT_INJECTION: forcing a failure. [ 102.381136][ T8289] name failslab, interval 1, probability 0, space 0, times 0 [ 102.385155][ T8289] CPU: 2 UID: 0 PID: 8289 Comm: syz.0.893 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 102.385170][ T8289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.385177][ T8289] Call Trace: [ 102.385181][ T8289] [ 102.385185][ T8289] dump_stack_lvl+0x16c/0x1f0 [ 102.385204][ T8289] should_fail_ex+0x512/0x640 [ 102.385218][ T8289] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 102.385234][ T8289] should_failslab+0xc2/0x120 [ 102.385249][ T8289] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 102.385263][ T8289] ? ip_protocol_deliver_rcu+0xba/0x4c0 [ 102.385279][ T8289] ? ip_local_deliver_finish+0x316/0x570 [ 102.385293][ T8289] ? __alloc_skb+0x2b2/0x380 [ 102.385309][ T8289] __alloc_skb+0x2b2/0x380 [ 102.385322][ T8289] ? __pfx___alloc_skb+0x10/0x10 [ 102.385335][ T8289] ? rt_cache_route+0xe0/0x1c0 [ 102.385349][ T8289] ? __lock_acquire+0x622/0x1c90 [ 102.385366][ T8289] __ip_append_data+0x3128/0x4240 [ 102.385380][ T8289] ? __pfx_ip_reply_glue_bits+0x10/0x10 [ 102.385394][ T8289] ? ip_dst_mtu_maybe_forward.constprop.0+0x311/0x6e0 [ 102.385409][ T8289] ? __pfx___ip_append_data+0x10/0x10 [ 102.385423][ T8289] ip_send_unicast_reply+0x8a0/0x1600 [ 102.385439][ T8289] ? __pfx_ip_send_unicast_reply+0x10/0x10 [ 102.385457][ T8289] ? tun_chr_write_iter+0xdc/0x210 [ 102.385473][ T8289] ? vfs_write+0x6c4/0x1150 [ 102.385484][ T8289] ? ksys_write+0x12a/0x250 [ 102.385496][ T8289] ? do_syscall_64+0xcd/0x4c0 [ 102.385510][ T8289] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.385527][ T8289] tcp_v4_send_reset+0x1299/0x2fa0 [ 102.385545][ T8289] ? __pfx_tcp_v4_send_reset+0x10/0x10 [ 102.385558][ T8289] ? __pfx_inet_ehashfn+0x10/0x10 [ 102.385570][ T8289] ? __call_rcu_common.constprop.0+0x3f0/0xa10 [ 102.385582][ T8289] ? ipt_do_table+0xd48/0x1ae0 [ 102.385601][ T8289] ? __inet_lookup_established+0x4bb/0x800 [ 102.385618][ T8289] ? __inet_lookup_listener+0x321/0x3b0 [ 102.385635][ T8289] ? __asan_memmove+0x3c/0x60 [ 102.385647][ T8289] ? tcp_v4_rcv+0x1811/0x4650 [ 102.385660][ T8289] tcp_v4_rcv+0x1811/0x4650 [ 102.385680][ T8289] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 102.385696][ T8289] ? __pfx_raw_local_deliver+0x10/0x10 [ 102.385713][ T8289] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 102.385727][ T8289] ip_protocol_deliver_rcu+0xba/0x4c0 [ 102.385744][ T8289] ip_local_deliver_finish+0x316/0x570 [ 102.385761][ T8289] ip_local_deliver+0x18e/0x1f0 [ 102.385776][ T8289] ? __pfx_ip_local_deliver+0x10/0x10 [ 102.385792][ T8289] ip_rcv+0x2c3/0x5d0 [ 102.385807][ T8289] ? __pfx_ip_rcv+0x10/0x10 [ 102.385820][ T8289] __netif_receive_skb_one_core+0x197/0x1e0 [ 102.385835][ T8289] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 102.385848][ T8289] ? lock_acquire+0x179/0x350 [ 102.385865][ T8289] ? __phys_addr+0xe8/0x180 [ 102.385878][ T8289] __netif_receive_skb+0x1d/0x160 [ 102.385891][ T8289] netif_receive_skb+0x137/0x7b0 [ 102.385904][ T8289] ? __pfx_netif_receive_skb+0x10/0x10 [ 102.385921][ T8289] tun_rx_batched.isra.0+0x3ee/0x740 [ 102.385936][ T8289] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 102.385953][ T8289] ? tun_get_user+0x1c0d/0x3b80 [ 102.385967][ T8289] ? rcu_is_watching+0x12/0xc0 [ 102.385981][ T8289] tun_get_user+0x28a2/0x3b80 [ 102.386000][ T8289] ? __pfx_tun_get_user+0x10/0x10 [ 102.386015][ T8289] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 102.386032][ T8289] ? find_held_lock+0x2b/0x80 [ 102.386045][ T8289] ? tun_get+0x191/0x370 [ 102.386061][ T8289] tun_chr_write_iter+0xdc/0x210 [ 102.386076][ T8289] vfs_write+0x6c4/0x1150 [ 102.386089][ T8289] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 102.386105][ T8289] ? __pfx_vfs_write+0x10/0x10 [ 102.386116][ T8289] ? find_held_lock+0x2b/0x80 [ 102.386136][ T8289] ksys_write+0x12a/0x250 [ 102.386148][ T8289] ? __pfx_ksys_write+0x10/0x10 [ 102.386164][ T8289] do_syscall_64+0xcd/0x4c0 [ 102.386180][ T8289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.386190][ T8289] RIP: 0033:0x7f3fc5f8d3df [ 102.386199][ T8289] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 102.386208][ T8289] RSP: 002b:00007f3fc6d4e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 102.386218][ T8289] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8d3df [ 102.386225][ T8289] RDX: 0000000000000036 RSI: 0000200000000080 RDI: 00000000000000c8 [ 102.386231][ T8289] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 102.386236][ T8289] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000002 [ 102.386242][ T8289] R13: 0000000000000001 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 102.386254][ T8289] [ 102.409351][ T8287] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 102.632653][ T40] audit: type=1400 audit(1751555829.167:322): avc: denied { execute } for pid=8308 comm="syz.2.899" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=25021 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 102.992735][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.906'. [ 103.020645][ T8329] openvswitch: : Dropping previously announced user features [ 103.425556][ T8337] FAULT_INJECTION: forcing a failure. [ 103.425556][ T8337] name failslab, interval 1, probability 0, space 0, times 0 [ 103.430065][ T8337] CPU: 2 UID: 0 PID: 8337 Comm: syz.1.909 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 103.430088][ T8337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.430099][ T8337] Call Trace: [ 103.430106][ T8337] [ 103.430112][ T8337] dump_stack_lvl+0x16c/0x1f0 [ 103.430143][ T8337] should_fail_ex+0x512/0x640 [ 103.430167][ T8337] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 103.430192][ T8337] should_failslab+0xc2/0x120 [ 103.430216][ T8337] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 103.430238][ T8337] ? __alloc_skb+0x2b2/0x380 [ 103.430264][ T8337] __alloc_skb+0x2b2/0x380 [ 103.430285][ T8337] ? __pfx___alloc_skb+0x10/0x10 [ 103.430308][ T8337] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 103.430331][ T8337] netlink_alloc_large_skb+0x69/0x130 [ 103.430350][ T8337] netlink_sendmsg+0x6a1/0xdd0 [ 103.430369][ T8337] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.430395][ T8337] ____sys_sendmsg+0xa95/0xc70 [ 103.430414][ T8337] ? copy_msghdr_from_user+0x10a/0x160 [ 103.430438][ T8337] ? __pfx_____sys_sendmsg+0x10/0x10 [ 103.430467][ T8337] ___sys_sendmsg+0x134/0x1d0 [ 103.430493][ T8337] ? __pfx____sys_sendmsg+0x10/0x10 [ 103.430515][ T8337] ? __lock_acquire+0x622/0x1c90 [ 103.430570][ T8337] __sys_sendmsg+0x16d/0x220 [ 103.430595][ T8337] ? __pfx___sys_sendmsg+0x10/0x10 [ 103.430719][ T8337] do_syscall_64+0xcd/0x4c0 [ 103.430751][ T8337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.430771][ T8337] RIP: 0033:0x7f94f218e929 [ 103.430788][ T8337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.430805][ T8337] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.430824][ T8337] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 103.430837][ T8337] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 103.430849][ T8337] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 103.430860][ T8337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.430871][ T8337] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 103.430896][ T8337] [ 103.675928][ T40] audit: type=1400 audit(1751555830.217:323): avc: denied { append } for pid=8348 comm="syz.0.915" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 103.676225][ T8350] program syz.0.915 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.715629][ T40] audit: type=1400 audit(1751555830.257:324): avc: denied { ioctl } for pid=8355 comm="syz.0.919" path="/dev/binderfs/binder1" dev="binder" ino=11 ioctlcmd=0x6210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 103.731912][ T8357] netlink: 12 bytes leftover after parsing attributes in process `syz.0.919'. [ 104.892248][ T8394] nbd: must specify at least one socket [ 105.675422][ T8407] block nbd0: shutting down sockets [ 105.735674][ T40] audit: type=1400 audit(1751555832.277:325): avc: denied { create } for pid=8408 comm="syz.0.940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 105.741666][ T40] audit: type=1400 audit(1751555832.277:326): avc: denied { ioctl } for pid=8408 comm="syz.0.940" path="socket:[25283]" dev="sockfs" ino=25283 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 105.924016][ T8422] FAULT_INJECTION: forcing a failure. [ 105.924016][ T8422] name failslab, interval 1, probability 0, space 0, times 0 [ 105.928238][ T8422] CPU: 3 UID: 0 PID: 8422 Comm: syz.0.946 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 105.928253][ T8422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 105.928260][ T8422] Call Trace: [ 105.928265][ T8422] [ 105.928280][ T8422] dump_stack_lvl+0x16c/0x1f0 [ 105.928315][ T8422] should_fail_ex+0x512/0x640 [ 105.928333][ T8422] ? fs_reclaim_acquire+0xae/0x150 [ 105.928345][ T8422] ? tomoyo_encode2+0x100/0x3e0 [ 105.928358][ T8422] should_failslab+0xc2/0x120 [ 105.928377][ T8422] __kmalloc_noprof+0xd2/0x510 [ 105.928391][ T8422] ? d_absolute_path+0x136/0x1a0 [ 105.928404][ T8422] tomoyo_encode2+0x100/0x3e0 [ 105.928420][ T8422] tomoyo_encode+0x29/0x50 [ 105.928433][ T8422] tomoyo_realpath_from_path+0x18f/0x6e0 [ 105.928451][ T8422] tomoyo_path_number_perm+0x245/0x580 [ 105.928463][ T8422] ? tomoyo_path_number_perm+0x237/0x580 [ 105.928476][ T8422] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 105.928489][ T8422] ? find_held_lock+0x2b/0x80 [ 105.928513][ T8422] ? find_held_lock+0x2b/0x80 [ 105.928525][ T8422] ? hook_file_ioctl_common+0x145/0x410 [ 105.928545][ T8422] ? __fget_files+0x20e/0x3c0 [ 105.928560][ T8422] security_file_ioctl+0x9b/0x240 [ 105.928575][ T8422] __x64_sys_ioctl+0xb7/0x210 [ 105.928588][ T8422] do_syscall_64+0xcd/0x4c0 [ 105.928604][ T8422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.928615][ T8422] RIP: 0033:0x7f3fc5f8e929 [ 105.928624][ T8422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.928634][ T8422] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.928645][ T8422] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 105.928651][ T8422] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 105.928657][ T8422] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 105.928663][ T8422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.928669][ T8422] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 105.928682][ T8422] [ 105.928778][ T8422] ERROR: Out of memory at tomoyo_realpath_from_path. [ 105.982685][ T8426] block nbd0: shutting down sockets [ 106.124053][ T8434] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input16 [ 106.161135][ T8436] program syz.2.948 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.165385][ T8436] block nbd2: shutting down sockets [ 107.017367][ T8464] FAULT_INJECTION: forcing a failure. [ 107.017367][ T8464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.022778][ T8464] CPU: 1 UID: 0 PID: 8464 Comm: syz.1.960 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 107.022800][ T8464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.022811][ T8464] Call Trace: [ 107.022817][ T8464] [ 107.022824][ T8464] dump_stack_lvl+0x16c/0x1f0 [ 107.022854][ T8464] should_fail_ex+0x512/0x640 [ 107.022880][ T8464] _copy_to_iter+0x463/0x16f0 [ 107.022910][ T8464] ? __pfx__copy_to_iter+0x10/0x10 [ 107.022934][ T8464] ? __lock_acquire+0xb8a/0x1c90 [ 107.022971][ T8464] simple_copy_to_iter+0x46/0x90 [ 107.022992][ T8464] __skb_datagram_iter+0x129/0x900 [ 107.023011][ T8464] ? find_held_lock+0x2b/0x80 [ 107.023029][ T8464] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 107.023050][ T8464] ? find_held_lock+0x2b/0x80 [ 107.023075][ T8464] skb_copy_datagram_iter+0x40/0x50 [ 107.023097][ T8464] ppp_read+0x5f3/0x710 [ 107.023120][ T8464] ? __pfx_ppp_read+0x10/0x10 [ 107.023136][ T8464] ? import_ubuf+0x1b6/0x220 [ 107.023158][ T8464] ? __pfx_default_wake_function+0x10/0x10 [ 107.023180][ T8464] ? __import_iovec+0x1dd/0x650 [ 107.023202][ T8464] ? avc_policy_seqno+0x9/0x20 [ 107.023218][ T8464] ? selinux_file_permission+0x126/0x660 [ 107.023257][ T8464] ? bpf_lsm_file_permission+0x9/0x10 [ 107.023285][ T8464] ? security_file_permission+0x71/0x210 [ 107.023310][ T8464] ? rw_verify_area+0xcf/0x680 [ 107.023330][ T8464] ? __pfx_ppp_read+0x10/0x10 [ 107.023359][ T8464] vfs_readv+0x5c1/0x8b0 [ 107.023383][ T8464] ? __pfx_vfs_readv+0x10/0x10 [ 107.023419][ T8464] ? __fget_files+0x20e/0x3c0 [ 107.023440][ T8464] ? __fget_files+0x130/0x3c0 [ 107.023468][ T8464] ? do_readv+0x132/0x340 [ 107.023485][ T8464] do_readv+0x132/0x340 [ 107.023505][ T8464] ? __pfx_do_readv+0x10/0x10 [ 107.023531][ T8464] do_syscall_64+0xcd/0x4c0 [ 107.023558][ T8464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.023576][ T8464] RIP: 0033:0x7f94f218e929 [ 107.023591][ T8464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.023608][ T8464] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 107.023630][ T8464] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 107.023641][ T8464] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 107.023653][ T8464] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 107.023662][ T8464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.023673][ T8464] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 107.023695][ T8464] [ 107.025089][ T8466] process 'syz.3.961' launched './file0' with NULL argv: empty string added [ 107.121134][ T40] audit: type=1400 audit(1751555833.657:327): avc: denied { execute_no_trans } for pid=8465 comm="syz.3.961" path="/265/file0" dev="tmpfs" ino=1477 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 107.216715][ T8482] syz.1.968 uses obsolete (PF_INET,SOCK_PACKET) [ 107.258459][ T8484] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input17 [ 107.262365][ T8486] overlayfs: missing 'lowerdir' [ 107.311417][ T8492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.971'. [ 107.318862][ T8492] FAULT_INJECTION: forcing a failure. [ 107.318862][ T8492] name failslab, interval 1, probability 0, space 0, times 0 [ 107.323873][ T8492] CPU: 3 UID: 0 PID: 8492 Comm: syz.1.971 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 107.323890][ T8492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.323897][ T8492] Call Trace: [ 107.323905][ T8492] [ 107.323909][ T8492] dump_stack_lvl+0x16c/0x1f0 [ 107.323938][ T8492] should_fail_ex+0x512/0x640 [ 107.323959][ T8492] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 107.323973][ T8492] should_failslab+0xc2/0x120 [ 107.323989][ T8492] __kmalloc_cache_noprof+0x6a/0x3e0 [ 107.324001][ T8492] ? tbl_mask_cache_alloc+0xa1/0x200 [ 107.324016][ T8492] tbl_mask_cache_alloc+0xa1/0x200 [ 107.324029][ T8492] ovs_flow_tbl_init+0x24/0x600 [ 107.324042][ T8492] ? kasan_save_track+0x14/0x30 [ 107.324057][ T8492] ovs_dp_cmd_new+0x251/0xe60 [ 107.324073][ T8492] ? rcu_is_watching+0x12/0xc0 [ 107.324087][ T8492] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 107.324128][ T8492] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 107.324147][ T8492] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 107.324163][ T8492] genl_family_rcv_msg_doit+0x209/0x2f0 [ 107.324176][ T8492] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 107.324193][ T8492] ? bpf_lsm_capable+0x9/0x10 [ 107.324204][ T8492] ? security_capable+0x7e/0x260 [ 107.324217][ T8492] ? ns_capable+0xd7/0x110 [ 107.324230][ T8492] genl_rcv_msg+0x55c/0x800 [ 107.324244][ T8492] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.324257][ T8492] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 107.324275][ T8492] netlink_rcv_skb+0x158/0x420 [ 107.324286][ T8492] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.324299][ T8492] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 107.324315][ T8492] ? netlink_deliver_tap+0x1ae/0xd30 [ 107.324333][ T8492] genl_rcv+0x28/0x40 [ 107.324344][ T8492] netlink_unicast+0x53d/0x7f0 [ 107.324355][ T8492] ? __pfx_netlink_unicast+0x10/0x10 [ 107.324369][ T8492] netlink_sendmsg+0x8d1/0xdd0 [ 107.324385][ T8492] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.324400][ T8492] ____sys_sendmsg+0xa95/0xc70 [ 107.324412][ T8492] ? copy_msghdr_from_user+0x10a/0x160 [ 107.324426][ T8492] ? __pfx_____sys_sendmsg+0x10/0x10 [ 107.324443][ T8492] ___sys_sendmsg+0x134/0x1d0 [ 107.324457][ T8492] ? __pfx____sys_sendmsg+0x10/0x10 [ 107.324470][ T8492] ? __lock_acquire+0x622/0x1c90 [ 107.324501][ T8492] __sys_sendmsg+0x16d/0x220 [ 107.324515][ T8492] ? __pfx___sys_sendmsg+0x10/0x10 [ 107.324538][ T8492] do_syscall_64+0xcd/0x4c0 [ 107.324554][ T8492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.324565][ T8492] RIP: 0033:0x7f94f218e929 [ 107.324589][ T8492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.324599][ T8492] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.324609][ T8492] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 107.324615][ T8492] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 107.324621][ T8492] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 107.324627][ T8492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 107.324635][ T8492] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 107.324647][ T8492] [ 107.721433][ T8509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.978'. [ 107.725248][ T8509] openvswitch: : Dropping previously announced user features [ 107.754057][ T8511] 9pnet_fd: p9_fd_create_tcp (8511): problem connecting socket to 127.0.0.1 [ 107.781638][ T40] audit: type=1400 audit(1751555834.317:328): avc: denied { append } for pid=8512 comm="syz.2.980" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 107.790183][ T40] audit: type=1400 audit(1751555834.327:329): avc: denied { map } for pid=8512 comm="syz.2.980" path="socket:[28216]" dev="sockfs" ino=28216 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 107.797608][ T40] audit: type=1400 audit(1751555834.327:330): avc: denied { read } for pid=8512 comm="syz.2.980" path="socket:[28216]" dev="sockfs" ino=28216 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 107.805858][ T40] audit: type=1400 audit(1751555834.327:331): avc: denied { create } for pid=8512 comm="syz.2.980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 107.811943][ T40] audit: type=1400 audit(1751555834.327:332): avc: denied { connect } for pid=8512 comm="syz.2.980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 108.050054][ T40] audit: type=1400 audit(1751555834.587:333): avc: denied { shutdown } for pid=8521 comm="syz.2.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 108.111440][ T40] audit: type=1400 audit(1751555834.647:334): avc: denied { map } for pid=8521 comm="syz.2.983" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 108.119519][ T40] audit: type=1400 audit(1751555834.647:335): avc: denied { execute } for pid=8521 comm="syz.2.983" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 108.400565][ T8549] FAULT_INJECTION: forcing a failure. [ 108.400565][ T8549] name failslab, interval 1, probability 0, space 0, times 0 [ 108.405076][ T8549] CPU: 0 UID: 0 PID: 8549 Comm: syz.3.993 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 108.405091][ T8549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.405098][ T8549] Call Trace: [ 108.405108][ T8549] [ 108.405113][ T8549] dump_stack_lvl+0x16c/0x1f0 [ 108.405143][ T8549] should_fail_ex+0x512/0x640 [ 108.405161][ T8549] ? fs_reclaim_acquire+0xae/0x150 [ 108.405173][ T8549] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 108.405188][ T8549] should_failslab+0xc2/0x120 [ 108.405203][ T8549] __kmalloc_noprof+0xd2/0x510 [ 108.405219][ T8549] tomoyo_realpath_from_path+0xc2/0x6e0 [ 108.405235][ T8549] ? tomoyo_profile+0x47/0x60 [ 108.405251][ T8549] tomoyo_path_number_perm+0x245/0x580 [ 108.405263][ T8549] ? tomoyo_path_number_perm+0x237/0x580 [ 108.405276][ T8549] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 108.405289][ T8549] ? find_held_lock+0x2b/0x80 [ 108.405313][ T8549] ? find_held_lock+0x2b/0x80 [ 108.405327][ T8549] ? hook_file_ioctl_common+0x145/0x410 [ 108.405347][ T8549] ? __fget_files+0x20e/0x3c0 [ 108.405362][ T8549] security_file_ioctl+0x9b/0x240 [ 108.405378][ T8549] __x64_sys_ioctl+0xb7/0x210 [ 108.405391][ T8549] do_syscall_64+0xcd/0x4c0 [ 108.405407][ T8549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.405417][ T8549] RIP: 0033:0x7fc1c6b8e929 [ 108.405426][ T8549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.405437][ T8549] RSP: 002b:00007fc1c7918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 108.405447][ T8549] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8e929 [ 108.405453][ T8549] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 108.405459][ T8549] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 108.405465][ T8549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.405471][ T8549] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 108.405483][ T8549] [ 108.405488][ T8549] ERROR: Out of memory at tomoyo_realpath_from_path. [ 108.445002][ T8552] overlayfs: missing 'lowerdir' [ 108.616351][ T40] audit: type=1400 audit(1751555835.157:336): avc: denied { create } for pid=8559 comm="syz.3.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 108.623842][ T40] audit: type=1400 audit(1751555835.157:337): avc: denied { bind } for pid=8559 comm="syz.3.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 109.074445][ T8583] FAULT_INJECTION: forcing a failure. [ 109.074445][ T8583] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.079797][ T8583] CPU: 0 UID: 0 PID: 8583 Comm: syz.1.1005 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 109.079819][ T8583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.079829][ T8583] Call Trace: [ 109.079837][ T8583] [ 109.079843][ T8583] dump_stack_lvl+0x16c/0x1f0 [ 109.079889][ T8583] should_fail_ex+0x512/0x640 [ 109.079923][ T8583] _copy_to_user+0x32/0xd0 [ 109.079947][ T8583] simple_read_from_buffer+0xcb/0x170 [ 109.079970][ T8583] proc_fail_nth_read+0x197/0x270 [ 109.079990][ T8583] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.080011][ T8583] ? rw_verify_area+0xcf/0x680 [ 109.080027][ T8583] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.080049][ T8583] vfs_read+0x1e4/0xc60 [ 109.080075][ T8583] ? __pfx___mutex_lock+0x10/0x10 [ 109.080117][ T8583] ? __pfx_vfs_read+0x10/0x10 [ 109.080142][ T8583] ? __fget_files+0x20e/0x3c0 [ 109.080170][ T8583] ksys_read+0x12a/0x250 [ 109.080188][ T8583] ? __pfx_ksys_read+0x10/0x10 [ 109.080211][ T8583] ? fput+0x70/0xf0 [ 109.080240][ T8583] do_syscall_64+0xcd/0x4c0 [ 109.080265][ T8583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.080281][ T8583] RIP: 0033:0x7f94f218d33c [ 109.080294][ T8583] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 109.080309][ T8583] RSP: 002b:00007f94efff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.080325][ T8583] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218d33c [ 109.080335][ T8583] RDX: 000000000000000f RSI: 00007f94efff60a0 RDI: 0000000000000004 [ 109.080346][ T8583] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 109.080364][ T8583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.080374][ T8583] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 109.080397][ T8583] [ 109.496902][ T8614] overlayfs: missing 'lowerdir' [ 109.603518][ T839] usb 6-1: new low-speed USB device number 6 using dummy_hcd [ 109.753469][ T839] usb 6-1: Invalid ep0 maxpacket: 32 [ 109.893510][ T839] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 110.043554][ T839] usb 6-1: Invalid ep0 maxpacket: 32 [ 110.047622][ T839] usb usb6-port1: attempt power cycle [ 110.327685][ T8631] FAULT_INJECTION: forcing a failure. [ 110.327685][ T8631] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 110.331785][ T8631] CPU: 0 UID: 0 PID: 8631 Comm: syz.3.1024 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 110.331800][ T8631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 110.331806][ T8631] Call Trace: [ 110.331811][ T8631] [ 110.331815][ T8631] dump_stack_lvl+0x16c/0x1f0 [ 110.331834][ T8631] should_fail_ex+0x512/0x640 [ 110.331850][ T8631] _copy_from_user+0x2e/0xd0 [ 110.331865][ T8631] kstrtouint_from_user+0xd6/0x1d0 [ 110.331876][ T8631] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 110.331887][ T8631] ? __lock_acquire+0xb8a/0x1c90 [ 110.331909][ T8631] proc_fail_nth_write+0x83/0x250 [ 110.331923][ T8631] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 110.331939][ T8631] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 110.331950][ T8631] vfs_write+0x29d/0x1150 [ 110.331965][ T8631] ? __pfx___mutex_lock+0x10/0x10 [ 110.331980][ T8631] ? __pfx_vfs_write+0x10/0x10 [ 110.331996][ T8631] ? __fget_files+0x20e/0x3c0 [ 110.332014][ T8631] ksys_write+0x12a/0x250 [ 110.332026][ T8631] ? __pfx_ksys_write+0x10/0x10 [ 110.332042][ T8631] do_syscall_64+0xcd/0x4c0 [ 110.332059][ T8631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.332070][ T8631] RIP: 0033:0x7fc1c6b8d3df [ 110.332095][ T8631] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 110.332105][ T8631] RSP: 002b:00007fc1c7918030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 110.332115][ T8631] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc1c6b8d3df [ 110.332121][ T8631] RDX: 0000000000000001 RSI: 00007fc1c79180a0 RDI: 0000000000000003 [ 110.332127][ T8631] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 110.332133][ T8631] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000002 [ 110.332139][ T8631] R13: 0000000000000001 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 110.332152][ T8631] [ 110.394882][ T839] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 110.414161][ T839] usb 6-1: Invalid ep0 maxpacket: 32 [ 110.563443][ T839] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 110.584990][ T839] usb 6-1: Invalid ep0 maxpacket: 32 [ 110.588486][ T839] usb usb6-port1: unable to enumerate USB device [ 111.162811][ T8654] overlayfs: missing 'lowerdir' [ 111.791835][ T8668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1038'. [ 111.795743][ T8668] openvswitch: : Dropping previously announced user features [ 111.980478][ T8674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1042'. [ 111.980524][ T8675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1042'. [ 112.226593][ T8696] overlayfs: missing 'lowerdir' [ 112.237322][ T8698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1049'. [ 112.240451][ T8698] openvswitch: : Dropping previously announced user features [ 112.913318][ T8715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1057'. [ 112.918027][ T8715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1057'. [ 112.920791][ T8715] netlink: 'syz.0.1057': attribute type 13 has an invalid length. [ 113.064307][ T8725] FAULT_INJECTION: forcing a failure. [ 113.064307][ T8725] name failslab, interval 1, probability 0, space 0, times 0 [ 113.068041][ T8725] CPU: 1 UID: 0 PID: 8725 Comm: syz.2.1061 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 113.068071][ T8725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 113.068078][ T8725] Call Trace: [ 113.068082][ T8725] [ 113.068086][ T8725] dump_stack_lvl+0x16c/0x1f0 [ 113.068105][ T8725] should_fail_ex+0x512/0x640 [ 113.068118][ T8725] ? fs_reclaim_acquire+0xae/0x150 [ 113.068130][ T8725] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 113.068145][ T8725] should_failslab+0xc2/0x120 [ 113.068160][ T8725] __kmalloc_noprof+0xd2/0x510 [ 113.068176][ T8725] tomoyo_realpath_from_path+0xc2/0x6e0 [ 113.068191][ T8725] ? tomoyo_profile+0x47/0x60 [ 113.068208][ T8725] tomoyo_path_number_perm+0x245/0x580 [ 113.068220][ T8725] ? tomoyo_path_number_perm+0x237/0x580 [ 113.068233][ T8725] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 113.068246][ T8725] ? find_held_lock+0x2b/0x80 [ 113.068269][ T8725] ? find_held_lock+0x2b/0x80 [ 113.068281][ T8725] ? hook_file_ioctl_common+0x145/0x410 [ 113.068300][ T8725] ? __fget_files+0x20e/0x3c0 [ 113.068317][ T8725] security_file_ioctl+0x9b/0x240 [ 113.068332][ T8725] __x64_sys_ioctl+0xb7/0x210 [ 113.068344][ T8725] do_syscall_64+0xcd/0x4c0 [ 113.068360][ T8725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.068371][ T8725] RIP: 0033:0x7fb06978e929 [ 113.068380][ T8725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.068390][ T8725] RSP: 002b:00007fb06a68a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.068400][ T8725] RAX: ffffffffffffffda RBX: 00007fb0699b5fa0 RCX: 00007fb06978e929 [ 113.068406][ T8725] RDX: 0000200000000200 RSI: 000000004008af00 RDI: 0000000000000004 [ 113.068412][ T8725] RBP: 00007fb06a68a090 R08: 0000000000000000 R09: 0000000000000000 [ 113.068418][ T8725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.068424][ T8725] R13: 0000000000000000 R14: 00007fb0699b5fa0 R15: 00007fff8b1bd648 [ 113.068436][ T8725] [ 113.068440][ T8725] ERROR: Out of memory at tomoyo_realpath_from_path. [ 113.151583][ T8732] xt_cgroup: invalid path, errno=-2 [ 113.154115][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 113.154124][ T40] audit: type=1400 audit(1751555839.697:339): avc: denied { bind } for pid=8728 comm="syz.0.1064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 113.161959][ T40] audit: type=1400 audit(1751555839.697:340): avc: denied { node_bind } for pid=8728 comm="syz.0.1064" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 113.168081][ T40] audit: type=1400 audit(1751555839.697:341): avc: denied { connect } for pid=8728 comm="syz.0.1064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 113.322292][ T8743] overlayfs: missing 'lowerdir' [ 113.659504][ T8751] block nbd3: shutting down sockets [ 113.724475][ T8755] netlink: 'syz.2.1074': attribute type 2 has an invalid length. [ 113.725072][ T8757] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input18 [ 113.755026][ T8753] FAULT_INJECTION: forcing a failure. [ 113.755026][ T8753] name failslab, interval 1, probability 0, space 0, times 0 [ 113.762377][ T8753] CPU: 2 UID: 0 PID: 8753 Comm: syz.3.1073 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 113.762394][ T8753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 113.762401][ T8753] Call Trace: [ 113.762404][ T8753] [ 113.762409][ T8753] dump_stack_lvl+0x16c/0x1f0 [ 113.762441][ T8753] should_fail_ex+0x512/0x640 [ 113.762459][ T8753] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 113.762474][ T8753] should_failslab+0xc2/0x120 [ 113.762496][ T8753] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 113.762509][ T8753] ? __kernfs_new_node+0xd2/0x8e0 [ 113.762526][ T8753] __kernfs_new_node+0xd2/0x8e0 [ 113.762541][ T8753] ? __lock_acquire+0xb8a/0x1c90 [ 113.762557][ T8753] ? __pfx___kernfs_new_node+0x10/0x10 [ 113.762575][ T8753] ? find_held_lock+0x2b/0x80 [ 113.762587][ T8753] ? kernfs_root+0xee/0x2a0 [ 113.762604][ T8753] kernfs_new_node+0x13c/0x1e0 [ 113.762622][ T8753] __kernfs_create_file+0x53/0x350 [ 113.762636][ T8753] sysfs_add_file_mode_ns+0x207/0x3c0 [ 113.762653][ T8753] sysfs_create_file_ns+0x13d/0x1d0 [ 113.762666][ T8753] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 113.762680][ T8753] ? set_disk_ro+0x1b8/0x210 [ 113.762692][ T8753] ? nbd_start_device+0x172/0xcd0 [ 113.762709][ T8753] device_create_file+0xf2/0x1e0 [ 113.762722][ T8753] nbd_start_device+0x2c0/0xcd0 [ 113.762736][ T8753] ? bpf_lsm_capable+0x9/0x10 [ 113.762750][ T8753] nbd_ioctl+0x219/0xda0 [ 113.762763][ T8753] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 113.762779][ T8753] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 113.762793][ T8753] ? __pfx_nbd_ioctl+0x10/0x10 [ 113.762806][ T8753] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 113.762825][ T8753] ? __pfx_nbd_ioctl+0x10/0x10 [ 113.762839][ T8753] blkdev_ioctl+0x274/0x6d0 [ 113.762849][ T8753] ? __pfx_blkdev_ioctl+0x10/0x10 [ 113.762859][ T8753] ? selinux_file_ioctl+0x180/0x270 [ 113.762872][ T8753] ? selinux_file_ioctl+0xb4/0x270 [ 113.762886][ T8753] ? __pfx_blkdev_ioctl+0x10/0x10 [ 113.762896][ T8753] __x64_sys_ioctl+0x18b/0x210 [ 113.762909][ T8753] do_syscall_64+0xcd/0x4c0 [ 113.762925][ T8753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.762936][ T8753] RIP: 0033:0x7fc1c6b8e929 [ 113.762945][ T8753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.762954][ T8753] RSP: 002b:00007fc1c7918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.762965][ T8753] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8e929 [ 113.762972][ T8753] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 113.762977][ T8753] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 113.762983][ T8753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.762989][ T8753] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 113.763002][ T8753] [ 113.763009][ T8753] block nbd3: device_create_file failed for pid! [ 113.797210][ T40] audit: type=1400 audit(1751555840.337:342): avc: denied { bind } for pid=8763 comm="syz.2.1078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 113.803184][ T8753] block nbd3: shutting down sockets [ 113.910264][ T8763] block nbd2: shutting down sockets [ 114.076726][ T8781] FAULT_INJECTION: forcing a failure. [ 114.076726][ T8781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.080875][ T8781] CPU: 0 UID: 0 PID: 8781 Comm: syz.0.1083 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 114.080890][ T8781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.080897][ T8781] Call Trace: [ 114.080901][ T8781] [ 114.080905][ T8781] dump_stack_lvl+0x16c/0x1f0 [ 114.080924][ T8781] should_fail_ex+0x512/0x640 [ 114.080940][ T8781] _copy_to_user+0x32/0xd0 [ 114.080956][ T8781] simple_read_from_buffer+0xcb/0x170 [ 114.080971][ T8781] proc_fail_nth_read+0x197/0x270 [ 114.080984][ T8781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.080998][ T8781] ? rw_verify_area+0xcf/0x680 [ 114.081009][ T8781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.081021][ T8781] vfs_read+0x1e4/0xc60 [ 114.081035][ T8781] ? __pfx___mutex_lock+0x10/0x10 [ 114.081051][ T8781] ? __pfx_vfs_read+0x10/0x10 [ 114.081066][ T8781] ? __fget_files+0x20e/0x3c0 [ 114.081083][ T8781] ksys_read+0x12a/0x250 [ 114.081096][ T8781] ? __pfx_ksys_read+0x10/0x10 [ 114.081112][ T8781] do_syscall_64+0xcd/0x4c0 [ 114.081128][ T8781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.081139][ T8781] RIP: 0033:0x7f3fc5f8d33c [ 114.081147][ T8781] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 114.081158][ T8781] RSP: 002b:00007f3fc6d4e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 114.081168][ T8781] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8d33c [ 114.081174][ T8781] RDX: 000000000000000f RSI: 00007f3fc6d4e0a0 RDI: 0000000000000004 [ 114.081180][ T8781] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 114.081186][ T8781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.081192][ T8781] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 114.081204][ T8781] [ 114.211722][ T8787] overlayfs: missing 'workdir' [ 114.231237][ T8789] support for the xor transformation has been removed. [ 114.285573][ T40] audit: type=1400 audit(1751555840.827:343): avc: denied { getopt } for pid=8795 comm="syz.1.1087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 114.289067][ T8796] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input19 [ 114.710331][ T8816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1094'. [ 114.714530][ T8816] FAULT_INJECTION: forcing a failure. [ 114.714530][ T8816] name failslab, interval 1, probability 0, space 0, times 0 [ 114.719326][ T8816] CPU: 0 UID: 0 PID: 8816 Comm: syz.2.1094 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 114.719345][ T8816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.719352][ T8816] Call Trace: [ 114.719356][ T8816] [ 114.719361][ T8816] dump_stack_lvl+0x16c/0x1f0 [ 114.719380][ T8816] should_fail_ex+0x512/0x640 [ 114.719393][ T8816] ? __kmalloc_noprof+0xbf/0x510 [ 114.719408][ T8816] ? tbl_mask_array_alloc+0x38/0x160 [ 114.719420][ T8816] should_failslab+0xc2/0x120 [ 114.719435][ T8816] __kmalloc_noprof+0xd2/0x510 [ 114.719451][ T8816] tbl_mask_array_alloc+0x38/0x160 [ 114.719464][ T8816] ovs_flow_tbl_init+0x40/0x600 [ 114.719477][ T8816] ? kasan_save_track+0x14/0x30 [ 114.719491][ T8816] ovs_dp_cmd_new+0x251/0xe60 [ 114.719508][ T8816] ? rcu_is_watching+0x12/0xc0 [ 114.719521][ T8816] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 114.719538][ T8816] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 114.719552][ T8816] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 114.719567][ T8816] genl_family_rcv_msg_doit+0x209/0x2f0 [ 114.719580][ T8816] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 114.719598][ T8816] ? bpf_lsm_capable+0x9/0x10 [ 114.719609][ T8816] ? security_capable+0x7e/0x260 [ 114.719621][ T8816] ? ns_capable+0xd7/0x110 [ 114.719633][ T8816] genl_rcv_msg+0x55c/0x800 [ 114.719647][ T8816] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.719659][ T8816] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 114.719677][ T8816] netlink_rcv_skb+0x158/0x420 [ 114.719687][ T8816] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.719699][ T8816] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.719715][ T8816] ? netlink_deliver_tap+0x1ae/0xd30 [ 114.719732][ T8816] genl_rcv+0x28/0x40 [ 114.719743][ T8816] netlink_unicast+0x53d/0x7f0 [ 114.719755][ T8816] ? __pfx_netlink_unicast+0x10/0x10 [ 114.719769][ T8816] netlink_sendmsg+0x8d1/0xdd0 [ 114.719781][ T8816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.719796][ T8816] ____sys_sendmsg+0xa95/0xc70 [ 114.719808][ T8816] ? copy_msghdr_from_user+0x10a/0x160 [ 114.719822][ T8816] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.719838][ T8816] ___sys_sendmsg+0x134/0x1d0 [ 114.719853][ T8816] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.719866][ T8816] ? __lock_acquire+0x622/0x1c90 [ 114.719897][ T8816] __sys_sendmsg+0x16d/0x220 [ 114.719911][ T8816] ? __pfx___sys_sendmsg+0x10/0x10 [ 114.719933][ T8816] do_syscall_64+0xcd/0x4c0 [ 114.719949][ T8816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.719960][ T8816] RIP: 0033:0x7fb06978e929 [ 114.719970][ T8816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.719980][ T8816] RSP: 002b:00007fb06a68a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.719990][ T8816] RAX: ffffffffffffffda RBX: 00007fb0699b5fa0 RCX: 00007fb06978e929 [ 114.719997][ T8816] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 114.720003][ T8816] RBP: 00007fb06a68a090 R08: 0000000000000000 R09: 0000000000000000 [ 114.720009][ T8816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 114.720014][ T8816] R13: 0000000000000000 R14: 00007fb0699b5fa0 R15: 00007fff8b1bd648 [ 114.720027][ T8816] [ 114.844842][ T5952] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 114.844865][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1096'. [ 114.850166][ T8820] openvswitch: : Dropping previously announced user features [ 114.858167][ T40] audit: type=1400 audit(1751555841.397:344): avc: denied { mounton } for pid=8821 comm="syz.2.1097" path="/296/bus" dev="tmpfs" ino=1689 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 114.858926][ T8822] Mount JFS Failure: -22 [ 114.916423][ T8825] FAULT_INJECTION: forcing a failure. [ 114.916423][ T8825] name failslab, interval 1, probability 0, space 0, times 0 [ 114.920267][ T8825] CPU: 1 UID: 0 PID: 8825 Comm: syz.1.1098 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 114.920281][ T8825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.920288][ T8825] Call Trace: [ 114.920293][ T8825] [ 114.920297][ T8825] dump_stack_lvl+0x16c/0x1f0 [ 114.920316][ T8825] should_fail_ex+0x512/0x640 [ 114.920330][ T8825] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 114.920346][ T8825] should_failslab+0xc2/0x120 [ 114.920361][ T8825] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 114.920374][ T8825] ? __alloc_skb+0x2b2/0x380 [ 114.920390][ T8825] __alloc_skb+0x2b2/0x380 [ 114.920403][ T8825] ? __pfx___alloc_skb+0x10/0x10 [ 114.920417][ T8825] ? tcp_chrono_stop+0x95/0x420 [ 114.920435][ T8825] tcp_stream_alloc_skb+0x34/0x570 [ 114.920449][ T8825] tcp_connect+0xe75/0x5480 [ 114.920470][ T8825] ? __pfx_tcp_connect+0x10/0x10 [ 114.920484][ T8825] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 114.920499][ T8825] ? xfrm_lookup_route+0x6a/0x200 [ 114.920521][ T8825] tcp_v4_connect+0x153b/0x1bd0 [ 114.920537][ T8825] ? __pfx_tcp_v4_connect+0x10/0x10 [ 114.920550][ T8825] ? __lock_acquire+0xb8a/0x1c90 [ 114.920569][ T8825] __inet_stream_connect+0x3c8/0x1020 [ 114.920585][ T8825] ? __pfx___inet_stream_connect+0x10/0x10 [ 114.920598][ T8825] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 114.920612][ T8825] ? __local_bh_enable_ip+0xa4/0x120 [ 114.920627][ T8825] inet_stream_connect+0x57/0xa0 [ 114.920641][ T8825] p9_fd_create_tcp+0x307/0x540 [ 114.920654][ T8825] ? __pfx_p9_fd_create_tcp+0x10/0x10 [ 114.920675][ T8825] ? p9_client_create+0x7a9/0x11c0 [ 114.920693][ T8825] p9_client_create+0x80f/0x11c0 [ 114.920712][ T8825] ? __pfx_p9_client_create+0x10/0x10 [ 114.920730][ T8825] ? rcu_is_watching+0x12/0xc0 [ 114.920745][ T8825] ? lockdep_init_map_type+0x5c/0x280 [ 114.920761][ T8825] ? __raw_spin_lock_init+0x3a/0x110 [ 114.920774][ T8825] v9fs_session_init+0x1f7/0x1a80 [ 114.920797][ T8825] ? __pfx_v9fs_session_init+0x10/0x10 [ 114.920821][ T8825] v9fs_mount+0xc5/0xa30 [ 114.920832][ T8825] ? __pfx_v9fs_mount+0x10/0x10 [ 114.920844][ T8825] ? cap_capable+0xb3/0x250 [ 114.920857][ T8825] ? __pfx_v9fs_mount+0x10/0x10 [ 114.920867][ T8825] legacy_get_tree+0x109/0x220 [ 114.920883][ T8825] vfs_get_tree+0x8e/0x340 [ 114.920894][ T8825] path_mount+0x1414/0x2020 [ 114.920911][ T8825] ? kmem_cache_free+0x2d1/0x4d0 [ 114.920923][ T8825] ? __pfx_path_mount+0x10/0x10 [ 114.920940][ T8825] ? putname+0x154/0x1a0 [ 114.920957][ T8825] __x64_sys_mount+0x28d/0x310 [ 114.920973][ T8825] ? __pfx___x64_sys_mount+0x10/0x10 [ 114.920992][ T8825] do_syscall_64+0xcd/0x4c0 [ 114.921009][ T8825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.921019][ T8825] RIP: 0033:0x7f94f218e929 [ 114.921028][ T8825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.921038][ T8825] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 114.921048][ T8825] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 114.921054][ T8825] RDX: 00002000000006c0 RSI: 0000200000000680 RDI: 0000200000000640 [ 114.921060][ T8825] RBP: 00007f94efff6090 R08: 0000200000000080 R09: 0000000000000000 [ 114.921067][ T8825] R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000002 [ 114.921073][ T8825] R13: 0000000000000001 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 114.921085][ T8825] [ 114.921114][ T8825] 9pnet_fd: p9_fd_create_tcp (8825): problem connecting socket to 127.0.0.1 [ 114.965398][ T8822] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !å¯fIZEô¿¹ô,ô =©ÜÝ$)²% Ä‚L [ 114.966912][ T6395] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 5 [ 115.237188][ T8849] FAULT_INJECTION: forcing a failure. [ 115.237188][ T8849] name failslab, interval 1, probability 0, space 0, times 0 [ 115.241263][ T8849] CPU: 0 UID: 0 PID: 8849 Comm: syz.3.1108 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 115.241277][ T8849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 115.241284][ T8849] Call Trace: [ 115.241288][ T8849] [ 115.241292][ T8849] dump_stack_lvl+0x16c/0x1f0 [ 115.241311][ T8849] should_fail_ex+0x512/0x640 [ 115.241329][ T8849] ? fs_reclaim_acquire+0xae/0x150 [ 115.241341][ T8849] ? tomoyo_encode2+0x100/0x3e0 [ 115.241355][ T8849] should_failslab+0xc2/0x120 [ 115.241370][ T8849] __kmalloc_noprof+0xd2/0x510 [ 115.241387][ T8849] tomoyo_encode2+0x100/0x3e0 [ 115.241402][ T8849] tomoyo_encode+0x29/0x50 [ 115.241415][ T8849] tomoyo_realpath_from_path+0x18f/0x6e0 [ 115.241431][ T8849] ? tomoyo_profile+0x47/0x60 [ 115.241447][ T8849] tomoyo_path_number_perm+0x245/0x580 [ 115.241459][ T8849] ? tomoyo_path_number_perm+0x237/0x580 [ 115.241472][ T8849] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 115.241484][ T8849] ? find_held_lock+0x2b/0x80 [ 115.241509][ T8849] ? find_held_lock+0x2b/0x80 [ 115.241520][ T8849] ? hook_file_ioctl_common+0x145/0x410 [ 115.241539][ T8849] ? __fget_files+0x20e/0x3c0 [ 115.241555][ T8849] security_file_ioctl+0x9b/0x240 [ 115.241571][ T8849] __x64_sys_ioctl+0xb7/0x210 [ 115.241584][ T8849] do_syscall_64+0xcd/0x4c0 [ 115.241600][ T8849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.241610][ T8849] RIP: 0033:0x7fc1c6b8e929 [ 115.241619][ T8849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.241629][ T8849] RSP: 002b:00007fc1c7918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.241639][ T8849] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8e929 [ 115.241646][ T8849] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 115.241652][ T8849] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 115.241658][ T8849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.241663][ T8849] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 115.241676][ T8849] [ 115.241686][ T8849] ERROR: Out of memory at tomoyo_realpath_from_path. [ 115.516703][ T8865] overlayfs: missing 'workdir' [ 115.519124][ T40] audit: type=1400 audit(1751555842.057:345): avc: denied { create } for pid=8864 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 115.530987][ T40] audit: type=1400 audit(1751555842.057:346): avc: denied { bind } for pid=8864 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 115.541570][ T40] audit: type=1400 audit(1751555842.057:347): avc: denied { create } for pid=8864 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 115.549792][ T40] audit: type=1400 audit(1751555842.057:348): avc: denied { bind } for pid=8864 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 115.606627][ T8870] usb usb1: usbfs: process 8870 (syz.2.1114) did not claim interface 8 before use [ 116.491820][ T8899] FAULT_INJECTION: forcing a failure. [ 116.491820][ T8899] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.497192][ T8899] CPU: 0 UID: 0 PID: 8899 Comm: syz.0.1123 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 116.497217][ T8899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 116.497229][ T8899] Call Trace: [ 116.497235][ T8899] [ 116.497242][ T8899] dump_stack_lvl+0x16c/0x1f0 [ 116.497289][ T8899] should_fail_ex+0x512/0x640 [ 116.497325][ T8899] _copy_from_iter+0x29f/0x16f0 [ 116.497349][ T8899] ? __pfx_avc_has_perm+0x10/0x10 [ 116.497369][ T8899] ? __pfx__copy_from_iter+0x10/0x10 [ 116.497391][ T8899] ? avc_has_perm_noaudit+0x149/0x3b0 [ 116.497422][ T8899] ? sock_has_perm+0x259/0x2f0 [ 116.497439][ T8899] ? __pfx_sock_has_perm+0x10/0x10 [ 116.497460][ T8899] hci_sock_sendmsg+0x46d/0x25f0 [ 116.497490][ T8899] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 116.497521][ T8899] sock_write_iter+0x4ff/0x5b0 [ 116.497541][ T8899] ? __pfx_sock_write_iter+0x10/0x10 [ 116.497566][ T8899] ? bpf_lsm_file_permission+0x9/0x10 [ 116.497593][ T8899] ? security_file_permission+0x71/0x210 [ 116.497617][ T8899] ? rw_verify_area+0xcf/0x680 [ 116.497638][ T8899] vfs_write+0x6c4/0x1150 [ 116.497659][ T8899] ? __pfx_sock_write_iter+0x10/0x10 [ 116.497678][ T8899] ? __pfx_vfs_write+0x10/0x10 [ 116.497696][ T8899] ? find_held_lock+0x2b/0x80 [ 116.497730][ T8899] ksys_write+0x1f8/0x250 [ 116.497751][ T8899] ? __pfx_ksys_write+0x10/0x10 [ 116.497779][ T8899] do_syscall_64+0xcd/0x4c0 [ 116.497806][ T8899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.497823][ T8899] RIP: 0033:0x7f3fc5f8e929 [ 116.497838][ T8899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.497855][ T8899] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 116.497872][ T8899] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 116.497882][ T8899] RDX: 000000000000000d RSI: 0000200000000000 RDI: 0000000000000004 [ 116.497891][ T8899] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 116.497899][ T8899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.497911][ T8899] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 116.497934][ T8899] [ 116.665731][ T8913] FAULT_INJECTION: forcing a failure. [ 116.665731][ T8913] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.671095][ T8913] CPU: 0 UID: 0 PID: 8913 Comm: syz.2.1128 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 116.671118][ T8913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 116.671128][ T8913] Call Trace: [ 116.671134][ T8913] [ 116.671140][ T8913] dump_stack_lvl+0x16c/0x1f0 [ 116.671167][ T8913] should_fail_ex+0x512/0x640 [ 116.671193][ T8913] _copy_from_user+0x2e/0xd0 [ 116.671216][ T8913] copy_msghdr_from_user+0x98/0x160 [ 116.671241][ T8913] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 116.671267][ T8913] ? __lock_acquire+0x622/0x1c90 [ 116.671296][ T8913] ___sys_recvmsg+0xdb/0x1a0 [ 116.671319][ T8913] ? __pfx____sys_recvmsg+0x10/0x10 [ 116.671343][ T8913] ? find_held_lock+0x2b/0x80 [ 116.671375][ T8913] do_recvmmsg+0x2fe/0x750 [ 116.671400][ T8913] ? __pfx_do_recvmmsg+0x10/0x10 [ 116.671426][ T8913] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 116.671457][ T8913] ? __fget_files+0x20e/0x3c0 [ 116.671484][ T8913] __x64_sys_recvmmsg+0x22a/0x280 [ 116.671508][ T8913] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 116.671544][ T8913] do_syscall_64+0xcd/0x4c0 [ 116.671569][ T8913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.671585][ T8913] RIP: 0033:0x7fb06978e929 [ 116.671599][ T8913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.671615][ T8913] RSP: 002b:00007fb06a68a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 116.671631][ T8913] RAX: ffffffffffffffda RBX: 00007fb0699b5fa0 RCX: 00007fb06978e929 [ 116.671642][ T8913] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000003 [ 116.671652][ T8913] RBP: 00007fb06a68a090 R08: 0000000000000000 R09: 0000000000000000 [ 116.671662][ T8913] R10: 0000000000000023 R11: 0000000000000246 R12: 0000000000000001 [ 116.671671][ T8913] R13: 0000000000000000 R14: 00007fb0699b5fa0 R15: 00007fff8b1bd648 [ 116.671692][ T8913] [ 116.676825][ T8914] overlayfs: missing 'workdir' [ 116.707446][ T8910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.450784][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1138'. [ 117.454171][ T8943] openvswitch: : Dropping previously announced user features [ 117.520666][ T8949] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 117.524192][ T8949] overlayfs: failed to set xattr on upper [ 117.526453][ T8949] overlayfs: ...falling back to redirect_dir=nofollow. [ 117.529167][ T8949] overlayfs: ...falling back to index=off. [ 117.531496][ T8949] overlayfs: ...falling back to uuid=null. [ 117.537953][ T8949] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 117.568321][ T8949] random: crng reseeded on system resumption [ 117.579558][ T8952] FAULT_INJECTION: forcing a failure. [ 117.579558][ T8952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.583836][ T8952] CPU: 1 UID: 0 PID: 8952 Comm: syz.1.1142 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 117.583853][ T8952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 117.583860][ T8952] Call Trace: [ 117.583863][ T8952] [ 117.583868][ T8952] dump_stack_lvl+0x16c/0x1f0 [ 117.583887][ T8952] should_fail_ex+0x512/0x640 [ 117.583904][ T8952] _copy_from_iter+0x29f/0x16f0 [ 117.583920][ T8952] ? __alloc_skb+0x200/0x380 [ 117.583935][ T8952] ? __pfx__copy_from_iter+0x10/0x10 [ 117.583950][ T8952] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 117.583964][ T8952] netlink_sendmsg+0x829/0xdd0 [ 117.583977][ T8952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.583991][ T8952] ____sys_sendmsg+0xa95/0xc70 [ 117.584003][ T8952] ? copy_msghdr_from_user+0x10a/0x160 [ 117.584043][ T8952] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.584060][ T8952] ___sys_sendmsg+0x134/0x1d0 [ 117.584075][ T8952] ? __pfx____sys_sendmsg+0x10/0x10 [ 117.584088][ T8952] ? __lock_acquire+0x622/0x1c90 [ 117.584118][ T8952] __sys_sendmsg+0x16d/0x220 [ 117.584132][ T8952] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.584154][ T8952] do_syscall_64+0xcd/0x4c0 [ 117.584171][ T8952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.584181][ T8952] RIP: 0033:0x7f94f218e929 [ 117.584190][ T8952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.584200][ T8952] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.584211][ T8952] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 117.584217][ T8952] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 117.584223][ T8952] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 117.584229][ T8952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.584235][ T8952] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 117.584247][ T8952] [ 117.818630][ T8967] mmap: syz.0.1148 (8967) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 117.914947][ T8971] overlayfs: missing 'lowerdir' [ 118.475871][ T8976] syzkaller1: entered promiscuous mode [ 118.477694][ T8976] syzkaller1: entered allmulticast mode [ 118.625023][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 118.625034][ T40] audit: type=1400 audit(1751555845.167:364): avc: denied { bind } for pid=8979 comm="syz.1.1153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 118.686848][ T40] audit: type=1400 audit(1751555845.227:365): avc: denied { read } for pid=8985 comm="syz.0.1156" name="system" dev="devtmpfs" ino=712 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 118.699464][ T40] audit: type=1400 audit(1751555845.227:366): avc: denied { open } for pid=8985 comm="syz.0.1156" path="/dev/dma_heap/system" dev="devtmpfs" ino=712 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 118.705448][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.706615][ T8990] FAULT_INJECTION: forcing a failure. [ 118.706615][ T8990] name failslab, interval 1, probability 0, space 0, times 0 [ 118.706639][ T8990] CPU: 1 UID: 0 PID: 8990 Comm: syz.3.1157 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 118.706653][ T8990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.706659][ T8990] Call Trace: [ 118.706663][ T8990] [ 118.706667][ T8990] dump_stack_lvl+0x16c/0x1f0 [ 118.706685][ T8990] should_fail_ex+0x512/0x640 [ 118.706699][ T8990] ? fs_reclaim_acquire+0xae/0x150 [ 118.706711][ T8990] ? tomoyo_encode2+0x100/0x3e0 [ 118.706724][ T8990] should_failslab+0xc2/0x120 [ 118.706739][ T8990] __kmalloc_noprof+0xd2/0x510 [ 118.706752][ T8990] ? d_absolute_path+0x136/0x1a0 [ 118.706765][ T8990] tomoyo_encode2+0x100/0x3e0 [ 118.706780][ T8990] tomoyo_encode+0x29/0x50 [ 118.706794][ T8990] tomoyo_realpath_from_path+0x18f/0x6e0 [ 118.706812][ T8990] tomoyo_path_number_perm+0x245/0x580 [ 118.706823][ T8990] ? tomoyo_path_number_perm+0x237/0x580 [ 118.706836][ T8990] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 118.706849][ T8990] ? find_held_lock+0x2b/0x80 [ 118.706874][ T8990] ? find_held_lock+0x2b/0x80 [ 118.706885][ T8990] ? hook_file_ioctl_common+0x145/0x410 [ 118.706905][ T8990] ? __fget_files+0x20e/0x3c0 [ 118.706920][ T8990] security_file_ioctl+0x9b/0x240 [ 118.706935][ T8990] __x64_sys_ioctl+0xb7/0x210 [ 118.706948][ T8990] do_syscall_64+0xcd/0x4c0 [ 118.706963][ T8990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.706974][ T8990] RIP: 0033:0x7fc1c6b8e929 [ 118.706983][ T8990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.706993][ T8990] RSP: 002b:00007fc1c7918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.707003][ T8990] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8e929 [ 118.707009][ T8990] RDX: 0000200000000200 RSI: 000000004008af00 RDI: 0000000000000004 [ 118.707015][ T8990] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 118.707021][ T8990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.707027][ T8990] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 118.707039][ T8990] [ 118.707048][ T8990] ERROR: Out of memory at tomoyo_realpath_from_path. [ 118.717032][ T40] audit: type=1400 audit(1751555845.227:367): avc: denied { ioctl } for pid=8985 comm="syz.0.1156" path="/dev/dma_heap/system" dev="devtmpfs" ino=712 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 118.721844][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.723820][ T40] audit: type=1400 audit(1751555845.227:368): avc: denied { read write } for pid=8979 comm="syz.1.1153" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 118.725822][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.726078][ T40] audit: type=1400 audit(1751555845.227:369): avc: denied { open } for pid=8979 comm="syz.1.1153" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 118.727542][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.820672][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.823114][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.825684][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.828094][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.830512][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.832975][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.835874][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.838372][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.840980][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.843526][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.845918][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.848323][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.850703][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.853157][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.855663][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.858072][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.860478][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x2 [ 118.862903][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.865397][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.867771][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.870236][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.873060][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.876343][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.879356][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.882691][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.885452][ T9000] overlayfs: missing 'lowerdir' [ 118.886142][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.890362][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.893457][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.896436][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.899479][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.902501][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.905682][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.908697][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.911650][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.914765][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.917739][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.920802][ T839] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 118.933562][ T839] hid-generic 0000:007F:FFFFFFFE.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 118.962604][ T9003] fido_id[9003]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 119.596955][ T9016] FAULT_INJECTION: forcing a failure. [ 119.596955][ T9016] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.601820][ T9016] CPU: 3 UID: 0 PID: 9016 Comm: syz.1.1166 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 119.601841][ T9016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.601851][ T9016] Call Trace: [ 119.601856][ T9016] [ 119.601862][ T9016] dump_stack_lvl+0x16c/0x1f0 [ 119.601886][ T9016] should_fail_ex+0x512/0x640 [ 119.601907][ T9016] _copy_from_user+0x2e/0xd0 [ 119.601928][ T9016] copy_msghdr_from_user+0x98/0x160 [ 119.601948][ T9016] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 119.601976][ T9016] ___sys_sendmsg+0xfe/0x1d0 [ 119.601996][ T9016] ? __pfx____sys_sendmsg+0x10/0x10 [ 119.602013][ T9016] ? __lock_acquire+0x622/0x1c90 [ 119.602057][ T9016] __sys_sendmsg+0x16d/0x220 [ 119.602077][ T9016] ? __pfx___sys_sendmsg+0x10/0x10 [ 119.602107][ T9016] do_syscall_64+0xcd/0x4c0 [ 119.602129][ T9016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.602143][ T9016] RIP: 0033:0x7f94f218e929 [ 119.602154][ T9016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.602168][ T9016] RSP: 002b:00007f94efff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.602182][ T9016] RAX: ffffffffffffffda RBX: 00007f94f23b5fa0 RCX: 00007f94f218e929 [ 119.602192][ T9016] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 119.602200][ T9016] RBP: 00007f94efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 119.602207][ T9016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.602215][ T9016] R13: 0000000000000000 R14: 00007f94f23b5fa0 R15: 00007ffdadd00618 [ 119.602234][ T9016] [ 119.771921][ T40] audit: type=1400 audit(1751555846.307:370): avc: denied { create } for pid=9019 comm="syz.2.1169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 119.830971][ T40] audit: type=1400 audit(1751555846.367:371): avc: denied { write } for pid=9021 comm="syz.1.1168" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.073668][ T839] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 120.225982][ T9039] netlink: 'syz.0.1175': attribute type 29 has an invalid length. [ 120.234908][ T839] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 120.238248][ T839] usb 6-1: config 0 has no interface number 0 [ 120.240750][ T839] usb 6-1: config 0 interface 1 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 120.245456][ T839] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 120.249174][ T839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.262584][ T839] usb 6-1: config 0 descriptor?? [ 120.276539][ T839] iowarrior 6-1:0.1: no interrupt-in endpoint found [ 120.482960][ T40] audit: type=1400 audit(1751555847.017:372): avc: denied { mounton } for pid=9021 comm="syz.1.1168" path="/proc/671/task" dev="proc" ino=30413 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 120.494747][ T40] audit: type=1400 audit(1751555847.037:373): avc: denied { mounton } for pid=9021 comm="syz.1.1168" path="/proc/671/task" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 120.503567][ T9047] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input20 [ 120.668418][ T6025] usb 6-1: USB disconnect, device number 10 [ 120.717435][ T9055] kvm: pic: single mode not supported [ 120.719970][ T9055] kvm: pic: single mode not supported [ 120.741135][ T9055] kvm: pic: non byte read [ 120.747716][ T9055] kvm: pic: non byte read [ 121.096517][ T9061] block nbd3: shutting down sockets [ 121.261227][ T9069] overlayfs: missing 'lowerdir' [ 121.396067][ T9077] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input21 [ 121.552563][ T9083] block nbd2: shutting down sockets [ 121.984916][ T9101] SELinux: syz.2.1196 (9101) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 122.418956][ T9117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1202'. [ 122.422924][ T9117] FAULT_INJECTION: forcing a failure. [ 122.422924][ T9117] name failslab, interval 1, probability 0, space 0, times 0 [ 122.428594][ T9117] CPU: 2 UID: 0 PID: 9117 Comm: syz.0.1202 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 122.428618][ T9117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.428641][ T9117] Call Trace: [ 122.428650][ T9117] [ 122.428656][ T9117] dump_stack_lvl+0x16c/0x1f0 [ 122.428703][ T9117] should_fail_ex+0x512/0x640 [ 122.428731][ T9117] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 122.428755][ T9117] should_failslab+0xc2/0x120 [ 122.428794][ T9117] __kmalloc_cache_noprof+0x6a/0x3e0 [ 122.428816][ T9117] ? ovs_flow_tbl_init+0x8b/0x600 [ 122.428843][ T9117] ovs_flow_tbl_init+0x8b/0x600 [ 122.428869][ T9117] ovs_dp_cmd_new+0x251/0xe60 [ 122.428897][ T9117] ? rcu_is_watching+0x12/0xc0 [ 122.428920][ T9117] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 122.428949][ T9117] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 122.428971][ T9117] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 122.428998][ T9117] genl_family_rcv_msg_doit+0x209/0x2f0 [ 122.429022][ T9117] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 122.429053][ T9117] ? bpf_lsm_capable+0x9/0x10 [ 122.429071][ T9117] ? security_capable+0x7e/0x260 [ 122.429092][ T9117] ? ns_capable+0xd7/0x110 [ 122.429113][ T9117] genl_rcv_msg+0x55c/0x800 [ 122.429137][ T9117] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.429157][ T9117] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 122.429194][ T9117] netlink_rcv_skb+0x158/0x420 [ 122.429214][ T9117] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.429237][ T9117] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 122.429267][ T9117] ? netlink_deliver_tap+0x1ae/0xd30 [ 122.429299][ T9117] genl_rcv+0x28/0x40 [ 122.429316][ T9117] netlink_unicast+0x53d/0x7f0 [ 122.429337][ T9117] ? __pfx_netlink_unicast+0x10/0x10 [ 122.429361][ T9117] netlink_sendmsg+0x8d1/0xdd0 [ 122.429384][ T9117] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.429411][ T9117] ____sys_sendmsg+0xa95/0xc70 [ 122.429431][ T9117] ? copy_msghdr_from_user+0x10a/0x160 [ 122.429454][ T9117] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.429484][ T9117] ___sys_sendmsg+0x134/0x1d0 [ 122.429510][ T9117] ? __pfx____sys_sendmsg+0x10/0x10 [ 122.429532][ T9117] ? __lock_acquire+0x622/0x1c90 [ 122.429588][ T9117] __sys_sendmsg+0x16d/0x220 [ 122.429614][ T9117] ? __pfx___sys_sendmsg+0x10/0x10 [ 122.429655][ T9117] do_syscall_64+0xcd/0x4c0 [ 122.429682][ T9117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.429700][ T9117] RIP: 0033:0x7f3fc5f8e929 [ 122.429715][ T9117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.429731][ T9117] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.429746][ T9117] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 122.429759][ T9117] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 122.429769][ T9117] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 122.429779][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 122.429790][ T9117] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 122.429814][ T9117] [ 122.554668][ C2] vkms_vblank_simulate: vblank timer overrun [ 122.719140][ T9130] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 122.722275][ T9130] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 122.983513][ T9132] 9pnet_fd: p9_fd_create_tcp (9132): problem connecting socket to 127.0.0.1 [ 122.986643][ T9132] FAULT_INJECTION: forcing a failure. [ 122.986643][ T9132] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.990777][ T9132] CPU: 3 UID: 0 PID: 9132 Comm: syz.0.1208 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 122.990792][ T9132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.990799][ T9132] Call Trace: [ 122.990804][ T9132] [ 122.990808][ T9132] dump_stack_lvl+0x16c/0x1f0 [ 122.990827][ T9132] should_fail_ex+0x512/0x640 [ 122.990843][ T9132] _copy_to_user+0x32/0xd0 [ 122.990859][ T9132] simple_read_from_buffer+0xcb/0x170 [ 122.990873][ T9132] proc_fail_nth_read+0x197/0x270 [ 122.990888][ T9132] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.990901][ T9132] ? rw_verify_area+0xcf/0x680 [ 122.990913][ T9132] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.990926][ T9132] vfs_read+0x1e4/0xc60 [ 122.990940][ T9132] ? __pfx___mutex_lock+0x10/0x10 [ 122.990956][ T9132] ? __pfx_vfs_read+0x10/0x10 [ 122.990972][ T9132] ? __fget_files+0x20e/0x3c0 [ 122.990989][ T9132] ksys_read+0x12a/0x250 [ 122.991001][ T9132] ? __pfx_ksys_read+0x10/0x10 [ 122.991017][ T9132] do_syscall_64+0xcd/0x4c0 [ 122.991034][ T9132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.991045][ T9132] RIP: 0033:0x7f3fc5f8d33c [ 122.991053][ T9132] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 122.991064][ T9132] RSP: 002b:00007f3fc6d4e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 122.991074][ T9132] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8d33c [ 122.991080][ T9132] RDX: 000000000000000f RSI: 00007f3fc6d4e0a0 RDI: 0000000000000003 [ 122.991086][ T9132] RBP: 00007f3fc6d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 122.991092][ T9132] R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000002 [ 122.991098][ T9132] R13: 0000000000000001 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 122.991110][ T9132] [ 123.502147][ T9170] FAULT_INJECTION: forcing a failure. [ 123.502147][ T9170] name failslab, interval 1, probability 0, space 0, times 0 [ 123.519157][ T9170] CPU: 2 UID: 0 PID: 9170 Comm: syz.0.1220 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 123.519174][ T9170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.519180][ T9170] Call Trace: [ 123.519184][ T9170] [ 123.519188][ T9170] dump_stack_lvl+0x16c/0x1f0 [ 123.519207][ T9170] should_fail_ex+0x512/0x640 [ 123.519220][ T9170] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 123.519234][ T9170] should_failslab+0xc2/0x120 [ 123.519249][ T9170] __kmalloc_cache_noprof+0x6a/0x3e0 [ 123.519260][ T9170] ? __pfx___might_resched+0x10/0x10 [ 123.519273][ T9170] ? vhost_task_create+0xe5/0x2e0 [ 123.519283][ T9170] ? rcu_is_watching+0x12/0xc0 [ 123.519296][ T9170] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 123.519311][ T9170] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 123.519329][ T9170] vhost_task_create+0xe5/0x2e0 [ 123.519339][ T9170] ? __pfx_vhost_task_create+0x10/0x10 [ 123.519352][ T9170] ? __pfx_vhost_task_fn+0x10/0x10 [ 123.519368][ T9170] kvm_mmu_post_init_vm+0x1b7/0x370 [ 123.519382][ T9170] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 123.519402][ T9170] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 123.519417][ T9170] kvm_vcpu_ioctl+0x5eb/0x1690 [ 123.519430][ T9170] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 123.519446][ T9170] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 123.519463][ T9170] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 123.519481][ T9170] ? hook_file_ioctl_common+0x145/0x410 [ 123.519501][ T9170] ? selinux_file_ioctl+0x180/0x270 [ 123.519514][ T9170] ? selinux_file_ioctl+0xb4/0x270 [ 123.519528][ T9170] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 123.519541][ T9170] __x64_sys_ioctl+0x18b/0x210 [ 123.519553][ T9170] do_syscall_64+0xcd/0x4c0 [ 123.519570][ T9170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.519580][ T9170] RIP: 0033:0x7f3fc5f8e929 [ 123.519589][ T9170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.519599][ T9170] RSP: 002b:00007f3fc6d2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.519609][ T9170] RAX: ffffffffffffffda RBX: 00007f3fc61b6080 RCX: 00007f3fc5f8e929 [ 123.519633][ T9170] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 123.519640][ T9170] RBP: 00007f3fc6d2d090 R08: 0000000000000000 R09: 0000000000000000 [ 123.519646][ T9170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.519652][ T9170] R13: 0000000000000001 R14: 00007f3fc61b6080 R15: 00007ffe111ea958 [ 123.519665][ T9170] [ 123.543658][ T9173] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 123.606795][ T9173] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 124.067097][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 124.067148][ T40] audit: type=1400 audit(1751555850.607:377): avc: denied { ioctl } for pid=9187 comm="syz.2.1227" path="socket:[29647]" dev="sockfs" ino=29647 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.327844][ T40] audit: type=1326 audit(1751555850.867:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9207 comm="syz.1.1234" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f94f218e929 code=0x0 [ 124.388818][ T40] audit: type=1400 audit(1751555850.927:379): avc: denied { ioctl } for pid=9207 comm="syz.1.1234" path="/dev/vhost-net" dev="devtmpfs" ino=1300 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 124.423768][ T6007] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 124.437836][ T9213] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 124.440775][ T9213] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 124.903447][ T6007] usb 5-1: device descriptor read/64, error -71 [ 125.414353][ T6007] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 125.543658][ T6007] usb 5-1: device descriptor read/64, error -71 [ 125.659461][ T6007] usb usb5-port1: attempt power cycle [ 126.003580][ T6007] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 126.026201][ T6007] usb 5-1: device descriptor read/8, error -71 [ 126.186425][ T40] audit: type=1400 audit(1751555852.727:380): avc: denied { connect } for pid=9237 comm="syz.2.1246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 126.252102][ T40] audit: type=1400 audit(1751555852.787:381): avc: denied { mount } for pid=9244 comm="syz.1.1249" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 126.303524][ T6007] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 126.325135][ T6007] usb 5-1: device descriptor read/8, error -71 [ 126.444619][ T6007] usb usb5-port1: unable to enumerate USB device [ 126.848815][ T40] audit: type=1800 audit(1751555853.387:382): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1256" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 126.854070][ T9264] netfs: Couldn't get user pages (rc=-14) [ 127.051251][ T9272] FAULT_INJECTION: forcing a failure. [ 127.051251][ T9272] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.059060][ T9272] CPU: 1 UID: 0 PID: 9272 Comm: syz.3.1260 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 127.059085][ T9272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.059096][ T9272] Call Trace: [ 127.059102][ T9272] [ 127.059108][ T9272] dump_stack_lvl+0x16c/0x1f0 [ 127.059138][ T9272] should_fail_ex+0x512/0x640 [ 127.059165][ T9272] _copy_from_user+0x2e/0xd0 [ 127.059190][ T9272] dma_heap_ioctl+0x16f/0x610 [ 127.059211][ T9272] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 127.059242][ T9272] ? selinux_file_ioctl+0x180/0x270 [ 127.059263][ T9272] ? selinux_file_ioctl+0xb4/0x270 [ 127.059286][ T9272] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 127.059304][ T9272] __x64_sys_ioctl+0x18b/0x210 [ 127.059324][ T9272] do_syscall_64+0xcd/0x4c0 [ 127.059349][ T9272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.059367][ T9272] RIP: 0033:0x7fc1c6b8e929 [ 127.059379][ T9272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.059393][ T9272] RSP: 002b:00007fc1c7918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.059404][ T9272] RAX: ffffffffffffffda RBX: 00007fc1c6db5fa0 RCX: 00007fc1c6b8e929 [ 127.059410][ T9272] RDX: 0000200000000200 RSI: 000000004008af00 RDI: 0000000000000004 [ 127.059416][ T9272] RBP: 00007fc1c7918090 R08: 0000000000000000 R09: 0000000000000000 [ 127.059423][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.059428][ T9272] R13: 0000000000000000 R14: 00007fc1c6db5fa0 R15: 00007ffe7e7749b8 [ 127.059441][ T9272] [ 127.218236][ T9287] ================================================================== [ 127.221226][ T9287] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x549/0x640 [ 127.224222][ T9287] Read of size 1 at addr ffff88802966ac30 by task syz.0.1267/9287 [ 127.228191][ T9287] [ 127.229433][ T9287] CPU: 1 UID: 0 PID: 9287 Comm: syz.0.1267 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 127.229459][ T9287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.229476][ T9287] Call Trace: [ 127.229484][ T9287] [ 127.229490][ T9287] dump_stack_lvl+0x116/0x1f0 [ 127.229522][ T9287] print_report+0xcd/0x680 [ 127.229550][ T9287] ? __virt_addr_valid+0x81/0x610 [ 127.229570][ T9287] ? __phys_addr+0xe8/0x180 [ 127.229591][ T9287] ? rose_get_neigh+0x549/0x640 [ 127.229612][ T9287] kasan_report+0xe0/0x110 [ 127.229637][ T9287] ? rose_get_neigh+0x549/0x640 [ 127.229660][ T9287] rose_get_neigh+0x549/0x640 [ 127.229682][ T9287] rose_connect+0x2d4/0x1540 [ 127.229701][ T9287] ? __pfx_rose_connect+0x10/0x10 [ 127.229718][ T9287] ? selinux_netlbl_socket_connect+0x30/0x40 [ 127.229743][ T9287] ? rcu_is_watching+0x12/0xc0 [ 127.229765][ T9287] ? __local_bh_enable_ip+0xa4/0x120 [ 127.229786][ T9287] ? lockdep_hardirqs_on+0x7c/0x110 [ 127.229810][ T9287] ? selinux_netlbl_socket_connect+0x30/0x40 [ 127.229833][ T9287] ? __local_bh_enable_ip+0xa4/0x120 [ 127.229854][ T9287] ? selinux_netlbl_socket_connect+0x30/0x40 [ 127.229878][ T9287] ? selinux_socket_connect+0x6b/0x80 [ 127.229899][ T9287] ? __pfx_rose_connect+0x10/0x10 [ 127.229915][ T9287] __sys_connect_file+0x141/0x1a0 [ 127.229938][ T9287] __sys_connect+0x13b/0x160 [ 127.229960][ T9287] ? __pfx___sys_connect+0x10/0x10 [ 127.229986][ T9287] ? xfd_validate_state+0x61/0x180 [ 127.230012][ T9287] __x64_sys_connect+0x72/0xb0 [ 127.230032][ T9287] ? lockdep_hardirqs_on+0x7c/0x110 [ 127.230055][ T9287] do_syscall_64+0xcd/0x4c0 [ 127.230081][ T9287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.230099][ T9287] RIP: 0033:0x7f3fc5f8e929 [ 127.230114][ T9287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.230133][ T9287] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 127.230150][ T9287] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 127.230162][ T9287] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 127.230175][ T9287] RBP: 00007f3fc6010b39 R08: 0000000000000000 R09: 0000000000000000 [ 127.230185][ T9287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.230195][ T9287] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 127.230211][ T9287] [ 127.230217][ T9287] [ 127.304698][ T5952] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 127.306835][ T9287] Allocated by task 6397: [ 127.306847][ T9287] kasan_save_stack+0x33/0x60 [ 127.306869][ T9287] kasan_save_track+0x14/0x30 [ 127.306888][ T9287] __kasan_kmalloc+0xaa/0xb0 [ 127.306905][ T9287] batadv_forw_packet_alloc+0x3ad/0x4e0 [ 127.310500][ T5952] Bluetooth: hci0: Injecting HCI hardware error event [ 127.313202][ T9287] batadv_iv_ogm_aggregate_new+0x13c/0x4c0 [ 127.313237][ T9287] batadv_iv_ogm_schedule_buff+0xe77/0x14e0 [ 127.315551][ T5952] Bluetooth: hci0: hardware error 0x00 [ 127.317422][ T9287] batadv_iv_send_outstanding_bat_ogm_packet+0x329/0x920 [ 127.317444][ T9287] process_one_work+0x9cf/0x1b70 [ 127.317455][ T9287] worker_thread+0x6c8/0xf10 [ 127.317466][ T9287] kthread+0x3c2/0x780 [ 127.337669][ T9287] ret_from_fork+0x5d4/0x6f0 [ 127.339206][ T9287] ret_from_fork_asm+0x1a/0x30 [ 127.341007][ T9287] [ 127.341941][ T9287] Freed by task 6397: [ 127.343433][ T9287] kasan_save_stack+0x33/0x60 [ 127.344850][ T9287] kasan_save_track+0x14/0x30 [ 127.346200][ T9287] kasan_save_free_info+0x3b/0x60 [ 127.347638][ T9287] __kasan_slab_free+0x51/0x70 [ 127.349066][ T9287] kfree+0x2b4/0x4d0 [ 127.350349][ T9287] batadv_iv_send_outstanding_bat_ogm_packet+0x26d/0x920 [ 127.352372][ T9287] process_one_work+0x9cf/0x1b70 [ 127.353739][ T9287] worker_thread+0x6c8/0xf10 [ 127.355027][ T9287] kthread+0x3c2/0x780 [ 127.356203][ T9287] ret_from_fork+0x5d4/0x6f0 [ 127.357479][ T9287] ret_from_fork_asm+0x1a/0x30 [ 127.358852][ T9287] [ 127.359625][ T9287] Last potentially related work creation: [ 127.361238][ T9287] kasan_save_stack+0x33/0x60 [ 127.362655][ T9287] kasan_record_aux_stack+0xa7/0xc0 [ 127.364400][ T9287] insert_work+0x36/0x230 [ 127.366042][ T9287] __queue_work+0x3f8/0x10f0 [ 127.367464][ T9287] call_timer_fn+0x197/0x620 [ 127.368847][ T9287] __run_timers+0x569/0x960 [ 127.370264][ T9287] run_timer_base+0x114/0x190 [ 127.371618][ T9287] run_timer_softirq+0x1a/0x40 [ 127.373003][ T9287] handle_softirqs+0x219/0x8e0 [ 127.374372][ T9287] __irq_exit_rcu+0x109/0x170 [ 127.375711][ T9287] irq_exit_rcu+0x9/0x30 [ 127.377105][ T9287] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 127.378950][ T9287] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 127.381000][ T9287] [ 127.381760][ T9287] The buggy address belongs to the object at ffff88802966ac00 [ 127.381760][ T9287] which belongs to the cache kmalloc-512 of size 512 [ 127.385621][ T9287] The buggy address is located 48 bytes inside of [ 127.385621][ T9287] freed 512-byte region [ffff88802966ac00, ffff88802966ae00) [ 127.389525][ T9287] [ 127.390240][ T9287] The buggy address belongs to the physical page: [ 127.392030][ T9287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29668 [ 127.394480][ T9287] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 127.396782][ T9287] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 127.399007][ T9287] page_type: f5(slab) [ 127.400504][ T9287] raw: 00fff00000000040 ffff88801b842c80 ffffea0000ed6f00 dead000000000002 [ 127.403196][ T9287] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 127.405631][ T9287] head: 00fff00000000040 ffff88801b842c80 ffffea0000ed6f00 dead000000000002 [ 127.408096][ T9287] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 127.411170][ T9287] head: 00fff00000000002 ffffea0000a59a01 00000000ffffffff 00000000ffffffff [ 127.414346][ T9287] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 127.417341][ T9287] page dumped because: kasan: bad access detected [ 127.419654][ T9287] page_owner tracks the page as allocated [ 127.421617][ T9287] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/0:0), ts 61966643270, free_ts 61706409881 [ 127.428135][ T9287] post_alloc_hook+0x1c0/0x230 [ 127.429693][ T9287] get_page_from_freelist+0x1321/0x3890 [ 127.431464][ T9287] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 127.433312][ T9287] alloc_pages_mpol+0x1fb/0x550 [ 127.434970][ T9287] new_slab+0x23b/0x330 [ 127.436386][ T9287] ___slab_alloc+0xd9c/0x1940 [ 127.438018][ T9287] __slab_alloc.constprop.0+0x56/0xb0 [ 127.439859][ T9287] __kmalloc_cache_noprof+0xfb/0x3e0 [ 127.441816][ T9287] drm_atomic_helper_setup_commit+0x63a/0x15d0 [ 127.443983][ T9287] drm_atomic_helper_commit+0xa9/0x380 [ 127.445541][ T9287] drm_atomic_commit+0x234/0x300 [ 127.446898][ T9287] drm_atomic_helper_dirtyfb+0x5fd/0x780 [ 127.448484][ T9287] drm_fbdev_shmem_helper_fb_dirty+0x1c9/0x340 [ 127.450219][ T9287] drm_fb_helper_damage_work+0x27e/0x5f0 [ 127.451811][ T9287] process_one_work+0x9cf/0x1b70 [ 127.453236][ T9287] worker_thread+0x6c8/0xf10 [ 127.454562][ T9287] page last free pid 6460 tgid 6455 stack trace: [ 127.456306][ T9287] __free_frozen_pages+0x7fe/0x1180 [ 127.457732][ T9287] stack_depot_save_flags+0x354/0xa40 [ 127.459476][ T9287] kasan_save_stack+0x42/0x60 [ 127.460996][ T9287] kasan_save_track+0x14/0x30 [ 127.462282][ T9287] __kasan_slab_alloc+0x89/0x90 [ 127.463568][ T9287] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 127.465060][ T9287] audit_log_start+0x2c5/0x7f0 [ 127.466364][ T9287] common_lsm_audit+0xb2/0x300 [ 127.467703][ T9287] slow_avc_audit+0x186/0x210 [ 127.469147][ T9287] cred_has_capability.isra.0+0x26d/0x2f0 [ 127.470836][ T9287] security_capable+0xd3/0x260 [ 127.472162][ T9287] capable+0x6f/0x110 [ 127.473257][ T9287] dev_load+0x1d3/0x240 [ 127.474414][ T9287] dev_ioctl+0x19c/0x10e0 [ 127.475603][ T9287] sock_ioctl+0x5b3/0x6b0 [ 127.476793][ T9287] __x64_sys_ioctl+0x18b/0x210 [ 127.478195][ T9287] [ 127.478879][ T9287] Memory state around the buggy address: [ 127.480541][ T9287] ffff88802966ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 127.482789][ T9287] ffff88802966ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 127.485038][ T9287] >ffff88802966ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.487236][ T9287] ^ [ 127.488841][ T9287] ffff88802966ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.491201][ T9287] ffff88802966ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.493430][ T9287] ================================================================== [ 127.495828][ T9287] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 127.497876][ T9287] CPU: 1 UID: 0 PID: 9287 Comm: syz.0.1267 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 127.501748][ T9287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.505267][ T9287] Call Trace: [ 127.506387][ T9287] [ 127.507244][ T9287] dump_stack_lvl+0x3d/0x1f0 [ 127.508627][ T9287] panic+0x71c/0x800 [ 127.510041][ T9287] ? __pfx_panic+0x10/0x10 [ 127.511417][ T9287] ? irqentry_exit+0x3b/0x90 [ 127.512767][ T9287] ? lockdep_hardirqs_on+0x7c/0x110 [ 127.514297][ T9287] ? rose_get_neigh+0x549/0x640 [ 127.515911][ T9287] ? rose_get_neigh+0x549/0x640 [ 127.517731][ T9287] check_panic_on_warn+0xab/0xb0 [ 127.519516][ T9287] end_report+0x107/0x170 [ 127.521156][ T9287] kasan_report+0xee/0x110 [ 127.522765][ T9287] ? rose_get_neigh+0x549/0x640 [ 127.524353][ T9287] rose_get_neigh+0x549/0x640 [ 127.525811][ T9287] rose_connect+0x2d4/0x1540 [ 127.527288][ T9287] ? __pfx_rose_connect+0x10/0x10 [ 127.528912][ T9287] ? selinux_netlbl_socket_connect+0x30/0x40 [ 127.530939][ T9287] ? rcu_is_watching+0x12/0xc0 [ 127.532383][ T9287] ? __local_bh_enable_ip+0xa4/0x120 [ 127.534368][ T9287] ? lockdep_hardirqs_on+0x7c/0x110 [ 127.536045][ T9287] ? selinux_netlbl_socket_connect+0x30/0x40 [ 127.538018][ T9287] ? __local_bh_enable_ip+0xa4/0x120 [ 127.539571][ T9287] ? selinux_netlbl_socket_connect+0x30/0x40 [ 127.541270][ T9287] ? selinux_socket_connect+0x6b/0x80 [ 127.542792][ T9287] ? __pfx_rose_connect+0x10/0x10 [ 127.544226][ T9287] __sys_connect_file+0x141/0x1a0 [ 127.545795][ T9287] __sys_connect+0x13b/0x160 [ 127.547529][ T9287] ? __pfx___sys_connect+0x10/0x10 [ 127.549300][ T9287] ? xfd_validate_state+0x61/0x180 [ 127.551075][ T9287] __x64_sys_connect+0x72/0xb0 [ 127.552657][ T9287] ? lockdep_hardirqs_on+0x7c/0x110 [ 127.554175][ T9287] do_syscall_64+0xcd/0x4c0 [ 127.555483][ T9287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.557634][ T9287] RIP: 0033:0x7f3fc5f8e929 [ 127.559328][ T9287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.566135][ T9287] RSP: 002b:00007f3fc6d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 127.569012][ T9287] RAX: ffffffffffffffda RBX: 00007f3fc61b5fa0 RCX: 00007f3fc5f8e929 [ 127.571910][ T9287] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 127.574832][ T9287] RBP: 00007f3fc6010b39 R08: 0000000000000000 R09: 0000000000000000 [ 127.577433][ T9287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.580195][ T9287] R13: 0000000000000000 R14: 00007f3fc61b5fa0 R15: 00007ffe111ea958 [ 127.583114][ T9287] [ 127.584987][ T9287] Kernel Offset: disabled [ 127.586596][ T9287] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:17:33 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000007 RBX=0000000000000003 RCX=ffffffff95d508f0 RDX=0000000000000004 RSI=0000000000000003 RDI=ffff8880365c0b68 RBP=ffff8880365c0000 RSP=ffffc9000d657600 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000078 R11=0000000000000001 R12=ffff8880365c0af0 R13=ffff8880365c0b68 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81985a63 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6752000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000051b71000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff8b1bd9d0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bffa5 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc9000d76f688 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000061 R14=ffffffff9b0882e0 R15=ffffffff855bff40 RIP=ffffffff855bffcf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f3fc6d4e6c0 ffffffff 00c00000 GS =0000 ffff8880d6852000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb06a689f98 CR3=0000000059329000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6011b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6011b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6011b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6011b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6011bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6011c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6184488 00007f3fc6184480 00007f3fc6184478 00007f3fc6184450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6ced100 00007f3fc6184440 00007f3fc6184458 00007f3fc61844a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fc6184498 00007f3fc6184490 00007f3fc6184488 00007f3fc6184480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000297037 RBX=0000000000000002 RCX=ffffffff8b80dc69 RDX=0000000000000000 RSI=ffffffff8de1a53e RDI=ffffffff8c157d60 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000001 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000001 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90a81050 R15=0000000000000000 RIP=ffffffff8b80c7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6952000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb0699b7bac CR3=0000000052de4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe7e774d40 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1c6c11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1c6c11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1c6c11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1c6c11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1c6c11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1c6c11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffff88807ffd8178 RBX=ffff88806a740040 RCX=ffffffff821505c8 RDX=0000000000000000 RSI=0000000000000008 RDI=ffff88807ffd8178 RBP=0000000000000865 RSP=ffffc90003a071f8 R8 =ffff88806a740098 R9 =00000000000025ac R10=ffff88807ffd817f R11=0000000000000000 R12=ffff88807ffd7b80 R13=ffff88806a740080 R14=ffff88807ffd8178 R15=000000000000003f RIP=ffffffff8222f4c2 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a52000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055558fdb95c8 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff8b1bd9d0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb069811c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000