last executing test programs: 3.502235026s ago: executing program 1 (id=1539): r0 = socket(0x2, 0x3, 0xff) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) (async) sendmmsg$unix(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000005c0)="18fcae977278aeffab01b11015896dd2979391ede335535b8440ca4f71a0665a", 0x20}, {&(0x7f0000000a40)="3c461db21f359a301daa9235d18f8f1eea469986056aa67fe19ee45510d8503c7a6aa38405c7ac97320f4b977800fa3f3ae9494b2791bb62939de5a7db2d5d9889eecc4e16b58ed4997cc270f77b4cd278bbe54a6b09a1aa6c3ad88c03b8976ea7dcb81c1ed051edeef46e46ae8bc80965e5090eee3a0641c6487a492ae09c13d56a0c71f9b06a52cecdf37566319973eb252c5ff614ff38103224986a050d5a266e35618f6b7441b16b574cf1dcb74d38615f792516335b92293ed5b4226025c165ad2d11b04f4d9dc3e4786d495d7dd60be65a2bbe0dee1fd24402a204c384112dbf293c793f0e2f419120019e70f6801c93e7b1e2f48fa54cd1b12e6a3c5f1890173ed87b77465694fec4ba417f9662ed6d83a8f72aedee7a541e1a597fcd59d0a517799a35d2a0a2514f38fb6075ea3846964d6c85a17365ef718eeaea9493dfe0de1e744904f6a4e8cc44b5234af818d5ca1ce87be3acc9fb76fde08591d877f15b4a892be7911eb4b4eb665df513e6e9c604681adf691f04360a7c8d25be9cc125323a7daf87cf5d33eb4744861154aec48998fb0f4bf01b7c10e18da48636347505a3c6f120ca076e428f908ac7ef8496f2e30f57fe838c283db72562133e46bbd9043b5110e2f78c1491fb6cb52980782b775941d18db3686147fb70271ec5243c961dc8b49c89c2a29c080a639eade12a682e9e89a3dc15bfad9d74a9ce23812352fb51ab95708cd6161a2fde3cbb44030fd6c7d588c02a324ee5c93618f18baa3ce716b93b68670e8bfb95e34f915e0a8844cbefefd4172a5b8f0ddd044a7eb22b83ca01b5df88d996a653613ec02543380573946e6fe082db315f9115cbf500b619988d3fffcd058cfe6fd772fdf6c5f1080d867573c48c3ca2d75fb66bee8eb0004ceeb4b67d3705bbc80f08e8e8b7ed9c104d6d76396048e0cd74dda2c479176d958c0e6013f75cb3065f6c81a07ea64e332cf8560a26d9fe3766800ba26643d0fd4c6dc93ab306c08b471c4c34f6e04501998a2b216cb1a4d1d6c19a7a2895c9280fc503199afbbbe796537dbb393bcf2efad935f3c7aff62e7899003d4c9ea9df09e1f0cef176fad6d60848499857ad8d7be96a24ae363bdc958b6accf4535d738bba002d7490cbbcd51d721d4ab72b06e8fd3d0b6cd2100dc3a278cdd74a97730d810fd6b69b520f2970ecfb60a6ba2816d3660ef216f5bee3797d99a0bb7f5b08923329210272944dfe9974ec2aa30813e15e1926855a583f7d8a7791fbc3a9afd7c4acc0edb18c10a54db85b145273b1dd26446721994fa7efe7065d00f192b53639bbee8393d8e64aa8beadf5fa1a5f87845df37dee8c7d50c8cb29aa8ee051e0ac427083ce111e4f470f0b8022391d50a3d4b7402c7f2808427e6f738fcdd1f6be1769b137b5258586231324a515182a4213fa289f421dcbc9835fff2ceff8024777835839be1efd2ff2205cf5a86396092e8517d80d141dc4224dd3a9be7072767fb5aaa2f105150495434e952e003e2262756f00f3db9a41afb36880e0a272c0dfa774dc74ab7183a23605e82017ea96ce835410fcde4df2104e5bf866bd875f3d240d45d4fa9ebd80a9768355e4c8bd657706cba8ac3e8944b1d4405c437b486da5221b3da7d1db9400d5c6b39884efef0750fb8e915a2300e3dedf54289165ffdb0e74fb8d68152a3f627486012416bb971fe224eeb23fa874c68e87595f548aeaf2edc6fe7b478dbd31b71455c4a5397e125b2ec8893ed5c00bcd11eed3cedbda73093b8810f1f96b0b84dd3a48301e604a7eac93c749003a80b93123793d3970ae2effaf9e6b482aad3259e74f0d6e518190a03f299f9636f05a42152cd1bd3446a2202a6151ba0293d543499c94e2315a7b79b3a0902d2b0d76a5f30358bd5d3156974759567aea83967bb9d766878f9ea3550dabaed041e0e5f20207b888457e2ae70427968a68fbe9745028ac0e7360eada60656bb1d406e90e0fe5f532f643c3a1c51f5cd4fbdcda285a8186b53fb52fdee0209fb2de9749d434a85ba58b5a6024ff7e5684a69e07f6278f9f5815", 0x5bd}], 0x2, 0x0, 0x0, 0x811}}], 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000008c0)={0xc0}) (async) mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8001, &(0x7f0000000080)=0x9f0, 0x40, 0x0) (async) creat(&(0x7f0000000080)='./bus\x00', 0xa) 3.501804801s ago: executing program 1 (id=1540): r0 = inotify_init1(0x0) syz_clone(0x0, &(0x7f00000000c0)="8284a13d98edc8236e81fb49a95b7a038564b4a2d6b5bddf946a94e093fa3d469bb9ff8df1f029b90a6a01f1cfd758d77e924df0f078ee60ca60871e6f0c", 0x3e, &(0x7f0000000100), &(0x7f0000000140), &(0x7f00000001c0)="e6de35aeb6d1beeaa68ff1674fc56dd17a8c9619c5dba08c40bdfc52d0668d889151a3ea0e56def68ddda75bcb76d1829574e026772d4c520ed38b0ff2440bb19becb7fd3bdf22fefba0730109a28a84321dba5e1be6976bbbfbf90f21a10da16a2d8b95c944603bc725f2a27c5af9d63d076799a20bcc3001b16501ca4c40f88bd2b8a1e4064a1b1d67a308af4b7c03cbb0fe1a3a305047eb2fbb71dedfe0453f7aa49eff") fcntl$setown(r0, 0x8, 0xffffffffffffffff) syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @random="44b53e0f1690", @void, {@ipv6={0x86dd, @dccp_packet={0x7, 0x6, "180a36", 0x20, 0x21, 0x0, @private1, @mcast2, {[@srh={0x3b, 0x0, 0x4, 0x0, 0x7, 0x0, 0x4}, @hopopts={0x89}], {{0x4e2b, 0x4e23, 0x4, 0x1, 0x5, 0x0, 0x0, 0x9, 0x7, '\x00', 0x80, "a3c42f"}}}}}}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3cb2a17f2a01ee9443c6bcbe576fd301000010001307000000df00000000fe8000000000000000000000000000bbac1e00010000000000000000000000000000b98ab2032bb78f61fb5a4ca73905bc3683419ca01e5215747b7985da163d525fd7b129fc15cf53e7e29135ee70a492256f51c0cab65a97a668882f5b1237026c7363a00eb3f2ee6b86ce9b8026e1e5285120d4f28ec44b614f380f22f1cdbf0d55dd971e023f5984ad4681ac17568d89a299423a5291693c307c0f8c", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa00000000330000002001000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00050000000000000000004c0014007368613100"/244], 0x13c}}, 0x20040000) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) move_pages(r2, 0x1, &(0x7f0000000740)=[&(0x7f00007c7000/0x3000)=nil], 0x0, 0x0, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000780)={'dummy0\x00', 0x0}) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd6000000000002d9300000c00018008000100", @ANYRES32=r5], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000) ptrace$setsig(0x4203, r2, 0x0, &(0x7f0000000000)={0x32, 0x7, 0x3}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000340)="07000000010003", 0x7) 3.43502281s ago: executing program 1 (id=1544): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x8, r2, 0x0, 0x1, 0x1bfe1f, 0x1, &(0x7f0000000080)="f4", 0x10000}) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) readv(r4, &(0x7f0000000780)=[{&(0x7f0000000180)=""/57, 0x39}], 0x1) r5 = socket$kcm(0x10, 0x400000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$cgroup_subtree(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="33fe0000660091ef"], 0xfe33) syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') userfaultfd(0x801) syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000180)={0x201, 0x1, &(0x7f0000000540)=[r7], &(0x7f0000000500)=[0x1], &(0x7f0000000200), &(0x7f0000000580), 0x0, 0x7f}) 2.212301362s ago: executing program 1 (id=1566): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x8af, 0x804, 0xb0af41a30d65693a, 0x1, 0xd59f83, 0x19f7, 0x42, 0x8, 0x3, 0x7, 0x2800, 0x2800, 0x2, 0xba2, 0xd, 0x23, {0x8, 0xffffffff}, 0xd0, 0x89}}) (async) r2 = fcntl$dupfd(r0, 0x406, r0) ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async) ioctl$KDSIGACCEPT(r2, 0x800455c9, 0x32) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x17, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x1, 0x2}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, &(0x7f0000000200)=""/245) 2.084452706s ago: executing program 2 (id=1574): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x8, r2, 0x0, 0x1, 0x1bfe1f, 0x1, &(0x7f0000000080)="f4", 0x10000}) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) readv(r4, &(0x7f0000000780)=[{&(0x7f0000000180)=""/57, 0x39}], 0x1) r5 = socket$kcm(0x10, 0x400000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$cgroup_subtree(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="33fe0000660091ef"], 0xfe33) syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') userfaultfd(0x801) syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000180)={0x201, 0x1, &(0x7f0000000540)=[r7], &(0x7f0000000500)=[0x1], &(0x7f0000000200), &(0x7f0000000580), 0x0, 0x7f}) 875.433427ms ago: executing program 2 (id=1624): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup2(r0, r0) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r1, 0x12, 0x0, 0x0) (async, rerun: 32) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x405, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc010, 0xc100}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x54011, 0x44800}}}}}}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async, rerun: 32) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)={0x44, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x44}}, 0x0) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'dummy0\x00', 0x0}) (rerun: 64) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="080000000000000020001f800b0001006d61637365630000100002800c100100ffffffffffffffff08000500", @ANYRES32=r5, @ANYBLOB], 0x48}}, 0x0) 811.257706ms ago: executing program 2 (id=1627): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00`\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 809.383097ms ago: executing program 2 (id=1629): unshare(0x4002fffe) 757.287609ms ago: executing program 2 (id=1631): r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) (async) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') (async) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x10000040) (async) pread64(r1, &(0x7f0000000180)=""/15, 0xfffffe9c, 0xb6) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0x9, 0x1}) (async) ioctl$BLKRRPART(r0, 0x125f, 0x0) syz_clone(0x5948000, 0x0, 0x0, 0x0, 0x0, 0x0) readv(r0, &(0x7f00000025c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/239, 0xffffffda}, {&(0x7f00000013c0)=""/195, 0xc3}, {&(0x7f0000000100)=""/62, 0x3e}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f00000024c0)=""/251, 0xfb}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000240)=""/56, 0x38}], 0x9) 599.228188ms ago: executing program 2 (id=1633): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x8, r2, 0x0, 0x1, 0x1bfe1f, 0x1, &(0x7f0000000080)="f4", 0x10000}) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) readv(r4, &(0x7f0000000780)=[{&(0x7f0000000180)=""/57, 0x39}], 0x1) socket$kcm(0x10, 0x400000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$key(0xf, 0x3, 0x2) syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') userfaultfd(0x801) syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x201, 0x1, &(0x7f0000000540)=[r6], &(0x7f0000000500)=[0x1], &(0x7f0000000200), &(0x7f0000000580), 0x0, 0x7f}) 374.574938ms ago: executing program 0 (id=1635): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff02000000000000000000000000000186009078010000000000000007000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af030200010000000500000000260004000018fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177304c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b104185e6ecd9822ba95392343e9bbd047ef6071ba42399907ccd0a562db212baa39eb8164e241123f5ac01000000000000009009235a670670ffc5dc49dfb58d000000000000001f0b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b108474347567f6ae609ab2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107b8a3e100908f61640000006f00fec0ffff0041bf919e0000ff0bc0fe000000000000000002000002d9a02745000400000000130cf4000000145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0005d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed00"/950], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000640)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000340)={0xe, "f2c0c7fc1601f365c9878d9ed2b4aa5463968946fc1e31dab8210d9c07c3f1db248dce940fdd0f0b834ba3e619dc18b4bfa0d03d4837d3d4a05ae6130243e20555fc8c582e2e19178fc903635c389bd9c80a6df7e74cf2aa638f4b66158bc23539071e770ea7aa13aafe862e0560ab2613d20baecd5dc4b3f00028105ca4fd12"}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10) r2 = socket(0x2, 0x3, 0x6) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) syz_emit_vhci(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) io_uring_setup(0x4a2c, &(0x7f0000000a40)={0x0, 0x9f7f, 0xffffffffffffffff, 0xfffffffe, 0x403bd}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x4, 0x0, 0x0) r7 = dup(r6) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) close_range(r4, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000880)=ANY=[@ANYBLOB="03c800c9c4dcc044bb34f8886c8e84954c0c8facaf733681dddc0ea50690960e32d63cac48da266497b98939438ddbf1e97ac1d8a9554cd79e4c6196c283725c7f9f42b4ae7a529665ec4043ca72a83e45bd0025ffb4c139e4e6e38644fa98d36a3c39e08713466e76979988dcd6bfdeaa8fdafe89712ddf2ae1490d8084865b5dbf9806c788153c00c3f7f768b4be6ea612ca6d69e4358759f7750b8bece87ba0a08dcc0a00b569fdf343ea5e93f1ca43cc4d19b82ac84bba7686de42b7858d716d4ee5d11a"], 0xcd) sendto$inet(r7, 0x0, 0x0, 0x4040f7d, &(0x7f0000e68000)={0x2, 0x4e24, @private=0xa010102}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000500)=0x14e, 0x4) sendmmsg$inet(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000a80)="537eb9", 0x3}], 0x1}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) r8 = pidfd_getfd(0xffffffffffffffff, r2, 0x0) add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000100)="305c0605e182d12fd8326183700398d1c7d7982b8f57fb20a3adc9e3baa292ce8f0a861e6417acfc8648ad1b93d502b0cd490e35d53ddf6fd0461690982b2369490100b06df5aa58a09a000000808ce41d86b9b949004fd8fe7b80000000", 0x5e, 0xfffffffffffffffe) openat$cgroup_type(r8, &(0x7f0000000000), 0x2, 0x0) 246.725328ms ago: executing program 0 (id=1636): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) fsetxattr$trusted_overlay_origin(r0, 0x0, 0x0, 0x0, 0x1) 246.534848ms ago: executing program 0 (id=1637): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000002e00000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22ad7d4682c4efac4e4921893a2d4a376fc410a03c1a3a30bea1741b55b7e2c47dd8417bcfbe8b33bcc79801f0eecb82ae325b597e6d2f075a097fb56cbcc30fd2138ee5034c3970add9b660ef438c652b44ef623717dd08236baf7c3787b6", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010000490780000"], 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@multicast1, @initdev, 0x0}, &(0x7f0000000080)=0xc) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x401, '\x00', r2, 0xffffffffffffffff, 0x4, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) 245.365376ms ago: executing program 0 (id=1638): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000004c0)=@security={'security\x00', 0x4, 0x4, 0x3d0, 0xffffffff, 0x1c0, 0x0, 0x1c0, 0xffffffff, 0xffffffff, 0x300, 0x300, 0x300, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@dev, @remote, [], [], 'bridge_slave_1\x00', 'geneve0\x00', {}, {}, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00', {0x6}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ipv6={@private1, @mcast1, [], [], 'geneve1\x00', 'macvlan0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz0\x00'}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB="04010000160001"], 0x104}, 0x1, 0x0, 0x0, 0x4020004}, 0x4004) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x2000}) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x25dfdbfe, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x8}]}}]}, 0x3c}}, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000340)="07000000010003", 0x7) 182.424174ms ago: executing program 0 (id=1639): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) (async) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x820061, &(0x7f0000000200)) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x11, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x11, 0x0, 0x0) r3 = dup(r2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) openat$cgroup_ro(r3, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) (async) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="12000000170000000400000006"], 0x48) socket$inet_udp(0x2, 0x2, 0x0) (async) r7 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r6, &(0x7f0000000000), &(0x7f0000000100)=@udp=r7}, 0x20) recvmmsg(r7, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}, 0xade}], 0x1, 0x2000, 0x0) (async) recvmmsg(r7, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}, 0xade}], 0x1, 0x2000, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) r8 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$selinux_validatetrans(r8, &(0x7f0000000140)={'u:object_r:app_data_file:s0:c512,c768', 0x20, 'system_u:object_r:admin_passwd_exec_t:s0', 0x20, 0x0, 0x20, '/usr/sbin/cups-browsed\x00'}, 0x7b) (async) write$selinux_validatetrans(r8, &(0x7f0000000140)={'u:object_r:app_data_file:s0:c512,c768', 0x20, 'system_u:object_r:admin_passwd_exec_t:s0', 0x20, 0x0, 0x20, '/usr/sbin/cups-browsed\x00'}, 0x7b) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0x114, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x106, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0xf2, 0x0, @gue={{0x2, 0x0, 0x0, 0x8, 0x100, @val=0x80}, "92bd006e90fc6c05d0c470381bea8e58dd4c5d434ff511c4a06261418671121be84884c8f04e626b12adad76c2e7fcbfc99b15aa49b2ddeb2c8f2093febe1e1ce5585646445abf68d339b6724d525492ff5d9f585681bcec90e13c0ca7ccb550963289183f645407ab1e4718f432de5ea6c619e537fa0bf3e1ef699a3606be70890c1b4a4a3f9f37d3a32162a3a90ef93bc8f4c509889507de9da37f3800f59e619ef900c8d8fde9fcf83a696a7ee78596fae4acef6cf36606c2f7acd5ad5f9251340dac47c50e74bf772624f49b26eba70bfafcee8f44fcfaa9f4d58634f3ca0835"}}}}}}, 0x0) 118.382834ms ago: executing program 3 (id=1641): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000000a1403090040030000000000080001"], 0x20}}, 0x0) 118.178788ms ago: executing program 3 (id=1642): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x1, 0xfc, 0x4, 0xfb, 0x8b, 0x50, 0x7, 0x9, 0x4, 0x7, 0x9, 0x4, 0x1, 0x7, 0xf, 0x1}}) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r6, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r6, 0x402c5342, &(0x7f0000000100)={0x0, 0x5, 0x577, {0x763039aa, 0x114}, 0x10, 0x5}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a540000000200000028000480240001800b00010072656a656374000014000280050002000100000005000200080000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000500000a"], 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/mem_sleep', 0x102, 0x0) sendfile(r8, r8, &(0x7f0000000000)=0x8, 0x4) r9 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r9, &(0x7f0000000080)={0x2a, 0x2, 0x4001}, 0xc) getpeername(r9, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES32=r5, @ANYBLOB="07d3384aba148bd388ad43f605e2f54d81432c27860080000000000000e407c10f34d68ac5e41b1698cef6c43f6131f6ea76f043d34db4940ec1e4e087"], 0x20}}, 0x0) r10 = socket(0x15, 0x5, 0x0) getsockopt(r10, 0x200000000114, 0x8, &(0x7f0000019080)=""/102400, 0x0) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073013f"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb30f, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c92012000e00050015010a"], 0x17) sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="24000000180009791b001e00010000000000000000000000be2d5bd8c3be368bb834d7d279a5367db1aa4a28f3e236a38db19173c92d252b4ca4c60769a1b83f6fc5022816c317886eaa8bb61eaf326a2e0eb89ebf34ef1300894810ebe8c645dd78bffe7a21e072287e2eb47b2ebc6f51c25d36528fd01d49b9b035a7441088952512b0f96f7c8370b75ea74d57568037bffc9af547f03b55faf60e54ed509798e77913001bcc7264444433f255515ab8"], 0x24}}, 0x801) 50.893647ms ago: executing program 3 (id=1643): syz_open_dev$video4linux(&(0x7f0000000000), 0x4, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x18, r1, 0x0, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$khugepaged_scan(r3, &(0x7f00000000c0), 0x8) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x3}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5) sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYRES64=r1, @ANYRES16=r4, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000) sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r6, 0x400, 0x70bd27, 0xa5dfdbfb, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}]}, 0x1c}}, 0x40000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'geneve1\x00', 0x0}) sendto$packet(r8, &(0x7f00000002c0)="05031600d3fc140000fc4788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x8100, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockopt$inet6_buf(r7, 0x29, 0x6, 0x0, &(0x7f0000000280)) r10 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000040)={[{0xc, 0x3, 0x4, 0xc, 0x7, 0x2, 0x0, 0x3, 0xfe, 0x5, 0x5, 0x80, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xb5, 0x40, 0x2, 0xc, 0xfe, 0x41, 0x6, 0x18, 0xa}, {0x9, 0x8, 0x3, 0xc, 0x2, 0x78, 0x3, 0x9, 0x2, 0x13, 0x7, 0x54, 0x18bf}], 0x1}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 50.629354ms ago: executing program 3 (id=1644): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x30, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0xfffffffc}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x30}}, 0x40) 50.310639ms ago: executing program 3 (id=1645): r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) (async) close_range(r0, 0xffffffffffffffff, 0x0) (async) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (async) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') pread64(r1, &(0x7f0000000080)=""/237, 0xed, 0x5) (async, rerun: 32) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) (async, rerun: 32) r2 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 32) r3 = syz_io_uring_setup(0x6f3b, &(0x7f00000004c0)={0x0, 0x4, 0x20}, &(0x7f0000000280), &(0x7f0000000140)) (rerun: 32) io_uring_register$IORING_UNREGISTER_RING_FDS(r3, 0x15, &(0x7f0000004740)=[{0x0, 0x1, 0x0, 0x0, &(0x7f0000000640)}], 0x1) (async) r4 = syz_open_dev$vcsa(&(0x7f0000000000), 0x5, 0x640481) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x4, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) (async, rerun: 64) r6 = socket$nl_crypto(0x10, 0x3, 0x15) (rerun: 64) sendmsg$nl_crypto(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="e0000000130001000000000000000000736861332d323234"], 0xe0}}, 0x0) (async) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002580000000e0a01020000000000000040010000000900020073797a32000000001800038014000080100001800400028006000180000000000900010073797a30"], 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=@updsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@dev, @in6=@loopback, 0x0, 0x0, 0xffff}, {@in6=@private1, 0x0, 0x32}, @in=@multicast2, {0x8000000000, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0x5}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) (async) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x4010, r4, 0x8000000) (async) r9 = dup(r2) ioctl$SG_IO(r9, 0x2285, &(0x7f0000000400)={0x53, 0xffffffffffffffff, 0xde, 0x8, @buffer={0x0, 0x0, &(0x7f00000002c0)=""/63}, &(0x7f0000000640)="3ce82f8ac31370b9f68ea74f169ac973807bd446f930eafe75c1f489fdcc58f6e138be66dbc2c6d2c6d9a48b9affb634a6fd202e0fa8898aac9e424749bdb665f7f8e7f746e690ef5acfa610fbe8796f0dc9c1fbad9515e73ac472da5b48287e7b4427b578eb1e8c9ea42d1034c8eef7b6d96ed153b7aa30eb2b049f083981d3f38948083493fb57bb3d4bf25545c203fafa9b6e88c76100e4cf7add403c5b000000000000000092301e831b62dd1913b4d10bea348de22f202727d31738c5889222800a07152b49acef43e9f0d34e0029e4c587444cc9e7eeab0fca0491", &(0x7f0000001780)=""/4125, 0xce98, 0x10025, 0x0, &(0x7f0000000200)}) write$UHID_INPUT(r9, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) (async) syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x4000, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) 506.542µs ago: executing program 0 (id=1646): socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$key(0xf, 0x3, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz1\x00', 0x1ff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}}], 0x2, 0x60, 0x0) syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a4"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/22], 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x48, 0x31, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbmod={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x40004) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x82000, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x8, &(0x7f0000000700)=ANY=[@ANYBLOB="1807000500000000000000000000000818120000", @ANYRES64=r0, @ANYRESDEC=r1], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9c00000009060500000000000000000000000002500008800c000780060004404e210800100007800c00028008000140640101010c000780060004404e2300000c00078008000640000000100c00078006001d4005e500000c00078005000300b57cc9d6b50df10c060004404e22000005000300430000001800148014000240000000000000000000000000000000010900020073797a3200000000"], 0x9c}, 0x1, 0x0, 0x0, 0x64040010}, 0x4000) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600) socket$l2tp6(0xa, 0x2, 0x73) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00', 0x0}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES16=r6, @ANYBLOB="02", @ANYRES32=r7], 0x10) socket$kcm(0xa, 0x2, 0x73) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0) 284.4µs ago: executing program 1 (id=1647): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)=@newlink={0x20, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}}, 0x20}, 0x1, 0x0, 0x81000000}, 0x0) 120.367µs ago: executing program 3 (id=1648): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_io_uring_setup(0x2458, &(0x7f0000000140)={0x0, 0x0, 0x400, 0x0, 0x1}, &(0x7f0000000040)=0x0, &(0x7f0000000500)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_MSG_RING={0x28, 0x48, 0x0, r2, 0x0, &(0x7f00000001c0)}) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000640)={0x1c, r0, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20048040) 0s ago: executing program 1 (id=1649): openat$autofs(0xffffffffffffff9c, 0x0, 0x12200, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x3a, 0xd, 0x4, 0xd646, 0x7, 0xf, 0x120000, 0x1fe, 0x0, 0x58, 0x8000000000000001, 0xc7, 0x7fff, 0x101, 0x392ad71a, 0x1], 0xdddd1000, 0x141a54}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x1, 0x0, 0x3, 0x0, 0xb85f, 0x3, 0x6, 0x1, 0x0, 0x9, 0x8, 0x0, 0x0, 0x80000001, 0x81e, 0x8, 0xe, 0xb6, 0x61, '\x00', 0xe, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) kernel console output (not intermixed with test programs): dummy_hcd [ 55.537262][ T40] audit: type=1400 audit(1743084366.961:326): avc: denied { ioctl } for pid=6428 comm="syz.0.157" path="socket:[12599]" dev="sockfs" ino=12599 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 55.540366][ T6430] IPVS: set_ctl: invalid protocol: 137 10.1.1.2:20004 [ 55.543910][ T40] audit: type=1400 audit(1743084366.961:327): avc: denied { write } for pid=6428 comm="syz.0.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 55.621635][ T63] usb 7-1: device descriptor read/64, error -71 [ 55.621724][ T6006] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 55.655166][ T40] audit: type=1400 audit(1743084367.081:328): avc: denied { write } for pid=6438 comm="syz.0.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 55.660390][ T40] audit: type=1400 audit(1743084367.081:329): avc: denied { ioctl } for pid=6438 comm="syz.0.161" path="socket:[11691]" dev="sockfs" ino=11691 ioctlcmd=0x8902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 55.729397][ T40] audit: type=1400 audit(1743084367.151:330): avc: denied { sys_module } for pid=6445 comm="syz.0.164" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.731765][ T63] usb usb7-port1: attempt power cycle [ 55.743171][ T40] audit: type=1326 audit(1743084367.171:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6445 comm="syz.0.164" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ce838d169 code=0x0 [ 55.782285][ T6006] usb 8-1: Using ep0 maxpacket: 16 [ 55.784983][ T6006] usb 8-1: config 0 has no interfaces? [ 55.787842][ T6006] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 55.790358][ T6006] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.793016][ T6006] usb 8-1: Product: syz [ 55.794608][ T6006] usb 8-1: Manufacturer: syz [ 55.796301][ T6006] usb 8-1: SerialNumber: syz [ 55.800316][ T6006] usb 8-1: config 0 descriptor?? [ 56.071727][ T63] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 56.092093][ T63] usb 7-1: device descriptor read/8, error -71 [ 56.271215][ T6456] team0: Device ipip0 is of different type [ 56.351761][ T63] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 56.374366][ T63] usb 7-1: device descriptor read/8, error -71 [ 56.431744][ T5936] Bluetooth: hci1: command 0x040f tx timeout [ 56.482258][ T63] usb usb7-port1: unable to enumerate USB device [ 56.519259][ T34] usb 8-1: USB disconnect, device number 5 [ 56.611767][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 56.762188][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 56.764007][ T9] usb 6-1: no configurations [ 56.765221][ T9] usb 6-1: can't read configurations, error -22 [ 56.891978][ T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 56.904858][ T6482] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 56.995919][ T6492] __nla_validate_parse: 7 callbacks suppressed [ 56.995929][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.181'. [ 57.041624][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 57.043507][ T9] usb 6-1: no configurations [ 57.044783][ T9] usb 6-1: can't read configurations, error -22 [ 57.046778][ T9] usb usb6-port1: attempt power cycle [ 57.046906][ T6496] netlink: 20 bytes leftover after parsing attributes in process `syz.3.183'. [ 57.231707][ T5936] Bluetooth: hci3: command 0x040f tx timeout [ 57.231743][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 57.231763][ T5944] Bluetooth: hci2: command 0x040f tx timeout [ 57.297984][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.0.190'. [ 57.355768][ T6523] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.192'. [ 57.381895][ T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 57.402978][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 57.405310][ T9] usb 6-1: no configurations [ 57.407137][ T9] usb 6-1: can't read configurations, error -22 [ 57.541805][ T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 57.550573][ T6531] netlink: 16 bytes leftover after parsing attributes in process `syz.0.196'. [ 57.562095][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 57.564027][ T9] usb 6-1: no configurations [ 57.565291][ T9] usb 6-1: can't read configurations, error -22 [ 57.567842][ T9] usb usb6-port1: unable to enumerate USB device [ 57.591725][ T67] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 57.599984][ T6535] program syz.0.198 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.665727][ T6539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.200'. [ 57.751821][ T67] usb 8-1: Using ep0 maxpacket: 16 [ 57.755035][ T67] usb 8-1: config 0 has no interfaces? [ 57.758406][ T67] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 57.760831][ T67] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.763180][ T67] usb 8-1: Product: syz [ 57.764369][ T67] usb 8-1: Manufacturer: syz [ 57.765642][ T67] usb 8-1: SerialNumber: syz [ 57.767876][ T67] usb 8-1: config 0 descriptor?? [ 57.848845][ T6543] efs: device does not support 512 byte blocks [ 57.851253][ T6543] device does not support 512 byte blocks [ 57.851253][ T6543] [ 57.931671][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 58.091639][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 58.102355][ T9] usb 5-1: config 0 has no interfaces? [ 58.105253][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 58.107713][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.109860][ T9] usb 5-1: Product: syz [ 58.111050][ T9] usb 5-1: Manufacturer: syz [ 58.112489][ T9] usb 5-1: SerialNumber: syz [ 58.114638][ T9] usb 5-1: config 0 descriptor?? [ 58.322810][ T67] usb 5-1: USB disconnect, device number 7 [ 58.486903][ T57] usb 8-1: USB disconnect, device number 6 [ 58.512159][ T65] Bluetooth: hci1: command 0x040f tx timeout [ 58.853314][ C0] dccp_v6_rcv: dropped packet with invalid checksum [ 59.106232][ T6565] program syz.2.208 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 59.109812][ T6565] tipc: Started in network mode [ 59.111250][ T6565] tipc: Node identity 400000000000000008, cluster identity 4711 [ 59.237335][ T6572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.210'. [ 59.311704][ T65] Bluetooth: hci3: command 0x040f tx timeout [ 59.322020][ T65] Bluetooth: hci2: command 0x040f tx timeout [ 59.323206][ T5936] Bluetooth: hci0: command 0x040f tx timeout [ 59.360970][ T6577] netlink: 48 bytes leftover after parsing attributes in process `syz.3.212'. [ 59.421700][ T6582] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=6582 comm=syz.3.212 [ 59.457337][ T6589] netlink: 'syz.2.214': attribute type 1 has an invalid length. [ 59.464588][ T6589] 8021q: adding VLAN 0 to HW filter on device bond1 [ 59.488068][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.215'. [ 59.567961][ T5936] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 59.568045][ T5936] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 59.627601][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'. [ 59.817151][ T5936] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 59.892337][ T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 60.051641][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 60.054360][ T9] usb 8-1: config 0 has no interfaces? [ 60.057301][ T9] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.060010][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.062355][ T9] usb 8-1: Product: syz [ 60.063567][ T9] usb 8-1: Manufacturer: syz [ 60.064860][ T9] usb 8-1: SerialNumber: syz [ 60.067297][ T9] usb 8-1: config 0 descriptor?? [ 60.159635][ T6641] netlink: 'syz.2.236': attribute type 10 has an invalid length. [ 60.238549][ T6651] mmap: syz.2.240 (6651) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 60.286935][ T6657] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.289522][ T6657] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.292561][ T6657] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.296202][ T6657] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.304544][ T6657] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.307037][ T6657] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.309530][ T6657] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.312171][ T6657] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.346606][ T40] kauditd_printk_skb: 22 callbacks suppressed [ 60.346617][ T40] audit: type=1400 audit(1743084371.771:354): avc: denied { create } for pid=6662 comm="syz.0.243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 60.356175][ T40] audit: type=1400 audit(1743084371.771:355): avc: denied { getopt } for pid=6662 comm="syz.0.243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 60.362178][ T40] audit: type=1400 audit(1743084371.771:356): avc: denied { ioctl } for pid=6662 comm="syz.0.243" path="socket:[14427]" dev="sockfs" ino=14427 ioctlcmd=0x6607 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 60.368819][ T40] audit: type=1400 audit(1743084371.781:357): avc: denied { watch watch_reads } for pid=6662 comm="syz.0.243" path="/proc/225" dev="proc" ino=14425 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 60.384850][ T6666] xt_ecn: cannot match TCP bits for non-tcp packets [ 60.648117][ T6688] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 60.653660][ T6688] kvm: pic: level sensitive irq not supported [ 60.653929][ T6688] kvm: pic: non byte read [ 60.657814][ T6688] kvm: pic: level sensitive irq not supported [ 60.658065][ T6688] kvm: pic: non byte read [ 60.662049][ T6688] kvm: pic: level sensitive irq not supported [ 60.662305][ T6688] kvm: pic: non byte read [ 60.666441][ T6688] kvm: pic: level sensitive irq not supported [ 60.666704][ T6688] kvm: pic: non byte read [ 60.749685][ T40] audit: type=1400 audit(1743084372.171:358): avc: denied { setopt } for pid=6683 comm="syz.1.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 60.788092][ T29] usb 8-1: USB disconnect, device number 7 [ 60.832714][ T6007] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 60.981686][ T6007] usb 7-1: Using ep0 maxpacket: 16 [ 60.984985][ T6007] usb 7-1: config 0 has no interfaces? [ 60.988754][ T6007] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.993340][ T6007] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.995844][ T6007] usb 7-1: Product: syz [ 60.997025][ T6007] usb 7-1: Manufacturer: syz [ 60.998411][ T6007] usb 7-1: SerialNumber: syz [ 61.000638][ T6007] usb 7-1: config 0 descriptor?? [ 61.003561][ T6695] block nbd0: shutting down sockets [ 61.106911][ T6697] netlink: 'syz.0.256': attribute type 27 has an invalid length. [ 61.203367][ T40] audit: type=1400 audit(1743084372.631:359): avc: denied { watch_reads } for pid=6702 comm="syz.0.259" path=2F3130382F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="tmpfs" ino=585 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 61.209543][ T6703] kernel profiling enabled (shift: 63) [ 61.216994][ T6703] profiling shift: 63 too large [ 61.217934][ T2298] usb 7-1: USB disconnect, device number 8 [ 61.373289][ T40] audit: type=1400 audit(1743084372.801:360): avc: denied { create } for pid=6711 comm="syz.3.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 61.401743][ T5936] Bluetooth: hci0: command 0x040f tx timeout [ 61.470466][ T40] audit: type=1400 audit(1743084372.891:361): avc: denied { create } for pid=6725 comm="syz.0.269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 61.480814][ T40] audit: type=1400 audit(1743084372.891:362): avc: denied { sys_admin } for pid=6725 comm="syz.0.269" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 61.486989][ T6729] team0: Device ipip0 is of different type [ 61.488520][ T40] audit: type=1400 audit(1743084372.901:363): avc: denied { write } for pid=6711 comm="syz.3.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 61.794320][ T6007] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 61.845217][ T6748] nftables ruleset with unbound chain [ 61.889783][ T6754] bond0: (slave ip6_vti0): Error: Device can not be enslaved while up [ 61.902241][ T6748] ?: renamed from bridge_slave_1 (while UP) [ 61.971652][ T6007] usb 5-1: Using ep0 maxpacket: 16 [ 61.974478][ T6007] usb 5-1: config 0 has no interfaces? [ 61.977669][ T6007] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 61.980117][ T6007] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.982632][ T6007] usb 5-1: Product: syz [ 61.983824][ T6007] usb 5-1: Manufacturer: syz [ 61.985126][ T6007] usb 5-1: SerialNumber: syz [ 61.987577][ T6007] usb 5-1: config 0 descriptor?? [ 62.003183][ T6764] syzkaller1: entered promiscuous mode [ 62.004724][ T6764] syzkaller1: entered allmulticast mode [ 62.024354][ T6767] __nla_validate_parse: 9 callbacks suppressed [ 62.024365][ T6767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.285'. [ 62.278086][ T6789] netlink: 8 bytes leftover after parsing attributes in process `syz.1.294'. [ 62.393415][ T5936] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 62.479358][ T6809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.299'. [ 62.709915][ T9] usb 5-1: USB disconnect, device number 8 [ 62.853925][ T5936] Bluetooth: hci3: Malformed Event: 0x02 [ 62.867464][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz.3.303'. [ 62.919124][ T6817] sctp: [Deprecated]: syz.3.304 (pid 6817) Use of struct sctp_assoc_value in delayed_ack socket option. [ 62.919124][ T6817] Use struct sctp_sack_info instead [ 62.925917][ T6817] IPVS: set_ctl: invalid protocol: 0 172.20.20.170:20003 [ 63.231635][ T9] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 63.391740][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 63.394719][ T9] usb 8-1: config 0 has no interfaces? [ 63.399314][ T9] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 63.402918][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.405446][ T9] usb 8-1: Product: syz [ 63.406801][ T9] usb 8-1: Manufacturer: syz [ 63.408423][ T9] usb 8-1: SerialNumber: syz [ 63.410184][ T6842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.312'. [ 63.413801][ T9] usb 8-1: config 0 descriptor?? [ 63.436864][ T6844] FAULT_INJECTION: forcing a failure. [ 63.436864][ T6844] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 63.440383][ T6844] CPU: 1 UID: 0 PID: 6844 Comm: syz.1.313 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 63.440398][ T6844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.440404][ T6844] Call Trace: [ 63.440407][ T6844] [ 63.440412][ T6844] dump_stack_lvl+0x16c/0x1f0 [ 63.440444][ T6844] should_fail_ex+0x512/0x640 [ 63.440457][ T6844] _copy_from_iter+0x2a4/0x15b0 [ 63.440472][ T6844] ? find_held_lock+0x2b/0x80 [ 63.440488][ T6844] ? __pfx__copy_from_iter+0x10/0x10 [ 63.440502][ T6844] ? __virt_addr_valid+0x5e/0x590 [ 63.440516][ T6844] ? __phys_addr_symbol+0x30/0x80 [ 63.440530][ T6844] ? __check_object_size+0x4c7/0x710 [ 63.440544][ T6844] netlink_sendmsg+0x83a/0xd70 [ 63.440561][ T6844] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.440579][ T6844] ____sys_sendmsg+0xa8d/0xc60 [ 63.440595][ T6844] ? copy_msghdr_from_user+0x10a/0x160 [ 63.440608][ T6844] ? __pfx_____sys_sendmsg+0x10/0x10 [ 63.440629][ T6844] ___sys_sendmsg+0x134/0x1d0 [ 63.440643][ T6844] ? __pfx____sys_sendmsg+0x10/0x10 [ 63.440667][ T6844] __sys_sendmsg+0x16d/0x220 [ 63.440680][ T6844] ? __pfx___sys_sendmsg+0x10/0x10 [ 63.440695][ T6844] ? rcu_is_watching+0x12/0xc0 [ 63.440708][ T6844] do_syscall_64+0xcd/0x260 [ 63.440718][ T6844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.440729][ T6844] RIP: 0033:0x7f5734d8d169 [ 63.440738][ T6844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.440748][ T6844] RSP: 002b:00007f5735b9c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.440759][ T6844] RAX: ffffffffffffffda RBX: 00007f5734fa5fa0 RCX: 00007f5734d8d169 [ 63.440765][ T6844] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005 [ 63.440771][ T6844] RBP: 00007f5735b9c090 R08: 0000000000000000 R09: 0000000000000000 [ 63.440776][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.440782][ T6844] R13: 0000000000000000 R14: 00007f5734fa5fa0 R15: 00007ffd16cec378 [ 63.440793][ T6844] [ 63.554033][ T6848] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.315'. [ 63.626022][ T5996] usb 8-1: USB disconnect, device number 8 [ 63.791901][ T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 63.941684][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 63.944512][ T9] usb 6-1: config 0 has no interfaces? [ 63.947415][ T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 63.949849][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.951721][ T29] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 63.952574][ T9] usb 6-1: Product: syz [ 63.955811][ T9] usb 6-1: Manufacturer: syz [ 63.957105][ T9] usb 6-1: SerialNumber: syz [ 63.959200][ T9] usb 6-1: config 0 descriptor?? [ 64.081812][ T29] usb 7-1: device descriptor read/64, error -71 [ 64.168732][ T63] usb 6-1: USB disconnect, device number 9 [ 64.331649][ T29] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 64.433592][ T6864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.321'. [ 64.461754][ T29] usb 7-1: device descriptor read/64, error -71 [ 64.483488][ T6868] ref_ctr increment failed for inode: 0x144 offset: 0x7 ref_ctr_offset: 0x4 of mm: 0xffff8880261be400 [ 64.572792][ T29] usb usb7-port1: attempt power cycle [ 64.806223][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.331'. [ 64.911839][ T29] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 64.932637][ T29] usb 7-1: device descriptor read/8, error -71 [ 65.015668][ T6912] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.338'. [ 65.018690][ T6910] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.150329][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.341'. [ 65.171867][ T29] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 65.192248][ T29] usb 7-1: device descriptor read/8, error -71 [ 65.271769][ T5996] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 65.301794][ T29] usb usb7-port1: unable to enumerate USB device [ 65.431687][ T5996] usb 5-1: Using ep0 maxpacket: 16 [ 65.434340][ T5996] usb 5-1: config 0 has no interfaces? [ 65.438559][ T5996] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 65.441173][ T5996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.443626][ T5996] usb 5-1: Product: syz [ 65.444815][ T5996] usb 5-1: Manufacturer: syz [ 65.446137][ T5996] usb 5-1: SerialNumber: syz [ 65.448784][ T5996] usb 5-1: config 0 descriptor?? [ 65.657211][ T63] usb 5-1: USB disconnect, device number 9 [ 65.662014][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 65.662022][ T40] audit: type=1400 audit(1743084377.091:388): avc: denied { search } for pid=5331 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 65.722648][ T40] audit: type=1400 audit(1743084377.151:389): avc: denied { ioctl } for pid=6935 comm="syz.1.346" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x127e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 65.784352][ T40] audit: type=1400 audit(1743084377.211:390): avc: denied { write } for pid=6941 comm="syz.1.348" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 65.953474][ T6959] syzkaller1: entered promiscuous mode [ 65.955680][ T6959] syzkaller1: entered allmulticast mode [ 66.183760][ T6968] netlink: 'syz.0.355': attribute type 29 has an invalid length. [ 66.246651][ T6973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=6973 comm=syz.1.357 [ 66.328666][ T6981] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 66.332442][ T40] audit: type=1400 audit(1743084377.761:391): avc: denied { map } for pid=6980 comm="syz.3.361" path="socket:[16742]" dev="sockfs" ino=16742 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 66.339036][ T6981] netlink: 'syz.3.361': attribute type 1 has an invalid length. [ 66.343644][ T6981] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 66.392460][ T6977] kvm: kvm [6976]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 66.587114][ T6998] FAULT_INJECTION: forcing a failure. [ 66.587114][ T6998] name failslab, interval 1, probability 0, space 0, times 0 [ 66.591231][ T6998] CPU: 2 UID: 0 PID: 6998 Comm: syz.3.366 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 66.591245][ T6998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.591251][ T6998] Call Trace: [ 66.591255][ T6998] [ 66.591259][ T6998] dump_stack_lvl+0x16c/0x1f0 [ 66.591279][ T6998] should_fail_ex+0x512/0x640 [ 66.591293][ T6998] should_failslab+0xc2/0x120 [ 66.591305][ T6998] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 66.591316][ T6998] ? skb_clone+0x190/0x3f0 [ 66.591332][ T6998] skb_clone+0x190/0x3f0 [ 66.591346][ T6998] netlink_deliver_tap+0xabd/0xd30 [ 66.591362][ T6998] netlink_unicast+0x6b2/0x7f0 [ 66.591377][ T6998] ? __pfx_netlink_unicast+0x10/0x10 [ 66.591394][ T6998] netlink_ack+0x696/0xb80 [ 66.591411][ T6998] netlink_rcv_skb+0x347/0x440 [ 66.591425][ T6998] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 66.591441][ T6998] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 66.591466][ T6998] ? netlink_deliver_tap+0x1ae/0xd30 [ 66.591481][ T6998] netlink_unicast+0x53a/0x7f0 [ 66.591496][ T6998] ? __pfx_netlink_unicast+0x10/0x10 [ 66.591513][ T6998] netlink_sendmsg+0x8da/0xd70 [ 66.591529][ T6998] ? __pfx_netlink_sendmsg+0x10/0x10 [ 66.591548][ T6998] ____sys_sendmsg+0xa8d/0xc60 [ 66.591575][ T6998] ? copy_msghdr_from_user+0x10a/0x160 [ 66.591588][ T6998] ? __pfx_____sys_sendmsg+0x10/0x10 [ 66.591609][ T6998] ___sys_sendmsg+0x134/0x1d0 [ 66.591622][ T6998] ? __pfx____sys_sendmsg+0x10/0x10 [ 66.591650][ T6998] __sys_sendmsg+0x16d/0x220 [ 66.591663][ T6998] ? __pfx___sys_sendmsg+0x10/0x10 [ 66.591681][ T6998] ? rcu_is_watching+0x12/0xc0 [ 66.591695][ T6998] do_syscall_64+0xcd/0x260 [ 66.591705][ T6998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.591716][ T6998] RIP: 0033:0x7f080258d169 [ 66.591724][ T6998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.591734][ T6998] RSP: 002b:00007f080349f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.591745][ T6998] RAX: ffffffffffffffda RBX: 00007f08027a5fa0 RCX: 00007f080258d169 [ 66.591751][ T6998] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000010 [ 66.591757][ T6998] RBP: 00007f080349f090 R08: 0000000000000000 R09: 0000000000000000 [ 66.591763][ T6998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.591768][ T6998] R13: 0000000000000000 R14: 00007f08027a5fa0 R15: 00007fffc2f23808 [ 66.591779][ T6998] [ 66.741643][ T63] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 66.776386][ T40] audit: type=1400 audit(1743084378.201:392): avc: denied { ioctl } for pid=7007 comm="syz.2.371" path="socket:[16158]" dev="sockfs" ino=16158 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 66.798027][ T40] audit: type=1400 audit(1743084378.201:393): avc: denied { read } for pid=7007 comm="syz.2.371" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 66.806004][ T40] audit: type=1400 audit(1743084378.201:394): avc: denied { open } for pid=7007 comm="syz.2.371" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 66.911672][ T63] usb 5-1: Using ep0 maxpacket: 16 [ 66.933834][ T40] audit: type=1400 audit(1743084378.361:395): avc: denied { mount } for pid=7023 comm="syz.3.378" name="/" dev="rpc_pipefs" ino=16854 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 66.952512][ T63] usb 5-1: config 0 has no interfaces? [ 66.956367][ T40] audit: type=1400 audit(1743084378.381:396): avc: denied { watch } for pid=7023 comm="syz.3.378" path="/89/bus/file0" dev="overlay" ino=491 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 66.963688][ T40] audit: type=1400 audit(1743084378.381:397): avc: denied { write } for pid=7023 comm="syz.3.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 66.963980][ T7030] team0: Device ipip0 is of different type [ 66.969850][ T63] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 66.980658][ T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.983275][ T63] usb 5-1: Product: syz [ 66.984470][ T63] usb 5-1: Manufacturer: syz [ 66.985831][ T63] usb 5-1: SerialNumber: syz [ 66.988125][ T63] usb 5-1: config 0 descriptor?? [ 67.197522][ T63] usb 5-1: USB disconnect, device number 10 [ 67.214180][ T7047] __nla_validate_parse: 6 callbacks suppressed [ 67.214189][ T7047] netlink: 8 bytes leftover after parsing attributes in process `syz.3.388'. [ 67.256572][ T7053] warning: `syz.1.390' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 67.284680][ T7060] netlink: 'syz.2.394': attribute type 21 has an invalid length. [ 67.286860][ T7060] netlink: 128 bytes leftover after parsing attributes in process `syz.2.394'. [ 67.289351][ T7060] netlink: 'syz.2.394': attribute type 5 has an invalid length. [ 67.291452][ T7060] netlink: 'syz.2.394': attribute type 6 has an invalid length. [ 67.293930][ T7060] netlink: 3 bytes leftover after parsing attributes in process `syz.2.394'. [ 67.324037][ T7065] netlink: 20 bytes leftover after parsing attributes in process `syz.2.395'. [ 67.479502][ T7077] netlink: 56 bytes leftover after parsing attributes in process `syz.2.397'. [ 67.516362][ T7079] netlink: 8 bytes leftover after parsing attributes in process `syz.3.401'. [ 67.559098][ T7077] block nbd2: shutting down sockets [ 67.703305][ T7087] netlink: 24 bytes leftover after parsing attributes in process `syz.3.404'. [ 67.775654][ T7096] ======================================================= [ 67.775654][ T7096] WARNING: The mand mount option has been deprecated and [ 67.775654][ T7096] and is ignored by this kernel. Remove the mand [ 67.775654][ T7096] option from the mount to silence this warning. [ 67.775654][ T7096] ======================================================= [ 67.791659][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 67.793460][ T5936] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 67.796137][ T7096] netfs: Couldn't get user pages (rc=-14) [ 67.802871][ T7099] netlink: 8 bytes leftover after parsing attributes in process `syz.1.410'. [ 67.862319][ T7104] syz.1.412 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 67.913629][ T7111] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.414'. [ 68.010726][ T7120] netlink: 20 bytes leftover after parsing attributes in process `syz.0.418'. [ 68.179343][ T5936] Bluetooth: hci1: Malformed Event: 0x02 [ 68.181356][ T9] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 68.341029][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 68.343874][ T9] usb 8-1: config 0 has no interfaces? [ 68.347011][ T9] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 68.349749][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.352158][ T9] usb 8-1: Product: syz [ 68.353349][ T9] usb 8-1: Manufacturer: syz [ 68.354667][ T9] usb 8-1: SerialNumber: syz [ 68.356782][ T9] usb 8-1: config 0 descriptor?? [ 68.420807][ T7141] FAULT_INJECTION: forcing a failure. [ 68.420807][ T7141] name failslab, interval 1, probability 0, space 0, times 0 [ 68.424455][ T7141] CPU: 1 UID: 0 PID: 7141 Comm: syz.1.424 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 68.424473][ T7141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.424479][ T7141] Call Trace: [ 68.424483][ T7141] [ 68.424488][ T7141] dump_stack_lvl+0x16c/0x1f0 [ 68.424508][ T7141] should_fail_ex+0x512/0x640 [ 68.424523][ T7141] should_failslab+0xc2/0x120 [ 68.424536][ T7141] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 68.424547][ T7141] ? skb_clone+0x190/0x3f0 [ 68.424562][ T7141] skb_clone+0x190/0x3f0 [ 68.424576][ T7141] netlink_deliver_tap+0xabd/0xd30 [ 68.424592][ T7141] netlink_unicast+0x5df/0x7f0 [ 68.424608][ T7141] ? __pfx_netlink_unicast+0x10/0x10 [ 68.424625][ T7141] netlink_sendmsg+0x8da/0xd70 [ 68.424642][ T7141] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.424660][ T7141] ____sys_sendmsg+0xa8d/0xc60 [ 68.424678][ T7141] ? copy_msghdr_from_user+0x10a/0x160 [ 68.424691][ T7141] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.424712][ T7141] ___sys_sendmsg+0x134/0x1d0 [ 68.424725][ T7141] ? __pfx____sys_sendmsg+0x10/0x10 [ 68.424749][ T7141] __sys_sendmsg+0x16d/0x220 [ 68.424762][ T7141] ? __pfx___sys_sendmsg+0x10/0x10 [ 68.424782][ T7141] do_syscall_64+0xcd/0x260 [ 68.424792][ T7141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.424807][ T7141] RIP: 0033:0x7f5734d8d169 [ 68.424819][ T7141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.424833][ T7141] RSP: 002b:00007f5735b9c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.424848][ T7141] RAX: ffffffffffffffda RBX: 00007f5734fa5fa0 RCX: 00007f5734d8d169 [ 68.424858][ T7141] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005 [ 68.424867][ T7141] RBP: 00007f5735b9c090 R08: 0000000000000000 R09: 0000000000000000 [ 68.424874][ T7141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.424880][ T7141] R13: 0000000000000000 R14: 00007f5734fa5fa0 R15: 00007ffd16cec378 [ 68.424891][ T7141] [ 68.578822][ T6006] usb 8-1: USB disconnect, device number 9 [ 68.843119][ T63] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 69.003424][ T63] usb 6-1: Using ep0 maxpacket: 16 [ 69.010037][ T63] usb 6-1: config 0 has no interfaces? [ 69.013688][ T63] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 69.017172][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.020110][ T63] usb 6-1: Product: syz [ 69.021670][ T63] usb 6-1: Manufacturer: syz [ 69.023370][ T63] usb 6-1: SerialNumber: syz [ 69.031631][ T63] usb 6-1: config 0 descriptor?? [ 69.238590][ T6006] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 69.420210][ T6006] usb 5-1: Using ep0 maxpacket: 16 [ 69.423758][ T6006] usb 5-1: config 0 has no interfaces? [ 69.426705][ T6006] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 69.429199][ T6006] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.431463][ T6006] usb 5-1: Product: syz [ 69.432694][ T6006] usb 5-1: Manufacturer: syz [ 69.434005][ T6006] usb 5-1: SerialNumber: syz [ 69.442502][ T6006] usb 5-1: config 0 descriptor?? [ 69.632158][ T7195] netdevsim netdevsim2: Firmware load for './cgroup/../file0' refused, path contains '..' component [ 69.667771][ T6006] usb 5-1: USB disconnect, device number 11 [ 69.801653][ T7154] Set syz1 is full, maxelem 65536 reached [ 69.807439][ T57] usb 6-1: USB disconnect, device number 10 [ 69.911890][ T34] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 70.072151][ T34] usb 7-1: Using ep0 maxpacket: 16 [ 70.075197][ T34] usb 7-1: config 0 has no interfaces? [ 70.078566][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 70.081057][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.083463][ T34] usb 7-1: Product: syz [ 70.084733][ T34] usb 7-1: Manufacturer: syz [ 70.086022][ T34] usb 7-1: SerialNumber: syz [ 70.088192][ T34] usb 7-1: config 0 descriptor?? [ 70.308992][ T63] usb 7-1: USB disconnect, device number 13 [ 70.479325][ T57] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 70.641179][ T57] usb 5-1: not running at top speed; connect to a high speed hub [ 70.644134][ T57] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 70.647195][ T57] usb 5-1: config 1 interface 0 has no altsetting 0 [ 70.650675][ T57] usb 5-1: New USB device found, idVendor=056a, idProduct=0038, bcdDevice= 0.40 [ 70.653120][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.655208][ T57] usb 5-1: Product: syz [ 70.656350][ T57] usb 5-1: Manufacturer: syz [ 70.657629][ T57] usb 5-1: SerialNumber: syz [ 70.660329][ T7210] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 70.836691][ T7248] loop9: detected capacity change from 0 to 8 [ 70.839640][ T7248] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 70.841086][ T7248] loop9: partition table partially beyond EOD, truncated [ 70.843670][ T7248] loop9: p1 size 81768186 extends beyond EOD, truncated [ 70.959636][ T7259] batadv_slave_1: entered promiscuous mode [ 70.961741][ T7259] batadv_slave_1: left promiscuous mode [ 70.967613][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 70.967655][ T40] audit: type=1400 audit(1743084382.191:413): avc: denied { getopt } for pid=7258 comm="syz.2.471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 71.090886][ T7269] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=7269 comm=syz.2.476 [ 71.095856][ T57] usbhid 5-1:1.0: can't add hid device: -71 [ 71.097693][ T57] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 71.100958][ T57] usb 5-1: USB disconnect, device number 12 [ 71.292706][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.294613][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.376210][ T63] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 71.400788][ T7282] xt_l2tp: v2 doesn't support IP mode [ 71.509534][ T7289] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 71.546519][ T7292] loop9: detected capacity change from 0 to 7 [ 71.549027][ T7292] buffer_io_error: 30 callbacks suppressed [ 71.549034][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.552815][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.555005][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.557101][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.558327][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 71.560398][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.561976][ T63] usb 7-1: config 0 has no interfaces? [ 71.563028][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.566587][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.568779][ T7292] ldm_validate_partition_table(): Disk read failed. [ 71.569446][ T63] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 71.570583][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.573119][ T63] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.573119][ T40] audit: type=1400 audit(1743084382.762:414): avc: denied { setopt } for pid=7294 comm="syz.1.486" lport=42829 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 71.575302][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.577502][ T63] usb 7-1: Product: syz [ 71.584088][ T7292] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.586257][ T63] usb 7-1: Manufacturer: syz [ 71.587775][ T7292] Dev loop9: unable to read RDB block 0 [ 71.589350][ T63] usb 7-1: SerialNumber: syz [ 71.590716][ T63] usb 7-1: config 0 descriptor?? [ 71.596226][ T7292] loop9: unable to read partition table [ 71.597858][ T7292] loop9: partition table beyond EOD, truncated [ 71.599555][ T7292] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 71.599555][ T7292] U) failed (rc=-5) [ 71.619015][ T7299] netlink: 'syz.1.487': attribute type 7 has an invalid length. [ 71.623412][ T7299] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.625807][ T7299] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.628228][ T7299] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.630596][ T7299] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.654035][ T7301] FAULT_INJECTION: forcing a failure. [ 71.654035][ T7301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.658103][ T7301] CPU: 2 UID: 0 PID: 7301 Comm: syz.0.488 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 71.658133][ T7301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.658142][ T7301] Call Trace: [ 71.658146][ T7301] [ 71.658152][ T7301] dump_stack_lvl+0x16c/0x1f0 [ 71.658184][ T7301] should_fail_ex+0x512/0x640 [ 71.658204][ T7301] _copy_to_user+0x32/0xd0 [ 71.658220][ T7301] simple_read_from_buffer+0xe0/0x170 [ 71.658237][ T7301] proc_fail_nth_read+0x197/0x270 [ 71.658253][ T7301] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 71.658271][ T7301] ? rw_verify_area+0xcf/0x680 [ 71.658285][ T7301] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 71.658302][ T7301] vfs_read+0x1de/0xc70 [ 71.658319][ T7301] ? fdget_pos+0x2a2/0x370 [ 71.658330][ T7301] ? __pfx___mutex_lock+0x10/0x10 [ 71.658339][ T7301] ? __pfx_vfs_read+0x10/0x10 [ 71.658358][ T7301] ? __fget_files+0x20e/0x3c0 [ 71.658371][ T7301] ksys_read+0x12a/0x240 [ 71.658386][ T7301] ? __pfx_ksys_read+0x10/0x10 [ 71.658405][ T7301] do_syscall_64+0xcd/0x260 [ 71.658433][ T7301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.658445][ T7301] RIP: 0033:0x7f4ce838bb7c [ 71.658453][ T7301] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 71.658463][ T7301] RSP: 002b:00007f4ce918f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 71.658472][ T7301] RAX: ffffffffffffffda RBX: 00007f4ce85a5fa0 RCX: 00007f4ce838bb7c [ 71.658479][ T7301] RDX: 000000000000000f RSI: 00007f4ce918f0a0 RDI: 0000000000000011 [ 71.658485][ T7301] RBP: 00007f4ce918f090 R08: 0000000000000000 R09: 0000000000000000 [ 71.658491][ T7301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.658496][ T7301] R13: 0000000000000000 R14: 00007f4ce85a5fa0 R15: 00007fff46804748 [ 71.658507][ T7301] [ 71.715137][ C2] vkms_vblank_simulate: vblank timer overrun [ 71.763493][ T7314] batadv_slave_1: entered promiscuous mode [ 71.808985][ T5996] usb 7-1: USB disconnect, device number 14 [ 71.927610][ T7338] team0: Device ipip0 is of different type [ 72.038630][ T67] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 72.195839][ T40] audit: type=1400 audit(1743084383.342:415): avc: denied { map } for pid=7347 comm="syz.0.511" path="socket:[21637]" dev="sockfs" ino=21637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 72.204448][ T40] audit: type=1400 audit(1743084383.342:416): avc: denied { read } for pid=7347 comm="syz.0.511" path="socket:[21637]" dev="sockfs" ino=21637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 72.220270][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 72.222633][ T67] usb 6-1: no configurations [ 72.224211][ T67] usb 6-1: can't read configurations, error -22 [ 72.359271][ T67] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 72.395764][ T7366] bio_check_eod: 2 callbacks suppressed [ 72.395774][ T7366] syz.0.519: attempt to access beyond end of device [ 72.395774][ T7366] loop0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 72.401766][ T7366] isofs_fill_super: bread failed, dev=loop0, iso_blknum=16, block=32 [ 72.479796][ T7378] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 72.508422][ T40] audit: type=1400 audit(1743084383.632:417): avc: denied { setopt } for pid=7377 comm="syz.3.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 72.513456][ T7378] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 72.519840][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 72.521790][ T67] usb 6-1: no configurations [ 72.523470][ T67] usb 6-1: can't read configurations, error -22 [ 72.530817][ T67] usb usb6-port1: attempt power cycle [ 72.684557][ T7397] __nla_validate_parse: 27 callbacks suppressed [ 72.684571][ T7397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.532'. [ 72.709958][ T7399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.533'. [ 72.716695][ T7400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.533'. [ 72.733754][ T5996] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 72.771448][ T7411] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 72.809030][ T7418] ucma_write: process 364 (syz.3.541) changed security contexts after opening file descriptor, this is not allowed. [ 72.814644][ T40] audit: type=1400 audit(1743084383.922:418): avc: denied { execute } for pid=7417 comm="syz.3.541" path=2F6D656D66643A01FDAE2E2BA68CB63F32193994532C7C783F55655BBDE1210333BC2723FF179B25F35B642006202864656C6574656429 dev="hugetlbfs" ino=21767 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 72.838451][ T7420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.542'. [ 72.893666][ T67] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 72.904244][ T5996] usb 7-1: Using ep0 maxpacket: 16 [ 72.905302][ T7422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.543'. [ 72.907474][ T5996] usb 7-1: config 0 has no interfaces? [ 72.913470][ T5996] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 72.916009][ T5996] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.916144][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 72.918361][ T5996] usb 7-1: Product: syz [ 72.921540][ T67] usb 6-1: no configurations [ 72.922873][ T67] usb 6-1: can't read configurations, error -22 [ 72.925601][ T5996] usb 7-1: Manufacturer: syz [ 72.926935][ T5996] usb 7-1: SerialNumber: syz [ 72.929977][ T5996] usb 7-1: config 0 descriptor?? [ 72.984330][ T7435] netlink: 16 bytes leftover after parsing attributes in process `syz.3.547'. [ 73.029552][ T7446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.551'. [ 73.030651][ T40] audit: type=1400 audit(1743084384.119:419): avc: denied { read } for pid=7443 comm="syz.0.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 73.053869][ T67] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 73.075877][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 73.077822][ T67] usb 6-1: no configurations [ 73.079157][ T67] usb 6-1: can't read configurations, error -22 [ 73.081032][ T67] usb usb6-port1: unable to enumerate USB device [ 73.086319][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 73.087998][ T5936] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 73.155337][ T9] usb 7-1: USB disconnect, device number 15 [ 73.218055][ T7464] FAULT_INJECTION: forcing a failure. [ 73.218055][ T7464] name failslab, interval 1, probability 0, space 0, times 0 [ 73.221537][ T7464] CPU: 2 UID: 0 PID: 7464 Comm: syz.0.557 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 73.221552][ T7464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.221558][ T7464] Call Trace: [ 73.221562][ T7464] [ 73.221567][ T7464] dump_stack_lvl+0x16c/0x1f0 [ 73.221587][ T7464] should_fail_ex+0x512/0x640 [ 73.221600][ T7464] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 73.221617][ T7464] should_failslab+0xc2/0x120 [ 73.221629][ T7464] __kmalloc_cache_noprof+0x6a/0x3e0 [ 73.221645][ T7464] ? rtnl_newlink+0x11b/0x2000 [ 73.221660][ T7464] ? __pfx_rtnl_newlink+0x10/0x10 [ 73.221673][ T7464] rtnl_newlink+0x11b/0x2000 [ 73.221690][ T7464] ? __pfx_rtnl_newlink+0x10/0x10 [ 73.221703][ T7464] ? find_held_lock+0x2b/0x80 [ 73.221714][ T7464] ? avc_has_perm_noaudit+0x117/0x3b0 [ 73.221730][ T7464] ? avc_has_perm_noaudit+0x149/0x3b0 [ 73.221744][ T7464] ? __lock_acquire+0x5ca/0x1ba0 [ 73.221763][ T7464] ? find_held_lock+0x2b/0x80 [ 73.221773][ T7464] ? __pfx_rtnl_newlink+0x10/0x10 [ 73.221786][ T7464] ? __pfx_rtnl_newlink+0x10/0x10 [ 73.221799][ T7464] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 73.221813][ T7464] ? __pfx_rtnl_newlink+0x10/0x10 [ 73.221826][ T7464] rtnetlink_rcv_msg+0x95b/0xe90 [ 73.221841][ T7464] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 73.221859][ T7464] netlink_rcv_skb+0x16a/0x440 [ 73.221874][ T7464] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 73.221889][ T7464] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 73.221908][ T7464] ? netlink_deliver_tap+0x1ae/0xd30 [ 73.221923][ T7464] netlink_unicast+0x53a/0x7f0 [ 73.221938][ T7464] ? __pfx_netlink_unicast+0x10/0x10 [ 73.221955][ T7464] netlink_sendmsg+0x8da/0xd70 [ 73.221971][ T7464] ? __pfx_netlink_sendmsg+0x10/0x10 [ 73.221988][ T7464] ____sys_sendmsg+0xa8d/0xc60 [ 73.222005][ T7464] ? copy_msghdr_from_user+0x10a/0x160 [ 73.222018][ T7464] ? __pfx_____sys_sendmsg+0x10/0x10 [ 73.222038][ T7464] ___sys_sendmsg+0x134/0x1d0 [ 73.222051][ T7464] ? __pfx____sys_sendmsg+0x10/0x10 [ 73.222075][ T7464] __sys_sendmsg+0x16d/0x220 [ 73.222089][ T7464] ? __pfx___sys_sendmsg+0x10/0x10 [ 73.222108][ T7464] do_syscall_64+0xcd/0x260 [ 73.222118][ T7464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.222129][ T7464] RIP: 0033:0x7f4ce838d169 [ 73.222137][ T7464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.222148][ T7464] RSP: 002b:00007f4ce918f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.222158][ T7464] RAX: ffffffffffffffda RBX: 00007f4ce85a5fa0 RCX: 00007f4ce838d169 [ 73.222164][ T7464] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005 [ 73.222170][ T7464] RBP: 00007f4ce918f090 R08: 0000000000000000 R09: 0000000000000000 [ 73.222176][ T7464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.222182][ T7464] R13: 0000000000000000 R14: 00007f4ce85a5fa0 R15: 00007fff46804748 [ 73.222193][ T7464] [ 73.304615][ C2] vkms_vblank_simulate: vblank timer overrun [ 73.451064][ T7473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.561'. [ 73.502070][ T7477] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 73.654368][ T7495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.571'. [ 73.774460][ T7515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.580'. [ 74.122360][ T7528] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53720 sclass=netlink_route_socket pid=7528 comm=syz.3.585 [ 74.128016][ T40] audit: type=1400 audit(1743084385.148:420): avc: denied { getopt } for pid=7527 comm="syz.3.585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 74.230237][ T5996] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 74.389821][ T5996] usb 7-1: Using ep0 maxpacket: 16 [ 74.392662][ T5996] usb 7-1: config 0 has no interfaces? [ 74.395876][ T5996] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 74.398542][ T5996] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.400969][ T5996] usb 7-1: Product: syz [ 74.402216][ T5996] usb 7-1: Manufacturer: syz [ 74.403596][ T5996] usb 7-1: SerialNumber: syz [ 74.405825][ T5996] usb 7-1: config 0 descriptor?? [ 74.624047][ T7513] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 74.627266][ T40] audit: type=1400 audit(1743084385.616:421): avc: denied { relabelto } for pid=7512 comm="syz.2.578" name="112" dev="tmpfs" ino=599 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 74.628489][ T7513] program syz.2.578 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 74.635562][ T57] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 74.636644][ T40] audit: type=1400 audit(1743084385.616:422): avc: denied { associate } for pid=7512 comm="syz.2.578" name="112" dev="tmpfs" ino=599 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crond_var_run_t:s0" [ 74.685872][ T7513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.688405][ T7513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.692747][ T67] usb 7-1: USB disconnect, device number 16 [ 74.795927][ T57] usb 8-1: Using ep0 maxpacket: 16 [ 74.798454][ T57] usb 8-1: config 0 has no interfaces? [ 74.801940][ T57] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 74.804383][ T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.807194][ T57] usb 8-1: Product: syz [ 74.808396][ T57] usb 8-1: Manufacturer: syz [ 74.810126][ T57] usb 8-1: SerialNumber: syz [ 74.812172][ T57] usb 8-1: config 0 descriptor?? [ 74.973701][ T7314] batadv_slave_1: left promiscuous mode [ 75.033615][ T5996] usb 8-1: USB disconnect, device number 10 [ 75.053314][ T7552] capability: warning: `syz.1.595' uses 32-bit capabilities (legacy support in use) [ 75.251558][ T7577] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7577 comm=syz.2.606 [ 75.255144][ T7577] netlink: 'syz.2.606': attribute type 7 has an invalid length. [ 75.414255][ T65] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 75.416305][ T7603] program syz.1.617 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 75.555145][ T7619] netlink: 'syz.2.624': attribute type 12 has an invalid length. [ 75.637202][ T7638] team0: Device ipip0 is of different type [ 75.793307][ T7667] netlink: 'syz.0.644': attribute type 10 has an invalid length. [ 75.796706][ T7667] hsr0: entered promiscuous mode [ 75.802761][ T7667] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 75.806656][ T7667] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 75.811394][ T7667] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 75.960816][ T34] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 76.121060][ T34] usb 8-1: Using ep0 maxpacket: 16 [ 76.123805][ T34] usb 8-1: config 0 has no interfaces? [ 76.126813][ T34] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 76.129202][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.131289][ T34] usb 8-1: Product: syz [ 76.132631][ T34] usb 8-1: Manufacturer: syz [ 76.133894][ T34] usb 8-1: SerialNumber: syz [ 76.136794][ T34] usb 8-1: config 0 descriptor?? [ 76.358920][ T34] usb 8-1: USB disconnect, device number 11 [ 76.645107][ T7718] ip6gretap1: entered promiscuous mode [ 76.646725][ T7718] ip6gretap1: entered allmulticast mode [ 76.764875][ T835] cfg80211: failed to load regulatory.db [ 76.794412][ T7727] netlink: 'syz.2.666': attribute type 4 has an invalid length. [ 76.822792][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 76.822802][ T40] audit: type=1400 audit(1743084387.665:434): avc: denied { shutdown } for pid=7726 comm="syz.2.666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 76.881419][ T65] Bluetooth: hci3: Malformed Event: 0x02 [ 76.964822][ T7749] FAULT_INJECTION: forcing a failure. [ 76.964822][ T7749] name failslab, interval 1, probability 0, space 0, times 0 [ 76.969024][ T7749] CPU: 1 UID: 0 PID: 7749 Comm: syz.2.675 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 76.969039][ T7749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.969045][ T7749] Call Trace: [ 76.969049][ T7749] [ 76.969053][ T7749] dump_stack_lvl+0x16c/0x1f0 [ 76.969095][ T7749] should_fail_ex+0x512/0x640 [ 76.969112][ T7749] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 76.969130][ T7749] should_failslab+0xc2/0x120 [ 76.969146][ T7749] __kmalloc_cache_noprof+0x6a/0x3e0 [ 76.969161][ T7749] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 76.969176][ T7749] ? __request_module+0x2ad/0x690 [ 76.969197][ T7749] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 76.969220][ T7749] __request_module+0x2ad/0x690 [ 76.969235][ T7749] ? __pfx___request_module+0x10/0x10 [ 76.969254][ T7749] ? find_held_lock+0x2b/0x80 [ 76.969266][ T7749] ? rtnl_link_ops_get+0x17b/0x2c0 [ 76.969282][ T7749] ? __pfx_rtnl_newlink+0x10/0x10 [ 76.969296][ T7749] rtnl_newlink+0x1466/0x2000 [ 76.969313][ T7749] ? __pfx_rtnl_newlink+0x10/0x10 [ 76.969331][ T7749] ? find_held_lock+0x2b/0x80 [ 76.969346][ T7749] ? avc_has_perm_noaudit+0x117/0x3b0 [ 76.969363][ T7749] ? avc_has_perm_noaudit+0x149/0x3b0 [ 76.969383][ T7749] ? find_held_lock+0x2b/0x80 [ 76.969394][ T7749] ? __pfx_rtnl_newlink+0x10/0x10 [ 76.969407][ T7749] ? __pfx_rtnl_newlink+0x10/0x10 [ 76.969420][ T7749] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 76.969435][ T7749] ? __pfx_rtnl_newlink+0x10/0x10 [ 76.969449][ T7749] rtnetlink_rcv_msg+0x95b/0xe90 [ 76.969464][ T7749] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 76.969482][ T7749] netlink_rcv_skb+0x16a/0x440 [ 76.969498][ T7749] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 76.969513][ T7749] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 76.969532][ T7749] ? netlink_deliver_tap+0x1ae/0xd30 [ 76.969548][ T7749] netlink_unicast+0x53a/0x7f0 [ 76.969563][ T7749] ? __pfx_netlink_unicast+0x10/0x10 [ 76.969580][ T7749] netlink_sendmsg+0x8da/0xd70 [ 76.969596][ T7749] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.969614][ T7749] ____sys_sendmsg+0xa8d/0xc60 [ 76.969632][ T7749] ? copy_msghdr_from_user+0x10a/0x160 [ 76.969645][ T7749] ? __pfx_____sys_sendmsg+0x10/0x10 [ 76.969666][ T7749] ___sys_sendmsg+0x134/0x1d0 [ 76.969679][ T7749] ? __pfx____sys_sendmsg+0x10/0x10 [ 76.969703][ T7749] __sys_sendmsg+0x16d/0x220 [ 76.969716][ T7749] ? __pfx___sys_sendmsg+0x10/0x10 [ 76.969732][ T7749] ? rcu_is_watching+0x12/0xc0 [ 76.969744][ T7749] do_syscall_64+0xcd/0x260 [ 76.969754][ T7749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.969765][ T7749] RIP: 0033:0x7fa70798d169 [ 76.969774][ T7749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.969784][ T7749] RSP: 002b:00007fa7077f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.969794][ T7749] RAX: ffffffffffffffda RBX: 00007fa707ba5fa0 RCX: 00007fa70798d169 [ 76.969801][ T7749] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005 [ 76.969807][ T7749] RBP: 00007fa7077f7090 R08: 0000000000000000 R09: 0000000000000000 [ 76.969813][ T7749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.969818][ T7749] R13: 0000000000000000 R14: 00007fa707ba5fa0 R15: 00007ffe7c50fe18 [ 76.969829][ T7749] [ 77.039920][ T7758] ip6t_rpfilter: unknown options [ 77.165888][ T7778] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 77.214143][ T7769] IPVS: set_ctl: invalid protocol: 46 172.20.20.187:20004 [ 77.275325][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 77.275406][ T5936] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 77.328731][ T63] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 77.340552][ T7789] netlink: 'syz.1.690': attribute type 3 has an invalid length. [ 77.342902][ T7789] netlink: 'syz.1.690': attribute type 2 has an invalid length. [ 77.489053][ T63] usb 8-1: Using ep0 maxpacket: 16 [ 77.491826][ T63] usb 8-1: config 0 has no interfaces? [ 77.494846][ T63] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 77.497207][ T63] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.499333][ T63] usb 8-1: Product: syz [ 77.500618][ T63] usb 8-1: Manufacturer: syz [ 77.501916][ T63] usb 8-1: SerialNumber: syz [ 77.504471][ T63] usb 8-1: config 0 descriptor?? [ 77.666949][ T7815] mac80211_hwsim hwsim7 : renamed from wlan1 (while UP) [ 77.667005][ T40] audit: type=1400 audit(1743084388.460:435): avc: denied { ioctl } for pid=7814 comm="syz.1.700" path="socket:[20381]" dev="sockfs" ino=20381 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 77.724922][ T57] usb 8-1: USB disconnect, device number 12 [ 77.779072][ T7819] xt_CT: You must specify a L4 protocol and not use inversions on it [ 77.837277][ T40] audit: type=1400 audit(1743084388.619:436): avc: denied { write } for pid=7818 comm="syz.1.703" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 78.034114][ T63] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 78.125090][ T7831] __nla_validate_parse: 22 callbacks suppressed [ 78.125100][ T7831] netlink: 8 bytes leftover after parsing attributes in process `syz.0.707'. [ 78.205159][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 78.207719][ T63] usb 7-1: no configurations [ 78.209512][ T63] usb 7-1: can't read configurations, error -22 [ 78.365466][ T63] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 78.485859][ T40] audit: type=1400 audit(1743084389.228:437): avc: denied { connect } for pid=7850 comm="syz.3.716" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 78.538265][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 78.540198][ T63] usb 7-1: no configurations [ 78.541552][ T40] audit: type=1400 audit(1743084389.274:438): avc: denied { create } for pid=7850 comm="syz.3.716" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 78.547204][ T63] usb 7-1: can't read configurations, error -22 [ 78.549132][ T63] usb usb7-port1: attempt power cycle [ 78.578851][ T7855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.717'. [ 78.605191][ T7857] FAULT_INJECTION: forcing a failure. [ 78.605191][ T7857] name failslab, interval 1, probability 0, space 0, times 0 [ 78.608477][ T7857] CPU: 2 UID: 0 PID: 7857 Comm: syz.0.718 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 78.608491][ T7857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.608498][ T7857] Call Trace: [ 78.608501][ T7857] [ 78.608505][ T7857] dump_stack_lvl+0x16c/0x1f0 [ 78.608540][ T7857] should_fail_ex+0x512/0x640 [ 78.608557][ T7857] ? fs_reclaim_acquire+0xae/0x150 [ 78.608573][ T7857] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 78.608584][ T7857] should_failslab+0xc2/0x120 [ 78.608596][ T7857] __kmalloc_noprof+0xd2/0x510 [ 78.608608][ T7857] tomoyo_realpath_from_path+0xc2/0x6e0 [ 78.608620][ T7857] ? tomoyo_profile+0x47/0x60 [ 78.608633][ T7857] tomoyo_path_number_perm+0x245/0x580 [ 78.608648][ T7857] ? tomoyo_path_number_perm+0x237/0x580 [ 78.608664][ T7857] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 78.608680][ T7857] ? find_held_lock+0x2b/0x80 [ 78.608701][ T7857] ? find_held_lock+0x2b/0x80 [ 78.608712][ T7857] ? __fget_files+0x204/0x3c0 [ 78.608723][ T7857] ? __fget_files+0x20e/0x3c0 [ 78.608734][ T7857] security_file_ioctl+0x9b/0x240 [ 78.608745][ T7857] __x64_sys_ioctl+0xb7/0x200 [ 78.608760][ T7857] do_syscall_64+0xcd/0x260 [ 78.608771][ T7857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.608781][ T7857] RIP: 0033:0x7f4ce838d169 [ 78.608790][ T7857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.608800][ T7857] RSP: 002b:00007f4ce918f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.608810][ T7857] RAX: ffffffffffffffda RBX: 00007f4ce85a5fa0 RCX: 00007f4ce838d169 [ 78.608817][ T7857] RDX: 0000200000000000 RSI: 00000000000089f1 RDI: 0000000000000004 [ 78.608823][ T7857] RBP: 00007f4ce918f090 R08: 0000000000000000 R09: 0000000000000000 [ 78.608829][ T7857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.608835][ T7857] R13: 0000000000000000 R14: 00007f4ce85a5fa0 R15: 00007fff46804748 [ 78.608846][ T7857] [ 78.608850][ T7857] ERROR: Out of memory at tomoyo_realpath_from_path. [ 78.632002][ T7819] orangefs_mount: mount request failed with -4 [ 78.713218][ T7864] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.721'. [ 78.860949][ T7876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.727'. [ 78.942545][ T63] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 78.974560][ T2298] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 78.976719][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 78.978612][ T63] usb 7-1: no configurations [ 78.979901][ T63] usb 7-1: can't read configurations, error -22 [ 79.124196][ T63] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 79.134865][ T2298] usb 6-1: Using ep0 maxpacket: 16 [ 79.137794][ T2298] usb 6-1: config 0 has no interfaces? [ 79.141431][ T2298] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 79.143983][ T2298] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.145591][ T5934] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 79.146195][ T2298] usb 6-1: Product: syz [ 79.146724][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 79.147133][ T63] usb 7-1: no configurations [ 79.147142][ T63] usb 7-1: can't read configurations, error -22 [ 79.147285][ T63] usb usb7-port1: unable to enumerate USB device [ 79.156278][ T2298] usb 6-1: Manufacturer: syz [ 79.157890][ T2298] usb 6-1: SerialNumber: syz [ 79.160169][ T2298] usb 6-1: config 0 descriptor?? [ 79.305874][ T5934] usb 5-1: Using ep0 maxpacket: 16 [ 79.308474][ T5934] usb 5-1: config 0 has no interfaces? [ 79.311522][ T5934] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 79.314881][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.317858][ T5934] usb 5-1: Product: syz [ 79.319064][ T5934] usb 5-1: Manufacturer: syz [ 79.320352][ T5934] usb 5-1: SerialNumber: syz [ 79.327727][ T5934] usb 5-1: config 0 descriptor?? [ 79.384499][ T63] usb 6-1: USB disconnect, device number 15 [ 79.548274][ T40] audit: type=1400 audit(1743084390.219:439): avc: denied { ioctl } for pid=7877 comm="syz.0.728" path="socket:[23683]" dev="sockfs" ino=23683 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 79.551693][ T7878] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 79.559771][ T7878] xt_CHECKSUM: unsupported CHECKSUM operation f4 [ 79.569362][ T63] usb 5-1: USB disconnect, device number 13 [ 79.581919][ T7882] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 79.585824][ T7882] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 79.615693][ T7884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.731'. [ 79.659936][ T7888] FAULT_INJECTION: forcing a failure. [ 79.659936][ T7888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 79.663181][ T7888] CPU: 2 UID: 0 PID: 7888 Comm: syz.3.733 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 79.663195][ T7888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.663202][ T7888] Call Trace: [ 79.663206][ T7888] [ 79.663210][ T7888] dump_stack_lvl+0x16c/0x1f0 [ 79.663229][ T7888] should_fail_ex+0x512/0x640 [ 79.663244][ T7888] _copy_from_iter+0x2a4/0x15b0 [ 79.663259][ T7888] ? __pfx__copy_from_iter+0x10/0x10 [ 79.663272][ T7888] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 79.663288][ T7888] copy_page_from_iter+0xa5/0x120 [ 79.663301][ T7888] tun_build_skb.constprop.0+0x29b/0x1250 [ 79.663321][ T7888] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 79.663342][ T7888] ? __pfx__kstrtoull+0x10/0x10 [ 79.663359][ T7888] tun_get_user+0x165f/0x3b10 [ 79.663377][ T7888] ? __pfx_tun_get_user+0x10/0x10 [ 79.663391][ T7888] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 79.663407][ T7888] ? find_held_lock+0x2b/0x80 [ 79.663418][ T7888] ? tun_get+0x191/0x370 [ 79.663434][ T7888] tun_chr_write_iter+0xdc/0x210 [ 79.663450][ T7888] vfs_write+0x5ba/0x1180 [ 79.663466][ T7888] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 79.663482][ T7888] ? __pfx_vfs_write+0x10/0x10 [ 79.663497][ T7888] ? find_held_lock+0x2b/0x80 [ 79.663513][ T7888] ksys_write+0x12a/0x240 [ 79.663521][ T7888] ? __pfx_ksys_write+0x10/0x10 [ 79.663540][ T7888] do_syscall_64+0xcd/0x260 [ 79.663550][ T7888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.663561][ T7888] RIP: 0033:0x7f080258bc1f [ 79.663569][ T7888] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 79.663580][ T7888] RSP: 002b:00007f080349f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 79.663590][ T7888] RAX: ffffffffffffffda RBX: 00007f08027a5fa0 RCX: 00007f080258bc1f [ 79.663597][ T7888] RDX: 000000000000004a RSI: 00002000000004c0 RDI: 00000000000000c8 [ 79.663602][ T7888] RBP: 00007f080349f090 R08: 0000000000000000 R09: 0000000000000000 [ 79.663608][ T7888] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001 [ 79.663614][ T7888] R13: 0000000000000001 R14: 00007f08027a5fa0 R15: 00007fffc2f23808 [ 79.663625][ T7888] [ 79.722663][ C2] vkms_vblank_simulate: vblank timer overrun [ 79.775410][ T7895] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'. [ 79.987359][ T7909] autofs: Unknown parameter 'cCC`<ݒ XՁ_Q' [ 80.010288][ T7911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.742'. [ 80.055586][ T7918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.745'. [ 80.112507][ T7929] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.749'. [ 80.113184][ T7926] can: request_module (can-proto-3) failed. [ 80.178697][ T7935] netlink: 28 bytes leftover after parsing attributes in process `syz.1.752'. [ 80.202414][ T40] audit: type=1400 audit(1743084390.828:440): avc: denied { setopt } for pid=7936 comm="syz.1.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 80.350945][ T40] audit: type=1400 audit(1743084390.968:441): avc: denied { setopt } for pid=7954 comm="syz.1.759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 80.438737][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 80.440584][ T5936] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 80.570790][ T7974] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 80.678323][ T40] audit: type=1400 audit(1743084391.277:442): avc: denied { mount } for pid=7978 comm="syz.3.768" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 80.684403][ T40] audit: type=1400 audit(1743084391.277:443): avc: denied { remount } for pid=7978 comm="syz.3.768" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 80.737074][ T7983] team0: Device ipip0 is of different type [ 81.003602][ T7999] syzkaller1: entered promiscuous mode [ 81.005030][ T7999] syzkaller1: entered allmulticast mode [ 81.540889][ T8059] capability: warning: `syz.3.804' uses deprecated v2 capabilities in a way that may be insecure [ 81.578885][ T5936] Bluetooth: hci2: Malformed Event: 0x02 [ 81.913851][ T2298] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 82.073841][ T2298] usb 5-1: Using ep0 maxpacket: 16 [ 82.076515][ T2298] usb 5-1: config 0 has no interfaces? [ 82.079530][ T2298] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 82.082169][ T2298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.084606][ T2298] usb 5-1: Product: syz [ 82.085842][ T2298] usb 5-1: Manufacturer: syz [ 82.087209][ T2298] usb 5-1: SerialNumber: syz [ 82.089525][ T2298] usb 5-1: config 0 descriptor?? [ 82.309286][ T2298] usb 5-1: USB disconnect, device number 14 [ 82.394156][ T8089] FAULT_INJECTION: forcing a failure. [ 82.394156][ T8089] name failslab, interval 1, probability 0, space 0, times 0 [ 82.398390][ T8089] CPU: 3 UID: 0 PID: 8089 Comm: syz.2.817 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 82.398408][ T8089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.398414][ T8089] Call Trace: [ 82.398417][ T8089] [ 82.398421][ T8089] dump_stack_lvl+0x16c/0x1f0 [ 82.398459][ T8089] should_fail_ex+0x512/0x640 [ 82.398475][ T8089] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 82.398489][ T8089] should_failslab+0xc2/0x120 [ 82.398501][ T8089] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 82.398513][ T8089] ? __request_module+0x2cb/0x690 [ 82.398531][ T8089] kstrdup+0x53/0x100 [ 82.398546][ T8089] __request_module+0x2cb/0x690 [ 82.398561][ T8089] ? __pfx___request_module+0x10/0x10 [ 82.398581][ T8089] ? find_held_lock+0x2b/0x80 [ 82.398592][ T8089] ? rtnl_link_ops_get+0x17b/0x2c0 [ 82.398610][ T8089] ? __pfx_rtnl_newlink+0x10/0x10 [ 82.398623][ T8089] rtnl_newlink+0x1466/0x2000 [ 82.398640][ T8089] ? __pfx_rtnl_newlink+0x10/0x10 [ 82.398653][ T8089] ? find_held_lock+0x2b/0x80 [ 82.398664][ T8089] ? avc_has_perm_noaudit+0x117/0x3b0 [ 82.398678][ T8089] ? avc_has_perm_noaudit+0x149/0x3b0 [ 82.398699][ T8089] ? find_held_lock+0x2b/0x80 [ 82.398709][ T8089] ? __pfx_rtnl_newlink+0x10/0x10 [ 82.398723][ T8089] ? __pfx_rtnl_newlink+0x10/0x10 [ 82.398736][ T8089] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 82.398751][ T8089] ? __pfx_rtnl_newlink+0x10/0x10 [ 82.398765][ T8089] rtnetlink_rcv_msg+0x95b/0xe90 [ 82.398780][ T8089] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 82.398799][ T8089] netlink_rcv_skb+0x16a/0x440 [ 82.398814][ T8089] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 82.398829][ T8089] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 82.398861][ T8089] ? netlink_deliver_tap+0x1ae/0xd30 [ 82.398877][ T8089] netlink_unicast+0x53a/0x7f0 [ 82.398893][ T8089] ? __pfx_netlink_unicast+0x10/0x10 [ 82.398910][ T8089] netlink_sendmsg+0x8da/0xd70 [ 82.398926][ T8089] ? __pfx_netlink_sendmsg+0x10/0x10 [ 82.398945][ T8089] ____sys_sendmsg+0xa8d/0xc60 [ 82.398962][ T8089] ? copy_msghdr_from_user+0x10a/0x160 [ 82.398975][ T8089] ? __pfx_____sys_sendmsg+0x10/0x10 [ 82.398996][ T8089] ___sys_sendmsg+0x134/0x1d0 [ 82.399010][ T8089] ? __pfx____sys_sendmsg+0x10/0x10 [ 82.399034][ T8089] __sys_sendmsg+0x16d/0x220 [ 82.399047][ T8089] ? __pfx___sys_sendmsg+0x10/0x10 [ 82.399063][ T8089] ? rcu_is_watching+0x12/0xc0 [ 82.399076][ T8089] do_syscall_64+0xcd/0x260 [ 82.399087][ T8089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.399098][ T8089] RIP: 0033:0x7fa70798d169 [ 82.399107][ T8089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.399117][ T8089] RSP: 002b:00007fa7077f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.399127][ T8089] RAX: ffffffffffffffda RBX: 00007fa707ba5fa0 RCX: 00007fa70798d169 [ 82.399134][ T8089] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005 [ 82.399140][ T8089] RBP: 00007fa7077f7090 R08: 0000000000000000 R09: 0000000000000000 [ 82.399150][ T8089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.399156][ T8089] R13: 0000000000000000 R14: 00007fa707ba5fa0 R15: 00007ffe7c50fe18 [ 82.399167][ T8089] [ 82.558657][ T8097] xt_hashlimit: invalid interval [ 82.986526][ T8121] loop9: detected capacity change from 0 to 8 [ 82.992652][ T8121] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 82.994267][ T8121] loop9: partition table partially beyond EOD, truncated [ 82.997981][ T8121] loop9: p1 size 81768186 extends beyond EOD, truncated [ 83.531049][ T8152] netlink: 'syz.1.841': attribute type 10 has an invalid length. [ 83.550356][ T8152] bond0: (slave ): Enslaving as an active interface with an up link [ 83.559355][ T63] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 83.644870][ T8168] __nla_validate_parse: 20 callbacks suppressed [ 83.644880][ T8168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.848'. [ 83.651552][ T8168] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.848'. [ 83.730616][ T63] usb 5-1: Using ep0 maxpacket: 16 [ 83.735381][ T63] usb 5-1: config 0 has no interfaces? [ 83.738988][ T63] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 83.742458][ T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.744732][ T63] usb 5-1: Product: syz [ 83.745990][ T63] usb 5-1: Manufacturer: syz [ 83.747457][ T63] usb 5-1: SerialNumber: syz [ 83.749731][ T63] usb 5-1: config 0 descriptor?? [ 83.804989][ T8194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'. [ 83.810962][ T8196] fuse: Bad value for 'rootmode' [ 83.810968][ T8194] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.857'. [ 83.966190][ T8218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.868'. [ 83.970237][ T67] usb 5-1: USB disconnect, device number 15 [ 83.973240][ T8218] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.868'. [ 83.984736][ T8220] bond_slave_1: entered promiscuous mode [ 83.986760][ T8220] netlink: 4 bytes leftover after parsing attributes in process `syz.3.869'. [ 84.018449][ T8220] bond0: (slave bond_slave_1): Releasing backup interface [ 84.021217][ T8220] bond_slave_1 (unregistering): left promiscuous mode [ 84.162188][ T8228] netlink: 4 bytes leftover after parsing attributes in process `syz.3.872'. [ 84.525197][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 84.525208][ T40] audit: type=1400 audit(1743084394.879:445): avc: denied { connect } for pid=8236 comm="syz.1.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 84.528629][ T8237] IPv6: addrconf: prefix option has invalid lifetime [ 84.533875][ T40] audit: type=1400 audit(1743084394.879:446): avc: denied { getopt } for pid=8236 comm="syz.1.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 84.547458][ T8242] netlink: 8 bytes leftover after parsing attributes in process `syz.0.878'. [ 84.552741][ T8242] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.878'. [ 84.931359][ T8279] overlayfs: failed to clone upperpath [ 84.942349][ T40] audit: type=1400 audit(1743084395.272:447): avc: denied { lock } for pid=8278 comm="syz.3.892" path="socket:[26813]" dev="sockfs" ino=26813 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 84.965084][ T8286] team0: Device ipip0 is of different type [ 85.002205][ T57] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 85.162480][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 85.166722][ T57] usb 6-1: config 0 has no interfaces? [ 85.171376][ T57] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 85.175328][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.178380][ T57] usb 6-1: Product: syz [ 85.180009][ T57] usb 6-1: Manufacturer: syz [ 85.181885][ T57] usb 6-1: SerialNumber: syz [ 85.187336][ T57] usb 6-1: config 0 descriptor?? [ 85.406549][ T5934] usb 6-1: USB disconnect, device number 16 [ 86.171416][ T5936] Bluetooth: hci1: Malformed Event: 0x02 [ 86.519721][ T57] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 86.680143][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 86.683061][ T57] usb 6-1: config 0 has no interfaces? [ 86.686123][ T57] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 86.688538][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.691430][ T57] usb 6-1: Product: syz [ 86.692661][ T57] usb 6-1: Manufacturer: syz [ 86.695066][ T57] usb 6-1: SerialNumber: syz [ 86.698029][ T57] usb 6-1: config 0 descriptor?? [ 86.748619][ T8374] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=8374 comm=syz.3.928 [ 86.753845][ T40] audit: type=1400 audit(1743084396.956:448): avc: denied { map } for pid=8373 comm="syz.3.928" path="socket:[24478]" dev="sockfs" ino=24478 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 86.760678][ T40] audit: type=1400 audit(1743084396.956:449): avc: denied { read } for pid=8373 comm="syz.3.928" path="socket:[24478]" dev="sockfs" ino=24478 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 86.802665][ T40] audit: type=1400 audit(1743084397.013:450): avc: denied { bind } for pid=8377 comm="syz.3.930" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 86.888521][ T8387] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.891455][ T8387] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.917548][ T57] usb 6-1: USB disconnect, device number 17 [ 86.987718][ T8397] sctp: [Deprecated]: syz.3.937 (pid 8397) Use of int in max_burst socket option deprecated. [ 86.987718][ T8397] Use struct sctp_assoc_value instead [ 87.085698][ T40] audit: type=1400 audit(1743084397.265:451): avc: denied { remount } for pid=8410 comm="syz.0.943" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 87.098104][ T40] audit: type=1400 audit(1743084397.284:452): avc: denied { unmount } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 87.432756][ T40] audit: type=1400 audit(1743084397.602:453): avc: denied { setopt } for pid=8455 comm="syz.0.961" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 87.460008][ T40] audit: type=1400 audit(1743084397.621:454): avc: denied { mount } for pid=8465 comm="syz.0.964" name="/" dev="configfs" ino=2084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 87.604446][ T8486] netlink: 'syz.1.970': attribute type 58 has an invalid length. [ 88.562599][ T6006] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 88.742666][ T6006] usb 5-1: Using ep0 maxpacket: 16 [ 88.745569][ T6006] usb 5-1: config 0 has no interfaces? [ 88.748857][ T6006] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 88.751308][ T6006] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.753688][ T6006] usb 5-1: Product: syz [ 88.754971][ T6006] usb 5-1: Manufacturer: syz [ 88.756189][ T6006] usb 5-1: SerialNumber: syz [ 88.758231][ T6006] usb 5-1: config 0 descriptor?? [ 88.884016][ T8528] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=34535 sclass=netlink_tcpdiag_socket pid=8528 comm=syz.3.987 [ 88.977147][ T6006] usb 5-1: USB disconnect, device number 16 [ 89.469416][ T6006] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 89.559694][ T8555] __nla_validate_parse: 24 callbacks suppressed [ 89.559705][ T8555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.999'. [ 89.629710][ T6006] usb 6-1: Using ep0 maxpacket: 16 [ 89.632831][ T6006] usb 6-1: config 0 has no interfaces? [ 89.636349][ T6006] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 89.639437][ T6006] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.643166][ T6006] usb 6-1: Product: syz [ 89.644646][ T6006] usb 6-1: Manufacturer: syz [ 89.646284][ T6006] usb 6-1: SerialNumber: syz [ 89.649001][ T6006] usb 6-1: config 0 descriptor?? [ 89.869720][ T63] usb 6-1: USB disconnect, device number 18 [ 90.964989][ T8571] team0: Device ipip0 is of different type [ 91.018869][ T8582] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.1006'. [ 91.047289][ T8585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1009'. [ 91.281074][ T40] audit: type=1400 audit(1743084401.195:455): avc: denied { setattr } for pid=8603 comm="syz.2.1016" name="IEEE-802.15.4-RAW" dev="sockfs" ino=28745 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 91.288906][ T8598] dlm: no locking on control device [ 91.386472][ T8612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1019'. [ 91.427101][ T8614] pimreg: entered allmulticast mode [ 91.429771][ T8614] pimreg: left allmulticast mode [ 91.606859][ T63] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 91.777776][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 91.779818][ T63] usb 7-1: no configurations [ 91.781089][ T63] usb 7-1: can't read configurations, error -22 [ 91.794686][ T8628] netlink: 'syz.0.1026': attribute type 13 has an invalid length. [ 91.802132][ T8628] gretap0: refused to change device tx_queue_len [ 91.803992][ T8628] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 91.889803][ T8637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1029'. [ 91.894737][ T8637] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.1029'. [ 91.921652][ T8639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1030'. [ 91.939144][ T63] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 92.068081][ T8651] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1034'. [ 92.119867][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 92.123558][ T63] usb 7-1: no configurations [ 92.125258][ T63] usb 7-1: can't read configurations, error -22 [ 92.127766][ T63] usb usb7-port1: attempt power cycle [ 92.207194][ T8661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1038'. [ 92.211409][ T8661] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.1038'. [ 92.266600][ T5936] Bluetooth: hci2: Malformed Event: 0x02 [ 92.325093][ T6007] IPVS: starting estimator thread 0... [ 92.333600][ T835] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 92.440513][ T8682] IPVS: using max 47 ests per chain, 112800 per kthread [ 92.469350][ T40] audit: type=1400 audit(1743084402.309:456): avc: denied { ioctl } for pid=8708 comm="syz.3.1058" path="socket:[28116]" dev="sockfs" ino=28116 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 92.473579][ T8709] bond0: entered promiscuous mode [ 92.478866][ T8709] bond_slave_0: entered promiscuous mode [ 92.481424][ T8709] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 92.486111][ T40] audit: type=1400 audit(1743084402.327:457): avc: denied { connect } for pid=8710 comm="syz.0.1059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 92.486444][ T8709] bond0: left promiscuous mode [ 92.493550][ T8709] bond_slave_0: left promiscuous mode [ 92.501525][ T63] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 92.506240][ T835] usb 6-1: Using ep0 maxpacket: 16 [ 92.509593][ T835] usb 6-1: config 0 has no interfaces? [ 92.513050][ T835] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 92.516451][ T835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.519234][ T835] usb 6-1: Product: syz [ 92.520706][ T835] usb 6-1: Manufacturer: syz [ 92.522323][ T835] usb 6-1: SerialNumber: syz [ 92.525248][ T835] usb 6-1: config 0 descriptor?? [ 92.537324][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 92.539819][ T63] usb 7-1: no configurations [ 92.541273][ T63] usb 7-1: can't read configurations, error -22 [ 92.686231][ T63] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 92.707967][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 92.709860][ T63] usb 7-1: no configurations [ 92.711210][ T63] usb 7-1: can't read configurations, error -22 [ 92.713240][ T63] usb usb7-port1: unable to enumerate USB device [ 92.745611][ T6006] usb 6-1: USB disconnect, device number 19 [ 92.776320][ T40] audit: type=1400 audit(1743084402.599:458): avc: denied { getopt } for pid=8741 comm="syz.3.1072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 92.827527][ T40] audit: type=1400 audit(1743084402.646:459): avc: denied { setattr } for pid=8748 comm="syz.0.1075" name="PF_CAIF" dev="sockfs" ino=29772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 93.019375][ T8764] netlink: 'syz.3.1082': attribute type 15 has an invalid length. [ 93.024120][ T40] audit: type=1400 audit(1743084402.833:460): avc: denied { bind } for pid=8763 comm="syz.3.1082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 93.218305][ T8780] xt_l2tp: unknown flags: 17 [ 93.312370][ T40] audit: type=1400 audit(1743084403.095:461): avc: denied { ioctl } for pid=8800 comm="syz.3.1098" path="socket:[29815]" dev="sockfs" ino=29815 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 93.318429][ T8801] IPVS: Unknown mcast interface: vcan0 [ 93.534986][ T8825] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535) [ 93.558493][ T8827] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=42516 sclass=netlink_tcpdiag_socket pid=8827 comm=syz.3.1109 [ 93.744271][ T57] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 93.926141][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 93.928909][ T57] usb 6-1: config 0 has no interfaces? [ 93.932007][ T57] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 93.934598][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.937277][ T57] usb 6-1: Product: syz [ 93.938479][ T57] usb 6-1: Manufacturer: syz [ 93.939779][ T57] usb 6-1: SerialNumber: syz [ 93.942185][ T57] usb 6-1: config 0 descriptor?? [ 94.164573][ T57] usb 6-1: USB disconnect, device number 20 [ 94.551100][ T8864] team0: Device ipip0 is of different type [ 94.589142][ T63] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 94.675831][ T40] audit: type=1400 audit(1743084404.377:462): avc: denied { mount } for pid=8873 comm="syz.2.1130" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 94.677899][ T8874] syz.2.1130: attempt to access beyond end of device [ 94.677899][ T8874] loop2: rw=0, sector=1, nr_sectors = 1 limit=0 [ 94.682530][ T40] audit: type=1400 audit(1743084404.377:463): avc: denied { remount } for pid=8873 comm="syz.2.1130" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 94.687752][ T8874] qnx4: unable to read the superblock [ 94.707914][ T40] audit: type=1400 audit(1743084404.405:464): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 94.758538][ T63] usb 5-1: unable to get BOS descriptor or descriptor too short [ 94.764354][ T63] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 94.766471][ T63] usb 5-1: can't read configurations, error -71 [ 95.000602][ T8900] __nla_validate_parse: 16 callbacks suppressed [ 95.000619][ T8900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1138'. [ 95.055483][ T6007] hid-generic 00EC:0003:0000.0003: unknown main item tag 0x0 [ 95.057613][ T6007] hid-generic 00EC:0003:0000.0003: unknown main item tag 0x0 [ 95.058826][ T8908] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.1142'. [ 95.062475][ T6007] hid-generic 00EC:0003:0000.0003: hidraw1: HID v0.00 Device [syz1] on syz1 [ 95.225723][ T8917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1145'. [ 95.263474][ T8919] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.316389][ T57] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 95.320994][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1149'. [ 95.351608][ T8927] netlink: 1760 bytes leftover after parsing attributes in process `syz.1.1149'. [ 95.409431][ T8939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1154'. [ 95.426217][ T8939] netlink: 'syz.0.1154': attribute type 1 has an invalid length. [ 95.428500][ T8939] netlink: 'syz.0.1154': attribute type 1 has an invalid length. [ 95.486294][ T57] usb 7-1: Using ep0 maxpacket: 16 [ 95.489337][ T57] usb 7-1: config 0 has no interfaces? [ 95.492292][ T57] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.494717][ T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.496857][ T57] usb 7-1: Product: syz [ 95.498121][ T57] usb 7-1: Manufacturer: syz [ 95.499403][ T57] usb 7-1: SerialNumber: syz [ 95.501395][ T57] usb 7-1: config 0 descriptor?? [ 95.526105][ T8949] NILFS (nbd0): device size too small [ 95.574929][ T5936] Bluetooth: hci1: Malformed Event: 0x02 [ 95.602257][ T8965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1161'. [ 95.607241][ T8965] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1161'. [ 95.645164][ T8971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1164'. [ 95.676704][ T8971] netlink: 'syz.1.1164': attribute type 1 has an invalid length. [ 95.679712][ T8971] netlink: 'syz.1.1164': attribute type 1 has an invalid length. [ 95.724847][ T67] usb 7-1: USB disconnect, device number 25 [ 95.729866][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1172'. [ 95.938953][ T9005] netlink: 'syz.3.1180': attribute type 1 has an invalid length. [ 96.110355][ T9031] team0 (unregistering): Port device team_slave_0 removed [ 96.115413][ T9031] team0 (unregistering): Port device team_slave_1 removed [ 96.149010][ T5936] Bluetooth: hci2: SCO packet for unknown connection handle 1024 [ 96.332872][ T9056] netlink: 'syz.0.1194': attribute type 72 has an invalid length. [ 96.334366][ T9051] netlink: 'syz.2.1192': attribute type 1 has an invalid length. [ 96.456306][ T9075] netlink: 'syz.0.1205': attribute type 72 has an invalid length. [ 96.663834][ T63] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 96.727165][ T5936] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 96.729793][ T5936] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 96.822214][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 96.827669][ T63] usb 7-1: config 0 has no interfaces? [ 96.833709][ T63] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 96.836167][ T63] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.838296][ T63] usb 7-1: Product: syz [ 96.839471][ T63] usb 7-1: Manufacturer: syz [ 96.840861][ T63] usb 7-1: SerialNumber: syz [ 96.842924][ T63] usb 7-1: config 0 descriptor?? [ 97.063689][ T6007] usb 7-1: USB disconnect, device number 26 [ 97.110707][ T63] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 97.271042][ T63] usb 5-1: Using ep0 maxpacket: 16 [ 97.274573][ T63] usb 5-1: config 0 has no interfaces? [ 97.279104][ T63] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 97.282966][ T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.285972][ T63] usb 5-1: Product: syz [ 97.287628][ T63] usb 5-1: Manufacturer: syz [ 97.289388][ T63] usb 5-1: SerialNumber: syz [ 97.293016][ T63] usb 5-1: config 0 descriptor?? [ 97.520064][ T63] usb 5-1: USB disconnect, device number 19 [ 97.649869][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 97.649884][ T40] audit: type=1400 audit(1743084407.156:472): avc: denied { getopt } for pid=9184 comm="syz.3.1252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 97.698142][ T9192] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 97.704513][ T9192] kvm: pic: non byte read [ 97.706773][ T9192] kvm: pic: level sensitive irq not supported [ 97.707204][ T9192] kvm: pic: non byte read [ 97.964731][ T40] audit: type=1400 audit(1743084407.446:473): avc: denied { write } for pid=9221 comm="syz.1.1264" path="socket:[30331]" dev="sockfs" ino=30331 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 97.972487][ T40] audit: type=1400 audit(1743084407.446:474): avc: denied { accept } for pid=9221 comm="syz.1.1264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 98.116041][ T9232] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 98.127719][ T9232] kvm: pic: non byte read [ 98.134369][ T9232] kvm: pic: level sensitive irq not supported [ 98.134775][ T9232] kvm: pic: non byte read [ 98.144091][ T9232] kvm: pic: level sensitive irq not supported [ 98.144541][ T9232] kvm: pic: non byte read [ 98.208610][ T40] audit: type=1400 audit(1743084407.680:475): avc: denied { map } for pid=9237 comm="syz.2.1271" path="socket:[31437]" dev="sockfs" ino=31437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 98.211483][ T40] audit: type=1400 audit(1743084407.680:476): avc: denied { read } for pid=9237 comm="syz.2.1271" path="socket:[31437]" dev="sockfs" ino=31437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 98.211506][ T40] audit: type=1400 audit(1743084407.680:477): avc: denied { setopt } for pid=9237 comm="syz.2.1271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 98.420941][ T40] audit: type=1400 audit(1743084407.876:478): avc: denied { getopt } for pid=9244 comm="syz.3.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 98.462341][ T9249] overlayfs: failed to clone upperpath [ 98.465428][ T9249] netlink: 'syz.3.1275': attribute type 1 has an invalid length. [ 98.665134][ T40] audit: type=1400 audit(1743084408.110:479): avc: denied { read } for pid=9276 comm="syz.2.1287" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 98.671855][ T40] audit: type=1400 audit(1743084408.110:480): avc: denied { open } for pid=9276 comm="syz.2.1287" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 98.685448][ T9277] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 98.691803][ T9277] Illegal XDP return value 4294967262 on prog (id 86) dev N/A, expect packet loss! [ 98.832370][ T5996] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 98.987810][ T40] audit: type=1400 audit(1743084408.409:481): avc: denied { map } for pid=9296 comm="syz.1.1294" path="socket:[30474]" dev="sockfs" ino=30474 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 98.992142][ T5996] usb 5-1: Using ep0 maxpacket: 16 [ 99.002226][ T5996] usb 5-1: config 0 has no interfaces? [ 99.011228][ T5996] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.014555][ T5996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.016744][ T5996] usb 5-1: Product: syz [ 99.017873][ T5996] usb 5-1: Manufacturer: syz [ 99.019248][ T5996] usb 5-1: SerialNumber: syz [ 99.021146][ T5996] usb 5-1: config 0 descriptor?? [ 99.245498][ T57] usb 5-1: USB disconnect, device number 20 [ 99.675644][ T63] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 99.820700][ T9366] FAULT_INJECTION: forcing a failure. [ 99.820700][ T9366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.826112][ T9366] CPU: 3 UID: 0 PID: 9366 Comm: syz.0.1319 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 99.826136][ T9366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.826146][ T9366] Call Trace: [ 99.826170][ T9366] [ 99.826177][ T9366] dump_stack_lvl+0x16c/0x1f0 [ 99.826229][ T9366] should_fail_ex+0x512/0x640 [ 99.826257][ T9366] _copy_from_user+0x2e/0xd0 [ 99.826278][ T9366] copy_msghdr_from_user+0x98/0x160 [ 99.826300][ T9366] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 99.826328][ T9366] ___sys_sendmsg+0xfe/0x1d0 [ 99.826348][ T9366] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.826389][ T9366] __sys_sendmsg+0x16d/0x220 [ 99.826410][ T9366] ? __pfx___sys_sendmsg+0x10/0x10 [ 99.826441][ T9366] do_syscall_64+0xcd/0x260 [ 99.826457][ T9366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.826474][ T9366] RIP: 0033:0x7f4ce838d169 [ 99.826487][ T9366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.826503][ T9366] RSP: 002b:00007f4ce918f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.826519][ T9366] RAX: ffffffffffffffda RBX: 00007f4ce85a5fa0 RCX: 00007f4ce838d169 [ 99.826530][ T9366] RDX: 0000000000000000 RSI: 0000200000003fc0 RDI: 0000000000000003 [ 99.826540][ T9366] RBP: 00007f4ce918f090 R08: 0000000000000000 R09: 0000000000000000 [ 99.826549][ T9366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.826558][ T9366] R13: 0000000000000000 R14: 00007f4ce85a5fa0 R15: 00007fff46804748 [ 99.826577][ T9366] [ 99.830468][ T9368] xt_TCPMSS: Only works on TCP SYN packets [ 99.848759][ T63] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 99.880605][ T63] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.887821][ T63] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 99.890564][ T63] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.893568][ T63] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.897370][ T63] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 99.900241][ T63] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 99.902522][ T63] usb 7-1: Product: syz [ 99.903866][ T63] usb 7-1: Manufacturer: syz [ 99.907518][ T63] cdc_wdm 7-1:1.0: skipping garbage [ 99.909025][ T63] cdc_wdm 7-1:1.0: skipping garbage [ 99.913393][ T63] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 99.915146][ T63] cdc_wdm 7-1:1.0: Unknown control protocol [ 100.121326][ T9340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.124313][ T9340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.128266][ T9340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.131517][ T9340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.134046][ T9340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.137081][ T9340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.140350][ T9340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.142773][ T9340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.145080][ T9340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.148599][ T9340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.158442][ T63] usb 7-1: USB disconnect, device number 27 [ 100.252827][ T67] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 100.367992][ T9399] __nla_validate_parse: 36 callbacks suppressed [ 100.368004][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1332'. [ 100.413043][ T67] usb 5-1: Using ep0 maxpacket: 16 [ 100.416433][ T67] usb 5-1: config 0 has no interfaces? [ 100.420302][ T67] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 100.424405][ T67] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.427424][ T67] usb 5-1: Product: syz [ 100.429025][ T67] usb 5-1: Manufacturer: syz [ 100.430834][ T67] usb 5-1: SerialNumber: syz [ 100.433057][ T67] usb 5-1: config 0 descriptor?? [ 100.537301][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1341'. [ 100.653559][ T6006] usb 5-1: USB disconnect, device number 21 [ 100.752287][ T9457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1353'. [ 100.803260][ T9461] netlink: 'syz.3.1355': attribute type 5 has an invalid length. [ 100.904666][ T67] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 100.929468][ T9474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1360'. [ 100.993876][ T9484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1364'. [ 101.086402][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 101.089157][ T67] usb 6-1: no configurations [ 101.090422][ T67] usb 6-1: can't read configurations, error -22 [ 101.109943][ T9493] overlayfs: failed to clone upperpath [ 101.225519][ T67] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 101.325747][ T9501] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 101.352975][ T9501] trusted_key: syz.0.1371 sent an empty control message without MSG_MORE. [ 101.396273][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 101.398608][ T67] usb 6-1: no configurations [ 101.399925][ T67] usb 6-1: can't read configurations, error -22 [ 101.401796][ T67] usb usb6-port1: attempt power cycle [ 101.541422][ T9510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1373'. [ 101.735114][ T9527] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.1379'. [ 101.771016][ T67] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 101.785022][ T9536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1382'. [ 101.802751][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 101.804605][ T67] usb 6-1: no configurations [ 101.805927][ T67] usb 6-1: can't read configurations, error -22 [ 101.941343][ T67] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 101.963964][ T67] usb 6-1: Using ep0 maxpacket: 16 [ 101.966064][ T67] usb 6-1: no configurations [ 101.967436][ T67] usb 6-1: can't read configurations, error -22 [ 101.969730][ T67] usb usb6-port1: unable to enumerate USB device [ 102.005515][ T835] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 102.015166][ T9556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'. [ 102.166701][ T835] usb 5-1: Using ep0 maxpacket: 16 [ 102.168857][ T9572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1398'. [ 102.169991][ T835] usb 5-1: config 0 has no interfaces? [ 102.176426][ T835] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 102.179737][ T835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.182644][ T835] usb 5-1: Product: syz [ 102.184149][ T835] usb 5-1: Manufacturer: syz [ 102.185787][ T835] usb 5-1: SerialNumber: syz [ 102.189553][ T835] usb 5-1: config 0 descriptor?? [ 102.410045][ T835] usb 5-1: USB disconnect, device number 22 [ 102.842113][ T9610] FAULT_INJECTION: forcing a failure. [ 102.842113][ T9610] name failslab, interval 1, probability 0, space 0, times 0 [ 102.845634][ T9610] CPU: 2 UID: 0 PID: 9610 Comm: syz.2.1413 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 102.845654][ T9610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.845664][ T9610] Call Trace: [ 102.845669][ T9610] [ 102.845674][ T9610] dump_stack_lvl+0x16c/0x1f0 [ 102.845712][ T9610] should_fail_ex+0x512/0x640 [ 102.845729][ T9610] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 102.845741][ T9610] should_failslab+0xc2/0x120 [ 102.845753][ T9610] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 102.845764][ T9610] ? __alloc_skb+0x2b2/0x380 [ 102.845779][ T9610] __alloc_skb+0x2b2/0x380 [ 102.845791][ T9610] ? __pfx___alloc_skb+0x10/0x10 [ 102.845805][ T9610] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 102.845822][ T9610] netlink_alloc_large_skb+0x69/0x130 [ 102.845837][ T9610] netlink_sendmsg+0x694/0xd70 [ 102.845853][ T9610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 102.845875][ T9610] ____sys_sendmsg+0xa8d/0xc60 [ 102.845892][ T9610] ? copy_msghdr_from_user+0x10a/0x160 [ 102.845905][ T9610] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.845925][ T9610] ___sys_sendmsg+0x134/0x1d0 [ 102.845939][ T9610] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.845963][ T9610] __sys_sendmsg+0x16d/0x220 [ 102.845977][ T9610] ? __pfx___sys_sendmsg+0x10/0x10 [ 102.845996][ T9610] do_syscall_64+0xcd/0x260 [ 102.846007][ T9610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.846018][ T9610] RIP: 0033:0x7fa70798d169 [ 102.846026][ T9610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.846037][ T9610] RSP: 002b:00007fa7077f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.846047][ T9610] RAX: ffffffffffffffda RBX: 00007fa707ba5fa0 RCX: 00007fa70798d169 [ 102.846054][ T9610] RDX: 0000000000000000 RSI: 0000200000003fc0 RDI: 0000000000000003 [ 102.846060][ T9610] RBP: 00007fa7077f7090 R08: 0000000000000000 R09: 0000000000000000 [ 102.846066][ T9610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.846072][ T9610] R13: 0000000000000000 R14: 00007fa707ba5fa0 R15: 00007ffe7c50fe18 [ 102.846083][ T9610] [ 102.988354][ T9615] block device autoloading is deprecated and will be removed. [ 103.014295][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 103.014307][ T40] audit: type=1400 audit(1743084412.180:493): avc: denied { nlmsg_write } for pid=9618 comm="syz.0.1417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 103.033325][ T9612] md2: using deprecated bitmap file support [ 103.035393][ T9612] md2: error: bitmap file must be a regular file [ 103.069535][ T40] audit: type=1400 audit(1743084412.227:494): avc: denied { lock } for pid=9624 comm="syz.2.1420" path="socket:[33981]" dev="sockfs" ino=33981 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 103.138854][ T9631] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9631 comm=syz.2.1423 [ 103.420525][ T40] audit: type=1400 audit(1743084412.555:495): avc: denied { getopt } for pid=9651 comm="syz.3.1431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 103.427768][ T835] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 103.619271][ T835] usb 5-1: Using ep0 maxpacket: 16 [ 103.623637][ T835] usb 5-1: config 0 has no interfaces? [ 103.627468][ T835] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 103.630261][ T40] audit: type=1400 audit(1743084412.760:496): avc: denied { create } for pid=9679 comm="syz.3.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 103.631405][ T835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.636464][ T40] audit: type=1400 audit(1743084412.760:497): avc: denied { write } for pid=9679 comm="syz.3.1443" lport=60665 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 103.639291][ T835] usb 5-1: Product: syz [ 103.647568][ T835] usb 5-1: Manufacturer: syz [ 103.652197][ T835] usb 5-1: SerialNumber: syz [ 103.657493][ T835] usb 5-1: config 0 descriptor?? [ 103.816637][ T9706] overlayfs: failed to clone upperpath [ 103.858320][ T5936] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 103.881492][ T34] usb 5-1: USB disconnect, device number 23 [ 103.898762][ T40] audit: type=1400 audit(1743084413.004:498): avc: denied { read } for pid=9721 comm="syz.2.1456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 103.904340][ T40] audit: type=1400 audit(1743084413.004:499): avc: denied { block_suspend } for pid=9721 comm="syz.2.1456" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 104.129701][ T40] audit: type=1400 audit(1743084413.219:500): avc: denied { setopt } for pid=9748 comm="syz.1.1464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 104.354937][ T40] audit: type=1400 audit(1743084413.425:501): avc: denied { getopt } for pid=9773 comm="syz.1.1475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 104.478023][ T40] audit: type=1400 audit(1743084413.546:502): avc: denied { write } for pid=9780 comm="syz.0.1478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 104.624061][ T63] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 104.731786][ T9806] evm: overlay not supported [ 104.759603][ T9810] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 104.762204][ T9810] team0: Device ipvlan2 is already an upper device of the team interface [ 104.805676][ T63] usb 6-1: Using ep0 maxpacket: 16 [ 104.808329][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.811443][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.814101][ T63] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 104.817004][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.822598][ T63] usb 6-1: config 0 descriptor?? [ 105.084987][ T9830] can0: slcan on ptm0. [ 105.136583][ T9830] can0 (unregistered): slcan off ptm0. [ 105.203254][ T9834] can0: slcan on ptm0. [ 105.265187][ T9833] can0 (unregistered): slcan off ptm0. [ 105.326006][ T9841] 9pnet_fd: Insufficient options for proto=fd [ 105.345674][ T63] usbhid 6-1:0.0: can't add hid device: -71 [ 105.347471][ T63] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 105.350284][ T63] usb 6-1: USB disconnect, device number 25 [ 105.397493][ T9850] openvswitch: netlink: Missing valid actions attribute. [ 105.400007][ T9850] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.468049][ T9860] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9860 comm=syz.2.1508 [ 105.472143][ T9860] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9860 comm=syz.2.1508 [ 105.677805][ T9873] kvm: MWAIT instruction emulated as NOP! [ 105.797707][ T9876] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 105.842561][ T63] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 105.911578][ T9882] __nla_validate_parse: 9 callbacks suppressed [ 105.911595][ T9882] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1517'. [ 105.991920][ T63] usb 5-1: device descriptor read/64, error -71 [ 106.184715][ T57] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 106.248522][ T63] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 106.344505][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 106.347432][ T57] usb 6-1: config 0 has no interfaces? [ 106.350431][ T57] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.353032][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.355337][ T57] usb 6-1: Product: syz [ 106.356562][ T57] usb 6-1: Manufacturer: syz [ 106.357915][ T57] usb 6-1: SerialNumber: syz [ 106.360092][ T57] usb 6-1: config 0 descriptor?? [ 106.387172][ T63] usb 5-1: device descriptor read/64, error -71 [ 106.429994][ T5936] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 106.430012][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 106.504825][ T63] usb usb5-port1: attempt power cycle [ 106.582422][ T835] usb 6-1: USB disconnect, device number 26 [ 106.855912][ T9911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1529'. [ 106.869222][ T63] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 106.900794][ T63] usb 5-1: device descriptor read/8, error -71 [ 107.168472][ T9930] team0: Device ipip0 is of different type [ 107.178423][ T63] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 107.200352][ T63] usb 5-1: device descriptor read/8, error -71 [ 107.267222][ T9938] dccp_v6_rcv: dropped packet with invalid checksum [ 107.292524][ T9944] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1544'. [ 107.322468][ T63] usb usb5-port1: unable to enumerate USB device [ 107.552125][ T835] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 107.723060][ T835] usb 6-1: Using ep0 maxpacket: 16 [ 107.725723][ T835] usb 6-1: config 0 has no interfaces? [ 107.728821][ T835] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 107.731430][ T835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.733788][ T835] usb 6-1: Product: syz [ 107.735041][ T835] usb 6-1: Manufacturer: syz [ 107.736394][ T835] usb 6-1: SerialNumber: syz [ 107.741619][ T835] usb 6-1: config 0 descriptor?? [ 107.798073][ T9989] sp0: Synchronizing with TNC [ 107.875626][ T9994] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1548'. [ 107.961221][ T57] usb 6-1: USB disconnect, device number 27 [ 108.101016][T10022] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 108.282138][T10032] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 108.292008][T10032] kvm: pic: level sensitive irq not supported [ 108.292350][T10032] kvm: pic: non byte read [ 108.658807][T10058] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1573'. [ 108.688804][T10060] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.1574'. [ 108.744904][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 108.744916][ T40] audit: type=1400 audit(1743084417.542:513): avc: denied { ioctl } for pid=10061 comm="syz.3.1575" path="socket:[36550]" dev="sockfs" ino=36550 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 108.799180][T10070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1578'. [ 108.809427][T10072] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1579'. [ 108.884608][ T5944] Bluetooth: hci2: Unknown advertising packet type: 0x31 [ 108.884641][ T5944] Bluetooth: hci2: Malformed LE Event: 0x0d [ 108.941588][ T63] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 109.102553][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 109.105229][ T63] usb 7-1: config 0 has no interfaces? [ 109.108275][ T63] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 109.110732][ T63] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.113090][ T63] usb 7-1: Product: syz [ 109.114246][ T63] usb 7-1: Manufacturer: syz [ 109.115494][ T63] usb 7-1: SerialNumber: syz [ 109.118632][ T63] usb 7-1: config 0 descriptor?? [ 109.297682][T10128] FAULT_INJECTION: forcing a failure. [ 109.297682][T10128] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.299106][T10129] netlink: 'syz.3.1604': attribute type 1 has an invalid length. [ 109.300860][ T40] audit: type=1400 audit(1743084418.057:514): avc: denied { connect } for pid=10127 comm="syz.3.1604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 109.303955][T10128] CPU: 1 UID: 0 PID: 10128 Comm: syz.0.1603 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 109.303970][T10128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.303977][T10128] Call Trace: [ 109.303980][T10128] [ 109.303984][T10128] dump_stack_lvl+0x16c/0x1f0 [ 109.304003][T10128] should_fail_ex+0x512/0x640 [ 109.304018][T10128] _copy_from_iter+0x2a4/0x15b0 [ 109.304033][T10128] ? find_held_lock+0x2b/0x80 [ 109.304044][T10128] ? __pfx__copy_from_iter+0x10/0x10 [ 109.304059][T10128] ? __virt_addr_valid+0x5e/0x590 [ 109.304085][T10128] ? __phys_addr_symbol+0x30/0x80 [ 109.304099][T10128] ? __check_object_size+0x4c7/0x710 [ 109.304118][T10128] netlink_sendmsg+0x83a/0xd70 [ 109.304135][T10128] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.304154][T10128] ____sys_sendmsg+0xa8d/0xc60 [ 109.304170][T10128] ? copy_msghdr_from_user+0x10a/0x160 [ 109.304184][T10128] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.304204][T10128] ___sys_sendmsg+0x134/0x1d0 [ 109.304218][T10128] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.304243][T10128] __sys_sendmsg+0x16d/0x220 [ 109.304256][T10128] ? __pfx___sys_sendmsg+0x10/0x10 [ 109.304275][T10128] do_syscall_64+0xcd/0x260 [ 109.304285][T10128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.304296][T10128] RIP: 0033:0x7f4ce838d169 [ 109.304304][T10128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.304315][T10128] RSP: 002b:00007f4ce918f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.304325][T10128] RAX: ffffffffffffffda RBX: 00007f4ce85a5fa0 RCX: 00007f4ce838d169 [ 109.304332][T10128] RDX: 0000000000000000 RSI: 0000200000003fc0 RDI: 0000000000000003 [ 109.304338][T10128] RBP: 00007f4ce918f090 R08: 0000000000000000 R09: 0000000000000000 [ 109.304344][T10128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.304350][T10128] R13: 0000000000000000 R14: 00007f4ce85a5fa0 R15: 00007fff46804748 [ 109.304361][T10128] [ 109.341050][ T63] usb 7-1: USB disconnect, device number 28 [ 109.414710][ T57] IPVS: starting estimator thread 0... [ 109.417881][T10142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1606'. [ 109.422943][ T40] audit: type=1400 audit(1743084418.178:515): avc: denied { write } for pid=5331 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.429061][ T40] audit: type=1400 audit(1743084418.178:516): avc: denied { remove_name } for pid=5331 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.435569][ T40] audit: type=1400 audit(1743084418.178:517): avc: denied { add_name } for pid=5331 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.479249][T10153] 8021q: VLANs not supported on wg0 [ 109.518788][T10145] IPVS: using max 48 ests per chain, 115200 per kthread [ 109.639766][ T40] audit: type=1400 audit(1743084418.375:518): avc: denied { map } for pid=10161 comm="syz.3.1614" path="socket:[35780]" dev="sockfs" ino=35780 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 109.814761][ T40] audit: type=1400 audit(1743084418.534:519): avc: denied { mount } for pid=10176 comm="syz.3.1621" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 109.820386][T10177] overlayfs: failed to clone upperpath [ 109.870931][T10184] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=10184 comm=syz.3.1623 [ 109.903064][T10189] netlink: 'syz.2.1624': attribute type 31 has an invalid length. [ 109.979077][ T40] audit: type=1400 audit(1743084418.693:520): avc: denied { write } for pid=10204 comm="syz.2.1631" name="igmp" dev="proc" ino=4026532911 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 110.013694][T10212] wg2: entered promiscuous mode [ 110.015170][T10212] wg2: entered allmulticast mode [ 110.273997][T10217] team0: Device ipip0 is of different type [ 110.359552][ T40] audit: type=1400 audit(1743084419.048:521): avc: denied { ioctl } for pid=10218 comm="syz.0.1635" path="socket:[34761]" dev="sockfs" ino=34761 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 110.366557][ T40] audit: type=1400 audit(1743084419.058:522): avc: denied { setopt } for pid=10218 comm="syz.0.1635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 110.384195][ T835] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 110.448378][ T5944] Bluetooth: hci0: command 0x040f tx timeout [ 110.448387][ T65] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 110.526663][T10226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1638'. [ 110.565942][ T835] usb 7-1: Using ep0 maxpacket: 16 [ 110.568767][ T835] usb 7-1: config 0 has no interfaces? [ 110.571806][ T835] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 110.574421][ T835] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.576638][ T835] usb 7-1: Product: syz [ 110.577759][ T835] usb 7-1: Manufacturer: syz [ 110.579005][ T835] usb 7-1: SerialNumber: syz [ 110.580924][ T835] usb 7-1: config 0 descriptor?? [ 110.640361][ T5944] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 110.705132][ T5944] Bluetooth: hci4: command 0x1003 tx timeout [ 110.708074][ T5936] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 110.803907][ T1231] ================================================================== [ 110.805831][ T6007] usb 7-1: USB disconnect, device number 29 [ 110.806327][ T1231] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 110.810502][ T1231] Read of size 1 at addr ffff88804d155009 by task kworker/u32:10/1231 [ 110.813587][ T1231] [ 110.814605][ T1231] CPU: 0 UID: 0 PID: 1231 Comm: kworker/u32:10 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 110.814621][ T1231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 110.814628][ T1231] Workqueue: events_unbound commit_work [ 110.814645][ T1231] Call Trace: [ 110.814649][ T1231] [ 110.814653][ T1231] dump_stack_lvl+0x116/0x1f0 [ 110.814671][ T1231] print_report+0xc3/0x670 [ 110.814682][ T1231] ? __virt_addr_valid+0x5e/0x590 [ 110.814698][ T1231] ? __phys_addr+0xc6/0x150 [ 110.814712][ T1231] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 110.814727][ T1231] kasan_report+0xe0/0x110 [ 110.814738][ T1231] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 110.814755][ T1231] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 110.814772][ T1231] ? preempt_schedule_thunk+0x16/0x30 [ 110.814789][ T1231] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 110.814806][ T1231] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 110.814826][ T1231] ? drm_atomic_helper_commit_hw_done+0x330/0x490 [ 110.814842][ T1231] drm_atomic_helper_commit_tail+0xcb/0xf0 [ 110.814857][ T1231] commit_tail+0x35b/0x400 [ 110.814872][ T1231] process_one_work+0x9cc/0x1b70 [ 110.814885][ T1231] ? __pfx_process_one_work+0x10/0x10 [ 110.814896][ T1231] ? assign_work+0x1a0/0x250 [ 110.814913][ T1231] worker_thread+0x6c1/0xef0 [ 110.814925][ T1231] ? __pfx_worker_thread+0x10/0x10 [ 110.814935][ T1231] kthread+0x3a4/0x760 [ 110.814951][ T1231] ? __pfx_kthread+0x10/0x10 [ 110.814966][ T1231] ? __pfx_kthread+0x10/0x10 [ 110.814981][ T1231] ? __pfx_kthread+0x10/0x10 [ 110.814997][ T1231] ? __pfx_kthread+0x10/0x10 [ 110.815012][ T1231] ? rcu_is_watching+0x12/0xc0 [ 110.815023][ T1231] ? __pfx_kthread+0x10/0x10 [ 110.815039][ T1231] ret_from_fork+0x45/0x80 [ 110.815049][ T1231] ? __pfx_kthread+0x10/0x10 [ 110.815065][ T1231] ret_from_fork_asm+0x1a/0x30 [ 110.815081][ T1231] [ 110.815085][ T1231] [ 110.865933][ T1231] Allocated by task 10215: [ 110.867353][ T1231] kasan_save_stack+0x33/0x60 [ 110.868684][ T1231] kasan_save_track+0x14/0x30 [ 110.869979][ T1231] __kasan_kmalloc+0xaa/0xb0 [ 110.871264][ T1231] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0 [ 110.873051][ T1231] drm_atomic_get_crtc_state+0x16e/0x450 [ 110.874585][ T1231] drm_atomic_get_plane_state+0x436/0x590 [ 110.876134][ T1231] drm_atomic_set_property+0xa03/0x3360 [ 110.877652][ T1231] drm_mode_atomic_ioctl+0x66f/0x25c0 [ 110.879078][ T1231] drm_ioctl_kernel+0x1f1/0x3e0 [ 110.880388][ T1231] drm_ioctl+0x5d6/0xc10 [ 110.881521][ T1231] __x64_sys_ioctl+0x190/0x200 [ 110.882830][ T1231] do_syscall_64+0xcd/0x260 [ 110.884071][ T1231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.885666][ T1231] [ 110.886331][ T1231] Freed by task 10214: [ 110.887448][ T1231] kasan_save_stack+0x33/0x60 [ 110.888739][ T1231] kasan_save_track+0x14/0x30 [ 110.890009][ T1231] kasan_save_free_info+0x3b/0x60 [ 110.891400][ T1231] __kasan_slab_free+0x51/0x70 [ 110.892685][ T1231] kfree+0x2b6/0x4d0 [ 110.893761][ T1231] drm_atomic_state_default_clear+0x453/0xe30 [ 110.895430][ T1231] __drm_atomic_state_free+0x185/0x2b0 [ 110.896934][ T1231] drm_client_modeset_commit_atomic+0x6b2/0x7e0 [ 110.898625][ T1231] drm_client_modeset_commit_locked+0x14d/0x580 [ 110.900315][ T1231] drm_client_modeset_commit+0x4f/0x80 [ 110.901851][ T1231] drm_fb_helper_lastclose+0xc7/0x160 [ 110.903365][ T1231] drm_fbdev_client_restore+0x2c/0x40 [ 110.904863][ T1231] drm_client_dev_restore+0x183/0x290 [ 110.906298][ T1231] drm_release+0x2c2/0x360 [ 110.907526][ T1231] __fput+0x3ff/0xb70 [ 110.908631][ T1231] task_work_run+0x14d/0x240 [ 110.909884][ T1231] syscall_exit_to_user_mode+0x27b/0x2a0 [ 110.911401][ T1231] do_syscall_64+0xda/0x260 [ 110.912648][ T1231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.914218][ T1231] [ 110.914880][ T1231] The buggy address belongs to the object at ffff88804d155000 [ 110.914880][ T1231] which belongs to the cache kmalloc-512 of size 512 [ 110.918555][ T1231] The buggy address is located 9 bytes inside of [ 110.918555][ T1231] freed 512-byte region [ffff88804d155000, ffff88804d155200) [ 110.922121][ T1231] [ 110.922784][ T1231] The buggy address belongs to the physical page: [ 110.924491][ T1231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d154 [ 110.927687][ T1231] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 110.930749][ T1231] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 110.933533][ T1231] page_type: f5(slab) [ 110.935099][ T1231] raw: 00fff00000000040 ffff88801b442c80 ffffea0000964a00 dead000000000002 [ 110.938311][ T1231] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 110.941442][ T1231] head: 00fff00000000040 ffff88801b442c80 ffffea0000964a00 dead000000000002 [ 110.944612][ T1231] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 110.947362][ T1231] head: 00fff00000000002 ffffea0001345501 ffffffffffffffff 0000000000000000 [ 110.949639][ T1231] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 110.951969][ T1231] page dumped because: kasan: bad access detected [ 110.953656][ T1231] page_owner tracks the page as allocated [ 110.955199][ T1231] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5946, tgid 5946 (syz-executor), ts 45160353826, free_ts 0 [ 110.960520][ T1231] post_alloc_hook+0x181/0x1b0 [ 110.961827][ T1231] get_page_from_freelist+0x10c4/0x34c0 [ 110.963349][ T1231] __alloc_frozen_pages_noprof+0x223/0x24d0 [ 110.964956][ T1231] alloc_pages_mpol+0x1fb/0x540 [ 110.966277][ T1231] new_slab+0x23c/0x330 [ 110.967419][ T1231] ___slab_alloc+0xd9c/0x1940 [ 110.968699][ T1231] __slab_alloc.constprop.0+0x56/0xb0 [ 110.970222][ T1231] __kmalloc_cache_noprof+0xfb/0x3e0 [ 110.971666][ T1231] inetdev_init+0x66/0x5a0 [ 110.972873][ T1231] inetdev_event+0xc5f/0x18a0 [ 110.974161][ T1231] notifier_call_chain+0xb9/0x410 [ 110.975577][ T1231] call_netdevice_notifiers_info+0xbe/0x140 [ 110.977274][ T1231] register_netdevice+0x17d0/0x2040 [ 110.978803][ T1231] batadv_meshif_newlink+0x8f/0xc0 [ 110.980245][ T1231] rtnl_newlink+0xc42/0x2000 [ 110.981552][ T1231] rtnetlink_rcv_msg+0x95b/0xe90 [ 110.982902][ T1231] page_owner free stack trace missing [ 110.984319][ T1231] [ 110.984981][ T1231] Memory state around the buggy address: [ 110.986515][ T1231] ffff88804d154f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.988712][ T1231] ffff88804d154f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.990866][ T1231] >ffff88804d155000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.993090][ T1231] ^ [ 110.994287][ T1231] ffff88804d155080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.996439][ T1231] ffff88804d155100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.998639][ T1231] ================================================================== [ 111.001459][ T1231] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 111.003480][ T1231] CPU: 1 UID: 0 PID: 1231 Comm: kworker/u32:10 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 111.006870][ T1231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.009830][ T1231] Workqueue: events_unbound commit_work [ 111.011387][ T1231] Call Trace: [ 111.012323][ T1231] [ 111.013139][ T1231] dump_stack_lvl+0x3d/0x1f0 [ 111.014425][ T1231] panic+0x71c/0x800 [ 111.015511][ T1231] ? __pfx_panic+0x10/0x10 [ 111.016775][ T1231] ? irqentry_exit+0x3b/0x90 [ 111.018106][ T1231] ? lockdep_hardirqs_on+0x7c/0x110 [ 111.019562][ T1231] ? preempt_schedule_thunk+0x16/0x30 [ 111.021062][ T1231] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 111.023056][ T1231] ? preempt_schedule_common+0x44/0xc0 [ 111.024555][ T1231] ? check_panic_on_warn+0x1f/0xb0 [ 111.025982][ T1231] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 111.027954][ T1231] check_panic_on_warn+0xab/0xb0 [ 111.029326][ T1231] end_report+0x107/0x170 [ 111.030520][ T1231] kasan_report+0xee/0x110 [ 111.031785][ T1231] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 111.033753][ T1231] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 111.035591][ T1231] ? preempt_schedule_thunk+0x16/0x30 [ 111.037086][ T1231] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 111.039146][ T1231] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 111.040736][ T1231] ? drm_atomic_helper_commit_hw_done+0x330/0x490 [ 111.042488][ T1231] drm_atomic_helper_commit_tail+0xcb/0xf0 [ 111.044083][ T1231] commit_tail+0x35b/0x400 [ 111.045334][ T1231] process_one_work+0x9cc/0x1b70 [ 111.046709][ T1231] ? __pfx_process_one_work+0x10/0x10 [ 111.048193][ T1231] ? assign_work+0x1a0/0x250 [ 111.049573][ T1231] worker_thread+0x6c1/0xef0 [ 111.050983][ T1231] ? __pfx_worker_thread+0x10/0x10 [ 111.052381][ T1231] kthread+0x3a4/0x760 [ 111.053517][ T1231] ? __pfx_kthread+0x10/0x10 [ 111.054783][ T1231] ? __pfx_kthread+0x10/0x10 [ 111.056031][ T1231] ? __pfx_kthread+0x10/0x10 [ 111.057308][ T1231] ? __pfx_kthread+0x10/0x10 [ 111.058619][ T1231] ? rcu_is_watching+0x12/0xc0 [ 111.059919][ T1231] ? __pfx_kthread+0x10/0x10 [ 111.061177][ T1231] ret_from_fork+0x45/0x80 [ 111.062377][ T1231] ? __pfx_kthread+0x10/0x10 [ 111.063671][ T1231] ret_from_fork_asm+0x1a/0x30 [ 111.065027][ T1231] [ 111.066319][ T1231] Kernel Offset: disabled [ 111.067493][ T1231] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:07:02 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000077 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854548e5 RDI=ffffffff9ad9b7a0 RBP=ffffffff9ad9b760 RSP=ffffc900064cf508 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3531643430386552 R12=0000000000000000 R13=0000000000000077 R14=ffffffff9ad9b760 R15=ffffffff85454880 RIP=ffffffff8545490f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a3d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2ea1dff8 CR3=000000005c6c4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0023436c6f72746e 6f632f646e732f76 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707b7c488 00007fa707b7c480 00007fa707b7c478 00007fa707b7c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa7086dd100 00007fa707b7c440 00007fa707b70004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707b7c498 00007fa707b7c490 00007fa707b7c488 00007fa707b7c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000073813 RBX=ffff8880606d11f8 RCX=ffffc90007a03000 RDX=0000000000080000 RSI=ffffffff84bc48fb RDI=ffff8880606d1180 RBP=ffff88802ab98000 RSP=ffffc9000c89fa68 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=dffffc0000000000 R13=0000000000000000 R14=0000000000000000 R15=ffff8880606d11c8 RIP=ffffffff81bb13a6 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f080349f6c0 ffffffff 00c00000 GS =0000 ffff8880d6b3d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3740ea CR3=000000004fa72000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000c DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004000040 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe7c5101a0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa707a0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=ffff8880297caf38 RCX=ffffffff82336623 RDX=0000000000000000 RSI=ffffffff82336648 RDI=ffff8880297caf84 RBP=0000000000000081 RSP=ffffc900045d79f8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=00000000000041ed R13=0000000000000000 R14=0000000000000000 R15=ffff8880297caf3a RIP=ffffffff8233668f RFL=00000a07 [-O---PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f6fccb4c280 ffffffff 00c00000 GS =0000 ffff8880d6c3d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f5735b9bf98 CR3=0000000032c46000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000000000c400 Opmask01=0000000000000000 Opmask02=000000000000ffdf Opmask03=0104100080810010 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557575126760 000055757510bfa0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 312e746567646167 2d77610039323000 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000312d 372f376273752f32 2e6463685f796d6d 75642f6d726f6674 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055702245e200 0000000000000041 0000000000000030 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000081 0000557575007974 00736576616c7300 306d656d702f6b63 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3a263e383a3a26 39383a3a2638383a 3a263b383a3a263a 383a3a26493b3a3a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88806a73afc0 RCX=ffffffff81af15ce RDX=ffff88801de94880 RSI=ffffffff81af15a8 RDI=0000000000000005 RBP=ffffc90000157d10 RSP=ffffc90000157c40 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c7912e R12=1ffff9200002af8c R13=0000000000000001 R14=0000000000000001 R15=ffffed100d4e75f9 RIP=ffffffff81af15aa RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6d3d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c294934 CR3=000000004a76a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004000040 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd16cec700 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5734e0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5734e0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5734e0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5734e0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5734e0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5734e0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000